summaryrefslogtreecommitdiff
path: root/share/gitano/skel/gitano-admin/rules/other-project.lace
diff options
context:
space:
mode:
Diffstat (limited to 'share/gitano/skel/gitano-admin/rules/other-project.lace')
-rw-r--r--share/gitano/skel/gitano-admin/rules/other-project.lace5
1 files changed, 3 insertions, 2 deletions
diff --git a/share/gitano/skel/gitano-admin/rules/other-project.lace b/share/gitano/skel/gitano-admin/rules/other-project.lace
index e5f05be..346718e 100644
--- a/share/gitano/skel/gitano-admin/rules/other-project.lace
+++ b/share/gitano/skel/gitano-admin/rules/other-project.lace
@@ -15,11 +15,12 @@ allow "Anyone may read here" op_read
allow "Anyone may write here" op_write !is_anonymous
# Lorry can do anything reffy which is not inside the local refs
-allow "Lorry may touch everything but refs/heads/{{ TROVE_ID }}" op_is_reffy is_lorry !is_local_ref
+allow "Lorry may touch everything but refs/heads/{{ TROVE_ID }} or refs/tags/{{ TROVE_ID }}" op_is_reffy is_lorry !is_local_branch !is_local_tag
# Noone can rewind/rebase outside of their personal refs
deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal
# Everyone else can do reffy things inside refs/heads/{{ TROVE_ID }}
-allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref
+allow "Project writers may alter any branches in the {{ TROVE_ID }} namespace" op_is_reffy !is_lorry is_local_branch
+allow "Project writers may alter any tags in the {{ TROVE_ID }} namespace" op_is_reffy !is_lorry is_local_tag
View Lorry Controller Status