summaryrefslogtreecommitdiff
path: root/skel/gitano-admin/rules/simpleprojectauth.lace
diff options
context:
space:
mode:
Diffstat (limited to 'skel/gitano-admin/rules/simpleprojectauth.lace')
-rw-r--r--skel/gitano-admin/rules/simpleprojectauth.lace55
1 files changed, 55 insertions, 0 deletions
diff --git a/skel/gitano-admin/rules/simpleprojectauth.lace b/skel/gitano-admin/rules/simpleprojectauth.lace
new file mode 100644
index 0000000..56e333f
--- /dev/null
+++ b/skel/gitano-admin/rules/simpleprojectauth.lace
@@ -0,0 +1,55 @@
+# This file is part of the standard ruleset from Gitano
+# Copyright 2017 Richard Maw <richard.maw@gmail.com>
+# Copyright 2017 Richard Ipsum <richardipsum@fastmail.co.uk>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. Neither the name of the author nor the names of their contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# Simple deferred project authorisation
+#
+# This implements simple project authorisation
+# by whether the user performing the access is listed in the per-repository
+# configuration variables:
+#
+# 1. project.readers if they are performing a read operation (clone, fetch),
+# 2. project.writers if they are performing a write operation (push).
+#
+# This is intended as a sane default for sites with small numbers of users
+# and repositories, where it's feasible to authorise each repository by hand.
+#
+# For larger numbers of repositories and users,
+# delegating permission to manage groups to users,
+# and letting users grant access to repositories by group membership is better.
+#
+# It can be enabled before main.lace (inside gitano-admin rules/project.lace)
+# to require all repositories support config variable based authorisation,
+# or after main.lace (inside gitano-admin rules/core.lace)
+# if projects may insist on interpreting the variables differently.
+
+allow "User is project reader" op_read is_project_reader
+
+allow "User is project writer" op_read is_project_writer
+allow "User is project writer" op_write is_project_writer
+allow "User is project writer" op_is_normal is_project_writer
View Lorry Controller Status