Chromium Code Reviews Chromium Code Reviews
Issue 2575383002:
Add server/cache support to gaeconfig. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The LUCI Authors. All rights reserved. | 1 // Copyright 2015 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 package coordinator | 5 package coordinator |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "fmt" | 8 "fmt" |
| 9 "strings" | 9 "strings" |
| 10 | 10 |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 64 if u := auth.CurrentUser(c); u.Superuser { | 64 if u := auth.CurrentUser(c); u.Superuser { |
| 65 log.Fields{ | 65 log.Fields{ |
| 66 "identity": u.Identity, | 66 "identity": u.Identity, |
| 67 "groups": groups, | 67 "groups": groups, |
| 68 }.Infof(c, "Granting superuser implicit group membership on development server.") | 68 }.Infof(c, "Granting superuser implicit group membership on development server.") |
| 69 return nil | 69 return nil |
| 70 } | 70 } |
| 71 } | 71 } |
| 72 | 72 |
| 73 id := auth.CurrentIdentity(c) | 73 id := auth.CurrentIdentity(c) |
| 74 | |
| 75 // Artifically handle "all". | |
|
iannucci
2017/01/07 21:05:26
:( (for previous 'all is a valid group name' reaso
dnj
2017/01/10 03:30:07
Actually this can die now.
| |
| 74 for _, group := range groups { | 76 for _, group := range groups { |
| 75 » » is, err := auth.IsMember(c, group) | 77 » » if group == "all" { |
| 76 » » if err != nil { | 78 » » » log.Debugf(c, "User access granted for 'all'.") |
| 77 » » » return err | |
| 78 » » } | |
| 79 » » if is { | |
| 80 » » » log.Fields{ | |
| 81 » » » » "identity": id, | |
| 82 » » » » "group": group, | |
| 83 » » » }.Debugf(c, "User access granted.") | |
| 84 return nil | 79 return nil |
| 85 } | 80 } |
| 86 } | 81 } |
| 87 | 82 |
| 83 is, err := auth.IsMember(c, groups...) | |
| 84 if err != nil { | |
| 85 return err | |
| 86 } | |
| 87 if is { | |
| 88 log.Fields{ | |
| 89 "identity": id, | |
| 90 "group": groups, | |
| 91 }.Debugf(c, "User access granted.") | |
| 92 return nil | |
| 93 } | |
| 94 | |
| 88 return &MembershipError{ | 95 return &MembershipError{ |
| 89 Identity: id, | 96 Identity: id, |
| 90 Groups: groups, | 97 Groups: groups, |
| 91 } | 98 } |
| 92 } | 99 } |
| 93 | 100 |
| 94 // MembershipError is an error returned by group membership checking functions | 101 // MembershipError is an error returned by group membership checking functions |
| 95 // if the current identity is not a member of the requested group. | 102 // if the current identity is not a member of the requested group. |
| 96 type MembershipError struct { | 103 type MembershipError struct { |
| 97 Identity identity.Identity | 104 Identity identity.Identity |
| 98 Groups []string | 105 Groups []string |
| 99 } | 106 } |
| 100 | 107 |
| 101 func (e *MembershipError) Error() string { | 108 func (e *MembershipError) Error() string { |
| 102 return fmt.Sprintf("user %q is not a member of [%s]", e.Identity, string s.Join(e.Groups, ", ")) | 109 return fmt.Sprintf("user %q is not a member of [%s]", e.Identity, string s.Join(e.Groups, ", ")) |
| 103 } | 110 } |
| 104 | 111 |
| 105 // IsMembershipError returns whether a given error is a membership error. | 112 // IsMembershipError returns whether a given error is a membership error. |
| 106 func IsMembershipError(e error) bool { | 113 func IsMembershipError(e error) bool { |
| 107 _, ok := e.(*MembershipError) | 114 _, ok := e.(*MembershipError) |
| 108 return ok | 115 return ok |
| 109 } | 116 } |
| OLD | NEW |
