From c1d21775ed856054b57cc983c1f3be8125ab0e06 Mon Sep 17 00:00:00 2001 From: Daniel Silverstone Date: Sat, 24 Sep 2016 17:00:57 +0100 Subject: Update skeleton to use non-legacy simple match --- skel/gitano-admin/rules/aschecks.lace | 2 +- skel/gitano-admin/rules/defines.lace | 92 +++++++++++++++++------------------ 2 files changed, 47 insertions(+), 47 deletions(-) (limited to 'skel') diff --git a/skel/gitano-admin/rules/aschecks.lace b/skel/gitano-admin/rules/aschecks.lace index eacd69c..e49d4fd 100644 --- a/skel/gitano-admin/rules/aschecks.lace +++ b/skel/gitano-admin/rules/aschecks.lace @@ -4,6 +4,6 @@ # the actual operation, not just fail to deny the fact that it's 'as' someone # else. -define as_is_admin as_group gitano-admin +define as_is_admin as_group exact gitano-admin deny "You may not run things as another user unless you are an admin" !as_is_admin diff --git a/skel/gitano-admin/rules/defines.lace b/skel/gitano-admin/rules/defines.lace index 085676c..4e3bb6d 100644 --- a/skel/gitano-admin/rules/defines.lace +++ b/skel/gitano-admin/rules/defines.lace @@ -1,78 +1,78 @@ # A useful set of defines # User/group related -define is_admin group gitano-admin -define is_owner config/project/owner ${user} +define is_admin group exact gitano-admin +define is_owner config/project/owner exact ${user} -define if_asanother as_user ~. +define if_asanother as_user pattern . # Self-related operations -define op_whoami operation whoami -define op_sshkey operation sshkey -define op_passwd operation passwd +define op_whoami operation exact whoami +define op_sshkey operation exact sshkey +define op_passwd operation exact passwd define op_self anyof op_whoami op_sshkey op_passwd # Admin-related operations ## Users -define op_useradd operation useradd -define op_userdel operation userdel -define op_userlist operation userlist -define op_useremail operation useremail -define op_username operation username -define op_userrename operation userrename +define op_useradd operation exact useradd +define op_userdel operation exact userdel +define op_userlist operation exact userlist +define op_useremail operation exact useremail +define op_username operation exact username +define op_userrename operation exact userrename define op_user anyof op_userlist op_useradd op_userdel op_useremail op_username op_userrename ## Groups -define op_grouplist operation grouplist -define op_groupshow operation groupshow -define op_groupadd operation groupadd -define op_groupdel operation groupdel -define op_grouprename operation grouprename -define op_groupadduser operation groupadduser -define op_groupdeluser operation groupdeluser -define op_groupaddgroup operation groupaddgroup -define op_groupdelgroup operation groupdelgroup -define op_groupdescription operation groupdescription +define op_grouplist operation exact grouplist +define op_groupshow operation exact groupshow +define op_groupadd operation exact groupadd +define op_groupdel operation exact groupdel +define op_grouprename operation exact grouprename +define op_groupadduser operation exact groupadduser +define op_groupdeluser operation exact groupdeluser +define op_groupaddgroup operation exact groupaddgroup +define op_groupdelgroup operation exact groupdelgroup +define op_groupdescription operation exact groupdescription define op_group anyof op_grouplist op_groupshow op_groupadd op_groupdel op_groupadduser op_groupdeluser op_groupaddgroup op_groupdelgroup op_groupdescription op_grouprename ## Graveyard -define op_graveyardlist operation graveyardlist -define op_graveyardrestore operation graveyardrestore -define op_graveyardpurge operation graveyardpurge +define op_graveyardlist operation exact graveyardlist +define op_graveyardrestore operation exact graveyardrestore +define op_graveyardpurge operation exact graveyardpurge define op_graveyard anyof op_graveyardlist op_graveyardrestore op_graveyardpurge ## Keyring -define op_keyringlist operation keyringlist -define op_keyringshow operation keyringshow -define op_keyringcreate operation keyringcreate -define op_keyringdestroy operation keyringdestroy -define op_keyringaddkey operation keyringaddkey -define op_keyringdelkey operation keyringdelkey +define op_keyringlist operation exact keyringlist +define op_keyringshow operation exact keyringshow +define op_keyringcreate operation exact keyringcreate +define op_keyringdestroy operation exact keyringdestroy +define op_keyringaddkey operation exact keyringaddkey +define op_keyringdelkey operation exact keyringdelkey define op_keyring anyof op_keyringlist op_keyringshow op_keyringcreate op_keyringdestroy op_keyringaddkey op_keyringdelkey ## Aggregation of admin ops define op_is_admin anyof op_user op_group op_graveyard op_keyring # Primary repository-related operations -define op_read operation read -define op_write operation write -define op_createrepo operation createrepo -define op_renamerepo operation renamerepo -define op_destroyrepo operation destroyrepo +define op_read operation exact read +define op_write operation exact write +define op_createrepo operation exact createrepo +define op_renamerepo operation exact renamerepo +define op_destroyrepo operation exact destroyrepo # Remote configuration operations -define op_config_show operation config_show -define op_config_set operation config_set -define op_config_del operation config_del -define op_set_readme operation setreadme +define op_config_show operation exact config_show +define op_config_set operation exact config_set +define op_config_del operation exact config_del +define op_set_readme operation exact setreadme define op_is_config anyof op_config_show op_config_set op_config_del op_set_readme # Reference update related operations -define op_createref operation createref -define op_deleteref operation deleteref -define op_fastforward operation updaterefff -define op_forcedupdate operation updaterefnonff +define op_createref operation exact createref +define op_deleteref operation exact deleteref +define op_fastforward operation exact updaterefff +define op_forcedupdate operation exact updaterefnonff # Combinator operations define op_is_basic anyof op_read op_write @@ -80,6 +80,6 @@ define op_is_update anyof op_fastforward op_forcedupdate define op_is_normal anyof op_fastforward op_createref op_deleteref # Administration -define is_admin_repo repository gitano-admin +define is_admin_repo repository exact gitano-admin define is_gitano_ref ref prefix refs/gitano/ -define is_admin_ref ref refs/gitano/admin +define is_admin_ref ref exact refs/gitano/admin -- cgit v1.2.1