Merge branch 'baserock/pedroalvarez/trove-ansible3'

Reviewed-by: Richard Maw
Reviewed-by: Lars Wirzenius

1 files changed, 29 insertions, 0 deletions

diff --git a/share/gitano/skel/gitano-admin/rules/trove-project.lace b/share/gitano/skel/gitano-admin/rules/trove-project.lace
new file mode 100644
index 0000000..c13b307
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/trove-project.lace
@@ -0,0 +1,29 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012,2013 Codethink Limited
+#
+# Rules for {{ TROVE_ID }}/... repositories
+
+# Reading the repository
+allow "Project readers may read" op_read project_reader
+deny "This repository is not for you" op_read
+
+# Basic writes to the repo
+allow "Project writers may write" op_write project_writer
+deny "This repository is not for you" op_write
+
+# Ref based rules for the repo
+deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !ref_is_personal
+
+## Master
+allow "Master may be created" op_createref master_ref
+allow "Master may be altered" op_is_update master_ref
+deny "Master may not be deleted" op_deleteref master_ref
+
+## Anything else.
+allow "Project writers may alter any refs" op_is_reffy !master_ref project_writer
+