blob: 75ca7537797ce6c9921633ff8b33a4e4e9f90822 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
# Core project administration rules
# Called with ref known to be refs/gitano/admin
# Administrators already got to do anything, so this is for non-admins
# Non-admin members may not delete the admin ref
deny "Non-administrators may not delete the admin ref" op_deleteref
# By default, you don't want anything but gitano-admin members to touch
# anything in the hooks/ tree, so don't allow that
define contains_hooks target_tree ~^hooks/
define updates_hooks treediff/targets ~^hooks/
deny "Attempt to create hooks" op_createref contains_hooks
deny "Attempt to alter hooks" op_is_update updates_hooks
# Otherwise, the project's owner is allowed to alter the admin tree
allow "Project owner may alter the admin ref" is_owner
# Any other opportunities for altering the admin ref must be provided
# by the project's rules
|
