Initial ruleset and beginnings of gitano-admin overlay

author: Daniel Silverstone <daniel.silverstone@codethink.co.uk> 2012-09-07 14:29:43 +0100
committer: Daniel Silverstone <daniel.silverstone@codethink.co.uk> 2012-09-07 14:29:43 +0100
commit: fb652434121c382fc622845ec714c2a14f2fde58 (patch)
tree: 5454fa43967ebb883173057c5f45fb318b818824 /gitano-admin/rules/adminchecks.lace
parent: 860ec2f6436ac7cba31969ab13f163c9fbe691d6 (diff)
download: trove-setup-fb652434121c382fc622845ec714c2a14f2fde58.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/gitano-admin/rules/adminchecks.lace b/gitano-admin/rules/adminchecks.lace
new file mode 100644
index 0000000..9d4864b
--- /dev/null
+++ b/gitano-admin/rules/adminchecks.lace
@@ -0,0 +1,18 @@
+# Core project administration rules
+
+# Called with ref known to be refs/gitano/admin
+
+# Administrators already got to do anything, so this is for non-admins
+
+# Non-admin members may not delete the admin ref
+deny "Non-administrators may not delete the admin ref" op_deleteref
+
+# Otherwise, the project's owner is allowed to alter the admin tree
+allow "Project owner may alter the admin ref" is_owner
+
+# Project admins may alter admin
+allow "Project admins may alter the admin ref of project repos" repo_has_project_code ct_admin
+
+# Any other opportunities for altering the admin ref must be provided
+# by the project's rules
+ 
+\ No newline at end of file
author	Daniel Silverstone <daniel.silverstone@codethink.co.uk>	2012-09-07 14:29:43 +0100
committer	Daniel Silverstone <daniel.silverstone@codethink.co.uk>	2012-09-07 14:29:43 +0100
commit	fb652434121c382fc622845ec714c2a14f2fde58 (patch)
tree	5454fa43967ebb883173057c5f45fb318b818824 /gitano-admin/rules/adminchecks.lace
parent	860ec2f6436ac7cba31969ab13f163c9fbe691d6 (diff)
download	trove-setup-fb652434121c382fc622845ec714c2a14f2fde58.tar.gz