History endpoint

SingularityService/src/main/java/com/hubspot/singularity/auth/SingularityAuthorizer.java

@@ -38,6 +38,8 @@ static boolean groupsIntersect(Set<String> a, Set<String> b) {
 
   public abstract void checkAdminAuthorization(SingularityUser user);
 
+  public abstract void checkGlobalReadAuthorization(SingularityUser user);
+
   public abstract void checkReadAuthorization(SingularityUser user);
 
   public abstract void checkForAuthorization(

SingularityService/src/main/java/com/hubspot/singularity/auth/SingularityDualAuthorizer.java

@@ -91,6 +91,34 @@ public void checkAdminAuthorization(SingularityUser user) {
     }
   }
 
+  @Override
+  public void checkGlobalReadAuthorization(SingularityUser user) {
+    boolean grantedByScopes = checkGrantedByScopes(
+      () -> groupsScopesAuthorizer.checkGlobalReadAuthorization(user)
+    );
+    try {
+      groupsAuthorizer.checkGlobalReadAuthorization(user.withOnlyGroups());
+    } catch (WebApplicationException e) {
+      if (grantedByScopes) {
+        LOG.warn(
+          "Difference in auth of user {} for GLOBAL READ, scopes authorizer: {}, groups authorizer: false, user: {}",
+          user.getId(),
+          grantedByScopes,
+          user
+        );
+      }
+      throw e;
+    }
+    if (!grantedByScopes) {
+      LOG.warn(
+        "Difference in auth of user {} for GLOBAL READ, scopes authorizer: {}, groups authorizer: true, user: {}",
+        user.getId(),
+        grantedByScopes,
+        user
+      );
+    }
+  }
+
   @Override
   public void checkReadAuthorization(SingularityUser user) {
     boolean grantedByScopes = checkGrantedByScopes(

SingularityService/src/main/java/com/hubspot/singularity/auth/SingularityGroupsAuthorizer.java

@@ -76,6 +76,11 @@ public void checkAdminAuthorization(SingularityUser user) {
     }
   }
 
+  @Override
+  public void checkGlobalReadAuthorization(SingularityUser user) {
+    checkAdminAuthorization(user);
+  }
+
   @Override
   public void checkReadAuthorization(SingularityUser user) {
     if (authEnabled) {

SingularityService/src/main/java/com/hubspot/singularity/auth/SingularityGroupsScopesAuthorizer.java

@@ -62,6 +62,26 @@ public void checkReadAuthorization(SingularityUser user) {
     checkReadScope(user);
   }
 
+  @Override
+  public void checkGlobalReadAuthorization(SingularityUser user) {
+    if (!authEnabled || isAdmin(user)) {
+      return;
+    }
+    Set<String> allowedReadGroups = new HashSet<>(
+      authConfiguration.getGlobalReadWriteGroups()
+    );
+    allowedReadGroups.addAll(authConfiguration.getGlobalReadOnlyGroups());
+
+    checkForbidden(user.isAuthenticated(), "Not Authenticated!");
+    checkForbiddenForGroups(
+      user,
+      allowedReadGroups,
+      "all",
+      SingularityAuthorizationScope.READ
+    );
+    checkReadScope(user);
+  }
+
   @Override
   public void checkForAuthorization(
     SingularityRequest request,

SingularityService/src/main/java/com/hubspot/singularity/resources/HistoryResource.java

@@ -352,7 +352,7 @@ public List<SingularityTaskIdHistory> getTaskHistory(
         SingularityAuthorizationScope.READ
       );
     } else {
-      authorizationHelper.checkAdminAuthorization(user);
+      authorizationHelper.checkGlobalReadAuthorization(user);
     }
 
     final Integer limitCount = getLimitCount(count);
@@ -429,7 +429,7 @@ public SingularityPaginatedResponse<SingularityTaskIdHistory> getTaskHistoryWith
         SingularityAuthorizationScope.READ
       );
     } else {
-      authorizationHelper.checkAdminAuthorization(user);
+      authorizationHelper.checkGlobalReadAuthorization(user);
     }
 
     final Optional<Integer> dataCount = taskHistoryHelper.getBlendedHistoryCount(