cipd/appengine/ui/metadata.go - infra/luci/luci-go - Git at Google

 // Copyright 2018 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package ui

 import (
 	"context"
 	"sort"
 	"strings"

 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

 	"go.chromium.org/luci/auth/identity"
 	"go.chromium.org/luci/common/data/stringset"
 	"go.chromium.org/luci/server/auth"
 	"go.chromium.org/luci/server/auth/authdb"

 	api "go.chromium.org/luci/cipd/api/cipd/v1"
 )

 // prefixMetadataBlock is passed to the templates as Metadata arg.
 type prefixMetadataBlock struct {
 	// CanView is true if the caller is able to see all prefix metadata.
 	CanView bool

 	// ACLs is per-principal acls sorted by prefix length and role.
 	//
 	// Populated only if CanView is true.
 	ACLs []*metadataACL

 	// CallerRoles is roles of the current caller.
 	//
 	// Populated only if CanView is false.
 	CallerRoles []string
 }

 type metadataACL struct {
 	RolePb     api.Role // original role enum, for sorting
 	Role       string   // e.g. "Reader"
 	Who        string   // either an email or a group name
 	WhoHref    string   // for groups, link to a group definition
 	Group      bool     // if true, this entry is a group
 	Missing    bool     // if true, this entry refers to a missing group
 	Prefix     string   // via what prefix this role is granted
 	PrefixHref string   // link to the corresponding prefix page
 }

 // fetchPrefixMetadata fetches and formats for UI metadata of the given prefix.
 //
 // It recognizes PermissionDenied errors and falls back to only displaying what
 // roles the caller has instead of the full metadata.
 func fetchPrefixMetadata(ctx context.Context, pfx string) (*prefixMetadataBlock, error) {
 	meta, err := state(ctx).services.PublicRepo.GetInheritedPrefixMetadata(ctx, &api.PrefixRequest{
 		Prefix: pfx,
 	})
 	switch status.Code(err) {
 	case codes.OK:
 		break // handled below
 	case codes.PermissionDenied:
 		return fetchCallerRoles(ctx, pfx)
 	default:
 		return nil, err
 	}

 	db := auth.GetState(ctx).DB()

 	// Grab URL of an auth server with the groups, if available.
 	groupsURL := ""
 	if url, err := db.GetAuthServiceURL(ctx); err == nil {
 		groupsURL = url + "/auth/groups/"
 	}

 	// Collect all groups mentioned by the ACL to flag unknown ones.
 	groups := stringset.New(0)

 	out := &prefixMetadataBlock{CanView: true}
 	for _, m := range meta.PerPrefixMetadata {
 		for _, a := range m.Acls {
 			role := strings.Title(strings.ToLower(a.Role.String()))

 			prefix := m.Prefix
 			if prefix == "" {
 				prefix = "[root]"
 			}

 			for _, p := range a.Principals {
 				whoHref := ""
 				group := false
 				switch {
 				case strings.HasPrefix(p, "group:"):
 					p = strings.TrimPrefix(p, "group:")
 					if groupsURL != "" {
 						whoHref = groupsURL + p
 					}
 					groups.Add(p)
 					group = true
 				case p == string(identity.AnonymousIdentity):
 					p = "anonymous"
 				default:
 					p = strings.TrimPrefix(p, "user:")
 				}

 				out.ACLs = append(out.ACLs, &metadataACL{
 					RolePb:     a.Role,
 					Role:       role,
 					Who:        p,
 					WhoHref:    whoHref,
 					Group:      group,
 					Prefix:     prefix,
 					PrefixHref: listingPageURL(m.Prefix, ""),
 				})
 			}
 		}
 	}

 	sort.Slice(out.ACLs, func(i, j int) bool {
 		l, r := out.ACLs[i], out.ACLs[j]
 		if l.RolePb != r.RolePb {
 			return l.RolePb > r.RolePb // "stronger" role (e.g. OWNERS) first
 		}
 		if l.Prefix != r.Prefix {
 			return l.Prefix > r.Prefix // longer prefix first
 		}
 		return l.Who < r.Who // alphabetically
 	})

 	// If the caller is allowed to see actual contents of groups, flag groups that
 	// do not exist.
 	if groups.Len() > 0 {
 		switch yes, err := db.IsMember(ctx, auth.CurrentIdentity(ctx), []string{authdb.AuthServiceAccessGroup}); {
 		case yes:
 			known, err := db.FilterKnownGroups(ctx, groups.ToSlice())
 			if err != nil {
 				return nil, err
 			}
 			knownSet := stringset.NewFromSlice(known...)
 			for _, acl := range out.ACLs {
 				acl.Missing = acl.Group && !knownSet.Has(acl.Who)
 			}
 		case err != nil:
 			return nil, err
 		}
 	}

 	return out, nil
 }

 func fetchCallerRoles(ctx context.Context, pfx string) (*prefixMetadataBlock, error) {
 	roles, err := state(ctx).services.PublicRepo.GetRolesInPrefix(ctx, &api.PrefixRequest{
 		Prefix: pfx,
 	})
 	if err != nil {
 		return nil, err
 	}
 	out := &prefixMetadataBlock{
 		CanView:     false,
 		CallerRoles: make([]string, len(roles.Roles)),
 	}
 	for i, r := range roles.Roles {
 		out.CallerRoles[i] = strings.Title(strings.ToLower(r.Role.String()))
 	}
 	return out, nil
 }
	// Copyright 2018 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package ui

	import (
	"context"
	"sort"
	"strings"

	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"

	"go.chromium.org/luci/auth/identity"
	"go.chromium.org/luci/common/data/stringset"
	"go.chromium.org/luci/server/auth"
	"go.chromium.org/luci/server/auth/authdb"

	api "go.chromium.org/luci/cipd/api/cipd/v1"
	)

	// prefixMetadataBlock is passed to the templates as Metadata arg.
	type prefixMetadataBlock struct {
	// CanView is true if the caller is able to see all prefix metadata.
	CanView bool

	// ACLs is per-principal acls sorted by prefix length and role.
	//
	// Populated only if CanView is true.
	ACLs []*metadataACL

	// CallerRoles is roles of the current caller.
	//
	// Populated only if CanView is false.
	CallerRoles []string
	}

	type metadataACL struct {
	RolePb api.Role // original role enum, for sorting
	Role string // e.g. "Reader"
	Who string // either an email or a group name
	WhoHref string // for groups, link to a group definition
	Group bool // if true, this entry is a group
	Missing bool // if true, this entry refers to a missing group
	Prefix string // via what prefix this role is granted
	PrefixHref string // link to the corresponding prefix page
	}

	// fetchPrefixMetadata fetches and formats for UI metadata of the given prefix.
	//
	// It recognizes PermissionDenied errors and falls back to only displaying what
	// roles the caller has instead of the full metadata.
	func fetchPrefixMetadata(ctx context.Context, pfx string) (*prefixMetadataBlock, error) {
	meta, err := state(ctx).services.PublicRepo.GetInheritedPrefixMetadata(ctx, &api.PrefixRequest{
	Prefix: pfx,
	})
	switch status.Code(err) {
	case codes.OK:
	break // handled below
	case codes.PermissionDenied:
	return fetchCallerRoles(ctx, pfx)
	default:
	return nil, err
	}

	db := auth.GetState(ctx).DB()

	// Grab URL of an auth server with the groups, if available.
	groupsURL := ""
	if url, err := db.GetAuthServiceURL(ctx); err == nil {
	groupsURL = url + "/auth/groups/"
	}

	// Collect all groups mentioned by the ACL to flag unknown ones.
	groups := stringset.New(0)

	out := &prefixMetadataBlock{CanView: true}
	for _, m := range meta.PerPrefixMetadata {
	for _, a := range m.Acls {
	role := strings.Title(strings.ToLower(a.Role.String()))

	prefix := m.Prefix
	if prefix == "" {
	prefix = "[root]"
	}

	for _, p := range a.Principals {
	whoHref := ""
	group := false
	switch {
	case strings.HasPrefix(p, "group:"):
	p = strings.TrimPrefix(p, "group:")
	if groupsURL != "" {
	whoHref = groupsURL + p
	}
	groups.Add(p)
	group = true
	case p == string(identity.AnonymousIdentity):
	p = "anonymous"
	default:
	p = strings.TrimPrefix(p, "user:")
	}

	out.ACLs = append(out.ACLs, &metadataACL{
	RolePb: a.Role,
	Role: role,
	Who: p,
	WhoHref: whoHref,
	Group: group,
	Prefix: prefix,
	PrefixHref: listingPageURL(m.Prefix, ""),
	})
	}
	}
	}

	sort.Slice(out.ACLs, func(i, j int) bool {
	l, r := out.ACLs[i], out.ACLs[j]
	if l.RolePb != r.RolePb {
	return l.RolePb > r.RolePb // "stronger" role (e.g. OWNERS) first
	}
	if l.Prefix != r.Prefix {
	return l.Prefix > r.Prefix // longer prefix first
	}
	return l.Who < r.Who // alphabetically
	})

	// If the caller is allowed to see actual contents of groups, flag groups that
	// do not exist.
	if groups.Len() > 0 {
	switch yes, err := db.IsMember(ctx, auth.CurrentIdentity(ctx), []string{authdb.AuthServiceAccessGroup}); {
	case yes:
	known, err := db.FilterKnownGroups(ctx, groups.ToSlice())
	if err != nil {
	return nil, err
	}
	knownSet := stringset.NewFromSlice(known...)
	for _, acl := range out.ACLs {
	acl.Missing = acl.Group && !knownSet.Has(acl.Who)
	}
	case err != nil:
	return nil, err
	}
	}

	return out, nil
	}

	func fetchCallerRoles(ctx context.Context, pfx string) (*prefixMetadataBlock, error) {
	roles, err := state(ctx).services.PublicRepo.GetRolesInPrefix(ctx, &api.PrefixRequest{
	Prefix: pfx,
	})
	if err != nil {
	return nil, err
	}
	out := &prefixMetadataBlock{
	CanView: false,
	CallerRoles: make([]string, len(roles.Roles)),
	}
	for i, r := range roles.Roles {
	out.CallerRoles[i] = strings.Title(strings.ToLower(r.Role.String()))
	}
	return out, nil
	}