diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-08-30 18:37:59 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-08-30 18:37:59 +0100 |
commit | d2732c73915f3bec423dc89d3b3d185b6b7917e3 (patch) | |
tree | 7c70dae1c4f0df070e36ebc3f4be98da201bd798 /skel/gitano-admin/rules/core.lace | |
parent | 56048c5a7f47f915ed7506779fd8f75bb90bee78 (diff) | |
download | gitano-d2732c73915f3bec423dc89d3b3d185b6b7917e3.tar.gz |
INSTALLER: make install and gitano-setup should work (mostly)
Diffstat (limited to 'skel/gitano-admin/rules/core.lace')
-rw-r--r-- | skel/gitano-admin/rules/core.lace | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/skel/gitano-admin/rules/core.lace b/skel/gitano-admin/rules/core.lace new file mode 100644 index 0000000..c54dcba --- /dev/null +++ b/skel/gitano-admin/rules/core.lace @@ -0,0 +1,36 @@ +# Prepare the initial definitions + +default deny "The ruleset didn't provide access. Denying by default." + +include global:defines + +# Now, if we're in the admin group, we can always do stuff +allow "Administrators can do anything" is_admin + +# Now let's decide if we can use 'as' +include global:aschecks if_asanother + +# Operations which are against 'self' get checked next +include global:selfchecks + +# Administration operations (users, groups) next +include global:siteadmin op_is_admin + +# Site-defined rules for repository creation +include global:createrepo op_createrepo + +# Site-defined rules for repository renaming +include global:renamerepo op_renamerepo + +# Site-defined rules for repository destruction +include global:destroyrepo op_destroyrepo + +# Site-defined rules for project repositories, including admin of them +include global:project + +# Now the project rules themselves +include main + +# Now, if you want to allow anonymous access if the project doesn't prevent +# it, then you can uncomment the following: +# allow "Anonymous access is okay" op_read !is_admin_repo |