Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/swarming/server/acl.py

Issue 2463483002: swarming: allow privileged users to schedule high priority tasks (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/swarming/handlers_frontend.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2014 The LUCI Authors. All rights reserved. 1 # Copyright 2014 The LUCI Authors. All rights reserved.
2 # Use of this source code is governed under the Apache License, Version 2.0 2 # Use of this source code is governed under the Apache License, Version 2.0
3 # that can be found in the LICENSE file. 3 # that can be found in the LICENSE file.
4 4
5 """Defines access groups.""" 5 """Defines access groups."""
6 6
7 from components import auth 7 from components import auth
8 from components import utils 8 from components import utils
9 9
10 10
11 # Names of groups. 11 # Names of groups.
12 # See 12 # See
13 # https://github.com/luci/luci-py/blob/master/appengine/swarming/doc/Access-Grou ps.md 13 # https://github.com/luci/luci-py/blob/master/appengine/swarming/doc/Access-Grou ps.md
14 # for each level. 14 # for each level.
15 # 15 #
16 # TODO(vadimsh): Move them to the config. 16 # TODO(vadimsh): Move them to the config.
17 ADMINS_GROUP = 'swarming-admins' 17 ADMINS_GROUP = 'swarming-admins'
18 PRIVILEGED_USERS_GROUP = 'swarming-privileged-users' 18 PRIVILEGED_USERS_GROUP = 'swarming-privileged-users'
19 USERS_GROUP = 'swarming-users' 19 USERS_GROUP = 'swarming-users'
20 BOT_BOOTSTRAP_GROUP = 'swarming-bot-bootstrap' 20 BOT_BOOTSTRAP_GROUP = 'swarming-bot-bootstrap'
21 HIGH_PRIORITY_TASKS_GROUP = 'swarming-high-priority-task'
Vadim Sh. 2016/10/28 19:48:44 swarming-high-priority-tasks? (with 's') I'm not
nodir 2016/10/28 20:00:13 Done
21 22
22 23
23 def is_admin(): 24 def is_admin():
24 return auth.is_group_member(ADMINS_GROUP) or auth.is_admin() 25 return auth.is_group_member(ADMINS_GROUP) or auth.is_admin()
25 26
26 27
27 def is_privileged_user(): 28 def is_privileged_user():
28 return auth.is_group_member(PRIVILEGED_USERS_GROUP) or is_admin() 29 return auth.is_group_member(PRIVILEGED_USERS_GROUP) or is_admin()
29 30
30 31
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
63 return is_bot() or is_privileged_user() 64 return is_bot() or is_privileged_user()
64 65
65 66
66 def is_bot_or_admin(): 67 def is_bot_or_admin():
67 """Returns True if current user can execute user-side and bot-side calls.""" 68 """Returns True if current user can execute user-side and bot-side calls."""
68 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts 69 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts
69 # associated with the job when calling Swarming, not the machine ID itself. 70 # associated with the job when calling Swarming, not the machine ID itself.
70 return is_bot() or is_admin() 71 return is_bot() or is_admin()
71 72
72 73
74 def can_schedule_high_priority_tasks():
75 """Returns True if the current user can schedule high priority tasks."""
76 return is_bot_or_admin() or auth.is_group_member(HIGH_PRIORITY_TASKS_GROUP)
77
78
73 def get_user_type(): 79 def get_user_type():
74 """Returns a string describing the current access control for the user.""" 80 """Returns a string describing the current access control for the user."""
75 if is_admin(): 81 if is_admin():
76 return 'admin' 82 return 'admin'
77 if is_privileged_user(): 83 if is_privileged_user():
78 return 'privileged user' 84 return 'privileged user'
79 if is_user(): 85 if is_user():
80 return 'user' 86 return 'user'
81 87
82 88
(...skipping 10 matching lines...) Expand all
93 # Add a swarming admin. smoke-test@example.com is used in 99 # Add a swarming admin. smoke-test@example.com is used in
94 # server_smoke_test.py 100 # server_smoke_test.py
95 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com') 101 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com')
96 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators') 102 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators')
97 103
98 # Add an instance admin (for easier manual testing when running dev server). 104 # Add an instance admin (for easier manual testing when running dev server).
99 auth.bootstrap_group( 105 auth.bootstrap_group(
100 auth.ADMIN_GROUP, 106 auth.ADMIN_GROUP,
101 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')], 107 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')],
102 'Users that can manage groups') 108 'Users that can manage groups')
OLDNEW
« no previous file with comments | « appengine/swarming/handlers_frontend.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698