github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/auth/check_build_write_access_handler.go (about) 1 package auth 2 3 import ( 4 "context" 5 "net/http" 6 "strconv" 7 8 "github.com/pf-qiu/concourse/v6/atc/api/accessor" 9 "github.com/pf-qiu/concourse/v6/atc/db" 10 ) 11 12 type CheckBuildWriteAccessHandlerFactory interface { 13 HandlerFor(delegateHandler http.Handler, rejector Rejector) http.Handler 14 } 15 16 type checkBuildWriteAccessHandlerFactory struct { 17 buildFactory db.BuildFactory 18 } 19 20 func NewCheckBuildWriteAccessHandlerFactory( 21 buildFactory db.BuildFactory, 22 ) *checkBuildWriteAccessHandlerFactory { 23 return &checkBuildWriteAccessHandlerFactory{ 24 buildFactory: buildFactory, 25 } 26 } 27 28 func (f *checkBuildWriteAccessHandlerFactory) HandlerFor( 29 delegateHandler http.Handler, 30 rejector Rejector, 31 ) http.Handler { 32 return checkBuildWriteAccessHandler{ 33 rejector: rejector, 34 buildFactory: f.buildFactory, 35 delegateHandler: delegateHandler, 36 } 37 } 38 39 type checkBuildWriteAccessHandler struct { 40 rejector Rejector 41 buildFactory db.BuildFactory 42 delegateHandler http.Handler 43 } 44 45 func (h checkBuildWriteAccessHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 46 acc := accessor.GetAccessor(r) 47 if !acc.IsAuthenticated() { 48 h.rejector.Unauthorized(w, r) 49 return 50 } 51 52 buildIDStr := r.FormValue(":build_id") 53 buildID, err := strconv.Atoi(buildIDStr) 54 if err != nil { 55 w.WriteHeader(http.StatusBadRequest) 56 return 57 } 58 59 build, found, err := h.buildFactory.Build(buildID) 60 if err != nil { 61 w.WriteHeader(http.StatusInternalServerError) 62 return 63 } 64 65 if !found { 66 w.WriteHeader(http.StatusNotFound) 67 return 68 } 69 70 if !acc.IsAuthorized(build.TeamName()) { 71 h.rejector.Forbidden(w, r) 72 return 73 } 74 75 ctx := context.WithValue(r.Context(), BuildContextKey, build) 76 h.delegateHandler.ServeHTTP(w, r.WithContext(ctx)) 77 }