blob: 16b6d965c37bb002724261ff5e10b19bbf591a33 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# _____
# |_ _| __ _____ _____
# | || '__/ _ \ \ / / _ \
# | || | | (_) \ V / __/
# |_||_| \___/ \_/ \___|
#
# Copyright 2012,2013 Codethink Limited
#
# Core definitions for access control
# Gitano provided definitions first
# User/group related
define is_admin group gitano-admin
define is_owner owner ${user}
define is_anonymous user gitano/anonymous
define if_asanother as_user ~.
# Self-related operations
define op_whoami operation whoami
define op_sshkey operation sshkey
define op_passwd operation passwd
define op_self anyof op_whoami op_sshkey op_passwd
# Admin-related operations
## Users
define op_useradd operation useradd
define op_userdel operation userdel
define op_userlist operation userlist
define op_useremail operation useremail
define op_username operation username
define op_user anyof op_userlist op_useradd op_userdel op_useremail op_username
## Groups
define op_grouplist operation grouplist
define op_groupshow operation groupshow
define op_groupadd operation groupadd
define op_groupdel operation groupdel
define op_groupadduser operation groupadduser
define op_groupdeluser operation groupdeluser
define op_groupaddgroup operation groupaddgroup
define op_groupdelgroup operation groupdelgroup
define op_groupdescription operation groupdescription
define op_group anyof op_grouplist op_groupshow op_groupadd op_groupdel op_groupadduser op_groupdeluser op_groupaddgroup op_groupdelgroup op_groupdescription
## Aggregation of admin ops
define op_is_admin anyof op_user op_group
# Primary repository-related operations
define op_read operation read
define op_write operation write
define op_createrepo operation createrepo
define op_renamerepo operation renamerepo
define op_destroyrepo operation destroyrepo
# Remote configuration operations
define op_config_show operation config_show
define op_config_set operation config_set
define op_config_del operation config_del
define op_is_config anyof op_config_show op_config_set op_config_del
# Reference update related operations
define op_createref operation createref
define op_deleteref operation deleteref
define op_fastforward operation updaterefff
define op_forcedupdate operation updaterefnonff
# Combinator operations
define op_is_basic anyof op_read op_write
define op_is_update anyof op_fastforward op_forcedupdate
define op_is_normal anyof op_fastforward op_createref op_deleteref
# Administration
define is_admin_repo repository gitano-admin
define is_gitano_ref ref ~^refs/gitano/
define is_admin_ref ref refs/gitano/admin
#
#
# Trove definitions after here
#
#
define repo_is_personal repository ~^{{ ESC_PERSONAL_PREFIX }}/${user}/
define ref_is_personal ref ~^refs/heads/{{ ESC_PREFIX }}/${user}/
define repo_is_local_project repository ~^{{ ESC_PREFIX }}/[^/]+/
define project_reader group ${repository/2}-readers
define project_writer group ${repository/2}-writers
define project_admin group ${repository/2}-admins
define project_manager group ${repository/2}-managers
define master_ref ref ~^refs/heads/master$
define op_is_reffy anyof op_is_normal op_forcedupdate
define trove_site_admin group trove-admin
define target_group_gitano_admin targetgroup gitano-admin
define is_lorry user lorry
define is_local_branch ref ~^refs/heads/{{ ESC_PREFIX }}/
define is_local_tag ref ~^refs/tags/{{ ESC_PREFIX }}/
define lorryable_repo allof !repo_is_local_project !repo_is_personal !is_admin_repo
define is_worker group workers
|
