diff options
Diffstat (limited to 'gitano-admin/rules/siteadmin.lace')
-rw-r--r-- | gitano-admin/rules/siteadmin.lace | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/gitano-admin/rules/siteadmin.lace b/gitano-admin/rules/siteadmin.lace deleted file mode 100644 index 06c71bb..0000000 --- a/gitano-admin/rules/siteadmin.lace +++ /dev/null @@ -1,32 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Site administration rules - -# You must explicitly allow site administration here for anyone who -# has the rights to do site admin but isn't an administrator. - -# trove_site_admin is a predicate which matches members of the trove-admin -# group (The site-wide user/group administration group which is not the full -# administration group) -allow "Trove Site Admins can manage users" trove_site_admin op_user -allow "Trove Site Admins can manage groups other than gitano-admin" trove_site_admin op_group !target_group_gitano_admin - -# XXX-managers members are permitted to edit XXX-* groups -define trove_may_admin_target_group group ${targetgroup/prefix}-managers -define target_group_has_hyphen targetgroup ~%- -allow "Trove project managers can manage the groups for their projects" op_group target_group_has_hyphen trove_may_admin_target_group - -# Anyone is permitted to look at the people in trove-admin and *-managers -define trove_target_group_is_trove_admin targetgroup trove-admin -define trove_target_group_is_project_managers targetgroup ~^.+-managers$ -define trove_show_target_ok anyof trove_target_group_is_trove_admin trove_target_group_is_project_managers -allow "Anyone may see admin groups" op_groupshow trove_show_target_ok - -# Otherwise we always deny site administration -deny "You may not perform site administration" |