Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(171)

Side by Side Diff: milo/appengine/settings/acl.go

Issue 2241853002: Milo: ACL support (Closed) Base URL: https://chromium.googlesource.com/external/github.com/luci/luci-go@lucicfg
Patch Set: rebase Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | milo/appengine/settings/acl_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file.
4
5 package settings
6
7 import (
8 "fmt"
9 "net/http"
10
11 "github.com/luci/luci-go/common/logging"
12 "github.com/luci/luci-go/milo/common/miloerror"
13 "github.com/luci/luci-go/server/auth"
14 "golang.org/x/net/context"
15 )
16
17 // Helper functions for ACL checking.
18
19 // IsAllowed checks to see if the user in the context is allowed to access
20 // the given project.
21 func IsAllowed(c context.Context, project string) (bool, error) {
22 // Get the project, because that's where the ACLs lie.
23 p, err := GetProject(c, project)
24 if err != nil {
25 logging.WithError(err).Errorf(c,
26 "Encountered error while fetching project %s", project)
27 return false, miloerror.Error{
28 Message: fmt.Sprintf("Cannot fetch project %s:\n%s", pro ject, err),
29 Code: http.StatusInternalServerError,
30 }
31 }
32
33 // Alright, so who's our user?
34 cu := auth.CurrentUser(c)
35
36 for _, entry := range p.Readers {
37 // Check to see if the user is listed explicitly in any of the e ntries.
38 if cu.Email == entry {
39 return true, nil
40 }
41 // Now check for group memberhsip.
42 ok, err := auth.IsMember(c, entry)
43 if err != nil {
44 logging.WithError(err).Errorf(c,
45 "Could not check if user is a member of %s", ent ry)
46 return false, miloerror.Error{
47 Message: fmt.Sprintf("Encountered error while ch ecking %s:\n%s", entry, err),
48 Code: http.StatusInternalServerError,
49 }
50
51 } else if ok {
52 return true, nil
53 }
54 }
55 return false, nil
56 }
OLDNEW
« no previous file with comments | « no previous file | milo/appengine/settings/acl_test.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698