search

lab132 / buildbot-gitea

Buildbot plugin for integration with gitea.
MIT License
62 stars 21 forks source link

Authorization from Gitea Organizations #32

Closed jcalve closed 10 months ago

jcalve commented 1 year ago

Hi, I would like to know if it's possible to allow authorization from specific organisations from Gitea, this is my current setup which does not seem to work:

c['www']['authz'] = util.Authz(
    allowRules = [
        util.AnyControlEndpointMatcher(role="OrgTeam1"),  # Organization teams
        util.AnyControlEndpointMatcher(role="OrgTeam2")
    ],
    roleMatchers = [
        util.RolesFromGroups(groupPrefix='OrgName/')  # Gitea organization
    ]
)

Edit 1: I was mistaken, it does work for authorization, but I have a ForceScheduler which complains about "you need to have role 'OrgTeam1'", which I do otherwise I could not log in.

pampersrocker commented 1 year ago

The GiteaAuth currently only asks the Gitea /user API endpoint for information about the user, which does not include the list of teams the user is member of sadly. For Teams to be transferred as groups this would need to be extended retrieve the user's teams from the /user/teams and converted into a groups list and returned there as well.

jcalve commented 1 year ago

Ok, thanks.