diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-07-01 09:23:53 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-07-01 09:24:59 +0100 |
commit | 56928288f9cbf0944858e607755ab66ceffb7846 (patch) | |
tree | 31ed37314cc36cb9ba875ff222c7ac1fa0afe94f /example | |
parent | 94c40310d7051bebc114f99ed8aea36c67ca90bb (diff) | |
download | gitano-56928288f9cbf0944858e607755ab66ceffb7846.tar.gz |
EXAMPLE: Update example for user command lace
Diffstat (limited to 'example')
-rw-r--r-- | example/gitano-admin/rules/core.lace | 3 | ||||
-rw-r--r-- | example/gitano-admin/rules/defines.lace | 24 | ||||
-rw-r--r-- | example/gitano-admin/rules/siteadmin.lace | 7 |
3 files changed, 34 insertions, 0 deletions
diff --git a/example/gitano-admin/rules/core.lace b/example/gitano-admin/rules/core.lace index 6d3857b..5cdb388 100644 --- a/example/gitano-admin/rules/core.lace +++ b/example/gitano-admin/rules/core.lace @@ -13,6 +13,9 @@ include global:aschecks if_asanother # Operations which are against 'self' get checked next include global:selfchecks +# Administration operations (users, groups) next +include global:siteadmin op_is_admin + # Owners of repositories are allowed to hand it over allow "Owners can hand over repositories" is_owner op_setowner diff --git a/example/gitano-admin/rules/defines.lace b/example/gitano-admin/rules/defines.lace index 9c8324f..6f100ae 100644 --- a/example/gitano-admin/rules/defines.lace +++ b/example/gitano-admin/rules/defines.lace @@ -10,6 +10,30 @@ define if_asanother as_user ~. define op_whoami operation whoami define op_sshkey operation sshkey +# Admin-related operations + +## Users +define op_useradd operation useradd +define op_userdel operation userdel +define op_userlist operation userlist +define op_useremail operation useremail +define op_username operation username +define op_user anyof op_userlist op_useradd op_userdel op_useremail op_username + +## Groups +define op_grouplist operation grouplist +define op_groupadd operation groupadd +define op_groupdel operation groupdel +define op_groupadduser operation groupadduser +define op_groupdeluser operation groupdeluser +define op_groupaddgroup operation groupaddgroup +define op_groupdelgroup operation groupdelgroup +define op_groupdescription operation groupdescription +define op_group anyof op_grouplist op_groupadd op_groupdel op_groupadduser op_groupdeluser op_groupaddgroup op_groupdelgroup op_groupdescription + +## Aggregation of admin ops +define op_is_admin anyof op_user op_group + # Primary repository-related operations define op_read operation read define op_write operation write diff --git a/example/gitano-admin/rules/siteadmin.lace b/example/gitano-admin/rules/siteadmin.lace new file mode 100644 index 0000000..bf72bb2 --- /dev/null +++ b/example/gitano-admin/rules/siteadmin.lace @@ -0,0 +1,7 @@ +# Site administration rules + +# You must explicitly allow site administration here for anyone who +# has the rights to do site admin but isn't a member of gitano-admin. + +# Otherwise we always deny site administration +deny "You may not perform site administration" |