| Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 1 | # Copyright 2018 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style |
| 3 | # license that can be found in the LICENSE file or at |
| 4 | # https://developers.google.com/open-source/licenses/bsd |
| 5 | |
| 6 | from __future__ import print_function |
| 7 | from __future__ import division |
| 8 | from __future__ import absolute_import |
| 9 | |
| 10 | RESTRICT_VIEW_PATTERN = 'restrict-view-%' |
| 11 | |
| 12 | |
| 13 | def GetPersonalAtRiskLabelIDs( |
| 14 | cnxn, user, config_svc, effective_ids, project, perms): |
| 15 | """Return list of label_ids for restriction labels that user can't view. |
| 16 | |
| 17 | Args: |
| 18 | cnxn: An instance of MonorailConnection. |
| 19 | user: User PB for the signed in user making the request, or None for anon. |
| 20 | config_svc: An instance of ConfigService. |
| 21 | effective_ids: The effective IDs of the current user. |
| 22 | project: A project object for the current project. |
| 23 | perms: A PermissionSet for the current user. |
| 24 | Returns: |
| 25 | A list of LabelDef IDs the current user is forbidden to access. |
| 26 | """ |
| 27 | if user and user.is_site_admin: |
| 28 | return [] |
| 29 | |
| 30 | at_risk_label_ids = [] |
| 31 | label_def_rows = config_svc.GetLabelDefRowsAnyProject( |
| 32 | cnxn, where=[('LOWER(label) LIKE %s', [RESTRICT_VIEW_PATTERN])]) |
| 33 | |
| 34 | for label_id, _pid, _rank, label, _docstring, _hidden in label_def_rows: |
| 35 | label_lower = label.lower() |
| 36 | needed_perm = label_lower.split('-', 2)[-1] |
| 37 | |
| 38 | if not perms.CanUsePerm(needed_perm, effective_ids, project, []): |
| 39 | at_risk_label_ids.append(label_id) |
| 40 | |
| 41 | return at_risk_label_ids |