radicale/rights
Unrud 0a492a00b1 Allow finer control in rights plugin
New permissions:

R: read collections without tag
r: read collections with tag and included objects
W: write and delete collections without tag
w: write and delete collection with tag and included objects
2018-08-21 18:43:45 +02:00

49 lines
1.3 KiB
Plaintext

# -*- mode: conf -*-
# vim:ft=cfg
# Rights management file for Radicale - A simple calendar server
#
# The default path for this file is /etc/radicale/rights
# The path can be specified in the rights section of the configuration file
#
# Some examples are included in Radicale's documentation, see:
# http://radicale.org/rights/
#
# This file gives independant examples to help users write their own
# configuration files. Using these examples together in the same configuration
# file is meaningless.
#
# The first rule matching both user and collection patterns will be returned.
# This means all users starting with "admin" may read any collection
[admin]
user: admin.*
collection: .*
permissions: Rr
# This means all users may read and write any collection starting with public.
# We do so by just not testing against the user string.
[public]
user: .*
collection: public(/.+)?
permissions: RrWw
# A little more complex: give read access to users from a domain for all
# collections of all the users (ie. user@domain.tld can read domain/*).
[domain-wide-access]
user: .+@(.+)\..+
collection: {0}/.+
permissions: Rr
# Allow authenticated user to read all collections
[allow-everyone-read]
user: .+
collection: .*
permissions: Rr
# Give write access to owners
[owner-write]
user: .+
collection: %(login)s/.*
permissions: Ww