diff options
Diffstat (limited to 'share/gitano/skel/gitano-admin/rules/other-project.lace')
| -rw-r--r-- | share/gitano/skel/gitano-admin/rules/other-project.lace | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/share/gitano/skel/gitano-admin/rules/other-project.lace b/share/gitano/skel/gitano-admin/rules/other-project.lace new file mode 100644 index 0000000..e5f05be --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/other-project.lace @@ -0,0 +1,25 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012,2013 Codethink Limited +# +# Rules for any repository not under {{ TROVE_ID }} + +# This is, by default, /baserock/ and /delta/ + +# There are two classes of accessors here. Lorry and Others +allow "Anyone may read here" op_read +allow "Anyone may write here" op_write !is_anonymous + +# Lorry can do anything reffy which is not inside the local refs +allow "Lorry may touch everything but refs/heads/{{ TROVE_ID }}" op_is_reffy is_lorry !is_local_ref + +# Noone can rewind/rebase outside of their personal refs +deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal + +# Everyone else can do reffy things inside refs/heads/{{ TROVE_ID }} +allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref + |