Add documentation and example for rights management

This commit is contained in:
Guillaume Ayoub 2013-08-27 11:05:54 +02:00
parent a884169487
commit c0c652b3f8
2 changed files with 50 additions and 0 deletions

View File

@ -21,6 +21,18 @@
"""
Rights management.
Rights are based on a regex-based file whose name is specified in the config
(section "right", key "file").
Authentication login is matched against the "user" key, and collection's path
is matched against the "collection" key. You can use Python's ConfigParser
interpolation values %(login)s and %(path)s. You can also get groups from the
user regex in the collection with {0}, {1}, etc.
Section names are only used for naming the rule.
Leading or ending slashes are trimmed from collection's path.
"""
import re

38
rights Normal file
View File

@ -0,0 +1,38 @@
# -*- mode: conf -*-
# vim:ft=cfg
# Rights management file for Radicale - A simple calendar server
#
# Default path for this kind of files is ~/.config/radicale/rights
# This means all users starting with "admin" may read any collection
[admin]
user: ^admin.*\|.+?$
collection: .*
permission: r
# This means all users may read and write any collection starting with public.
# We do so by just not testing against the user string.
[public]
user: .*
collection: ^public(/.+)?$
permission: rw
# A little more complex: give read access to users from a domain for all
# collections of all the users (ie. user@domain.tld can read domain/*).
[domain-wide-access]
user: ^.+@(.+)\..+$
collection: ^{0}/.+$
permission: r
# Allow authenticated user to read all collections
[allow-everyone-read]
user: .*
collection: .*
permission: r
# Give write access to owners
[owner-write]
user: .*
collection: ^%(login)s/.+$
permission: w