Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. | 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 package common | 5 package common |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "errors" | |
| 9 | |
| 10 "golang.org/x/net/context" | |
| 11 | |
| 8 "github.com/luci/luci-go/luci_config/common/cfgtypes" | 12 "github.com/luci/luci-go/luci_config/common/cfgtypes" |
| 9 "github.com/luci/luci-go/luci_config/server/cfgclient/access" | 13 "github.com/luci/luci-go/luci_config/server/cfgclient/access" |
| 10 "github.com/luci/luci-go/luci_config/server/cfgclient/backend" | 14 "github.com/luci/luci-go/luci_config/server/cfgclient/backend" |
| 11 » "golang.org/x/net/context" | 15 » "github.com/luci/luci-go/server/auth" |
| 12 ) | 16 ) |
| 13 | 17 |
| 14 // Helper functions for ACL checking. | 18 // Helper functions for ACL checking. |
| 15 | 19 |
| 16 // IsAllowed checks to see if the user in the context is allowed to access | 20 // IsAllowed checks to see if the user in the context is allowed to access |
| 17 // the given project. | 21 // the given project. |
| 18 func IsAllowed(c context.Context, project string) (bool, error) { | 22 func IsAllowed(c context.Context, project string) (bool, error) { |
| 19 // Get the project, because that's where the ACLs lie. | 23 // Get the project, because that's where the ACLs lie. |
| 20 err := access.Check( | 24 err := access.Check( |
| 21 c, backend.AsUser, | 25 c, backend.AsUser, |
| 22 cfgtypes.ProjectConfigSet(cfgtypes.ProjectName(project))) | 26 cfgtypes.ProjectConfigSet(cfgtypes.ProjectName(project))) |
| 23 switch err { | 27 switch err { |
| 24 case nil: | 28 case nil: |
| 25 return true, nil | 29 return true, nil |
| 26 case access.ErrNoAccess: | 30 case access.ErrNoAccess: |
| 27 return false, nil | 31 return false, nil |
| 28 default: | 32 default: |
| 29 return false, err | 33 return false, err |
| 30 } | 34 } |
| 31 } | 35 } |
| 32 | 36 |
| 37 var errMissingReaders = errors.New("missing readers for buildbot internal") | |
| 38 | |
| 33 // IsAllowedInternal is a shorthand for checking to see if the user is a reader | 39 // IsAllowedInternal is a shorthand for checking to see if the user is a reader |
| 34 // of a magic project named "chrome". | 40 // of a magic project named "chrome". |
| 35 func IsAllowedInternal(c context.Context) (bool, error) { | 41 func IsAllowedInternal(c context.Context) (bool, error) { |
| 36 » // TODO(hinoka): Move this to luci-cfg. | 42 » settings, err := GetSettings(c) |
| 37 » return IsAllowed(c, "chrome") | 43 » if err != nil { |
| 44 » » return false, err | |
| 45 » } | |
| 46 » if settings.BuildbotInternalReader == "" { | |
| 47 » » return false, errMissingReaders | |
|
nodir
2017/03/20 21:41:32
is it an error though? I think it just means that
hinoka
2017/03/20 22:19:26
Done.
| |
| 48 » } | |
| 49 » return auth.IsMember(c, settings.BuildbotInternalReader) | |
| 38 } | 50 } |
| OLD | NEW |