Merge branch 'baserock/pedroalvarez/trove-ansible3'

Reviewed-by: Richard Maw
Reviewed-by: Lars Wirzenius

1 files changed, 25 insertions, 0 deletions

diff --git a/share/gitano/skel/gitano-admin/rules/adminchecks.lace b/share/gitano/skel/gitano-admin/rules/adminchecks.lace
new file mode 100644
index 0000000..ffe99a0
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/adminchecks.lace
@@ -0,0 +1,25 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Core project administration rules
+
+# Called with ref known to be refs/gitano/admin
+
+# Administrators already got to do anything, so this is for non-admins
+
+# Non-admin members may not delete the admin ref
+deny "Non-administrators may not delete the admin ref" op_deleteref
+
+# Otherwise, the project's owner is allowed to alter the admin tree
+allow "Project owner may alter the admin ref" is_owner repo_is_personal
+
+# Project admins may alter admin refs
+allow "Project admins may alter the admin ref of project repos" repo_is_local_project project_admin
+
+# Any other opportunities for altering the admin ref must be provided
+# by the project's rules