blob: 0b3beb8ad8e6c0fbdeb09e5bb2ca973d543ed10c [file] [log] [blame]
Copybara854996b2021-09-07 19:36:02 +00001# Copyright 2018 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file or at
4# https://developers.google.com/open-source/licenses/bsd
5
6from __future__ import print_function
7from __future__ import division
8from __future__ import absolute_import
9
10RESTRICT_VIEW_PATTERN = 'restrict-view-%'
11
12
13def GetPersonalAtRiskLabelIDs(
14 cnxn, user, config_svc, effective_ids, project, perms):
15 """Return list of label_ids for restriction labels that user can't view.
16
17 Args:
18 cnxn: An instance of MonorailConnection.
19 user: User PB for the signed in user making the request, or None for anon.
20 config_svc: An instance of ConfigService.
21 effective_ids: The effective IDs of the current user.
22 project: A project object for the current project.
23 perms: A PermissionSet for the current user.
24 Returns:
25 A list of LabelDef IDs the current user is forbidden to access.
26 """
27 if user and user.is_site_admin:
28 return []
29
30 at_risk_label_ids = []
31 label_def_rows = config_svc.GetLabelDefRowsAnyProject(
32 cnxn, where=[('LOWER(label) LIKE %s', [RESTRICT_VIEW_PATTERN])])
33
34 for label_id, _pid, _rank, label, _docstring, _hidden in label_def_rows:
35 label_lower = label.lower()
36 needed_perm = label_lower.split('-', 2)[-1]
37
38 if not perms.CanUsePerm(needed_perm, effective_ids, project, []):
39 at_risk_label_ids.append(label_id)
40
41 return at_risk_label_ids