1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Authorization
=============
Buildbot authorization is designed to address the following requirements:
- Most of the configuration is only data:
We avoid to require from the user to write callbacks for most of the use cases.
This is to allow to load the config from yaml or json, and eventually do a UI for authorization config.
- Separation of concerns:
* Mapping users to roles
* Mapping roles to REST endpoints
- Configuration should not need hardcoding endpoint paths
- Easy to extend
Use cases
---------
- Members of admin group should have access to all resources and actions
- Developers can run the "try" builders
- Integrators can run the "merge" builders
- Release team can run the "release" builders
- There are separate teams for different branches or projects, but the roles are identical
- Owners of builds can stop builds or buildrequests
- Secret branch's builds are hidden from people except explicitly authorized
|
