Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(208)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: milo/appengine/common/acl.go

Issue 2760873003: Milo: Use luci-config for storing buildbot acls (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « milo/appengine/buildbot/pubsub_test.go ('k') | milo/appengine/common/acl_test.go » ('j') | milo/appengine/common/config.go » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package common 5 package common
6 6
7 import ( 7 import (
8 "errors"
9
10 "golang.org/x/net/context"
11
8 "github.com/luci/luci-go/luci_config/common/cfgtypes" 12 "github.com/luci/luci-go/luci_config/common/cfgtypes"
9 "github.com/luci/luci-go/luci_config/server/cfgclient/access" 13 "github.com/luci/luci-go/luci_config/server/cfgclient/access"
10 "github.com/luci/luci-go/luci_config/server/cfgclient/backend" 14 "github.com/luci/luci-go/luci_config/server/cfgclient/backend"
11 » "golang.org/x/net/context" 15 » "github.com/luci/luci-go/server/auth"
12 ) 16 )
13 17
14 // Helper functions for ACL checking. 18 // Helper functions for ACL checking.
15 19
16 // IsAllowed checks to see if the user in the context is allowed to access 20 // IsAllowed checks to see if the user in the context is allowed to access
17 // the given project. 21 // the given project.
18 func IsAllowed(c context.Context, project string) (bool, error) { 22 func IsAllowed(c context.Context, project string) (bool, error) {
19 // Get the project, because that's where the ACLs lie. 23 // Get the project, because that's where the ACLs lie.
20 err := access.Check( 24 err := access.Check(
21 c, backend.AsUser, 25 c, backend.AsUser,
22 cfgtypes.ProjectConfigSet(cfgtypes.ProjectName(project))) 26 cfgtypes.ProjectConfigSet(cfgtypes.ProjectName(project)))
23 switch err { 27 switch err {
24 case nil: 28 case nil:
25 return true, nil 29 return true, nil
26 case access.ErrNoAccess: 30 case access.ErrNoAccess:
27 return false, nil 31 return false, nil
28 default: 32 default:
29 return false, err 33 return false, err
30 } 34 }
31 } 35 }
32 36
37 var errMissingReaders = errors.New("missing readers for buildbot internal")
38
33 // IsAllowedInternal is a shorthand for checking to see if the user is a reader 39 // IsAllowedInternal is a shorthand for checking to see if the user is a reader
34 // of a magic project named "chrome". 40 // of a magic project named "chrome".
35 func IsAllowedInternal(c context.Context) (bool, error) { 41 func IsAllowedInternal(c context.Context) (bool, error) {
36 » // TODO(hinoka): Move this to luci-cfg. 42 » settings, err := GetSettings(c)
37 » return IsAllowed(c, "chrome") 43 » if err != nil {
44 » » return false, err
45 » }
46 » if settings.BuildbotInternalReader == "" {
47 » » return false, errMissingReaders
nodir 2017/03/20 21:41:32 is it an error though? I think it just means that
hinoka 2017/03/20 22:19:26 Done.
48 » }
49 » return auth.IsMember(c, settings.BuildbotInternalReader)
38 } 50 }
OLDNEW
« no previous file with comments | « milo/appengine/buildbot/pubsub_test.go ('k') | milo/appengine/common/acl_test.go » ('j') | milo/appengine/common/config.go » ('J')

Powered by Google App Engine
This is Rietveld 408576698