diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/gitano-admin/rules/core.lace | 3 | ||||
| -rw-r--r-- | example/gitano-admin/rules/defines.lace | 4 | ||||
| -rw-r--r-- | example/gitano-admin/rules/selfchecks.lace | 5 |
3 files changed, 12 insertions, 0 deletions
diff --git a/example/gitano-admin/rules/core.lace b/example/gitano-admin/rules/core.lace index abb3e6c..6d3857b 100644 --- a/example/gitano-admin/rules/core.lace +++ b/example/gitano-admin/rules/core.lace @@ -10,6 +10,9 @@ allow "Administrators can do anything" is_admin # Now let's decide if we can use 'as' include global:aschecks if_asanother +# Operations which are against 'self' get checked next +include global:selfchecks + # Owners of repositories are allowed to hand it over allow "Owners can hand over repositories" is_owner op_setowner diff --git a/example/gitano-admin/rules/defines.lace b/example/gitano-admin/rules/defines.lace index 612d467..9c8324f 100644 --- a/example/gitano-admin/rules/defines.lace +++ b/example/gitano-admin/rules/defines.lace @@ -6,6 +6,10 @@ define is_owner owner ${user} define if_asanother as_user ~. +# Self-related operations +define op_whoami operation whoami +define op_sshkey operation sshkey + # Primary repository-related operations define op_read operation read define op_write operation write diff --git a/example/gitano-admin/rules/selfchecks.lace b/example/gitano-admin/rules/selfchecks.lace new file mode 100644 index 0000000..300bb91 --- /dev/null +++ b/example/gitano-admin/rules/selfchecks.lace @@ -0,0 +1,5 @@ +# Checks against self + +allow "You may ask who you are" op_whoami + +allow "You may manage your own ssh keys" op_sshkey |