Package acl implements ACLs for enforcement in API and UI.

    Deprecated and being replaced with LUCI Realms.



    View Source
    const (
    	// Reader role allows listing invocations and config of a job/trigger.
    	Reader = Role("READER")
    	// Triggerer role allows sending triggers to a job/trigger.
    	// Implies read access.
    	Triggerer = Role("TRIGGERER")
    	// Owner role provides full control of a job/trigger.
    	Owner = Role("OWNER")


    This section is empty.


    This section is empty.


    type GrantsByRole

    type GrantsByRole struct {
    	Owners     []string `gae:",noindex"`
    	Triggerers []string `gae:",noindex"`
    	Readers    []string `gae:",noindex"`

      GrantsByRole can answer questions who can READ, TRIGGER, or who OWNs the task.

      func ValidateTaskACLs

      func ValidateTaskACLs(ctx *validation.Context, pSets Sets, tSets []string, tAcls []*messages.Acl) *GrantsByRole

        ValidateTaskACLs validates task's ACLs and returns TaskAcls.

        Errors are returned via validation.Context.

        func (*GrantsByRole) CallerHasRole

        func (g *GrantsByRole) CallerHasRole(c context.Context, role Role) (bool, error)

          CallerHasRole does what it says and returns only transient errors.

          func (*GrantsByRole) Equal

          func (g *GrantsByRole) Equal(o *GrantsByRole) bool

            Equal returns true if both security descriptors are equivalent.

            type Role

            type Role string

              Role allows certain actions on a Job or a Trigger.

              type Sets

              type Sets map[string][]*messages.Acl

                Sets are parsed and indexed `AclSet` of a project.

                func ValidateACLSets

                func ValidateACLSets(ctx *validation.Context, sets []*messages.AclSet) Sets

                  ValidateACLSets validates list of AclSet of a project and returns Sets.

                  Errors are returned via validation.Context.

                  Source Files