radicale/rights

# -*- mode: conf -*-
# vim:ft=cfg

# Rights management file for Radicale - A simple calendar server
#
# The default path for this file is /etc/radicale/rights
# The path can be specified in the rights section of the configuration file
#
# Section names are used for naming rules and must be unique.
# The first rule matching both user and collection patterns will be used.


# Example: owner_only plugin

# Allow reading root collection for authenticated users
#[root]
#user: .+
#collection:
#permissions: R

# Allow reading and writing principal collection (same as username)
#[principal]
#user: .+
#collection: {user}
#permissions: RW

# Allow reading and writing calendars and address books that are direct
# children of the principal collection
#[calendars]
#user: .+
#collection: {user}/[^/]+
#permissions: rw


# Example: owner_write plugin
# Only listed additional rules for the owner_only plugin example.

# Allow reading principal collections of all users
#[read-all-principals]
#user: .+
#collection: [^/]+
#permissions: R

# Allow reading all calendars and address books that are direct children of any
# principal collection
#[read-all-calendars]
#user: .+
#collection: [^/]+/[^/]+
#permissions: r


# Example: authenticated plugin

# Allow reading and writing root and principal collections of all users
#[root-and-principals]
#user: .+
#collection: [^/]*
#permissions: RW

# Allow reading and writing all calendars and address books that are direct
# children of any principal collection
#[calendars]
#user: .+
#collection: [^/]+/[^/]+
#permissions: rw


# Example: Allow user "admin" to read everything
#[admin-read-all]
#user: admin
#collection: .*
#permissions: Rr


# Example: Allow everybody (including unauthenticated users) to read
# the collection "public"

# Allow reading collection "public" for authenticated users
#[public-principal]
#user: .+
#collection: public
#permissions: R

# Allow reading all calendars and address books that are direct children of
# the collection "public" for authenticated users
#[public-calendars]
#user: .+
#collection: public/[^/]+
#permissions: r

# Allow access to public calendars and address books via HTTP GET for everyone
#[public-calendars-restricted]
#user: .*
#collection: public/[^/]+
#permissions: i

# Example: Grant users of the form user@domain.tld read access to the
# collection "domain.tld"

# Allow reading the domain collection
#[read-domain-principal]
#user: .+@([^@]+)
#collection: {0}
#permissions: R

# Allow reading all calendars and address books that are direct children of
# the domain collection
#[read-domain-calendars]
#user: .+@([^@]+)
#collection: {0}/[^/]+
#permissions: r
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00			`# -- mode: conf --`
			`# vim:ft=cfg`

			`# Rights management file for Radicale - A simple calendar server`
			`#`
Update description of rights file 2017-06-15 23:41:06 +02:00			`# The default path for this file is /etc/radicale/rights`
			`# The path can be specified in the rights section of the configuration file`
			`#`
Fix typo 2020-04-11 13:24:10 +02:00			`# Section names are used for naming rules and must be unique.`
New examples for rights 2020-04-11 13:20:02 +02:00			`# The first rule matching both user and collection patterns will be used.`


			`# Example: owner_only plugin`

			`# Allow reading root collection for authenticated users`
			`#[root]`
			`#user: .+`
			`#collection:`
			`#permissions: R`

Change "user name" to "username" 2022-01-07 23:54:34 +01:00			`# Allow reading and writing principal collection (same as username)`
New examples for rights 2020-04-11 13:20:02 +02:00			`#[principal]`
			`#user: .+`
from_file rights: Replace config parser interpolation 2020-04-22 19:20:24 +02:00			`#collection: {user}`
New examples for rights 2020-04-11 13:20:02 +02:00			`#permissions: RW`

			`# Allow reading and writing calendars and address books that are direct`
			`# children of the principal collection`
			`#[calendars]`
			`#user: .+`
from_file rights: Replace config parser interpolation 2020-04-22 19:20:24 +02:00			`#collection: {user}/[^/]+`
New examples for rights 2020-04-11 13:20:02 +02:00			`#permissions: rw`


			`# Example: owner_write plugin`
			`# Only listed additional rules for the owner_only plugin example.`

			`# Allow reading principal collections of all users`
			`#[read-all-principals]`
			`#user: .+`
			`#collection: [^/]+`
			`#permissions: R`

			`# Allow reading all calendars and address books that are direct children of any`
			`# principal collection`
			`#[read-all-calendars]`
			`#user: .+`
			`#collection: [^/]+/[^/]+`
			`#permissions: r`


			`# Example: authenticated plugin`

			`# Allow reading and writing root and principal collections of all users`
			`#[root-and-principals]`
			`#user: .+`
			`#collection: [^/]*`
			`#permissions: RW`

			`# Allow reading and writing all calendars and address books that are direct`
			`# children of any principal collection`
			`#[calendars]`
			`#user: .+`
			`#collection: [^/]+/[^/]+`
			`#permissions: rw`


			`# Example: Allow user "admin" to read everything`
			`#[admin-read-all]`
			`#user: admin`
			`#collection: .*`
			`#permissions: Rr`


Fix typo 2020-04-11 13:24:10 +02:00			`# Example: Allow everybody (including unauthenticated users) to read`
			`# the collection "public"`
New examples for rights 2020-04-11 13:20:02 +02:00
New right "i": Only allowing HTTP method GET 2020-04-22 19:20:42 +02:00			`# Allow reading collection "public" for authenticated users`
New examples for rights 2020-04-11 13:20:02 +02:00			`#[public-principal]`
New right "i": Only allowing HTTP method GET 2020-04-22 19:20:42 +02:00			`#user: .+`
New examples for rights 2020-04-11 13:20:02 +02:00			`#collection: public`
			`#permissions: R`

			`# Allow reading all calendars and address books that are direct children of`
New right "i": Only allowing HTTP method GET 2020-04-22 19:20:42 +02:00			`# the collection "public" for authenticated users`
New examples for rights 2020-04-11 13:20:02 +02:00			`#[public-calendars]`
New right "i": Only allowing HTTP method GET 2020-04-22 19:20:42 +02:00			`#user: .+`
New examples for rights 2020-04-11 13:20:02 +02:00			`#collection: public/[^/]+`
			`#permissions: r`

New right "i": Only allowing HTTP method GET 2020-04-22 19:20:42 +02:00			`# Allow access to public calendars and address books via HTTP GET for everyone`
			`#[public-calendars-restricted]`
			`#user: .*`
			`#collection: public/[^/]+`
			`#permissions: i`
New examples for rights 2020-04-11 13:20:02 +02:00
			`# Example: Grant users of the form user@domain.tld read access to the`
			`# collection "domain.tld"`

			`# Allow reading the domain collection`
			`#[read-domain-principal]`
			`#user: .+@([^@]+)`
			`#collection: {0}`
			`#permissions: R`

			`# Allow reading all calendars and address books that are direct children of`
			`# the domain collection`
			`#[read-domain-calendars]`
			`#user: .+@([^@]+)`
			`#collection: {0}/[^/]+`
			`#permissions: r`