go/twirp_auth2/twirp_auth2.go - buildbot - Git at Google

 package twirp_auth2

 import (
 	"context"
 	"fmt"

 	"github.com/twitchtv/twirp"
 	"go.skia.org/infra/go/alogin"
 	"go.skia.org/infra/go/roles"
 )

 /*
 	Helpers for working with Twirp.
 */

 // AuthHelper provides methods for authenticating users.
 type AuthHelper struct {
 }

 // New returns an AuthHelper instance.
 func New() *AuthHelper {
 	return &AuthHelper{}
 }

 // GetViewer returns the email address of the logged-in user or an error if the
 // user is not in the set of allowed viewers. Do not wrap the returned error, as
 // it is used by Twirp.
 func (h *AuthHelper) GetViewer(ctx context.Context) (string, error) {
 	status := alogin.GetStatus(ctx)

 	if (status.Roles.Has(roles.Viewer) || status.Roles.Has(roles.Editor)) && (status.EMail != alogin.NotLoggedIn) {
 		return status.EMail.String(), nil
 	}
 	return "", twirp.NewError(twirp.PermissionDenied, fmt.Sprintf("%q is not an authorized viewer", status.EMail))
 }

 // GetEditor returns the email address of the logged-in user or an error if the
 // user is not in the set of allowed editors. Do not wrap the returned error, as
 // it is used by Twirp.
 func (h *AuthHelper) GetEditor(ctx context.Context) (string, error) {
 	status := alogin.GetStatus(ctx)

 	if status.Roles.Has(roles.Editor) && (status.EMail != alogin.NotLoggedIn) {
 		return status.EMail.String(), nil
 	}
 	return "", twirp.NewError(twirp.PermissionDenied, fmt.Sprintf("%q is not an authorized editor", status.EMail))
 }
	package twirp_auth2

	import (
	"context"
	"fmt"

	"github.com/twitchtv/twirp"
	"go.skia.org/infra/go/alogin"
	"go.skia.org/infra/go/roles"
	)

	/*
	Helpers for working with Twirp.
	*/

	// AuthHelper provides methods for authenticating users.
	type AuthHelper struct {
	}

	// New returns an AuthHelper instance.
	func New() *AuthHelper {
	return &AuthHelper{}
	}

	// GetViewer returns the email address of the logged-in user or an error if the
	// user is not in the set of allowed viewers. Do not wrap the returned error, as
	// it is used by Twirp.
	func (h *AuthHelper) GetViewer(ctx context.Context) (string, error) {
	status := alogin.GetStatus(ctx)

	if (status.Roles.Has(roles.Viewer) \|\| status.Roles.Has(roles.Editor)) && (status.EMail != alogin.NotLoggedIn) {
	return status.EMail.String(), nil
	}
	return "", twirp.NewError(twirp.PermissionDenied, fmt.Sprintf("%q is not an authorized viewer", status.EMail))
	}

	// GetEditor returns the email address of the logged-in user or an error if the
	// user is not in the set of allowed editors. Do not wrap the returned error, as
	// it is used by Twirp.
	func (h *AuthHelper) GetEditor(ctx context.Context) (string, error) {
	status := alogin.GetStatus(ctx)

	if status.Roles.Has(roles.Editor) && (status.EMail != alogin.NotLoggedIn) {
	return status.EMail.String(), nil
	}
	return "", twirp.NewError(twirp.PermissionDenied, fmt.Sprintf("%q is not an authorized editor", status.EMail))
	}