forked from vmware-archive/atc
/
check_pipeline_access_handler.go
79 lines (65 loc) · 1.89 KB
/
check_pipeline_access_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package auth
import (
"context"
"net/http"
"github.com/concourse/atc/db"
)
const PipelineDBKey = "pipelineDB"
type CheckPipelineAccessHandlerFactory interface {
HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}
type checkPipelineAccessHandlerFactory struct {
pipelineDBFactory db.PipelineDBFactory
teamDBFactory db.TeamDBFactory
}
func NewCheckPipelineAccessHandlerFactory(
pipelineDBFactory db.PipelineDBFactory,
teamDBFactory db.TeamDBFactory,
) *checkPipelineAccessHandlerFactory {
return &checkPipelineAccessHandlerFactory{
pipelineDBFactory: pipelineDBFactory,
teamDBFactory: teamDBFactory,
}
}
func (f *checkPipelineAccessHandlerFactory) HandlerFor(
delegateHandler http.Handler,
rejector Rejector,
) http.Handler {
return checkPipelineAccessHandler{
rejector: rejector,
teamDBFactory: f.teamDBFactory,
pipelineDBFactory: f.pipelineDBFactory,
delegateHandler: delegateHandler,
}
}
type checkPipelineAccessHandler struct {
rejector Rejector
teamDBFactory db.TeamDBFactory
pipelineDBFactory db.PipelineDBFactory
delegateHandler http.Handler
}
func (h checkPipelineAccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
pipelineName := r.FormValue(":pipeline_name")
requestTeamName := r.FormValue(":team_name")
teamDB := h.teamDBFactory.GetTeamDB(requestTeamName)
savedPipeline, found, err := teamDB.GetPipelineByName(pipelineName)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
if !found {
w.WriteHeader(http.StatusNotFound)
return
}
pipelineDB := h.pipelineDBFactory.Build(savedPipeline)
if IsAuthorized(r) || pipelineDB.IsPublic() {
ctx := context.WithValue(r.Context(), PipelineDBKey, pipelineDB)
h.delegateHandler.ServeHTTP(w, r.WithContext(ctx))
return
}
if IsAuthenticated(r) {
h.rejector.Forbidden(w, r)
return
}
h.rejector.Unauthorized(w, r)
}