Chromium Code Reviews| Index: logdog/appengine/coordinator/auth.go |
| diff --git a/logdog/appengine/coordinator/auth.go b/logdog/appengine/coordinator/auth.go |
| index 1044c23b64e67d3c78b104e2d37cc38703570e7a..e505ec64e3f95b65c411224b39a17674d7cc25e8 100644 |
| --- a/logdog/appengine/coordinator/auth.go |
| +++ b/logdog/appengine/coordinator/auth.go |
| @@ -71,20 +71,27 @@ func checkMember(c context.Context, groups ...string) error { |
| } |
| id := auth.CurrentIdentity(c) |
| + |
| + // Artifically handle "all". |
|
iannucci
2017/01/07 21:05:26
:( (for previous 'all is a valid group name' reaso
dnj
2017/01/10 03:30:07
Actually this can die now.
|
| for _, group := range groups { |
| - is, err := auth.IsMember(c, group) |
| - if err != nil { |
| - return err |
| - } |
| - if is { |
| - log.Fields{ |
| - "identity": id, |
| - "group": group, |
| - }.Debugf(c, "User access granted.") |
| + if group == "all" { |
| + log.Debugf(c, "User access granted for 'all'.") |
| return nil |
| } |
| } |
| + is, err := auth.IsMember(c, groups...) |
| + if err != nil { |
| + return err |
| + } |
| + if is { |
| + log.Fields{ |
| + "identity": id, |
| + "group": groups, |
| + }.Debugf(c, "User access granted.") |
| + return nil |
| + } |
| + |
| return &MembershipError{ |
| Identity: id, |
| Groups: groups, |