[users at bb.net] Roles
Pierre Tardy
tardyp at gmail.com
Fri Jul 7 10:09:43 UTC 2017
RoleFromEmailDomain could be a good feature, why not.
you can extact the domain with a more simple way.
domain = email.split("@")[-1]
On Fri, Jul 7, 2017 at 12:05 PM Paulo Matos <pmatos at linki.tools> wrote:
>
>
> On 07/07/17 11:43, Pierre Tardy wrote:
> >
> >
> > On Fri, Jul 7, 2017 at 11:30 AM Paulo Matos <pmatos at linki.tools> wrote:
> >
> >
> >
> > On 07/07/17 10:47, Pierre Tardy wrote:
> > > Hi Paulo,
> > >
> > > This is not something that is supported by current code.
> >
> > By 'This' you mean disabling anonymous access?
> >
> > By this I mean using '*' in getRolesFromEmails.
> >
> > The design for people who need tight control like disabling anonymous
> > access is more to use an authentication plugin that supports group (or
> > create one for themselves)
>
> Not sure if I understood what you meant but this seems to work well:
>
> class RoleForDomain(util.RolesFromEmails):
>
> def __init__(self, **kwargs):
> super(util.RolesFromEmails, self).__init__()
>
> self.domain_roles = {}
> for role, domains in kwargs.items():
> for domain in domains:
> self.domain_roles.setdefault(domain, []).append(role)
>
> def getRolesFromUser(self, userDetails):
> if 'email' in userDetails:
> email = userDetails['email']
> edomain = re.search('@[a-zA-Z0-9_.]+', email).group()[1:]
> if edomain in self.domain_roles:
> roles = self.domain_roles[edomain]
> return roles
> return []
>
> authz = util.Authz(
> stringsMatcher=util.fnmatchStrMatcher,
> allowRules=[
> util.AnyEndpointMatcher(role="admin", defaultDeny=True),
> util.AnyControlEndpointMatcher(role="admin"),
> ],
> roleMatchers=[
> RoleForDomain(admin=["matos-sorge.com"])
> ]
> )
> auth=util.UserPasswordAuth({'pmatos at matos-sorge.com': 'foobar'})
>
>
> In this case if you are not logged in you won't see anything, but if you
> login as pmatos at matos-sorge.com, you'll see everything. Not entirely
> clear on how it works, but it does. What I can't understand is really
> the endpoints bit which looks a bit complicated.
>
> Would you be interested in a pull request with the code for RoleForDomain?
>
>
> --
> Paulo Matos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170707/20ac88bc/attachment.html>
More information about the users
mailing list