Add chromium-committers appengine app.

chromium-committers/app.py

Index: chromium-committers/app.py
===================================================================
--- chromium-committers/app.py	(revision 0)
+++ chromium-committers/app.py	(revision 0)
@@ -0,0 +1,76 @@
+# Copyright (c) 2013 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""This file handles serving the list of committers to users."""
+
+__author__ = 'agable@google.com (Aaron Gable)'
+
+
+import webapp2
+
+from google.appengine.api import users
+from google.appengine.ext import ndb
+
+import auth_util
+import constants
+import model
+
+
+class ChromiumHandler(webapp2.RequestHandler):
+
+  @staticmethod
+  def _can_see_list(user, committer_list):
+    """Returns True if the user is allowed to see the list."""
+    if not user:
+      return False
+    if users.is_current_user_admin():
+      return True
+    email = user.email()
+    if email in committer_list:
+      return True
+    if (email.endswith('@google.com') and
+        email[:-11] + '@chromium.org' in committer_list):

[Vadim Sh., 2013/10/04 04:38:19]

nit: replace 11 with len('@google.com')

or even 'email.replace('@google.com', '@chromium.org') in committer_list'.

[agable, 2013/10/04 21:10:15]

Done.

+      return True
+    return False
+
+  @auth_util.CheckHmacAuth(should_403=False)

[Vadim Sh., 2013/10/04 04:38:19]

Why CamelCase suddenly? Is there some code style rule to write decorators in
came case I don't know about?..

@auth_util.check_hmac_auth(...) looks equally nice imho.

[agable, 2013/10/04 21:10:15]

The google style guide says all top-level things (both classes and functions)
should be CamelCase. That means that all the functions in auth_util are
CamelCase. *shrug*

+  def get(self):
+    """Displays the list of chromium committers in plain text."""
+    self.response.headers['Content-Type'] = 'text/plain'
+
+    committer_list = ndb.Key(model.EmailList, constants.LIST).get()
+    emails = committer_list.emails if committer_list else []
+
+    user = users.get_current_user()
+
+    if self.request.hmac_authenticated or self._can_see_list(user, emails):

[iannucci, 2013/10/03 22:20:51]

can the user auth be a decorator too?

then this would be:

if self.request.hmac_authenticated or self.request.user_authenticated:
...

Actually just `if self.request.authenticated` (could be None, 'hmac', 'user',
etc.)

Then you could skip the user auth step if hmac already succeeded (or
vice-versa). Order of decorators is order of auth preference. In each deco, if
request.authenticated, then you get to skip the rest of the processing.

or I guess authenticated could be a set() of authentication methods which have
passed.

[agable, 2013/10/04 21:10:15]

This makes the 403 logic much more complicated, as neither decorator can
directly 403 because there might be another authentication method happening
after them. It'd probably force the 403 logic into a third decorator that comes
after both of the others, so it would be

@auth_util.CheckHmacAuth
@auth_util.CheckUserAuth
@auth_util.Should403
def get(self):

or something like that. Which actually isn't a terrible idea. I'll look into it.

+      self.response.write('\n'.join(sorted(emails)))
+    else:
+      self.response.status = 403
+      self.response.write('403: Forbidden')
+
+
+class MappingHandler(webapp2.RequestHandler):
+
+  def get(self):
+    """Displays the mapping of chromium to googler email addresses."""
+    self.response.headers['Content-Type'] = 'text/plain'
+    self.response.out.write('Not yet implemented. Sorry!')
+
+
+class UpdateHandler(webapp2.RequestHandler):
+
+  @auth_util.CheckHmacAuth()
+  def post(self):
+    """Updates the list of committers from the POST data recieved."""
+    emails = request.get('committers')
+    committer_list = model.EmailList(id=constants.LIST, emails=emails)
+    committer_list.put()
+
+
+app = webapp2.WSGIApplication([
+    ('/chromium', ChromiumHandler),
+    ('/mapping', MappingHandler),
+    ('/update', UpdateHandler),
+  ], debug=True)