diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-03-09 13:50:24 +0000 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-03-09 13:50:24 +0000 |
commit | 0646198aae08340a782910df9376002848956b88 (patch) | |
tree | dd64c0a64278a77cc0d6974955bd421accc1744c /notes | |
parent | c2bfbad842060a6116eacc61f2bc34546b9c8399 (diff) | |
download | gitano-0646198aae08340a782910df9376002848956b88.tar.gz |
NOTES: More notes, and a credits file
Diffstat (limited to 'notes')
-rw-r--r-- | notes/admin-layout | 4 | ||||
-rw-r--r-- | notes/rules-evaluation | 16 | ||||
-rw-r--r-- | notes/rules-magical | 17 |
3 files changed, 31 insertions, 6 deletions
diff --git a/notes/admin-layout b/notes/admin-layout index 765df49..7366f8c 100644 --- a/notes/admin-layout +++ b/notes/admin-layout @@ -42,3 +42,7 @@ Note, you cannot have two users with the same name or legit will refuse to compile the rules at the head and *will* walk back in history to find a compileable set of rules. This applies to groups also. Users and groups do not share the same namespace however. + +Also, users and group names must match [a-z][a-z0-9-]+ (i.e. at least two +characters, the first of which must be a lower case letter, and overall, only +lowercase letters, numbers, and hyphens). diff --git a/notes/rules-evaluation b/notes/rules-evaluation index 658f8da..550c83b 100644 --- a/notes/rules-evaluation +++ b/notes/rules-evaluation @@ -8,6 +8,9 @@ question. Those rules are stored in the refs/legit/site-admin branch of the repository, access to which is being considered. The second source of rules is the core.rules file in the legit-admin repository's master branch. +Legit defines a set of magical user/group names which always start 'legit/' and +since the admin layout does not allow for users or groups to be created + By default, the core.rules file (which is *never* automatically rewritten by the legit tools and thus can have commentary etc in it) defines a few useful rules which form the basis of a legit install. @@ -16,12 +19,13 @@ The default set of core.rules legit will install in a fresh legit-admin repository are: ---8<---- -GrantWrite(User "$OWNER") +GrantClone(User "legit/anonymous") +GrantWrite(User "legit/owner") ---8<---- This means that if the rule evaluator falls off the end of the -repository-specific rules then as a last ditch effort we grant full -write/delete/etc access to the user marked as the owner of the repository. If -evaluation ever falls off the end of the core rules then Legit evaluates the -built in stop-gap rule of 'Deny(User "*")' which effectively denies everything -to everyone. +repository-specific rules then as a last ditch effort we grant anonymous clone +and full write/delete/etc access to the user marked as the owner of the +repository. If evaluation ever falls off the end of the core rules then Legit +evaluates the built in stop-gap rule of 'Deny(User "*")' which effectively +denies everything to everyone. diff --git a/notes/rules-magical b/notes/rules-magical new file mode 100644 index 0000000..51d9a72 --- /dev/null +++ b/notes/rules-magical @@ -0,0 +1,17 @@ +Magical parts of Legit rules +---------------------------- + +In order to make your life easier, Legit defines a bunch of magical stuff to +help your rules. + +For example, the following users and groups are magical: + + +legit/owner USER + This evaluates to the user who is marked as owning a repository. + + + +legit/anonymous USER + This evaluates to the 'anonymous' access user (i.e. gitweb and git://) + |