Package perm implements permission checks.
The API is formulated in terms of LUCI Realms permissions, but it is currently implemented on top of native Buildbucket roles (which are deprecated).
const ( // UpdateBuildAllowedUsers is a group of users allowed to update builds. // They are expected to be robots. UpdateBuildAllowedUsers = "buildbucket-update-build-users" // Administrators is a group of users that have all permissions in all // buckets. Administrators = "administrators" )
var ( // BuildsGet allows to see all information about a build. BuildsGet = realms.RegisterPermission("buildbucket.builds.get") // BuildsList allows to list and search builds in a bucket. BuildsList = realms.RegisterPermission("buildbucket.builds.list") // BuildsCancel allows to cancel a build. BuildsCancel = realms.RegisterPermission("buildbucket.builds.cancel") // BuildersGet allows to see details of a builder (but not its builds). BuildersGet = realms.RegisterPermission("buildbucket.builders.get") // BuildersList allows to list and search builders (but not builds). BuildersList = realms.RegisterPermission("buildbucket.builders.list") )
BucketsByPerm returns buckets of the project that the caller has the given permission in. If the project is empty, it returns all user accessible buckets. Note: if the caller doesn't have the permission, it returns empty buckets.
CanUpdateBuild returns whether the caller has a permission to update builds.
HasInBucket checks the caller has the given permission in the bucket.
Returns appstatus errors. If the bucket doesn't exist returns NotFound.
Always checks the read permission first, returning NotFound if the caller doesn't have it. Returns PermissionDenied if the caller has the read permission, but not the requested `perm`.
HasInBuilder checks the caller has the given permission in the builder.
It's just a tiny wrapper around HasInBucket to reduce typing.
NotFoundErr returns an appstatus with a generic error message indicating the resource requested was not found with a hint that the user may not have permission to view it. By not differentiating between "not found" and "permission denied" errors, leaking existence of resources a user doesn't have permission to view can be avoided. Should be used everywhere a "not found" or "permission denied" error occurs.