diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2014-06-17 10:06:13 +0000 |
---|---|---|
committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2014-06-17 11:12:35 +0000 |
commit | 54e3fbd49d10b70d04e03a646a494ec29a49ffc3 (patch) | |
tree | e7d955af0c4ea29f032709fe06f208509fccaa99 /gitano-admin/rules/siteadmin.lace | |
parent | 5b0245acc1b5b1c520db847d70b1b81bafb4d0c2 (diff) | |
download | trove-setup-54e3fbd49d10b70d04e03a646a494ec29a49ffc3.tar.gz |
Move gitano skeleton to /usr/share/trove-setup/
Diffstat (limited to 'gitano-admin/rules/siteadmin.lace')
-rw-r--r-- | gitano-admin/rules/siteadmin.lace | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/gitano-admin/rules/siteadmin.lace b/gitano-admin/rules/siteadmin.lace deleted file mode 100644 index 06c71bb..0000000 --- a/gitano-admin/rules/siteadmin.lace +++ /dev/null @@ -1,32 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Site administration rules - -# You must explicitly allow site administration here for anyone who -# has the rights to do site admin but isn't an administrator. - -# trove_site_admin is a predicate which matches members of the trove-admin -# group (The site-wide user/group administration group which is not the full -# administration group) -allow "Trove Site Admins can manage users" trove_site_admin op_user -allow "Trove Site Admins can manage groups other than gitano-admin" trove_site_admin op_group !target_group_gitano_admin - -# XXX-managers members are permitted to edit XXX-* groups -define trove_may_admin_target_group group ${targetgroup/prefix}-managers -define target_group_has_hyphen targetgroup ~%- -allow "Trove project managers can manage the groups for their projects" op_group target_group_has_hyphen trove_may_admin_target_group - -# Anyone is permitted to look at the people in trove-admin and *-managers -define trove_target_group_is_trove_admin targetgroup trove-admin -define trove_target_group_is_project_managers targetgroup ~^.+-managers$ -define trove_show_target_ok anyof trove_target_group_is_trove_admin trove_target_group_is_project_managers -allow "Anyone may see admin groups" op_groupshow trove_show_target_ok - -# Otherwise we always deny site administration -deny "You may not perform site administration" |