diff options
Diffstat (limited to 'gitano-admin')
-rw-r--r-- | gitano-admin/rules/defines.lace | 4 | ||||
-rw-r--r-- | gitano-admin/rules/other-project.lace | 2 | ||||
-rw-r--r-- | gitano-admin/rules/selfchecks.lace | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/gitano-admin/rules/defines.lace b/gitano-admin/rules/defines.lace index ab49034..380948a 100644 --- a/gitano-admin/rules/defines.lace +++ b/gitano-admin/rules/defines.lace @@ -13,13 +13,15 @@ # User/group related define is_admin group gitano-admin define is_owner owner ${user} +define is_anonymous user gitano/anonymous define if_asanother as_user ~. # Self-related operations define op_whoami operation whoami define op_sshkey operation sshkey -define op_self anyof op_whoami op_sshkey +define op_passwd operation passwd +define op_self anyof op_whoami op_sshkey op_passwd # Admin-related operations diff --git a/gitano-admin/rules/other-project.lace b/gitano-admin/rules/other-project.lace index a42c06a..7bc80cc 100644 --- a/gitano-admin/rules/other-project.lace +++ b/gitano-admin/rules/other-project.lace @@ -12,7 +12,7 @@ # There are two classes of accessors here. Lorry and Others allow "Anyone may read here" op_read -allow "Anyone may write here" op_write +allow "Anyone may write here" op_write !is_anonymous # Lorry can do anything reffy which is not inside the local refs allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref diff --git a/gitano-admin/rules/selfchecks.lace b/gitano-admin/rules/selfchecks.lace index 44e96bd..83ef778 100644 --- a/gitano-admin/rules/selfchecks.lace +++ b/gitano-admin/rules/selfchecks.lace @@ -11,3 +11,5 @@ allow "You may ask who you are" op_whoami allow "You may manage your own ssh keys" op_sshkey + +allow "You may change your own password" op_passwd |