Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 # Copyright 2014 The LUCI Authors. All rights reserved. | 1 # Copyright 2014 The LUCI Authors. All rights reserved. |
| 2 # Use of this source code is governed under the Apache License, Version 2.0 | 2 # Use of this source code is governed under the Apache License, Version 2.0 |
| 3 # that can be found in the LICENSE file. | 3 # that can be found in the LICENSE file. |
| 4 | 4 |
| 5 """Defines access groups.""" | 5 """Defines access groups.""" |
| 6 | 6 |
| 7 from components import auth | 7 from components import auth |
| 8 from components import utils | 8 from components import utils |
| 9 | 9 |
| 10 | 10 |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 # associated with the job when calling Swarming, not the machine IP. | 50 # associated with the job when calling Swarming, not the machine IP. |
| 51 return is_ip_whitelisted_machine() or is_admin() | 51 return is_ip_whitelisted_machine() or is_admin() |
| 52 | 52 |
| 53 | 53 |
| 54 def is_bot_or_user(): | 54 def is_bot_or_user(): |
| 55 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts | 55 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts |
| 56 # associated with the job when calling Swarming, not the machine ID itself. | 56 # associated with the job when calling Swarming, not the machine ID itself. |
| 57 return is_bot() or is_user() | 57 return is_bot() or is_user() |
| 58 | 58 |
| 59 | 59 |
| 60 def is_bot_or_privileged_user(): | 60 def is_bot_or_privileged_user(): |
|
M-A Ruel
2016/10/31 22:11:20
^^ :/
nodir
2016/10/31 22:18:15
it looks like you are proposing to call this funct
| |
| 61 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts | 61 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts |
| 62 # associated with the job when calling Swarming, not the machine ID itself. | 62 # associated with the job when calling Swarming, not the machine ID itself. |
| 63 return is_bot() or is_privileged_user() | 63 return is_bot() or is_privileged_user() |
| 64 | 64 |
| 65 | 65 |
| 66 def is_bot_or_admin(): | 66 def is_bot_or_admin(): |
| 67 """Returns True if current user can execute user-side and bot-side calls.""" | 67 """Returns True if current user can execute user-side and bot-side calls.""" |
| 68 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts | 68 # TODO(vadimsh): Get rid of this. Swarming jobs will use service accounts |
| 69 # associated with the job when calling Swarming, not the machine ID itself. | 69 # associated with the job when calling Swarming, not the machine ID itself. |
| 70 return is_bot() or is_admin() | 70 return is_bot() or is_admin() |
| 71 | 71 |
| 72 | 72 |
| 73 def can_schedule_high_priority_tasks(): | |
| 74 """Returns True if the current user can schedule high priority tasks.""" | |
| 75 return is_bot() or is_privileged_user() | |
| 76 | |
| 77 | |
| 73 def get_user_type(): | 78 def get_user_type(): |
| 74 """Returns a string describing the current access control for the user.""" | 79 """Returns a string describing the current access control for the user.""" |
| 75 if is_admin(): | 80 if is_admin(): |
| 76 return 'admin' | 81 return 'admin' |
| 77 if is_privileged_user(): | 82 if is_privileged_user(): |
| 78 return 'privileged user' | 83 return 'privileged user' |
| 79 if is_user(): | 84 if is_user(): |
| 80 return 'user' | 85 return 'user' |
| 81 | 86 |
| 82 | 87 |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 93 # Add a swarming admin. smoke-test@example.com is used in | 98 # Add a swarming admin. smoke-test@example.com is used in |
| 94 # server_smoke_test.py | 99 # server_smoke_test.py |
| 95 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com') | 100 admin = auth.Identity(auth.IDENTITY_USER, 'smoke-test@example.com') |
| 96 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators') | 101 auth.bootstrap_group(ADMINS_GROUP, [admin], 'Swarming administrators') |
| 97 | 102 |
| 98 # Add an instance admin (for easier manual testing when running dev server). | 103 # Add an instance admin (for easier manual testing when running dev server). |
| 99 auth.bootstrap_group( | 104 auth.bootstrap_group( |
| 100 auth.ADMIN_GROUP, | 105 auth.ADMIN_GROUP, |
| 101 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')], | 106 [auth.Identity(auth.IDENTITY_USER, 'test@example.com')], |
| 102 'Users that can manage groups') | 107 'Users that can manage groups') |
| OLD | NEW |