ruleset: project.readers and project.writers

2 files changed, 10 insertions, 0 deletions

diff --git a/skel/gitano-admin/rules/defines.lace b/skel/gitano-admin/rules/defines.lace
index 6043bac..ec3fbd1 100644
--- a/skel/gitano-admin/rules/defines.lace
+++ b/skel/gitano-admin/rules/defines.lace
@@ -112,3 +112,7 @@ define op_is_normal anyof op_fastforward op_createref op_deleteref
 define is_admin_repo repository exact gitano-admin
 define is_gitano_ref ref prefix refs/gitano/
 define is_admin_ref ref exact refs/gitano/admin
+
+# Project readers and writers
+define is_project_reader config/project/readers exact ${user}
+define is_project_writer config/project/writers exact ${user}
diff --git a/skel/gitano-admin/rules/project.lace b/skel/gitano-admin/rules/project.lace
index aafa17c..3bcaf7e 100644
--- a/skel/gitano-admin/rules/project.lace
+++ b/skel/gitano-admin/rules/project.lace
@@ -28,6 +28,12 @@
 #
 # Core project administration rules
 
+allow "User is project reader" op_read is_project_reader
+
+allow "User is project writer" op_read is_project_writer
+allow "User is project writer" op_write is_project_writer
+allow "User is project writer" op_is_normal is_project_writer
+
 # Admins already got allowed, so this is for non-admin users only
 allow "Owners can always read and write" op_is_basic is_owner