Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 # Copyright 2014 The LUCI Authors. All rights reserved. | 1 # Copyright 2014 The LUCI Authors. All rights reserved. |
| 2 # Use of this source code is governed under the Apache License, Version 2.0 | 2 # Use of this source code is governed under the Apache License, Version 2.0 |
| 3 # that can be found in the LICENSE file. | 3 # that can be found in the LICENSE file. |
| 4 | 4 |
| 5 """Defines access groups.""" | 5 """Defines access groups.""" |
| 6 | 6 |
| 7 from components import auth | 7 from components import auth |
| 8 from components import utils | 8 from components import utils |
| 9 | 9 |
| 10 | 10 |
| 11 # Names of groups. | 11 # Names of groups. |
| 12 # See | 12 # See |
| 13 # https://github.com/luci/luci-py/blob/master/appengine/swarming/doc/Access-Grou ps.md | 13 # https://github.com/luci/luci-py/blob/master/appengine/swarming/doc/Access-Grou ps.md |
| 14 # for each level. | 14 # for each level. |
| 15 # | 15 # |
| 16 # TODO(vadimsh): Move them to the config. | 16 # TODO(vadimsh): Move them to the config. |
| 17 ADMINS_GROUP = 'swarming-admins' | 17 ADMINS_GROUP = 'swarming-admins' |
| 18 PRIVILEGED_USERS_GROUP = 'swarming-privileged-users' | 18 PRIVILEGED_USERS_GROUP = 'swarming-privileged-users' |
| 19 USERS_GROUP = 'swarming-users' | 19 USERS_GROUP = 'swarming-users' |
| 20 BOT_BOOTSTRAP_GROUP = 'swarming-bot-bootstrap' | 20 BOT_BOOTSTRAP_GROUP = 'swarming-bot-bootstrap' |
| 21 HIGH_PRIORITY_TASKS_GROUP = 'swarming-high-priority-task' | |
|
Vadim Sh.
2016/10/28 19:48:44
swarming-high-priority-tasks? (with 's')
I'm not
nodir
2016/10/28 20:00:13
Done
| |
| 21 | 22 |
| 22 | 23 |
| 23 def is_admin(): | 24 def is_admin(): |
| 24 return auth.is_group_member(ADMINS_GROUP) or auth.is_admin() | 25 return auth.is_group_member(ADMINS_GROUP) or auth.is_admin() |
| 25 | 26 |
| 26 | 27 |
| 27 def is_privileged_user(): | 28 def is_privileged_user(): |
| 28 return auth.is_group_member(PRIVILEGED_USERS_GROUP) or is_admin() | 29 return auth.is_group_member(PRIVILEGED_USERS_GROUP) or is_admin() |
| 29 | 30 |
| 30 | 31 |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 63 return is_bot() or is_privileged_user() | 64 return is_bot() or is_privileged_user() |
| 64 | 65 |
| 65 | 66 |
| 66 def is_bot_or_admin(): | 67 def is_bot_or_admin(): |
| 67 """Returns True if current user can execute user-side and bot-side calls.""" | 68 """Returns True if current user can execute user-side and bot-side calls.""" |
| 68 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts | 69 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts |
| 69 # associated with the job when calling Swarming, not the machine ID itself. | 70 # associated with the job when calling Swarming, not the machine ID itself. |
| 70 return is_bot() or is_admin() | 71 return is_bot() or is_admin() |
| 71 | 72 |
| 72 | 73 |
| 74 def can_schedule_high_priority_tasks(): | |
| 75 """Returns True if the current user can schedule high priority tasks.""" | |
| 76 return is_bot_or_admin() or auth.is_group_member(HIGH_PRIORITY_TASKS_GROUP) | |
| 77 | |
| 78 | |
| 73 def get_user_type(): | 79 def get_user_type(): |
| 74 """Returns a string describing the current access control for the user.""" | 80 """Returns a string describing the current access control for the user.""" |
| 75 if is_admin(): | 81 if is_admin(): |
| 76 return 'admin' | 82 return 'admin' |
| 77 if is_privileged_user(): | 83 if is_privileged_user(): |
| 78 return 'privileged user' | 84 return 'privileged user' |
| 79 if is_user(): | 85 if is_user(): |
| 80 return 'user' | 86 return 'user' |
| 81 | 87 |
| 82 | 88 |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 93 # Add a swarming admin. smoke-test@example.com is used in | 99 # Add a swarming admin. smoke-test@example.com is used in |
| 94 # server_smoke_test.py | 100 # server_smoke_test.py |
| 95 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com') | 101 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com') |
| 96 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators') | 102 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators') |
| 97 | 103 |
| 98 # Add an instance admin (for easier manual testing when running dev server). | 104 # Add an instance admin (for easier manual testing when running dev server). |
| 99 auth.bootstrap_group( | 105 auth.bootstrap_group( |
| 100 auth.ADMIN_GROUP, | 106 auth.ADMIN_GROUP, |
| 101 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')], | 107 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')], |
| 102 'Users that can manage groups') | 108 'Users that can manage groups') |
| OLD | NEW |