From a45db16529860afb63a866a6c9efbcd34a56eba0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kamil=20P=C3=A1ral?= <kparal@redhat.com>
Date: Thu, 7 Feb 2019 16:28:58 +0100
Subject: [PATCH] taskotron dev: only allow authorized users to make changes in
 web ui

---
 .../templates/taskotron.master.cfg.j2.dev        | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/roles/taskotron/buildmaster-configure/templates/taskotron.master.cfg.j2.dev b/roles/taskotron/buildmaster-configure/templates/taskotron.master.cfg.j2.dev
index d7fee0ee05..c4851ad10c 100644
--- a/roles/taskotron/buildmaster-configure/templates/taskotron.master.cfg.j2.dev
+++ b/roles/taskotron/buildmaster-configure/templates/taskotron.master.cfg.j2.dev
@@ -423,6 +423,22 @@ c['www'] = {
         "{{ local_buildbot_user }}": "{{ local_buildbot_password }}",
 {% endif %}
     }),
+    'authz': util.Authz(
+        allowRules=[
+            util.AnyControlEndpointMatcher(role="admins"),
+        ],
+        roleMatchers=[
+{% if deployment_type == 'dev' %}
+            util.RolesFromUsername(roles=['admins'], usernames=["{{ dev_buildbot_user }}"]),
+{% elif deployment_type == 'stg' %}
+            util.RolesFromUsername(roles=['admins'], usernames=["{{ stg_buildbot_user }}"]),
+{% elif deployment_type == 'prod' %}
+            util.RolesFromUsername(roles=['admins'], usernames=["{{ prod_buildbot_user }}"]),
+{% elif deployment_type == 'local' %}
+            util.RolesFromUsername(roles=['admins'], usernames=["{{ local_buildbot_user }}"]),
+{% endif %}
+        ]
+    ),
 }