[users at bb.net] How to add permissions for multiple roles?

Chris Spencer chrisspen at gmail.com
Tue Dec 12 16:59:49 UTC 2017


Thanks.

On Tue, Dec 12, 2017 at 2:39 AM, Pierre Tardy <tardyp at gmail.com> wrote:

> Hi Chris,
> You need to use defaultDeny=True for all but the last matcher of the same
> kind.
> http://docs.buildbot.net/latest/manual/cfg-www.html#endpoint-matchers
>
>       allowRules=[
>         util.StopBuildEndpointMatcher(role="admins"),
>         util.ForceBuildEndpointMatcher(role="admins"),
>         util.RebuildBuildEndpointMatcher(role="admins",
> defaultDeny=False),
>         util.RebuildBuildEndpointMatcher(role="developers")
>       ],
>
> I also added the AnyControlEndpointMatcher to simplify the rule, and be
> more future proof.
>
>       allowRules=[
>         util.RebuildBuildEndpointMatcher(role="developers",
> defaultDeny=False)
>         util.AnyControlEndpointMatcher(role="admins")
>       ],
>
>
> On Mon, Dec 11, 2017 at 11:48 PM Chris Spencer <chrisspen at gmail.com>
> wrote:
>
>> How do you grant the permission to "rebuild" to multiple groups? I have
>> an "admin" group with all permissions, but I want to give a "developers"
>> group this permission as well, but not the other permissions.
>>
>> So I tried adding `RebuildBuildEndpointMatcher(role="developers")` to my
>> Authz's allowRules list like:
>>
>>     authz = util.Authz(
>>       allowRules=[
>>         util.StopBuildEndpointMatcher(role="admins"),
>>         util.ForceBuildEndpointMatcher(role="admins"),
>>         util.RebuildBuildEndpointMatcher(role="admins"),
>>         util.RebuildBuildEndpointMatcher(role="developers") # added this
>>       ],
>>       roleMatchers=[
>>         util.RolesFromEmails(admins=["...admin emails..."]),
>>         util.RolesFromUsername(roles=["admins"], usernames=["...admin
>> usernames..."]),
>>         util.RolesFromUsername(roles=["developers"],
>> usernames=["...developer usernames..."])
>>       ]
>>     )
>>
>> However, when a developer clicks the "Rebuild" they still get the error
>> about not being an admin.
>>
>> Why isn't this configuration working?
>> _______________________________________________
>> users mailing list
>> users at buildbot.net
>> https://lists.buildbot.net/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20171212/511651e0/attachment.html>


More information about the users mailing list