// NewSystemManagerAPI creates a new api server endpoint for managing // environments. func NewSystemManagerAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*SystemManagerAPI, error) { if !authorizer.AuthClient() { return nil, errors.Trace(common.ErrPerm) } // Since we know this is a user tag (because AuthClient is true), // we just do the type assertion to the UserTag. apiUser, _ := authorizer.GetAuthTag().(names.UserTag) isAdmin, err := st.IsSystemAdministrator(apiUser) if err != nil { return nil, errors.Trace(err) } // The entire end point is only accessible to system administrators. if !isAdmin { return nil, errors.Trace(common.ErrPerm) } return &SystemManagerAPI{ state: st, authorizer: authorizer, apiUser: apiUser, resources: resources, }, nil }