-
Notifications
You must be signed in to change notification settings - Fork 348
/
postgres_experiments.go
48 lines (40 loc) · 1.38 KB
/
postgres_experiments.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package experiment
import (
"context"
"fmt"
"github.com/pkg/errors"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/determined-ai/determined/master/internal/api"
"github.com/determined-ai/determined/master/internal/authz"
"github.com/determined-ai/determined/master/internal/db"
"github.com/determined-ai/determined/master/internal/grpcutil"
"github.com/determined-ai/determined/master/pkg/model"
)
// GetExperimentAndCheckCanDoActions fetches an experiment and performs auth checks.
func GetExperimentAndCheckCanDoActions(
ctx context.Context,
expID int,
actions ...func(context.Context, model.User, *model.Experiment) error,
) (*model.Experiment, model.User, error) {
curUser, _, err := grpcutil.GetUser(ctx)
if err != nil {
return nil, model.User{}, err
}
e, err := db.ExperimentByID(ctx, expID)
expNotFound := api.NotFoundErrs("experiment", fmt.Sprint(expID), true)
if errors.Is(err, db.ErrNotFound) {
return nil, model.User{}, expNotFound
} else if err != nil {
return nil, model.User{}, err
}
if err = AuthZProvider.Get().CanGetExperiment(ctx, *curUser, e); err != nil {
return nil, model.User{}, authz.SubIfUnauthorized(err, expNotFound)
}
for _, action := range actions {
if err = action(ctx, *curUser, e); err != nil {
return nil, model.User{}, status.Errorf(codes.PermissionDenied, err.Error())
}
}
return e, *curUser, nil
}