Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(17)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/swarming/server/acl.py

Issue 2463483002: swarming: allow privileged users to schedule high priority tasks (Closed)
Patch Set: allow privileged users to schedule high priority tasks Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/swarming/handlers_frontend.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2014 The LUCI Authors. All rights reserved. 1 # Copyright 2014 The LUCI Authors. All rights reserved.
2 # Use of this source code is governed under the Apache License, Version 2.0 2 # Use of this source code is governed under the Apache License, Version 2.0
3 # that can be found in the LICENSE file. 3 # that can be found in the LICENSE file.
4 4
5 """Defines access groups.""" 5 """Defines access groups."""
6 6
7 from components import auth 7 from components import auth
8 from components import utils 8 from components import utils
9 9
10 10
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 # associated with the job when calling Swarming, not the machine IP. 50 # associated with the job when calling Swarming, not the machine IP.
51 return is_ip_whitelisted_machine() or is_admin() 51 return is_ip_whitelisted_machine() or is_admin()
52 52
53 53
54 def is_bot_or_user(): 54 def is_bot_or_user():
55 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts 55 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts
56 # associated with the job when calling Swarming, not the machine ID itself. 56 # associated with the job when calling Swarming, not the machine ID itself.
57 return is_bot() or is_user() 57 return is_bot() or is_user()
58 58
59 59
60 def is_bot_or_privileged_user(): 60 def is_bot_or_privileged_user():
M-A Ruel 2016/10/31 22:11:20 ^^ :/
nodir 2016/10/31 22:18:15 it looks like you are proposing to call this funct
61 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts 61 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts
62 # associated with the job when calling Swarming, not the machine ID itself. 62 # associated with the job when calling Swarming, not the machine ID itself.
63 return is_bot() or is_privileged_user() 63 return is_bot() or is_privileged_user()
64 64
65 65
66 def is_bot_or_admin(): 66 def is_bot_or_admin():
67 """Returns True if current user can execute user-side and bot-side calls.""" 67 """Returns True if current user can execute user-side and bot-side calls."""
68 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts 68 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts
69 # associated with the job when calling Swarming, not the machine ID itself. 69 # associated with the job when calling Swarming, not the machine ID itself.
70 return is_bot() or is_admin() 70 return is_bot() or is_admin()
71 71
72 72
73 def can_schedule_high_priority_tasks():
74 """Returns True if the current user can schedule high priority tasks."""
75 return is_bot() or is_privileged_user()
76
77
73 def get_user_type(): 78 def get_user_type():
74 """Returns a string describing the current access control for the user.""" 79 """Returns a string describing the current access control for the user."""
75 if is_admin(): 80 if is_admin():
76 return 'admin' 81 return 'admin'
77 if is_privileged_user(): 82 if is_privileged_user():
78 return 'privileged user' 83 return 'privileged user'
79 if is_user(): 84 if is_user():
80 return 'user' 85 return 'user'
81 86
82 87
(...skipping 10 matching lines...) Expand all
93 # Add a swarming admin. smoke-test@example.com is used in 98 # Add a swarming admin. smoke-test@example.com is used in
94 # server_smoke_test.py 99 # server_smoke_test.py
95 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com') 100 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com')
96 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators') 101 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators')
97 102
98 # Add an instance admin (for easier manual testing when running dev server). 103 # Add an instance admin (for easier manual testing when running dev server).
99 auth.bootstrap_group( 104 auth.bootstrap_group(
100 auth.ADMIN_GROUP, 105 auth.ADMIN_GROUP,
101 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')], 106 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')],
102 'Users that can manage groups') 107 'Users that can manage groups')
OLDNEW
« no previous file with comments | « appengine/swarming/handlers_frontend.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698