EXAMPLE: Self operations support in the lace

3 files changed, 12 insertions, 0 deletions

diff --git a/example/gitano-admin/rules/core.lace b/example/gitano-admin/rules/core.lace
index abb3e6c..6d3857b 100644
--- a/example/gitano-admin/rules/core.lace
+++ b/example/gitano-admin/rules/core.lace
@@ -10,6 +10,9 @@ allow "Administrators can do anything" is_admin
 # Now let's decide if we can use 'as'
 include global:aschecks if_asanother
 
+# Operations which are against 'self' get checked next
+include global:selfchecks
+
 # Owners of repositories are allowed to hand it over
 allow "Owners can hand over repositories" is_owner op_setowner
 
diff --git a/example/gitano-admin/rules/defines.lace b/example/gitano-admin/rules/defines.lace
index 612d467..9c8324f 100644
--- a/example/gitano-admin/rules/defines.lace
+++ b/example/gitano-admin/rules/defines.lace
@@ -6,6 +6,10 @@ define is_owner owner ${user}
 
 define if_asanother as_user ~.
 
+# Self-related operations
+define op_whoami operation whoami
+define op_sshkey operation sshkey
+
 # Primary repository-related operations
 define op_read operation read
 define op_write operation write
diff --git a/example/gitano-admin/rules/selfchecks.lace b/example/gitano-admin/rules/selfchecks.lace
new file mode 100644
index 0000000..300bb91
--- /dev/null
+++ b/example/gitano-admin/rules/selfchecks.lace
@@ -0,0 +1,5 @@
+# Checks against self
+
+allow "You may ask who you are" op_whoami
+
+allow "You may manage your own ssh keys" op_sshkey