[users at bb.net] How to add permissions for multiple roles?

Pierre Tardy tardyp at gmail.com
Tue Dec 12 07:39:06 UTC 2017 

Hi Chris,
You need to use defaultDeny=True for all but the last matcher of the same
kind.
http://docs.buildbot.net/latest/manual/cfg-www.html#endpoint-matchers

      allowRules=[
        util.StopBuildEndpointMatcher(role="admins"),
        util.ForceBuildEndpointMatcher(role="admins"),
        util.RebuildBuildEndpointMatcher(role="admins", defaultDeny=False),
        util.RebuildBuildEndpointMatcher(role="developers")
      ],

I also added the AnyControlEndpointMatcher to simplify the rule, and be
more future proof.

      allowRules=[
        util.RebuildBuildEndpointMatcher(role="developers",
defaultDeny=False)
        util.AnyControlEndpointMatcher(role="admins")
      ],


On Mon, Dec 11, 2017 at 11:48 PM Chris Spencer <chrisspen at gmail.com> wrote:

> How do you grant the permission to "rebuild" to multiple groups? I have an
> "admin" group with all permissions, but I want to give a "developers" group
> this permission as well, but not the other permissions.
>
> So I tried adding `RebuildBuildEndpointMatcher(role="developers")` to my
> Authz's allowRules list like:
>
>     authz = util.Authz(
>       allowRules=[
>         util.StopBuildEndpointMatcher(role="admins"),
>         util.ForceBuildEndpointMatcher(role="admins"),
>         util.RebuildBuildEndpointMatcher(role="admins"),
>         util.RebuildBuildEndpointMatcher(role="developers") # added this
>       ],
>       roleMatchers=[
>         util.RolesFromEmails(admins=["...admin emails..."]),
>         util.RolesFromUsername(roles=["admins"], usernames=["...admin
> usernames..."]),
>         util.RolesFromUsername(roles=["developers"],
> usernames=["...developer usernames..."])
>       ]
>     )
>
> However, when a developer clicks the "Rebuild" they still get the error
> about not being an admin.
>
> Why isn't this configuration working?
> _______________________________________________
> users mailing list
> users at buildbot.net
> https://lists.buildbot.net/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20171212/6ad3d7b5/attachment.html>

More information about the users mailing list