chromium-committers/app.py - Issue 25515004: Add chromium-committers appengine app.

Side by Side Diff: chromium-committers/app.py

Issue 25515004: Add chromium-committers appengine app. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/tools/

Patch Set: Created 7 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 # Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 # Use of this source code is governed by a BSD-style license that can be

	3 # found in the LICENSE file.

	4

	5 """This file handles serving the list of committers to users."""

	6

	7 __author__ = 'agable@google.com (Aaron Gable)'

	8

	9

	10 import webapp2

	11

	12 from google.appengine.api import users

	13 from google.appengine.ext import ndb

	14

	15 import auth_util

	16 import constants

	17 import model

	18

	19

	20 class ChromiumHandler(webapp2.RequestHandler):

	21

	22 @staticmethod

	23 def _can_see_list(user, committer_list):

	24 """Returns True if the user is allowed to see the list."""

	25 if not user:

	26 return False

	27 if users.is_current_user_admin():

	28 return True

	29 email = user.email()

	30 if email in committer_list:

	31 return True

	32 if (email.endswith('@google.com') and

	33 email[:-11] + '@chromium.org' in committer_list):
	Vadim Sh. 2013/10/04 04:38:19 nit: replace 11 with len('@google.com') or even ' nit: replace 11 with len('@google.com') or even 'email.replace('@google.com', '@chromium.org') in committer_list'. agable 2013/10/04 21:10:15 Done. Show quoted text On 2013/10/04 04:38:19, Vadim Sh. wrote: > nit: replace 11 with len('@google.com') > > or even 'email.replace('@google.com', '@chromium.org') in committer_list'. Done.
	34 return True

	35 return False

	36

	37 @auth_util.CheckHmacAuth(should_403=False)
	Vadim Sh. 2013/10/04 04:38:19 Why CamelCase suddenly? Is there some code style r Why CamelCase suddenly? Is there some code style rule to write decorators in came case I don't know about?.. @auth_util.check_hmac_auth(...) looks equally nice imho. agable 2013/10/04 21:10:15 The google style guide says all top-level things ( Show quoted text On 2013/10/04 04:38:19, Vadim Sh. wrote: > Why CamelCase suddenly? Is there some code style rule to write decorators in > came case I don't know about?.. > > @auth_util.check_hmac_auth(...) looks equally nice imho. The google style guide says all top-level things (both classes and functions) should be CamelCase. That means that all the functions in auth_util are CamelCase. shrug
	38 def get(self):

	39 """Displays the list of chromium committers in plain text."""

	40 self.response.headers['Content-Type'] = 'text/plain'

	41

	42 committer_list = ndb.Key(model.EmailList, constants.LIST).get()

	43 emails = committer_list.emails if committer_list else []

	44

	45 user = users.get_current_user()

	46

	47 if self.request.hmac_authenticated or self._can_see_list(user, emails):
	iannucci 2013/10/03 22:20:51 can the user auth be a decorator too? then this w can the user auth be a decorator too? then this would be: if self.request.hmac_authenticated or self.request.user_authenticated: ... Actually just `if self.request.authenticated` (could be None, 'hmac', 'user', etc.) Then you could skip the user auth step if hmac already succeeded (or vice-versa). Order of decorators is order of auth preference. In each deco, if request.authenticated, then you get to skip the rest of the processing. or I guess authenticated could be a set() of authentication methods which have passed. agable 2013/10/04 21:10:15 This makes the 403 logic much more complicated, as Show quoted text On 2013/10/03 22:20:51, iannucci wrote: > can the user auth be a decorator too? > > then this would be: > > if self.request.hmac_authenticated or self.request.user_authenticated: > ... > > Actually just `if self.request.authenticated` (could be None, 'hmac', 'user', > etc.) > > Then you could skip the user auth step if hmac already succeeded (or > vice-versa). Order of decorators is order of auth preference. In each deco, if > request.authenticated, then you get to skip the rest of the processing. > > or I guess authenticated could be a set() of authentication methods which have > passed. This makes the 403 logic much more complicated, as neither decorator can directly 403 because there might be another authentication method happening after them. It'd probably force the 403 logic into a third decorator that comes after both of the others, so it would be @auth_util.CheckHmacAuth @auth_util.CheckUserAuth @auth_util.Should403 def get(self): or something like that. Which actually isn't a terrible idea. I'll look into it.
	48 self.response.write('\n'.join(sorted(emails)))

	49 else:

	50 self.response.status = 403

	51 self.response.write('403: Forbidden')

	52

	53

	54 class MappingHandler(webapp2.RequestHandler):

	55

	56 def get(self):

	57 """Displays the mapping of chromium to googler email addresses."""

	58 self.response.headers['Content-Type'] = 'text/plain'

	59 self.response.out.write('Not yet implemented. Sorry!')

	60

	61

	62 class UpdateHandler(webapp2.RequestHandler):

	63

	64 @auth_util.CheckHmacAuth()

	65 def post(self):

	66 """Updates the list of committers from the POST data recieved."""

	67 emails = request.get('committers')

	68 committer_list = model.EmailList(id=constants.LIST, emails=emails)

	69 committer_list.put()

	70

	71

	72 app = webapp2.WSGIApplication([

	73 ('/chromium', ChromiumHandler),

	74 ('/mapping', MappingHandler),

	75 ('/update', UpdateHandler),

	76 ], debug=True)

OLD	NEW

« no previous file with comments | « no previous file | chromium-committers/app.yaml » ('j') | chromium-committers/app.yaml » ('J')