diff options
-rw-r--r-- | skel/gitano-admin/rules/defines.lace | 4 | ||||
-rw-r--r-- | skel/gitano-admin/rules/project.lace | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/skel/gitano-admin/rules/defines.lace b/skel/gitano-admin/rules/defines.lace index 6043bac..ec3fbd1 100644 --- a/skel/gitano-admin/rules/defines.lace +++ b/skel/gitano-admin/rules/defines.lace @@ -112,3 +112,7 @@ define op_is_normal anyof op_fastforward op_createref op_deleteref define is_admin_repo repository exact gitano-admin define is_gitano_ref ref prefix refs/gitano/ define is_admin_ref ref exact refs/gitano/admin + +# Project readers and writers +define is_project_reader config/project/readers exact ${user} +define is_project_writer config/project/writers exact ${user} diff --git a/skel/gitano-admin/rules/project.lace b/skel/gitano-admin/rules/project.lace index aafa17c..3bcaf7e 100644 --- a/skel/gitano-admin/rules/project.lace +++ b/skel/gitano-admin/rules/project.lace @@ -28,6 +28,12 @@ # # Core project administration rules +allow "User is project reader" op_read is_project_reader + +allow "User is project writer" op_read is_project_writer +allow "User is project writer" op_write is_project_writer +allow "User is project writer" op_is_normal is_project_writer + # Admins already got allowed, so this is for non-admin users only allow "Owners can always read and write" op_is_basic is_owner |