What is the bug or feature:
In trigger_flake_swarming_task_service_pipeline.py, we have logic to verify whether the user can trigger a new analysis. However, auth_util.IsCurrentUserAdmin() was executed within the context of a internal task and the result is based on the findit-for-me@appspot account. That's unexpected.
Context or examples:
Expected:
ACL verification should happen up front at the API endpoint where the end-user requests are received, e.g. in findit_api.py
Comment 1 by st...@chromium.org
, Aug 28 2017