diff options
Diffstat (limited to 'example/gitano-admin/rules/aschecks.lace')
-rw-r--r-- | example/gitano-admin/rules/aschecks.lace | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/example/gitano-admin/rules/aschecks.lace b/example/gitano-admin/rules/aschecks.lace new file mode 100644 index 0000000..3623709 --- /dev/null +++ b/example/gitano-admin/rules/aschecks.lace @@ -0,0 +1,8 @@ +# Rules for when we're running as another user. +# Only 'deny' things which are not allowed. +# If you 'allow' then it will allow the actual operation, not just +# fail to deny the fact that it's 'as' someone else. + +define as_is_admin as_group gitano-admin + +deny "You may not run things as another user unless you are an admin" !as_is_admin |