<div dir="ltr">Thanks.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 12, 2017 at 2:39 AM, Pierre Tardy <span dir="ltr"><<a href="mailto:tardyp@gmail.com" target="_blank">tardyp@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi Chris,</div><div>You need to use defaultDeny=True for all but the last matcher of the same kind. </div><a href="http://docs.buildbot.net/latest/manual/cfg-www.html#endpoint-matchers" target="_blank">http://docs.buildbot.net/<wbr>latest/manual/cfg-www.html#<wbr>endpoint-matchers</a><div><span style="color:rgb(33,33,33)"><br></span></div><div><span class=""><span style="color:rgb(33,33,33)"> allowRules=[</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.StopBuildEndpointMatcher(</span><span style="color:rgb(33,33,33)"><wbr>role="admins"),</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">ForceBuildEndpointMatcher<wbr>(</span><span style="color:rgb(33,33,33)">role="admins"),</span><br style="color:rgb(33,33,33)"></span><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">RebuildBuildEndpointMatch<wbr>er(</span><span style="color:rgb(33,33,33)">role="admins", defaultDeny=False),</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">RebuildBuildEndpointMatch<wbr>er(</span><span style="color:rgb(33,33,33)">role="developers")</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> ],</span><br style="color:rgb(33,33,33)"><div><br></div><div>I also added the AnyControlEndpointMatcher to simplify the rule, and be more future proof.<br></div></div><div><span style="color:rgb(33,33,33)"><br></span></div><div><span style="color:rgb(33,33,33)"> allowRules=[</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">RebuildBuildEndpointMatch<wbr>er(</span><span style="color:rgb(33,33,33)">role="developers", defaultDeny=False)</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">AnyControlEndpointMatcher<wbr>(</span><span style="color:rgb(33,33,33)">role="admins")</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> ],</span><br style="color:rgb(33,33,33)"><br class="m_-7827810720482471155inbox-inbox-Apple-interchange-newline"></div></div><br><div class="gmail_quote"><div><div class="h5"><div dir="ltr">On Mon, Dec 11, 2017 at 11:48 PM Chris Spencer <<a href="mailto:chrisspen@gmail.com" target="_blank">chrisspen@gmail.com</a>> wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><div><div>How do you grant the permission to "rebuild" to multiple groups? I have an "admin" group with all permissions, but I want to give a "developers" group this permission as well, but not the other permissions.<br><br></div>So I tried adding `RebuildBuildEndpointMatcher(<wbr>role="developers")` to my Authz's allowRules list like:<br><br> authz = util.Authz(<br> allowRules=[<br> util.StopBuildEndpointMatcher(<wbr>role="admins"),<br> util.<wbr>ForceBuildEndpointMatcher(<wbr>role="admins"),<br> util.<wbr>RebuildBuildEndpointMatcher(<wbr>role="admins"),<br> util.<wbr>RebuildBuildEndpointMatcher(<wbr>role="developers") # added this<br> ],<br> roleMatchers=[<br> util.RolesFromEmails(admins=["<wbr>...admin emails..."]),<br> util.RolesFromUsername(roles=[<wbr>"admins"], usernames=["...admin usernames..."]),<br> util.RolesFromUsername(roles=[<wbr>"developers"], usernames=["...developer usernames..."])<br> ]<br> )<br><br></div>However, when a developer clicks the "Rebuild" they still get the error about not being an admin.<br><br></div>Why isn't this configuration working?<br></div></div></div>
______________________________<wbr>_________________<br>
users mailing list<br>
<a href="mailto:users@buildbot.net" target="_blank">users@buildbot.net</a><br>
<a href="https://lists.buildbot.net/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.buildbot.net/<wbr>mailman/listinfo/users</a></blockquote></div>
</blockquote></div><br></div>