Chromium Code Reviews Chromium Code Reviews
Issue 2760873003:
Milo: Use luci-config for storing buildbot acls (Closed)
| Index: milo/appengine/common/acl.go |
| diff --git a/milo/appengine/common/acl.go b/milo/appengine/common/acl.go |
| index e01af88f5eaa0bfc0b7b64a824e78f7e883cab08..e9cd8ba90378aad4f8456e5ecea803c2f7560d49 100644 |
| --- a/milo/appengine/common/acl.go |
| +++ b/milo/appengine/common/acl.go |
| @@ -5,10 +5,14 @@ |
| package common |
| import ( |
| + "errors" |
| + |
| + "golang.org/x/net/context" |
| + |
| "github.com/luci/luci-go/luci_config/common/cfgtypes" |
| "github.com/luci/luci-go/luci_config/server/cfgclient/access" |
| "github.com/luci/luci-go/luci_config/server/cfgclient/backend" |
| - "golang.org/x/net/context" |
| + "github.com/luci/luci-go/server/auth" |
| ) |
| // Helper functions for ACL checking. |
| @@ -30,9 +34,17 @@ func IsAllowed(c context.Context, project string) (bool, error) { |
| } |
| } |
| +var errMissingReaders = errors.New("missing readers for buildbot internal") |
| + |
| // IsAllowedInternal is a shorthand for checking to see if the user is a reader |
| // of a magic project named "chrome". |
| func IsAllowedInternal(c context.Context) (bool, error) { |
| - // TODO(hinoka): Move this to luci-cfg. |
| - return IsAllowed(c, "chrome") |
| + settings, err := GetSettings(c) |
| + if err != nil { |
| + return false, err |
| + } |
| + if settings.BuildbotInternalReader == "" { |
| + return false, errMissingReaders |
|
nodir
2017/03/20 21:41:32
is it an error though? I think it just means that
hinoka
2017/03/20 22:19:26
Done.
|
| + } |
| + return auth.IsMember(c, settings.BuildbotInternalReader) |
| } |
