radicale/rights

# -*- mode: conf -*-
# vim:ft=cfg

# Rights management file for Radicale - A simple calendar server
#
# The default path for this file is /etc/radicale/rights
# The path can be specified in the rights section of the configuration file
#
# Some examples are included in Radicale's documentation, see:
# http://radicale.org/rights/
#
# This file gives independant examples to help users write their own
# configuration files. Using these examples together in the same configuration
# file is meaningless.
#
# The first rule matching both user and collection patterns will be returned.

# This means all users starting with "admin" may read any collection
[admin]
user: admin.*
collection: .*
permission: r

# This means all users may read and write any collection starting with public.
# We do so by just not testing against the user string.
[public]
user: .*
collection: public(/.+)?
permission: rw

# A little more complex: give read access to users from a domain for all
# collections of all the users (ie. user@domain.tld can read domain/*).
[domain-wide-access]
user: .+@(.+)\..+
collection: {0}/.+
permission: r

# Allow authenticated user to read all collections
[allow-everyone-read]
user: .+
collection: .*
permission: r

# Give write access to owners
[owner-write]
user: .+
collection: %(login)s/.*
permission: w
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00			`# -- mode: conf --`
			`# vim:ft=cfg`

			`# Rights management file for Radicale - A simple calendar server`
			`#`
Update description of rights file 2017-06-15 23:41:06 +02:00			`# The default path for this file is /etc/radicale/rights`
			`# The path can be specified in the rights section of the configuration file`
			`#`
			`# Some examples are included in Radicale's documentation, see:`
			`# http://radicale.org/rights/`
Explain the goal of the sample "rights" file Related to #374 2016-04-09 15:31:47 +02:00			`#`
			`# This file gives independant examples to help users write their own`
			`# configuration files. Using these examples together in the same configuration`
			`# file is meaningless.`
Add a documentation line in rights example file 2016-04-09 22:10:51 +02:00			`#`
			`# The first rule matching both user and collection patterns will be returned.`
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00
			`# This means all users starting with "admin" may read any collection`
			`[admin]`
Always match full username/collection with regex It's easy to forget $ at the end of a regex and it's counter-intuitive that ^ is implicit but $ is not. 2016-08-01 10:07:21 +02:00			`user: admin.*`
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00			`collection: .*`
			`permission: r`

			`# This means all users may read and write any collection starting with public.`
			`# We do so by just not testing against the user string.`
			`[public]`
			`user: .*`
Always match full username/collection with regex It's easy to forget $ at the end of a regex and it's counter-intuitive that ^ is implicit but $ is not. 2016-08-01 10:07:21 +02:00			`collection: public(/.+)?`
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00			`permission: rw`

			`# A little more complex: give read access to users from a domain for all`
			`# collections of all the users (ie. user@domain.tld can read domain/*).`
			`[domain-wide-access]`
Always match full username/collection with regex It's easy to forget $ at the end of a regex and it's counter-intuitive that ^ is implicit but $ is not. 2016-08-01 10:07:21 +02:00			`user: .+@(.+)\..+`
			`collection: {0}/.+`
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00			`permission: r`

			`# Allow authenticated user to read all collections`
			`[allow-everyone-read]`
Fix default rights configuration 2013-09-19 16:28:54 +02:00			`user: .+`
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00			`collection: .*`
			`permission: r`

			`# Give write access to owners`
			`[owner-write]`
Fix default rights configuration 2013-09-19 16:28:54 +02:00			`user: .+`
Always match full username/collection with regex It's easy to forget $ at the end of a regex and it's counter-intuitive that ^ is implicit but $ is not. 2016-08-01 10:07:21 +02:00			`collection: %(login)s/.*`
Add documentation and example for rights management 2013-08-27 11:05:54 +02:00			`permission: w`