github.com/slspeek/camlistore_namedsearch@v0.0.0-20140519202248-ed6f70f7721a/server/appengine/camli/ownerauth.go

github.com/slspeek/camlistore_namedsearch@v0.0.0-20140519202248-ed6f70f7721a/server/appengine/camli/ownerauth.go (about)

     1  // +build appengine
     2  
     3  /*
     4  Copyright 2013 Google Inc.
     5  
     6  Licensed under the Apache License, Version 2.0 (the "License");
     7  you may not use this file except in compliance with the License.
     8  You may obtain a copy of the License at
     9  
    10       http://www.apache.org/licenses/LICENSE-2.0
    11  
    12  Unless required by applicable law or agreed to in writing, software
    13  distributed under the License is distributed on an "AS IS" BASIS,
    14  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  See the License for the specific language governing permissions and
    16  limitations under the License.
    17  */
    18  
    19  package appengine
    20  
    21  import (
    22  	"net/http"
    23  
    24  	"camlistore.org/pkg/auth"
    25  	"camlistore.org/pkg/httputil"
    26  
    27  	"appengine"
    28  	"appengine/user"
    29  )
    30  
    31  func init() {
    32  	auth.RegisterAuth("appengine_app_owner", newOwnerAuth)
    33  }
    34  
    35  type ownerAuth struct {
    36  	fallback auth.AuthMode
    37  }
    38  
    39  var _ auth.UnauthorizedSender = (*ownerAuth)(nil)
    40  
    41  func newOwnerAuth(arg string) (auth.AuthMode, error) {
    42  	m := &ownerAuth{}
    43  	if arg != "" {
    44  		f, err := auth.FromConfig(arg)
    45  		if err != nil {
    46  			return nil, err
    47  		}
    48  		m.fallback = f
    49  	}
    50  	return m, nil
    51  }
    52  
    53  func (o *ownerAuth) AllowedAccess(req *http.Request) auth.Operation {
    54  	c := appengine.NewContext(req)
    55  	if user.IsAdmin(c) {
    56  		return auth.OpAll
    57  	}
    58  	if o.fallback != nil {
    59  		return o.fallback.AllowedAccess(req)
    60  	}
    61  	return 0
    62  }
    63  
    64  func (o *ownerAuth) SendUnauthorized(rw http.ResponseWriter, req *http.Request) bool {
    65  	if !httputil.IsGet(req) {
    66  		return false
    67  	}
    68  	c := appengine.NewContext(req)
    69  	loginURL, err := user.LoginURL(c, req.URL.String())
    70  	if err != nil {
    71  		c.Errorf("Fetching LoginURL: %v", err)
    72  		return false
    73  	}
    74  	http.Redirect(rw, req, loginURL, http.StatusFound)
    75  	return true
    76  }
    77  
    78  func (o *ownerAuth) AddAuthHeader(req *http.Request) {
    79  	// TODO(bradfitz): split the auth interface into a server part
    80  	// and a client part.
    81  	panic("Not applicable. should not be called.")
    82  }