Back to godoc.org

Package acl

v0.0.0-...-1557bcf
Latest Go to latest

The latest major version is .

Published: Aug 13, 2020 | License: Apache-2.0 | Module: github.com/luci/luci-go

Overview

Package acl implements ACLs for enforcement in API and UI.

Deprecated and being replaced with LUCI Realms.

Index

Constants

const (
	// Reader role allows listing invocations and config of a job/trigger.
	Reader = Role("READER")

	// Triggerer role allows sending triggers to a job/trigger.
	//
	// Implies read access.
	Triggerer = Role("TRIGGERER")

	// Owner role provides full control of a job/trigger.
	Owner = Role("OWNER")
)

type GrantsByRole

type GrantsByRole struct {
	Owners     []string `gae:",noindex"`
	Triggerers []string `gae:",noindex"`
	Readers    []string `gae:",noindex"`
}

GrantsByRole can answer questions who can READ, TRIGGER, or who OWNs the task.

func ValidateTaskACLs

func ValidateTaskACLs(ctx *validation.Context, pSets Sets, tSets []string, tAcls []*messages.Acl) *GrantsByRole

ValidateTaskACLs validates task's ACLs and returns TaskAcls.

Errors are returned via validation.Context.

func (*GrantsByRole) CallerHasRole

func (g *GrantsByRole) CallerHasRole(c context.Context, role Role) (bool, error)

CallerHasRole does what it says and returns only transient errors.

func (*GrantsByRole) Equal

func (g *GrantsByRole) Equal(o *GrantsByRole) bool

Equal returns true if both security descriptors are equivalent.

type Role

type Role string

Role allows certain actions on a Job or a Trigger.

type Sets

type Sets map[string][]*messages.Acl

Sets are parsed and indexed `AclSet` of a project.

func ValidateACLSets

func ValidateACLSets(ctx *validation.Context, sets []*messages.AclSet) Sets

ValidateACLSets validates list of AclSet of a project and returns Sets.

Errors are returned via validation.Context.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier