<div dir="ltr"><div>Hi Chris,</div><div>You need to use defaultDeny=True for all but the last matcher of the same kind. </div><a href="http://docs.buildbot.net/latest/manual/cfg-www.html#endpoint-matchers">http://docs.buildbot.net/latest/manual/cfg-www.html#endpoint-matchers</a><div><span style="color:rgb(33,33,33)"><br></span></div><div><span style="color:rgb(33,33,33)"> allowRules=[</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.StopBuildEndpointMatcher(</span><span style="color:rgb(33,33,33)">role="admins"),</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">ForceBuildEndpointMatcher(</span><span style="color:rgb(33,33,33)">role="admins"),</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">RebuildBuildEndpointMatcher(</span><span style="color:rgb(33,33,33)">role="admins", defaultDeny=False),</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">RebuildBuildEndpointMatcher(</span><span style="color:rgb(33,33,33)">role="developers")</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> ],</span><br style="color:rgb(33,33,33)"><div><br></div><div>I also added the AnyControlEndpointMatcher to simplify the rule, and be more future proof.<br></div></div><div><span style="color:rgb(33,33,33)"><br></span></div><div><span style="color:rgb(33,33,33)"> allowRules=[</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">RebuildBuildEndpointMatcher(</span><span style="color:rgb(33,33,33)">role="developers", defaultDeny=False)</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> util.</span><span style="color:rgb(33,33,33)">AnyControlEndpointMatcher(</span><span style="color:rgb(33,33,33)">role="admins")</span><br style="color:rgb(33,33,33)"><span style="color:rgb(33,33,33)"> ],</span><br style="color:rgb(33,33,33)"><br class="inbox-inbox-Apple-interchange-newline"></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Dec 11, 2017 at 11:48 PM Chris Spencer <<a href="mailto:chrisspen@gmail.com">chrisspen@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>How do you grant the permission to "rebuild" to multiple groups? I have an "admin" group with all permissions, but I want to give a "developers" group this permission as well, but not the other permissions.<br><br></div>So I tried adding `RebuildBuildEndpointMatcher(role="developers")` to my Authz's allowRules list like:<br><br> authz = util.Authz(<br> allowRules=[<br> util.StopBuildEndpointMatcher(role="admins"),<br> util.ForceBuildEndpointMatcher(role="admins"),<br> util.RebuildBuildEndpointMatcher(role="admins"),<br> util.RebuildBuildEndpointMatcher(role="developers") # added this<br> ],<br> roleMatchers=[<br> util.RolesFromEmails(admins=["...admin emails..."]),<br> util.RolesFromUsername(roles=["admins"], usernames=["...admin usernames..."]),<br> util.RolesFromUsername(roles=["developers"], usernames=["...developer usernames..."])<br> ]<br> )<br><br></div>However, when a developer clicks the "Rebuild" they still get the error about not being an admin.<br><br></div>Why isn't this configuration working?<br></div>
_______________________________________________<br>
users mailing list<br>
<a href="mailto:users@buildbot.net" target="_blank">users@buildbot.net</a><br>
<a href="https://lists.buildbot.net/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.buildbot.net/mailman/listinfo/users</a></blockquote></div>