EXAMPLE: Change from a .git to a set of files, so it's easier to see/edit the example gitano-admin

28 files changed, 113 insertions, 483 deletions

diff --git a/example/gitano-admin.git/HEAD b/example/gitano-admin.git/HEAD
deleted file mode 100644
index cb089cd..0000000
--- a/example/gitano-admin.git/HEAD
+++ /dev/null
@@ -1 +0,0 @@
-ref: refs/heads/master
diff --git a/example/gitano-admin.git/config b/example/gitano-admin.git/config
deleted file mode 100644
index 07d359d..0000000
--- a/example/gitano-admin.git/config
+++ /dev/null
@@ -1,4 +0,0 @@
-[core]
-	repositoryformatversion = 0
-	filemode = true
-	bare = true
diff --git a/example/gitano-admin.git/description b/example/gitano-admin.git/description
deleted file mode 100644
index 498b267..0000000
--- a/example/gitano-admin.git/description
+++ /dev/null
@@ -1 +0,0 @@
-Unnamed repository; edit this file 'description' to name the repository.
diff --git a/example/gitano-admin.git/hooks/applypatch-msg.sample b/example/gitano-admin.git/hooks/applypatch-msg.sample
deleted file mode 100755
index 8b2a2fe..0000000
--- a/example/gitano-admin.git/hooks/applypatch-msg.sample
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to check the commit log message taken by
-# applypatch from an e-mail message.
-#
-# The hook should exit with non-zero status after issuing an
-# appropriate message if it wants to stop the commit.  The hook is
-# allowed to edit the commit message file.
-#
-# To enable this hook, rename this file to "applypatch-msg".
-
-. git-sh-setup
-test -x "$GIT_DIR/hooks/commit-msg" &&
-	exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"}
-:
diff --git a/example/gitano-admin.git/hooks/commit-msg.sample b/example/gitano-admin.git/hooks/commit-msg.sample
deleted file mode 100755
index b58d118..0000000
--- a/example/gitano-admin.git/hooks/commit-msg.sample
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to check the commit log message.
-# Called by "git commit" with one argument, the name of the file
-# that has the commit message.  The hook should exit with non-zero
-# status after issuing an appropriate message if it wants to stop the
-# commit.  The hook is allowed to edit the commit message file.
-#
-# To enable this hook, rename this file to "commit-msg".
-
-# Uncomment the below to add a Signed-off-by line to the message.
-# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
-# hook is more suited to it.
-#
-# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
-# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
-
-# This example catches duplicate Signed-off-by lines.
-
-test "" = "$(grep '^Signed-off-by: ' "$1" |
-	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
-	echo >&2 Duplicate Signed-off-by lines.
-	exit 1
-}
diff --git a/example/gitano-admin.git/hooks/post-commit.sample b/example/gitano-admin.git/hooks/post-commit.sample
deleted file mode 100755
index 2266821..0000000
--- a/example/gitano-admin.git/hooks/post-commit.sample
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# An example hook script that is called after a successful
-# commit is made.
-#
-# To enable this hook, rename this file to "post-commit".
-
-: Nothing
diff --git a/example/gitano-admin.git/hooks/post-receive.sample b/example/gitano-admin.git/hooks/post-receive.sample
deleted file mode 100755
index 7a83e17..0000000
--- a/example/gitano-admin.git/hooks/post-receive.sample
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-#
-# An example hook script for the "post-receive" event.
-#
-# The "post-receive" script is run after receive-pack has accepted a pack
-# and the repository has been updated.  It is passed arguments in through
-# stdin in the form
-#  <oldrev> <newrev> <refname>
-# For example:
-#  aa453216d1b3e49e7f6f98441fa56946ddcd6a20 68f7abf4e6f922807889f52bc043ecd31b79f814 refs/heads/master
-#
-# see contrib/hooks/ for a sample, or uncomment the next line and
-# rename the file to "post-receive".
-
-#. /usr/share/doc/git-core/contrib/hooks/post-receive-email
diff --git a/example/gitano-admin.git/hooks/post-update.sample b/example/gitano-admin.git/hooks/post-update.sample
deleted file mode 100755
index ec17ec1..0000000
--- a/example/gitano-admin.git/hooks/post-update.sample
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to prepare a packed repository for use over
-# dumb transports.
-#
-# To enable this hook, rename this file to "post-update".
-
-exec git update-server-info
diff --git a/example/gitano-admin.git/hooks/pre-applypatch.sample b/example/gitano-admin.git/hooks/pre-applypatch.sample
deleted file mode 100755
index b1f187c..0000000
--- a/example/gitano-admin.git/hooks/pre-applypatch.sample
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to verify what is about to be committed
-# by applypatch from an e-mail message.
-#
-# The hook should exit with non-zero status after issuing an
-# appropriate message if it wants to stop the commit.
-#
-# To enable this hook, rename this file to "pre-applypatch".
-
-. git-sh-setup
-test -x "$GIT_DIR/hooks/pre-commit" &&
-	exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"}
-:
diff --git a/example/gitano-admin.git/hooks/pre-commit.sample b/example/gitano-admin.git/hooks/pre-commit.sample
deleted file mode 100755
index b187c4b..0000000
--- a/example/gitano-admin.git/hooks/pre-commit.sample
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to verify what is about to be committed.
-# Called by "git commit" with no arguments.  The hook should
-# exit with non-zero status after issuing an appropriate message if
-# it wants to stop the commit.
-#
-# To enable this hook, rename this file to "pre-commit".
-
-if git rev-parse --verify HEAD >/dev/null 2>&1
-then
-	against=HEAD
-else
-	# Initial commit: diff against an empty tree object
-	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
-fi
-
-# If you want to allow non-ascii filenames set this variable to true.
-allownonascii=$(git config hooks.allownonascii)
-
-# Cross platform projects tend to avoid non-ascii filenames; prevent
-# them from being added to the repository. We exploit the fact that the
-# printable range starts at the space character and ends with tilde.
-if [ "$allownonascii" != "true" ] &&
-	# Note that the use of brackets around a tr range is ok here, (it's
-	# even required, for portability to Solaris 10's /usr/bin/tr), since
-	# the square bracket bytes happen to fall in the designated range.
-	test "$(git diff --cached --name-only --diff-filter=A -z $against |
-	  LC_ALL=C tr -d '[ -~]\0')"
-then
-	echo "Error: Attempt to add a non-ascii file name."
-	echo
-	echo "This can cause problems if you want to work"
-	echo "with people on other platforms."
-	echo
-	echo "To be portable it is advisable to rename the file ..."
-	echo
-	echo "If you know what you are doing you can disable this"
-	echo "check using:"
-	echo
-	echo "  git config hooks.allownonascii true"
-	echo
-	exit 1
-fi
-
-exec git diff-index --check --cached $against --
diff --git a/example/gitano-admin.git/hooks/pre-rebase.sample b/example/gitano-admin.git/hooks/pre-rebase.sample
deleted file mode 100755
index f0f6da3..0000000
--- a/example/gitano-admin.git/hooks/pre-rebase.sample
+++ /dev/null
@@ -1,172 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006, 2008 Junio C Hamano
-#
-# The "pre-rebase" hook is run just before "git rebase" starts doing
-# its job, and can prevent the command from running by exiting with
-# non-zero status.
-#
-# The hook is called with the following parameters:
-#
-# $1 -- the upstream the series was forked from.
-# $2 -- the branch being rebased (or empty when rebasing the current branch).
-#
-# This sample shows how to prevent topic branches that are already
-# merged to 'next' branch from getting rebased, because allowing it
-# would result in rebasing already published history.
-
-publish=next
-basebranch="$1"
-if test "$#" = 2
-then
-	topic="refs/heads/$2"
-else
-	topic=`git symbolic-ref HEAD` ||
-	exit 0 ;# we do not interrupt rebasing detached HEAD
-fi
-
-case "$topic" in
-refs/heads/??/*)
-	;;
-*)
-	exit 0 ;# we do not interrupt others.
-	;;
-esac
-
-# Now we are dealing with a topic branch being rebased
-# on top of master.  Is it OK to rebase it?
-
-# Does the topic really exist?
-git show-ref -q "$topic" || {
-	echo >&2 "No such branch $topic"
-	exit 1
-}
-
-# Is topic fully merged to master?
-not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
-if test -z "$not_in_master"
-then
-	echo >&2 "$topic is fully merged to master; better remove it."
-	exit 1 ;# we could allow it, but there is no point.
-fi
-
-# Is topic ever merged to next?  If so you should not be rebasing it.
-only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
-only_next_2=`git rev-list ^master           ${publish} | sort`
-if test "$only_next_1" = "$only_next_2"
-then
-	not_in_topic=`git rev-list "^$topic" master`
-	if test -z "$not_in_topic"
-	then
-		echo >&2 "$topic is already up-to-date with master"
-		exit 1 ;# we could allow it, but there is no point.
-	else
-		exit 0
-	fi
-else
-	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
-	/usr/bin/perl -e '
-		my $topic = $ARGV[0];
-		my $msg = "* $topic has commits already merged to public branch:\n";
-		my (%not_in_next) = map {
-			/^([0-9a-f]+) /;
-			($1 => 1);
-		} split(/\n/, $ARGV[1]);
-		for my $elem (map {
-				/^([0-9a-f]+) (.*)$/;
-				[$1 => $2];
-			} split(/\n/, $ARGV[2])) {
-			if (!exists $not_in_next{$elem->[0]}) {
-				if ($msg) {
-					print STDERR $msg;
-					undef $msg;
-				}
-				print STDERR " $elem->[1]\n";
-			}
-		}
-	' "$topic" "$not_in_next" "$not_in_master"
-	exit 1
-fi
-
-exit 0
-
-<<\DOC_END
-################################################################
-
-This sample hook safeguards topic branches that have been
-published from being rewound.
-
-The workflow assumed here is:
-
- * Once a topic branch forks from "master", "master" is never
-   merged into it again (either directly or indirectly).
-
- * Once a topic branch is fully cooked and merged into "master",
-   it is deleted.  If you need to build on top of it to correct
-   earlier mistakes, a new topic branch is created by forking at
-   the tip of the "master".  This is not strictly necessary, but
-   it makes it easier to keep your history simple.
-
- * Whenever you need to test or publish your changes to topic
-   branches, merge them into "next" branch.
-
-The script, being an example, hardcodes the publish branch name
-to be "next", but it is trivial to make it configurable via
-$GIT_DIR/config mechanism.
-
-With this workflow, you would want to know:
-
-(1) ... if a topic branch has ever been merged to "next".  Young
-    topic branches can have stupid mistakes you would rather
-    clean up before publishing, and things that have not been
-    merged into other branches can be easily rebased without
-    affecting other people.  But once it is published, you would
-    not want to rewind it.
-
-(2) ... if a topic branch has been fully merged to "master".
-    Then you can delete it.  More importantly, you should not
-    build on top of it -- other people may already want to
-    change things related to the topic as patches against your
-    "master", so if you need further changes, it is better to
-    fork the topic (perhaps with the same name) afresh from the
-    tip of "master".
-
-Let's look at this example:
-
-		   o---o---o---o---o---o---o---o---o---o "next"
-		  /       /           /           /
-		 /   a---a---b A     /           /
-		/   /               /           /
-	       /   /   c---c---c---c B         /
-	      /   /   /             \         /
-	     /   /   /   b---b C     \       /
-	    /   /   /   /             \     /
-    ---o---o---o---o---o---o---o---o---o---o---o "master"
-
-
-A, B and C are topic branches.
-
- * A has one fix since it was merged up to "next".
-
- * B has finished.  It has been fully merged up to "master" and "next",
-   and is ready to be deleted.
-
- * C has not merged to "next" at all.
-
-We would want to allow C to be rebased, refuse A, and encourage
-B to be deleted.
-
-To compute (1):
-
-	git rev-list ^master ^topic next
-	git rev-list ^master        next
-
-	if these match, topic has not merged in next at all.
-
-To compute (2):
-
-	git rev-list master..topic
-
-	if this is empty, it is fully merged to "master".
-
-DOC_END
diff --git a/example/gitano-admin.git/hooks/prepare-commit-msg.sample b/example/gitano-admin.git/hooks/prepare-commit-msg.sample
deleted file mode 100755
index f093a02..0000000
--- a/example/gitano-admin.git/hooks/prepare-commit-msg.sample
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to prepare the commit log message.
-# Called by "git commit" with the name of the file that has the
-# commit message, followed by the description of the commit
-# message's source.  The hook's purpose is to edit the commit
-# message file.  If the hook fails with a non-zero status,
-# the commit is aborted.
-#
-# To enable this hook, rename this file to "prepare-commit-msg".
-
-# This hook includes three examples.  The first comments out the
-# "Conflicts:" part of a merge commit.
-#
-# The second includes the output of "git diff --name-status -r"
-# into the message, just before the "git status" output.  It is
-# commented because it doesn't cope with --amend or with squashed
-# commits.
-#
-# The third example adds a Signed-off-by line to the message, that can
-# still be edited.  This is rarely a good idea.
-
-case "$2,$3" in
-  merge,)
-    /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;
-
-# ,|template,)
-#   /usr/bin/perl -i.bak -pe '
-#      print "\n" . `git diff --cached --name-status -r`
-#	 if /^#/ && $first++ == 0' "$1" ;;
-
-  *) ;;
-esac
-
-# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
-# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
diff --git a/example/gitano-admin.git/hooks/update.sample b/example/gitano-admin.git/hooks/update.sample
deleted file mode 100755
index 71ab04e..0000000
--- a/example/gitano-admin.git/hooks/update.sample
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to blocks unannotated tags from entering.
-# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
-#
-# To enable this hook, rename this file to "update".
-#
-# Config
-# ------
-# hooks.allowunannotated
-#   This boolean sets whether unannotated tags will be allowed into the
-#   repository.  By default they won't be.
-# hooks.allowdeletetag
-#   This boolean sets whether deleting tags will be allowed in the
-#   repository.  By default they won't be.
-# hooks.allowmodifytag
-#   This boolean sets whether a tag may be modified after creation. By default
-#   it won't be.
-# hooks.allowdeletebranch
-#   This boolean sets whether deleting branches will be allowed in the
-#   repository.  By default they won't be.
-# hooks.denycreatebranch
-#   This boolean sets whether remotely creating branches will be denied
-#   in the repository.  By default this is allowed.
-#
-
-# --- Command line
-refname="$1"
-oldrev="$2"
-newrev="$3"
-
-# --- Safety check
-if [ -z "$GIT_DIR" ]; then
-	echo "Don't run this script from the command line." >&2
-	echo " (if you want, you could supply GIT_DIR then run" >&2
-	echo "  $0 <ref> <oldrev> <newrev>)" >&2
-	exit 1
-fi
-
-if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
-	echo "Usage: $0 <ref> <oldrev> <newrev>" >&2
-	exit 1
-fi
-
-# --- Config
-allowunannotated=$(git config --bool hooks.allowunannotated)
-allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
-denycreatebranch=$(git config --bool hooks.denycreatebranch)
-allowdeletetag=$(git config --bool hooks.allowdeletetag)
-allowmodifytag=$(git config --bool hooks.allowmodifytag)
-
-# check for no description
-projectdesc=$(sed -e '1q' "$GIT_DIR/description")
-case "$projectdesc" in
-"Unnamed repository"* | "")
-	echo "*** Project description file hasn't been set" >&2
-	exit 1
-	;;
-esac
-
-# --- Check types
-# if $newrev is 0000...0000, it's a commit to delete a ref.
-zero="0000000000000000000000000000000000000000"
-if [ "$newrev" = "$zero" ]; then
-	newrev_type=delete
-else
-	newrev_type=$(git cat-file -t $newrev)
-fi
-
-case "$refname","$newrev_type" in
-	refs/tags/*,commit)
-		# un-annotated tag
-		short_refname=${refname##refs/tags/}
-		if [ "$allowunannotated" != "true" ]; then
-			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
-			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
-			exit 1
-		fi
-		;;
-	refs/tags/*,delete)
-		# delete tag
-		if [ "$allowdeletetag" != "true" ]; then
-			echo "*** Deleting a tag is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	refs/tags/*,tag)
-		# annotated tag
-		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
-		then
-			echo "*** Tag '$refname' already exists." >&2
-			echo "*** Modifying a tag is not allowed in this repository." >&2
-			exit 1
-		fi
-		;;
-	refs/heads/*,commit)
-		# branch
-		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
-			echo "*** Creating a branch is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	refs/heads/*,delete)
-		# delete branch
-		if [ "$allowdeletebranch" != "true" ]; then
-			echo "*** Deleting a branch is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	refs/remotes/*,commit)
-		# tracking branch
-		;;
-	refs/remotes/*,delete)
-		# delete tracking branch
-		if [ "$allowdeletebranch" != "true" ]; then
-			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	*)
-		# Anything else (is there anything else?)
-		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
-		exit 1
-		;;
-esac
-
-# --- Finished
-exit 0
diff --git a/example/gitano-admin.git/info/exclude b/example/gitano-admin.git/info/exclude
deleted file mode 100644
index a5196d1..0000000
--- a/example/gitano-admin.git/info/exclude
+++ /dev/null
@@ -1,6 +0,0 @@
-# git ls-files --others --exclude-from=.git/info/exclude
-# Lines that start with '#' are comments.
-# For a project mostly in C, the following would be a good set of
-# exclude patterns (uncomment them if you want to use them):
-# *.[oa]
-# *~
diff --git a/example/gitano-admin.git/info/refs b/example/gitano-admin.git/info/refs
deleted file mode 100644
index 8362975..0000000
--- a/example/gitano-admin.git/info/refs
+++ /dev/null
@@ -1 +0,0 @@
-ec8ffa1c6a3eb23628b977a895a8b607d07e8722	refs/heads/master
diff --git a/example/gitano-admin.git/objects/info/packs b/example/gitano-admin.git/objects/info/packs
deleted file mode 100644
index 8c45162..0000000
--- a/example/gitano-admin.git/objects/info/packs
+++ /dev/null
@@ -1,2 +0,0 @@
-P pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack
-
diff --git a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.idx b/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.idx
deleted file mode 100644
index 93ddf13..0000000
--- a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.idx
+++ /dev/null
diff --git a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack b/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack
deleted file mode 100644
index 5018b68..0000000
--- a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack
+++ /dev/null
diff --git a/example/gitano-admin.git/packed-refs b/example/gitano-admin.git/packed-refs
deleted file mode 100644
index 0ad6570..0000000
--- a/example/gitano-admin.git/packed-refs
+++ /dev/null
@@ -1,2 +0,0 @@
-# pack-refs with: peeled 
-ec8ffa1c6a3eb23628b977a895a8b607d07e8722 refs/heads/master
diff --git a/example/gitano-admin/groups/gitano-admin.conf b/example/gitano-admin/groups/gitano-admin.conf
new file mode 100644
index 0000000..959690d
--- /dev/null
+++ b/example/gitano-admin/groups/gitano-admin.conf
@@ -0,0 +1,4 @@
+description = "Gitano Administrators"
+members = { "dsilvers" }
+subgroups = {}
+
diff --git a/example/gitano-admin/rules/adminchecks.lace b/example/gitano-admin/rules/adminchecks.lace
new file mode 100644
index 0000000..75ca753
--- /dev/null
+++ b/example/gitano-admin/rules/adminchecks.lace
@@ -0,0 +1,23 @@
+# Core project administration rules
+
+# Called with ref known to be refs/gitano/admin
+
+# Administrators already got to do anything, so this is for non-admins
+
+# Non-admin members may not delete the admin ref
+deny "Non-administrators may not delete the admin ref" op_deleteref
+
+# By default, you don't want anything but gitano-admin members to touch
+# anything in the hooks/ tree, so don't allow that
+define contains_hooks target_tree ~^hooks/
+define updates_hooks treediff/targets ~^hooks/
+
+deny "Attempt to create hooks" op_createref contains_hooks
+deny "Attempt to alter hooks" op_is_update updates_hooks
+
+# Otherwise, the project's owner is allowed to alter the admin tree
+allow "Project owner may alter the admin ref" is_owner
+
+# Any other opportunities for altering the admin ref must be provided
+# by the project's rules
+ 
\ No newline at end of file
diff --git a/example/gitano-admin/rules/core.lace b/example/gitano-admin/rules/core.lace
new file mode 100644
index 0000000..1fcc46a
--- /dev/null
+++ b/example/gitano-admin/rules/core.lace
@@ -0,0 +1,24 @@
+# Prepare the initial definitions
+
+default deny "The ruleset didn't provide access.  Denying by default."
+
+include global:defines
+
+# Now, if we're in the admin group, we can always do stuff
+allow "Administrators can do anything" is_admin
+
+# Owners of repositories are allowed to hand it over
+allow "Owners can hand over repositories" is_owner op_setowner
+
+# Site-defined rules for repository creation
+include global:createrepo op_createrepo
+
+# Site-defined rules for project repositories
+include global:project
+
+# Now the project rules themselves
+include main
+
+# Now, if you want to allow anonymous access if the project doesn't prevent
+# it, then you can uncomment the following:
+# allow "Anonymous access is okay" op_read !is_admin_repo
diff --git a/example/gitano-admin/rules/createrepo.lace b/example/gitano-admin/rules/createrepo.lace
new file mode 100644
index 0000000..719323c
--- /dev/null
+++ b/example/gitano-admin/rules/createrepo.lace
@@ -0,0 +1,11 @@
+# Rules related to creating repositories
+
+# Administrators have already been permitted whatever they like
+# so this is for non-admins.
+
+# Uncomment the following to allow repositories in personal/username/
+define repo_is_personal repository ~^personal/${user}/
+allow "Personal repo creation is okay" repo_is_personal
+
+# Otherwise the default is that non-admins can't create repositories
+deny "Repository creation is not permitted."
diff --git a/example/gitano-admin/rules/defines.lace b/example/gitano-admin/rules/defines.lace
new file mode 100644
index 0000000..870fffc
--- /dev/null
+++ b/example/gitano-admin/rules/defines.lace
@@ -0,0 +1,27 @@
+# A useful set of defines
+
+# User/group related
+define is_admin group gitano-admin
+define is_owner owner ${user}
+
+# Primary repository-related operations
+define op_read operation read
+define op_write operation write
+define op_createrepo operation createrepo
+define op_setowner operation setowner
+
+# Reference update related operations
+define op_createref operation createref
+define op_deleteref operation deleteref
+define op_fastforward operation updaterefff
+define op_forcedupdate operation updaterefnonff
+
+# Combinator operations
+define op_is_basic anyof op_read op_write
+define op_is_update anyof op_fastforward op_forcedupdate
+define op_is_normal anyof op_fastforward op_createref op_deleteref
+
+# Administration
+define is_admin_repo repository gitano-admin
+define is_gitano_ref ref ~^refs/gitano/
+define is_admin_ref ref refs/gitano/admin
diff --git a/example/gitano-admin/rules/project.lace b/example/gitano-admin/rules/project.lace
new file mode 100644
index 0000000..5ef531a
--- /dev/null
+++ b/example/gitano-admin/rules/project.lace
@@ -0,0 +1,16 @@
+# Core project administration rules
+
+# Admins already got allowed, so this is for non-admin users only
+allow "Owners can always read and write" op_is_basic is_owner
+
+# Uncomment if you want to *force* anonymous access to all but gitano-admin
+# allow "Anonymous access always allowed" op_read !is_admin_repo
+
+# Okay, if we're altering the admin ref, in we go
+include global:adminchecks is_admin_ref
+
+# Now we're into branch operations.  Owners can do any normal operation
+# Normal ops are create/delete/fastforward on refs
+allow "Owners can create refs" op_is_normal is_owner
+# We don't enable non-fastforward updates by default.  Projects must do
+# this in their own rules if they want it.
diff --git a/example/gitano-admin/site.conf b/example/gitano-admin/site.conf
new file mode 100644
index 0000000..bec6f3e
--- /dev/null
+++ b/example/gitano-admin/site.conf
@@ -0,0 +1,5 @@
+-- Sample configuration for Gitano
+site_name = "Gitano pre-alpha repository server (Laced)"
+repository_root = "/home/gitano/repos"
+bin_path = "/home/gitano/bin"
+graveyard_root = "/home/gitano/graveyard"
diff --git a/example/gitano-admin/users/dsilvers/torpor.key b/example/gitano-admin/users/dsilvers/torpor.key
new file mode 100644
index 0000000..973e0f9
--- /dev/null
+++ b/example/gitano-admin/users/dsilvers/torpor.key
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmFPyhleGHuoWGgMWZWxZujNM6S4gwxx/FZw94d5ZBiRAQ2miKemdhQxoPnVhzLzx4CX0sFfU1P7HUEx+6xigf8EjrHxBYTgjh7JSCR0apcExoAVihVG+pnMDCf+CqueIbUMVRm7PEmTcg4NNMx7f60Y0zrUa3iNnU8flA+28IkrCz0RVycAKT418337PqRBaXBbnCprNkF2gOHj1mLymsE0ehwiQOd2+ocjHdxSwDayJ2OwNAIdPcb/78RixH12d5F7r3cdNNFjuXuXwSrG+ILEtbXFJEvEXnccOARMeW7uzlZsSkfeNivU3nyxJ8ZxDAFSL8JHi8edBwON6qr7+r danielsilverstone@torpor
diff --git a/example/gitano-admin/users/dsilvers/user.conf b/example/gitano-admin/users/dsilvers/user.conf
new file mode 100644
index 0000000..971d92d
--- /dev/null
+++ b/example/gitano-admin/users/dsilvers/user.conf
@@ -0,0 +1,2 @@
+real_name = "Daniel Silverstone"
+email_address = "dsilvers@digital-scurf.org"