Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(844)

Side by Side Diff: milo/appengine/common/acl.go

Issue 2760873003: Milo: Use luci-config for storing buildbot acls (Closed)
Patch Set: Fix tests Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « milo/appengine/buildbot/pubsub_test.go ('k') | milo/appengine/common/acl_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package common 5 package common
6 6
7 import ( 7 import (
8 "golang.org/x/net/context"
9
8 "github.com/luci/luci-go/luci_config/common/cfgtypes" 10 "github.com/luci/luci-go/luci_config/common/cfgtypes"
9 "github.com/luci/luci-go/luci_config/server/cfgclient/access" 11 "github.com/luci/luci-go/luci_config/server/cfgclient/access"
10 "github.com/luci/luci-go/luci_config/server/cfgclient/backend" 12 "github.com/luci/luci-go/luci_config/server/cfgclient/backend"
11 » "golang.org/x/net/context" 13 » "github.com/luci/luci-go/server/auth"
12 ) 14 )
13 15
14 // Helper functions for ACL checking. 16 // Helper functions for ACL checking.
15 17
16 // IsAllowed checks to see if the user in the context is allowed to access 18 // IsAllowed checks to see if the user in the context is allowed to access
17 // the given project. 19 // the given project.
18 func IsAllowed(c context.Context, project string) (bool, error) { 20 func IsAllowed(c context.Context, project string) (bool, error) {
19 // Get the project, because that's where the ACLs lie. 21 // Get the project, because that's where the ACLs lie.
20 err := access.Check( 22 err := access.Check(
21 c, backend.AsUser, 23 c, backend.AsUser,
22 cfgtypes.ProjectConfigSet(cfgtypes.ProjectName(project))) 24 cfgtypes.ProjectConfigSet(cfgtypes.ProjectName(project)))
23 switch err { 25 switch err {
24 case nil: 26 case nil:
25 return true, nil 27 return true, nil
26 case access.ErrNoAccess: 28 case access.ErrNoAccess:
27 return false, nil 29 return false, nil
28 default: 30 default:
29 return false, err 31 return false, err
30 } 32 }
31 } 33 }
32 34
33 // IsAllowedInternal is a shorthand for checking to see if the user is a reader 35 // IsAllowedInternal is a shorthand for checking to see if the user is a reader
34 // of a magic project named "chrome". 36 // of a magic project named "chrome".
35 func IsAllowedInternal(c context.Context) (bool, error) { 37 func IsAllowedInternal(c context.Context) (bool, error) {
36 » // TODO(hinoka): Move this to luci-cfg. 38 » settings, err := GetSettings(c)
37 » return IsAllowed(c, "chrome") 39 » if err != nil {
40 » » return false, err
41 » }
42 » return auth.IsMember(c, settings.Buildbot.InternalReader)
38 } 43 }
OLDNEW
« no previous file with comments | « milo/appengine/buildbot/pubsub_test.go ('k') | milo/appengine/common/acl_test.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698