luci: go.chromium.org/luci/scheduler/appengine/acl Index | Files

package acl

import "go.chromium.org/luci/scheduler/appengine/acl"

Package acl implements ACLs for enforcement in API and UI.

Index

Package Files

acl.go doc.go

Constants 

const (
    // Reader role allows listing invocations and config of a job/trigger.
    Reader = Role("READER")

    // Triggerer role allows sending triggers to a job/trigger.
    //
    // Implies read access.
    Triggerer = Role("TRIGGERER")

    // Owner role provides full control of a job/trigger.
    Owner = Role("OWNER")
)

type GrantsByRole Uses

type GrantsByRole struct {
    Owners     []string `gae:",noindex"`
    Triggerers []string `gae:",noindex"`
    Readers    []string `gae:",noindex"`
}

GrantsByRole can answer questions who can READ, TRIGGER, or who OWNs the task.

func ValidateTaskACLs Uses

func ValidateTaskACLs(ctx *validation.Context, pSets Sets, tSets []string, tAcls []*messages.Acl) *GrantsByRole

ValidateTaskACLs validates task's ACLs and returns TaskAcls.

Errors are returned via validation.Context.

func (*GrantsByRole) CallerHasRole Uses

func (g *GrantsByRole) CallerHasRole(c context.Context, role Role) (bool, error)

CallerHasRole does what it says and returns only transient errors.

func (*GrantsByRole) Equal Uses

func (g *GrantsByRole) Equal(o *GrantsByRole) bool

Equal returns true if both security descriptors are equivalent.

type Role Uses

type Role string

Role allows certain actions on a Job or a Trigger.

type Sets Uses

type Sets map[string][]*messages.Acl

Sets are parsed and indexed `AclSet` of a project.

func ValidateACLSets Uses

func ValidateACLSets(ctx *validation.Context, sets []*messages.AclSet) Sets

ValidateACLSets validates list of AclSet of a project and returns Sets.

Errors are returned via validation.Context.

Package acl imports 11 packages (graph) and is imported by 4 packages. Updated 2019-10-21. Refresh now. Tools for package owners.