Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(223)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/swarming/handlers_frontend.py

Issue 2984843002: swarming: switch to a 'capability focused' ACL system (Closed)
Patch Set: Tuned permissions, added tests Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/swarming/handlers_endpoints_test.py ('k') | appengine/swarming/proto/config.proto » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2013 The LUCI Authors. All rights reserved. 1 # Copyright 2013 The LUCI Authors. All rights reserved.
2 # Use of this source code is governed under the Apache License, Version 2.0 2 # Use of this source code is governed under the Apache License, Version 2.0
3 # that can be found in the LICENSE file. 3 # that can be found in the LICENSE file.
4 4
5 """Main entry point for Swarming service. 5 """Main entry point for Swarming service.
6 6
7 This file contains the URL handlers for all the Swarming service URLs, 7 This file contains the URL handlers for all the Swarming service URLs,
8 implemented using the webapp2 framework. 8 implemented using the webapp2 framework.
9 """ 9 """
10 10
(...skipping 18 matching lines...) Expand all
29 29
30 # Helper class for displaying the sort options in html templates. 30 # Helper class for displaying the sort options in html templates.
31 SortOptions = collections.namedtuple('SortOptions', ['key', 'name']) 31 SortOptions = collections.namedtuple('SortOptions', ['key', 'name'])
32 32
33 33
34 ### is_admin pages. 34 ### is_admin pages.
35 35
36 36
37 class RestrictedConfigHandler(auth.AuthenticatingHandler): 37 class RestrictedConfigHandler(auth.AuthenticatingHandler):
38 @auth.autologin 38 @auth.autologin
39 @auth.require(acl.is_admin) 39 @auth.require(acl.can_view_config)
40 def get(self): 40 def get(self):
41 # Template parameters schema matches settings_info() return value. 41 # Template parameters schema matches settings_info() return value.
42 self.response.write(template.render( 42 self.response.write(template.render(
43 'swarming/restricted_config.html', config.settings_info())) 43 'swarming/restricted_config.html', config.settings_info()))
44 44
45 45
46 class UploadBotConfigHandler(auth.AuthenticatingHandler): 46 class UploadBotConfigHandler(auth.AuthenticatingHandler):
47 """Stores a new bot_config.py script.""" 47 """Stores a new bot_config.py script."""
48 48
49 @auth.autologin 49 @auth.autologin
50 @auth.require(acl.is_admin) 50 @auth.require(acl.can_view_config)
51 def get(self): 51 def get(self):
52 bot_config = bot_code.get_bot_config() 52 bot_config = bot_code.get_bot_config()
53 params = { 53 params = {
54 'content': bot_config.content.decode('utf-8'), 54 'content': bot_config.content.decode('utf-8'),
55 'path': self.request.path, 55 'path': self.request.path,
56 'version': bot_config.version, 56 'version': bot_config.version,
57 'when': bot_config.when, 57 'when': bot_config.when,
58 'who': bot_config.who or 'N/A', 58 'who': bot_config.who or 'N/A',
59 'xsrf_token': self.generate_xsrf_token(), 59 'xsrf_token': self.generate_xsrf_token(),
60 } 60 }
61 self.response.write( 61 self.response.write(
62 template.render('swarming/restricted_upload_bot_config.html', params)) 62 template.render('swarming/restricted_upload_bot_config.html', params))
63 63
64 @auth.require(acl.is_admin) 64 @auth.require(acl.can_edit_config)
65 def post(self): 65 def post(self):
66 script = self.request.get('script', '') 66 script = self.request.get('script', '')
67 if not script: 67 if not script:
68 self.abort(400, 'No script uploaded') 68 self.abort(400, 'No script uploaded')
69 69
70 # Make sure the script is valid utf-8. For some odd reason, the script 70 # Make sure the script is valid utf-8. For some odd reason, the script
71 # instead may or may not be an unicode instance. This depends if it is on 71 # instead may or may not be an unicode instance. This depends if it is on
72 # AppEngine production or not. 72 # AppEngine production or not.
73 if isinstance(script, str): 73 if isinstance(script, str):
74 script = script.decode('utf-8', 'replace') 74 script = script.decode('utf-8', 'replace')
75 script = script.encode('utf-8') 75 script = script.encode('utf-8')
76 bot_code.store_bot_config(self.request.host_url, script) 76 bot_code.store_bot_config(self.request.host_url, script)
77 self.get() 77 self.get()
78 78
79 79
80 class UploadBootstrapHandler(auth.AuthenticatingHandler): 80 class UploadBootstrapHandler(auth.AuthenticatingHandler):
81 """Stores a new bootstrap.py script.""" 81 """Stores a new bootstrap.py script."""
82 82
83 @auth.autologin 83 @auth.autologin
84 @auth.require(acl.is_admin) 84 @auth.require(acl.can_view_config)
85 def get(self): 85 def get(self):
86 bootstrap = bot_code.get_bootstrap(self.request.host_url) 86 bootstrap = bot_code.get_bootstrap(self.request.host_url)
87 params = { 87 params = {
88 'content': bootstrap.content.decode('utf-8'), 88 'content': bootstrap.content.decode('utf-8'),
89 'path': self.request.path, 89 'path': self.request.path,
90 'version': bootstrap.version, 90 'version': bootstrap.version,
91 'when': bootstrap.when, 91 'when': bootstrap.when,
92 'who': bootstrap.who or 'N/A', 92 'who': bootstrap.who or 'N/A',
93 'xsrf_token': self.generate_xsrf_token(), 93 'xsrf_token': self.generate_xsrf_token(),
94 } 94 }
95 self.response.write( 95 self.response.write(
96 template.render('swarming/restricted_upload_bootstrap.html', params)) 96 template.render('swarming/restricted_upload_bootstrap.html', params))
97 97
98 @auth.require(acl.is_admin) 98 @auth.require(acl.can_edit_config)
99 def post(self): 99 def post(self):
100 script = self.request.get('script', '') 100 script = self.request.get('script', '')
101 if not script: 101 if not script:
102 self.abort(400, 'No script uploaded') 102 self.abort(400, 'No script uploaded')
103 103
104 # Make sure the script is valid utf-8. For some odd reason, the script 104 # Make sure the script is valid utf-8. For some odd reason, the script
105 # instead may or may not be an unicode instance. This depends if it is on 105 # instead may or may not be an unicode instance. This depends if it is on
106 # AppEngine production or not. 106 # AppEngine production or not.
107 if isinstance(script, str): 107 if isinstance(script, str):
108 script = script.decode('utf-8', 'replace') 108 script = script.decode('utf-8', 'replace')
109 script = script.encode('utf-8') 109 script = script.encode('utf-8')
110 bot_code.store_bootstrap(script) 110 bot_code.store_bootstrap(script)
111 self.get() 111 self.get()
112 112
113 113
114 ### Mapreduce related handlers 114 ### Mapreduce related handlers
115 115
116 116
117 class RestrictedLaunchMapReduceJob(auth.AuthenticatingHandler): 117 class RestrictedLaunchMapReduceJob(auth.AuthenticatingHandler):
118 """Enqueues a task to start a map reduce job on the backend module. 118 """Enqueues a task to start a map reduce job on the backend module.
119 119
120 A tree of map reduce jobs inherits module and version of a handler that 120 A tree of map reduce jobs inherits module and version of a handler that
121 launched it. All UI handlers are executes by 'default' module. So to run a 121 launched it. All UI handlers are executes by 'default' module. So to run a
122 map reduce on a backend module one needs to pass a request to a task running 122 map reduce on a backend module one needs to pass a request to a task running
123 on backend module. 123 on backend module.
124 """ 124 """
125 125
126 @auth.require(acl.is_admin) 126 @auth.require(acl.can_edit_config)
127 def post(self): 127 def post(self):
128 job_id = self.request.get('job_id') 128 job_id = self.request.get('job_id')
129 assert job_id in mapreduce_jobs.MAPREDUCE_JOBS 129 assert job_id in mapreduce_jobs.MAPREDUCE_JOBS
130 success = utils.enqueue_task( 130 success = utils.enqueue_task(
131 url='/internal/taskqueue/mapreduce/launch/%s' % job_id, 131 url='/internal/taskqueue/mapreduce/launch/%s' % job_id,
132 queue_name=mapreduce_jobs.MAPREDUCE_TASK_QUEUE, 132 queue_name=mapreduce_jobs.MAPREDUCE_TASK_QUEUE,
133 use_dedicated_module=False) 133 use_dedicated_module=False)
134 # New tasks should show up on the status page. 134 # New tasks should show up on the status page.
135 if success: 135 if success:
136 self.redirect('/restricted/mapreduce/status') 136 self.redirect('/restricted/mapreduce/status')
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after
278 ] 278 ]
279 return [webapp2.Route(*i) for i in routes] 279 return [webapp2.Route(*i) for i in routes]
280 280
281 281
282 def create_application(debug): 282 def create_application(debug):
283 routes = [] 283 routes = []
284 routes.extend(get_routes()) 284 routes.extend(get_routes())
285 routes.extend(handlers_bot.get_routes()) 285 routes.extend(handlers_bot.get_routes())
286 routes.extend(handlers_endpoints.get_routes()) 286 routes.extend(handlers_endpoints.get_routes())
287 return webapp2.WSGIApplication(routes, debug=debug) 287 return webapp2.WSGIApplication(routes, debug=debug)
OLDNEW
« no previous file with comments | « appengine/swarming/handlers_endpoints_test.py ('k') | appengine/swarming/proto/config.proto » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698