github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/auth/check_worker_team_access_handler.go (about) 1 package auth 2 3 import ( 4 "net/http" 5 6 "github.com/pf-qiu/concourse/v6/atc/api/accessor" 7 "github.com/pf-qiu/concourse/v6/atc/db" 8 ) 9 10 type CheckWorkerTeamAccessHandlerFactory interface { 11 HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler 12 } 13 14 type checkWorkerTeamAccessHandlerFactory struct { 15 workerFactory db.WorkerFactory 16 } 17 18 func NewCheckWorkerTeamAccessHandlerFactory( 19 workerFactory db.WorkerFactory, 20 ) CheckWorkerTeamAccessHandlerFactory { 21 return &checkWorkerTeamAccessHandlerFactory{ 22 workerFactory: workerFactory, 23 } 24 } 25 26 func (f *checkWorkerTeamAccessHandlerFactory) HandlerFor( 27 delegateHandler http.Handler, 28 rejector Rejector, 29 ) http.Handler { 30 return checkWorkerTeamHandler{ 31 rejector: rejector, 32 workerFactory: f.workerFactory, 33 delegateHandler: delegateHandler, 34 } 35 } 36 37 type checkWorkerTeamHandler struct { 38 rejector Rejector 39 workerFactory db.WorkerFactory 40 delegateHandler http.Handler 41 } 42 43 func (h checkWorkerTeamHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 44 acc := accessor.GetAccessor(r) 45 if !acc.IsAuthenticated() { 46 h.rejector.Unauthorized(w, r) 47 return 48 } 49 50 if acc.IsSystem() || acc.IsAdmin() { 51 h.delegateHandler.ServeHTTP(w, r) 52 return 53 } 54 55 workerName := r.FormValue(":worker_name") 56 57 worker, found, err := h.workerFactory.GetWorker(workerName) 58 if err != nil { 59 w.WriteHeader(http.StatusInternalServerError) 60 return 61 } 62 63 if !found { 64 w.WriteHeader(http.StatusNotFound) 65 return 66 } 67 68 if worker.TeamName() != "" && acc.IsAuthorized(worker.TeamName()) { 69 h.delegateHandler.ServeHTTP(w, r) 70 return 71 } 72 73 h.rejector.Forbidden(w, r) 74 }