From f4615911fe111ddc5d692f504782f76cd87b38c7 Mon Sep 17 00:00:00 2001 From: Christophe Monniez Date: Fri, 1 Mar 2024 15:29:32 +0100 Subject: [PATCH] [IMP] runbot: add security rules for objects by projects --- runbot/security/runbot_security.xml | 36 +++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/runbot/security/runbot_security.xml b/runbot/security/runbot_security.xml index 1aa25c6e..8ace14d8 100644 --- a/runbot/security/runbot_security.xml +++ b/runbot/security/runbot_security.xml @@ -130,5 +130,41 @@ + + User can read bundle from public projects or specific groups + + ['|', ('project_id.group_ids.users', 'in', user.id), ('project_id.group_ids', '=', False)] + + + + User can read branch from public projects or specific groups + + ['|', ('bundle_id.project_id.group_ids.users', 'in', user.id), ('bundle_id.project_id.group_ids', '=', False)] + + + + User can read batch from public projects or specific groups + + ['|', ('bundle_id.project_id.group_ids.users', 'in', user.id), ('bundle_id.project_id.group_ids', '=', False)] + + + + User can read commits from public projects or specific groups + + ['|', ('repo_id.project_id.group_ids.users', 'in', user.id), ('repo_id.project_id.group_ids', '=', False)] + + + + User can read batch slot from public projects or specific groups + + ['|', ('batch_id.bundle_id.project_id.group_ids.users', 'in', user.id), ('batch_id.bundle_id.project_id.group_ids', '=', False)] + + + + User can read build from public projects or specific groups + + ['|', ('params_id.project_id.group_ids.users', 'in', user.id), ('params_id.project_id.group_ids', '=', False)] + +