diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-06-29 22:40:18 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-06-29 22:40:18 +0100 |
commit | 46890c9b82ebd5b5f4d1fcceeecd36c51d6880fa (patch) | |
tree | 17595b604c19184606abbf771bc927486cab49c2 /example | |
parent | aa93ae86a60b747e791e7abd6eac972d88a79e06 (diff) | |
download | gitano-46890c9b82ebd5b5f4d1fcceeecd36c51d6880fa.tar.gz |
Initial 'as' support in the lace
Diffstat (limited to 'example')
-rw-r--r-- | example/gitano-admin/rules/aschecks.lace | 8 | ||||
-rw-r--r-- | example/gitano-admin/rules/core.lace | 3 | ||||
-rw-r--r-- | example/gitano-admin/rules/defines.lace | 2 |
3 files changed, 13 insertions, 0 deletions
diff --git a/example/gitano-admin/rules/aschecks.lace b/example/gitano-admin/rules/aschecks.lace new file mode 100644 index 0000000..3623709 --- /dev/null +++ b/example/gitano-admin/rules/aschecks.lace @@ -0,0 +1,8 @@ +# Rules for when we're running as another user. +# Only 'deny' things which are not allowed. +# If you 'allow' then it will allow the actual operation, not just +# fail to deny the fact that it's 'as' someone else. + +define as_is_admin as_group gitano-admin + +deny "You may not run things as another user unless you are an admin" !as_is_admin diff --git a/example/gitano-admin/rules/core.lace b/example/gitano-admin/rules/core.lace index 1fcc46a..abb3e6c 100644 --- a/example/gitano-admin/rules/core.lace +++ b/example/gitano-admin/rules/core.lace @@ -7,6 +7,9 @@ include global:defines # Now, if we're in the admin group, we can always do stuff allow "Administrators can do anything" is_admin +# Now let's decide if we can use 'as' +include global:aschecks if_asanother + # Owners of repositories are allowed to hand it over allow "Owners can hand over repositories" is_owner op_setowner diff --git a/example/gitano-admin/rules/defines.lace b/example/gitano-admin/rules/defines.lace index 870fffc..612d467 100644 --- a/example/gitano-admin/rules/defines.lace +++ b/example/gitano-admin/rules/defines.lace @@ -4,6 +4,8 @@ define is_admin group gitano-admin define is_owner owner ${user} +define if_asanother as_user ~. + # Primary repository-related operations define op_read operation read define op_write operation write |