示例#1
0
// NewSystemManagerAPI creates a new api server endpoint for managing
// environments.
func NewSystemManagerAPI(
	st *state.State,
	resources *common.Resources,
	authorizer common.Authorizer,
) (*SystemManagerAPI, error) {
	if !authorizer.AuthClient() {
		return nil, errors.Trace(common.ErrPerm)
	}

	// Since we know this is a user tag (because AuthClient is true),
	// we just do the type assertion to the UserTag.
	apiUser, _ := authorizer.GetAuthTag().(names.UserTag)
	isAdmin, err := st.IsSystemAdministrator(apiUser)
	if err != nil {
		return nil, errors.Trace(err)
	}
	// The entire end point is only accessible to system administrators.
	if !isAdmin {
		return nil, errors.Trace(common.ErrPerm)
	}

	return &SystemManagerAPI{
		state:      st,
		authorizer: authorizer,
		apiUser:    apiUser,
		resources:  resources,
	}, nil
}