[users at bb.net] Roles

Pierre Tardy tardyp at gmail.com
Fri Jul 7 10:09:43 UTC 2017 

RoleFromEmailDomain could be a good feature, why not.

you can extact the domain with a more simple way.

domain = email.split("@")[-1]

On Fri, Jul 7, 2017 at 12:05 PM Paulo Matos <pmatos at linki.tools> wrote:

>
>
> On 07/07/17 11:43, Pierre Tardy wrote:
> >
> >
> > On Fri, Jul 7, 2017 at 11:30 AM Paulo Matos <pmatos at linki.tools> wrote:
> >
> >
> >
> >     On 07/07/17 10:47, Pierre Tardy wrote:
> >     > Hi Paulo,
> >     >
> >     > This is not something that is supported by current code.
> >
> >     By 'This' you mean disabling anonymous access?
> >
> > By this I mean using '*' in getRolesFromEmails.
> >
> > The design for people who need tight control like disabling anonymous
> > access is more to use an authentication plugin that supports group (or
> > create one for themselves)
>
> Not sure if I understood what you meant but this seems to work well:
>
> class RoleForDomain(util.RolesFromEmails):
>
>     def __init__(self, **kwargs):
>         super(util.RolesFromEmails, self).__init__()
>
>         self.domain_roles = {}
>         for role, domains in kwargs.items():
>             for domain in domains:
>                 self.domain_roles.setdefault(domain, []).append(role)
>
>     def getRolesFromUser(self, userDetails):
>         if 'email' in userDetails:
>             email = userDetails['email']
>             edomain = re.search('@[a-zA-Z0-9_.]+', email).group()[1:]
>             if edomain in self.domain_roles:
>                 roles = self.domain_roles[edomain]
>                 return roles
>         return []
>
> authz = util.Authz(
>     stringsMatcher=util.fnmatchStrMatcher,
>     allowRules=[
>         util.AnyEndpointMatcher(role="admin", defaultDeny=True),
>         util.AnyControlEndpointMatcher(role="admin"),
>     ],
>     roleMatchers=[
>         RoleForDomain(admin=["matos-sorge.com"])
>     ]
> )
> auth=util.UserPasswordAuth({'pmatos at matos-sorge.com': 'foobar'})
>
>
> In this case if you are not logged in you won't see anything, but if you
> login as pmatos at matos-sorge.com, you'll see everything. Not entirely
> clear on how it works, but it does. What I can't understand is really
> the endpoints bit which looks a bit complicated.
>
> Would you be interested in a pull request with the code for RoleForDomain?
>
>
> --
> Paulo Matos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20170707/20ac88bc/attachment.html>

More information about the users mailing list