New examples for rights

rights

@@ -6,43 +6,100 @@
 # The default path for this file is /etc/radicale/rights
 # The path can be specified in the rights section of the configuration file
 #
-# Some examples are included in Radicale's documentation, see:
+# Section names used for naming rules and must be unique.
-# https://radicale.org/master.html#documentation/authentication-and-rights
+# The first rule matching both user and collection patterns will be used.
-#
-# This file gives independant examples to help users write their own
-# configuration files. Using these examples together in the same configuration
-# file is meaningless.
-#
-# The first rule matching both user and collection patterns will be returned.
 
-# This means all users starting with "admin" may read any collection
-[admin]
-user: admin.*
-collection: .*
-permissions: Rr
 
-# This means all users may read and write any collection starting with public.
+# Example: owner_only plugin
-# We do so by just not testing against the user string.
-[public]
-user: .*
-collection: public(/.+)?
-permissions: RrWw
 
-# A little more complex: give read access to users from a domain for all
+# Allow reading root collection for authenticated users
-# collections of all the users (ie. user@domain.tld can read domain/*).
+#[root]
-[domain-wide-access]
+#user: .+
-user: .+@(.+)\..+
+#collection:
-collection: {0}/.+
+#permissions: R
-permissions: Rr
 
-# Allow authenticated user to read all collections
+# Allow reading and writing principal collection (same as user name)
-[allow-everyone-read]
+#[principal]
-user: .+
+#user: .+
-collection: .*
+#collection: %(login)s
-permissions: Rr
+#permissions: RW
 
-# Give write access to owners
+# Allow reading and writing calendars and address books that are direct
-[owner-write]
+# children of the principal collection
-user: .+
+#[calendars]
-collection: %(login)s/.*
+#user: .+
-permissions: Ww
+#collection: %(login)s/[^/]+
+#permissions: rw
+
+
+# Example: owner_write plugin
+# Only listed additional rules for the owner_only plugin example.
+
+# Allow reading principal collections of all users
+#[read-all-principals]
+#user: .+
+#collection: [^/]+
+#permissions: R
+
+# Allow reading all calendars and address books that are direct children of any
+# principal collection
+#[read-all-calendars]
+#user: .+
+#collection: [^/]+/[^/]+
+#permissions: r
+
+
+# Example: authenticated plugin
+
+# Allow reading and writing root and principal collections of all users
+#[root-and-principals]
+#user: .+
+#collection: [^/]*
+#permissions: RW
+
+# Allow reading and writing all calendars and address books that are direct
+# children of any principal collection
+#[calendars]
+#user: .+
+#collection: [^/]+/[^/]+
+#permissions: rw
+
+
+# Example: Allow user "admin" to read everything
+#[admin-read-all]
+#user: admin
+#collection: .*
+#permissions: Rr
+
+
+# Example: Allow everybody (including anonymous) to read the collection "public"
+
+# Allow reading collection "public"
+#[public-principal]
+#user: .*
+#collection: public
+#permissions: R
+
+# Allow reading all calendars and address books that are direct children of
+# the collection "public"
+#[public-calendars]
+#user: .*
+#collection: public/[^/]+
+#permissions: r
+
+
+# Example: Grant users of the form user@domain.tld read access to the
+# collection "domain.tld"
+
+# Allow reading the domain collection
+#[read-domain-principal]
+#user: .+@([^@]+)
+#collection: {0}
+#permissions: R
+
+# Allow reading all calendars and address books that are direct children of
+# the domain collection
+#[read-domain-calendars]
+#user: .+@([^@]+)
+#collection: {0}/[^/]+
+#permissions: r