diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2014-06-17 10:06:13 +0000 |
---|---|---|
committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2014-06-17 11:12:35 +0000 |
commit | 54e3fbd49d10b70d04e03a646a494ec29a49ffc3 (patch) | |
tree | e7d955af0c4ea29f032709fe06f208509fccaa99 /gitano-admin/rules/core.lace | |
parent | 5b0245acc1b5b1c520db847d70b1b81bafb4d0c2 (diff) | |
download | trove-setup-54e3fbd49d10b70d04e03a646a494ec29a49ffc3.tar.gz |
Move gitano skeleton to /usr/share/trove-setup/
Diffstat (limited to 'gitano-admin/rules/core.lace')
-rw-r--r-- | gitano-admin/rules/core.lace | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/gitano-admin/rules/core.lace b/gitano-admin/rules/core.lace deleted file mode 100644 index dab7cfb..0000000 --- a/gitano-admin/rules/core.lace +++ /dev/null @@ -1,47 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Core ruleset definitions for Trove. - -default deny "Trove ruleset failed to define result. Access denied." - -include global:defines - -# The users in the administration group (gitano-admin) may do anything -# they choose (providing they're not being impersonated). By default -# Only the user created as part of trove-setup has this level of access. -allow "Administrators can do anything" is_admin !if_asanother - -# Now let's decide if we can use 'as' -include global:aschecks if_asanother - -# Operations which are against 'self' get checked next -include global:selfchecks - -# Administration operations (users, groups) next -include global:siteadmin op_is_admin - -# Site-defined rules for repository creation -include global:createrepo op_createrepo - -# Site-defined rules for repository renaming -include global:renamerepo op_renamerepo - -# Site-defined rules for repository destruction -include global:destroyrepo op_destroyrepo - -# Site-defined rules for project repositories, including admin of them -include global:project - -# Now the project rules themselves -include main - -# If you're running your access control somewhat more openly than most, You can -# now uncomment the following and allow git:// access to *everything* which is -# not the admin repository -# allow "Anonymous access is okay" op_read !is_admin_repo |