NOTES: Update notes regarding legit/any legit/anonymous distinction

4 files changed, 21 insertions, 8 deletions

diff --git a/notes/delegated-management b/notes/delegated-management
index 5099560..8865c29 100644
--- a/notes/delegated-management
+++ b/notes/delegated-management
@@ -26,12 +26,23 @@ if you want users to be able to alter their own.
 
 If you use either of the above rules to allow delegated administration, you
 probably want to pop a 'GrantClone(Group "some-admin-group")' and a
-'DenyClone(User "*")' at the top of your legit-admin repository rules file.
+'DenyClone(User "legit/any")' at the top of your legit-admin repository rules
+file.
 
 If you're not worried about the security of the site should the admin repo be
 cloned by a non-admin then don't worry about those.  It shouldn't be an issue
 unless you also store non-standard admin content which could be exploited, or
-unless your user list or users' keys are considered secret.
+unless your user list or users' keys are considered secret.  Later if we store
+email addresses etc in users' metadata files then it may be 'secret'.  As such,
+the *default* legit-admin repo-specific rules will contain:
+
+---8<----
+GrantClone(User "whatever")
+DenyClone(User "legit/any")
+---8<----
+
+Where 'whatever' is the username you gave legit when it created your
+fundamental admin repository commit.
 
 By default, when you set up legit, the legit-admin repository is created with
 the deny rules above and a group called legit-admin which contains the one user
diff --git a/notes/rules-evaluation b/notes/rules-evaluation
index 550c83b..6235fbe 100644
--- a/notes/rules-evaluation
+++ b/notes/rules-evaluation
@@ -19,7 +19,7 @@ The default set of core.rules legit will install in a fresh legit-admin
 repository are:
 
 ---8<----
-GrantClone(User "legit/anonymous")
+GrantClone(User "legit/any")
 GrantWrite(User "legit/owner")
 ---8<----
 
@@ -27,5 +27,5 @@ This means that if the rule evaluator falls off the end of the
 repository-specific rules then as a last ditch effort we grant anonymous clone
 and full write/delete/etc access to the user marked as the owner of the
 repository.  If evaluation ever falls off the end of the core rules then Legit
-evaluates the built in stop-gap rule of 'Deny(User "*")' which effectively
-denies everything to everyone.
+evaluates the built in stop-gap rule of 'Deny(User "legit/any")' which
+effectively denies everything to everyone.
diff --git a/notes/rules-format b/notes/rules-format
index edc03ef..223f216 100644
--- a/notes/rules-format
+++ b/notes/rules-format
@@ -30,7 +30,7 @@ Example rules file for myfrobbler:
 ---8<-----
 GrantFFWrite(Branch "master", User "myfrobbler-pqm")
 
-DenyWrite(Branch "master", AllUsers)
+DenyWrite(Branch "master", User "legit/any")
 
 GrantWrite(Branch "devs/$USER/**", Group "myfrobbler-devs")
 ---8<-----
@@ -51,4 +51,4 @@ preventative measure so that they don't accidentally push to master without
 their patch robot getting to run tests.  [See rules-evaluation for more]
 
 Note: If you grant any kind of write to a branch then you are also granting
-read access to the entire repository.
\ No newline at end of file
+read access to the entire repository.
diff --git a/notes/rules-magical b/notes/rules-magical
index 51d9a72..33b7dd7 100644
--- a/notes/rules-magical
+++ b/notes/rules-magical
@@ -10,7 +10,9 @@ For example, the following users and groups are magical:
 legit/owner                                                                USER
 	This evaluates to the user who is marked as owning a repository.
 
-
+legit/any                                                                  USER
+	This evaluates to 'true' regardless of the user calling in.
+	i.e. it is anonymous PLUS every registered user.
 
 legit/anonymous                                                            USER
 	This evaluates to the 'anonymous' access user (i.e. gitweb and git://)