Authorization ============= Buildbot authorization is designed to address the following requirements: - Most of the configuration is only data: We avoid to require from the user to write callbacks for most of the use cases. This is to allow to load the config from yaml or json, and eventually do a UI for authorization config. - Separation of concerns: * Mapping users to roles * Mapping roles to REST endpoints - Configuration should not need hardcoding endpoint paths - Easy to extend Use cases --------- - Members of admin group should have access to all resources and actions - Developers can run the "try" builders - Integrators can run the "merge" builders - Release team can run the "release" builders - There are separate teams for different branches or projects, but the roles are identical - Owners of builds can stop builds or buildrequests - Secret branch's builds are hidden from people except explicitly authorized