diff options
author | Richard Maw <richard.maw@gmail.com> | 2017-01-02 18:10:43 +0000 |
---|---|---|
committer | Richard Maw <richard.maw@gmail.com> | 2017-01-02 18:25:52 +0000 |
commit | 2b1274b34b244f293b60035603b3efc7bba0944a (patch) | |
tree | 35819af133f4298194a4ac896411ba46f1b4c5ab /doc | |
parent | 557135fa79d402ca53dbaf8f3f79ca207688c720 (diff) | |
download | gitano-2b1274b34b244f293b60035603b3efc7bba0944a.tar.gz |
admin-doc: Correct explanation of how simple match operators work
Diffstat (limited to 'doc')
-rw-r--r-- | doc/admin/000.mdwn | 49 |
1 files changed, 36 insertions, 13 deletions
diff --git a/doc/admin/000.mdwn b/doc/admin/000.mdwn index c46ed52..2c3e74b 100644 --- a/doc/admin/000.mdwn +++ b/doc/admin/000.mdwn @@ -174,8 +174,8 @@ condition, and either allow or deny access if the condition is true. For example, the following two rules will allow access to cats, and deny access to dogs: - define user_is_cat user cat - define user_is_dog user dog + define user_is_cat user exact cat + define user_is_dog user exact dog allow "Cats are cool" user_is_cat deny "Dogs drool too much" user_is_dog @@ -184,8 +184,8 @@ This is useful for more complicated things. For simpler things, like the example above, you could write the condition directly into the allow/deny statements: - allow "Cats are cool" [user cat] - deny "Dogs drool too much" [user dog] + allow "Cats are cool" [user exact cat] + deny "Dogs drool too much" [user exact dog] What happens if user is neiter cat nor dog? Neither condition will be true, and so access is neither allowed nor denied by the above ruleset @@ -212,15 +212,33 @@ The Lace language consists of the following constructs: The allow/deny statements look like this: - allow "Everyone can see who they are" [operation whoami] - deny "No more repos" [operation createrepo] + allow "Everyone can see who they are" [operation exact whoami] + deny "No more repos" [operation exact createrepo] In other words, the action (`allow` or `deny`), a message shown to the user if the action is taken, and a Boolean condition that decides if the action should be taken. In the example above, the conditions are -`operation whoami` and `operation createrepo`. These use the operator -`operation`, which takes one argument, and evaluates to true if the -user is trying to do that operation. Operation, operation, operation. +`operation exact whoami` and `operation exact createrepo`. +These use the predicate +`operation`, which takes two arguments: + +1. A string comparison operator + + This can be one of: + + 1. `exact` if the operand must be exactly the same as the value. + This makes the most sense for the `operation` operator. + 2. `prefix` if the value must begin with the operand. + 3. `suffix` if the value must end with the operand. + `prefix` is often used for branch namespaces, + and may be used for repository namespaces. + 4. `pattern` if the value must match a lua string match expression. + 5. `pcre` if the value must match a perl-compatible regular expression. + +2. The operand to compare against. + +In this case our condition evalueates to true +if the user is trying to do that operation. ## Predicates in conditions @@ -259,16 +277,21 @@ Table: Gitano predicates Predicates can be combined using the operators `anyof` and `allof`: - allow "Mammals are cool" anyof [user cat] [user dog] + allow "Mammals are cool" anyof [user exact cat] [user exact dog] These operators are followed by a list of conditions, and the result is true if any condition, or all conditions, respectively, are true. `anyof` is Boolean OR, `allof` is Boolean AND. -The result of a condition may be negated with the boolean NOT -operation (`!`): +The result of an `allow`, `deny`, `anyof` or `alloff` condition +may be negated with the boolean NOT operation (`!`): + + deny "No cats" ![user exact cat] + +Predicates may also have the negation of their operation specified, +so the following is equivalent to the above. - deny "Only cats" ![user cat] + deny "No cats" [user !exact cat] ## Variables for conditions |