Le ven. 19 août 2016 à 21:37, Narunas Krasauskas <[email protected]> a écrit :
> Hi Pierre, > > Thanks for the comment. > > The security schemes implemented in buildbot was mainly done to prevent >> users to do some restricted actions on the bot. >> >> I was not aware of the view restriction functionality in buildbot eight. >> Indeed it looks like to very well implemented if the json api is not >> accounting for this restriction. >> > > I hope you have meant "Indeed it looks like NOT very well implemented", > otherwise I find it hard to understand how is that an advantage that > "/json" bypasses "basic auth"? > Indeed, sorry the json api does not take auth into account. > > >> You can in theory configure read restrictions in buildbot nine, however >> this is not supported by the UI, and might give you strange results. >> > > So basically you are saying, that to control read access the best option I > have is indeed to put it behind reverse proxy or otherwise implement my own > web api (which would make it invisible to the internets anyway)? > I was rather hoping that if someone ever need read access restriction in buildbot, he/she would contribute it to the open source project. Like I said, this will mostly be a matter of testing it, and make sure the UI properly reacts to 401 errors. Regards Pierre
_______________________________________________ users mailing list [email protected] https://lists.buildbot.net/mailman/listinfo/users
