diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-08-11 10:40:20 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-08-11 10:40:20 +0100 |
| commit | c2e5be33a299cd6dca6b28edb0851684e4e51216 (patch) | |
| tree | c3a525ade2b5ac048852d19dcf6722da7f887386 /example | |
| parent | f2373792d326c4ce61be72b884ee74b58e4cfea3 (diff) | |
| download | gitano-c2e5be33a299cd6dca6b28edb0851684e4e51216.tar.gz | |
EXAMPLE: Tidy up rules to include set-description
Diffstat (limited to 'example')
| -rw-r--r-- | example/gitano-admin/rules/core.lace | 8 | ||||
| -rw-r--r-- | example/gitano-admin/rules/defines.lace | 4 | ||||
| -rw-r--r-- | example/gitano-admin/rules/project.lace | 3 | ||||
| -rw-r--r-- | example/gitano-admin/rules/remoteadminchecks.lace | 6 |
4 files changed, 14 insertions, 7 deletions
diff --git a/example/gitano-admin/rules/core.lace b/example/gitano-admin/rules/core.lace index 5e927f9..c54dcba 100644 --- a/example/gitano-admin/rules/core.lace +++ b/example/gitano-admin/rules/core.lace @@ -16,12 +16,6 @@ include global:selfchecks # Administration operations (users, groups) next include global:siteadmin op_is_admin -# Owners of repositories are allowed to hand it over -allow "Owners can hand over repositories" is_owner op_setowner - -# Owners can configure repository HEADs -allow "Owners can set HEAD" is_owner op_sethead - # Site-defined rules for repository creation include global:createrepo op_createrepo @@ -31,7 +25,7 @@ include global:renamerepo op_renamerepo # Site-defined rules for repository destruction include global:destroyrepo op_destroyrepo -# Site-defined rules for project repositories +# Site-defined rules for project repositories, including admin of them include global:project # Now the project rules themselves diff --git a/example/gitano-admin/rules/defines.lace b/example/gitano-admin/rules/defines.lace index b316177..ffdd6cc 100644 --- a/example/gitano-admin/rules/defines.lace +++ b/example/gitano-admin/rules/defines.lace @@ -41,8 +41,12 @@ define op_write operation write define op_createrepo operation createrepo define op_renamerepo operation renamerepo define op_destroyrepo operation destroyrepo + +# Remote administration operations define op_setowner operation setowner define op_sethead operation sethead +define op_setdescription operation setdescription +define op_is_remoteadmin anyof op_setowner op_sethead op_setdescription # Reference update related operations define op_createref operation createref diff --git a/example/gitano-admin/rules/project.lace b/example/gitano-admin/rules/project.lace index 5ef531a..219ab3e 100644 --- a/example/gitano-admin/rules/project.lace +++ b/example/gitano-admin/rules/project.lace @@ -6,6 +6,9 @@ allow "Owners can always read and write" op_is_basic is_owner # Uncomment if you want to *force* anonymous access to all but gitano-admin # allow "Anonymous access always allowed" op_read !is_admin_repo +# Project remote-admin rules (set-head etc) +include global:remoteadminchecks op_is_remoteadmin + # Okay, if we're altering the admin ref, in we go include global:adminchecks is_admin_ref diff --git a/example/gitano-admin/rules/remoteadminchecks.lace b/example/gitano-admin/rules/remoteadminchecks.lace new file mode 100644 index 0000000..e8a4d3f --- /dev/null +++ b/example/gitano-admin/rules/remoteadminchecks.lace @@ -0,0 +1,6 @@ +# Remote admin checks + +# Owners may do any remote admin operation they choose +allow "Owners may remote-admin their repositories" is_owner + +deny "You may not administer this repository remotely"
\ No newline at end of file |