go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/buildbucket/bbperms/bbperms.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/buildbucket/bbperms/bbperms.go (about)

     1  // Copyright 2022 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package bbperms contains a list of registered buildbucket Realm permissions.
    16  package bbperms
    17  
    18  import "go.chromium.org/luci/server/auth/realms"
    19  
    20  var (
    21  	// BuildsAdd allows to schedule new builds in a bucket.
    22  	BuildsAdd = realms.RegisterPermission("buildbucket.builds.add")
    23  	// BuildsCreate allows to create new builds in a bucket.
    24  	BuildsCreate = realms.RegisterPermission("buildbucket.builds.create")
    25  	// BuildsGet allows to see all information about a build.
    26  	BuildsGet = realms.RegisterPermission("buildbucket.builds.get")
    27  	// BuildsGetLimited allows to see a limited set of information about a build.
    28  	BuildsGetLimited = realms.RegisterPermission("buildbucket.builds.getLimited")
    29  	// BuildsList allows to list and search builds in a bucket.
    30  	// Note that the ability to search on certain fields may leak information that
    31  	// would otherwise be redacted if the user only had this permission (and not
    32  	// BuildsGet or BuildsGetLimited). Since there's nothing too sensitive in the
    33  	// fields that can be used as predicates, and it's expensive to check permissions
    34  	// upfront on every project/bucket being searched, we just live with this flaw
    35  	// for now.
    36  	BuildsList = realms.RegisterPermission("buildbucket.builds.list")
    37  	// BuildsCancel allows to cancel a build.
    38  	BuildsCancel = realms.RegisterPermission("buildbucket.builds.cancel")
    39  
    40  	// BuildersGet allows to see details of a builder (but not its builds).
    41  	BuildersGet = realms.RegisterPermission("buildbucket.builders.get")
    42  	// BuildersList allows to list and search builders (but not builds).
    43  	BuildersList = realms.RegisterPermission("buildbucket.builders.list")
    44  	// BuildersSetHealth allows to set the health of a builder.
    45  	BuildersSetHealth = realms.RegisterPermission("buildbucket.builders.setHealth")
    46  )