From 466b1eeb08cf73c10b368ac99cc87e6d9029a3c7 Mon Sep 17 00:00:00 2001
From: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
Date: Wed, 24 Oct 2012 14:53:04 +0100
Subject: Ensure that trove cannot be impersonated by trove-admin

---
 gitano-admin/rules/aschecks.lace | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gitano-admin/rules/aschecks.lace b/gitano-admin/rules/aschecks.lace
index 467e8a4..fc76440 100644
--- a/gitano-admin/rules/aschecks.lace
+++ b/gitano-admin/rules/aschecks.lace
@@ -15,10 +15,11 @@
 define as_is_admin as_group gitano-admin
 
 # trove-admin members are permitted to run sshkey and whoami on behalf
-# of others in order to check users and grant access
+# of others in order to check users and grant access, providing the target
+# user is not part of the gitano-admin group.
 
 define as_is_trove_admin as_group trove-admin
-define as_trove_admin_ok allof as_is_trove_admin op_self
+define as_trove_admin_ok allof as_is_trove_admin !is_admin op_self
 
 # You are permitted to do things 'as' others if and only if the caller is
 # either a member of the administration group, or else meets the above
-- 
cgit v1.2.1