NOTES: More notes, and a credits file

3 files changed, 31 insertions, 6 deletions

diff --git a/notes/admin-layout b/notes/admin-layout
index 765df49..7366f8c 100644
--- a/notes/admin-layout
+++ b/notes/admin-layout
@@ -42,3 +42,7 @@ Note, you cannot have two users with the same name or legit will refuse to
 compile the rules at the head and *will* walk back in history to find a
 compileable set of rules.  This applies to groups also.  Users and groups do
 not share the same namespace however.
+
+Also, users and group names must match [a-z][a-z0-9-]+ (i.e. at least two
+characters, the first of which must be a lower case letter, and overall, only
+lowercase letters, numbers, and hyphens).
diff --git a/notes/rules-evaluation b/notes/rules-evaluation
index 658f8da..550c83b 100644
--- a/notes/rules-evaluation
+++ b/notes/rules-evaluation
@@ -8,6 +8,9 @@ question.  Those rules are stored in the refs/legit/site-admin branch of the
 repository, access to which is being considered.  The second source of rules is
 the core.rules file in the legit-admin repository's master branch.
 
+Legit defines a set of magical user/group names which always start 'legit/' and
+since the admin layout does not allow for users or groups to be created
+
 By default, the core.rules file (which is *never* automatically rewritten by
 the legit tools and thus can have commentary etc in it) defines a few useful
 rules which form the basis of a legit install.
@@ -16,12 +19,13 @@ The default set of core.rules legit will install in a fresh legit-admin
 repository are:
 
 ---8<----
-GrantWrite(User "$OWNER")
+GrantClone(User "legit/anonymous")
+GrantWrite(User "legit/owner")
 ---8<----
 
 This means that if the rule evaluator falls off the end of the
-repository-specific rules then as a last ditch effort we grant full
-write/delete/etc access to the user marked as the owner of the repository.  If
-evaluation ever falls off the end of the core rules then Legit evaluates the
-built in stop-gap rule of 'Deny(User "*")' which effectively denies everything
-to everyone.
+repository-specific rules then as a last ditch effort we grant anonymous clone
+and full write/delete/etc access to the user marked as the owner of the
+repository.  If evaluation ever falls off the end of the core rules then Legit
+evaluates the built in stop-gap rule of 'Deny(User "*")' which effectively
+denies everything to everyone.
diff --git a/notes/rules-magical b/notes/rules-magical
new file mode 100644
index 0000000..51d9a72
--- /dev/null
+++ b/notes/rules-magical
@@ -0,0 +1,17 @@
+Magical parts of Legit rules
+----------------------------
+
+In order to make your life easier, Legit defines a bunch of magical stuff to
+help your rules.
+
+For example, the following users and groups are magical:
+
+
+legit/owner                                                                USER
+	This evaluates to the user who is marked as owning a repository.
+
+
+
+legit/anonymous                                                            USER
+	This evaluates to the 'anonymous' access user (i.e. gitweb and git://)
+