blob: 550c83bab3bf1d93653aced61ae87d5c14edae54 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Evaluation of rules in Legit
----------------------------
Rules in legit are a "first match wins" mechanism of controlling access to a
repository. There are two sources of rules for a respository. The first set
of rules considered is the rules explicitly stated in the repository in
question. Those rules are stored in the refs/legit/site-admin branch of the
repository, access to which is being considered. The second source of rules is
the core.rules file in the legit-admin repository's master branch.
Legit defines a set of magical user/group names which always start 'legit/' and
since the admin layout does not allow for users or groups to be created
By default, the core.rules file (which is *never* automatically rewritten by
the legit tools and thus can have commentary etc in it) defines a few useful
rules which form the basis of a legit install.
The default set of core.rules legit will install in a fresh legit-admin
repository are:
---8<----
GrantClone(User "legit/anonymous")
GrantWrite(User "legit/owner")
---8<----
This means that if the rule evaluator falls off the end of the
repository-specific rules then as a last ditch effort we grant anonymous clone
and full write/delete/etc access to the user marked as the owner of the
repository. If evaluation ever falls off the end of the core rules then Legit
evaluates the built in stop-gap rule of 'Deny(User "*")' which effectively
denies everything to everyone.
|
