Skip to content

Commit

Permalink
First cut at permissions policies
Browse files Browse the repository at this point in the history 
Covers organisations, projects and users.
  • Loading branch information
Ian Ross committed Mar 14, 2016
1 parent a5ff397 commit fa42754
Show file tree
Hide file tree
Showing 6 changed files with 86 additions and 12 deletions.
9 changes: 9 additions & 0 deletions cadasta/config/permissions/data-collector.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"clause": [
{
"effect": "allow",
"action": ["project.resources.*"]
"object": ["project/$organization/$project"],
}
]
}
21 changes: 16 additions & 5 deletions cadasta/config/permissions/default.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,23 @@
"clause": [
{
"effect": "allow",
"object": ["*"],
"action": ["org.list"]
}, {
"action": ["org.list", "org.create"]
},
{
"effect": "allow",
"object": ["organization/*"],
"action": ["org.view"]
"object": ["organization/*"],
},

{
"effect": "allow",
"action": ["project.list"],
"object": ["organization/*"]
},
{
"effect": "allow",
"action": ["project.view"],
"object": ["project/*/*"]
}
]
]
}
14 changes: 8 additions & 6 deletions cadasta/config/permissions/org-admin.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@
"clause": [
{
"effect": "allow",
"object": ["*"],
"action": ["org.*"]
}, {
"action": ["org.*", "org.*.*", "project.*", "project.*.*"]
"object": ["organization/$organization"],
},

{
"effect": "allow",
"object": ["organization/*"],
"action": ["org.*"]
"action": ["project.*", "project.*.*"]
"object": ["project/$organization/*"],
}
]
]
}
14 changes: 14 additions & 0 deletions cadasta/config/permissions/project-manager.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"clause": [
{
"effect": "allow",
"action": ["project.*", "project.*.*"]
"object": ["project/$organization/$project"],
},
{
"effect": "deny",
"action": ["project.archive", "project.unarchive"]
"object": ["project/$organization/$project"],
}
]
}
13 changes: 13 additions & 0 deletions cadasta/config/permissions/project-user.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"clause": [
{
"effect": "allow",
"action": ["org.list", "org.create"]
},
{
"effect": "allow",
"object": ["organization/*"],
"action": ["org.view"]
}
]
}
27 changes: 26 additions & 1 deletion cadasta/config/permissions/superuser.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,33 @@
"clause": [
{
"effect": "allow",
"object": ["organization/*"],
"action": ["org.*"]
},
{
"effect": "allow",
"action": ["org.*", "org.*.*"]
"object": ["organization/*"],
},

{
"effect": "allow",
"action": ["project.*", "project.*.*"]
"object": ["organization/*"],
},
{
"effect": "allow",
"action": ["project.*", "project.*.*"]
"object": ["project/*/*"],
},

{
"effect": "allow",
"action": ["user.*"]
},
{
"effect": "allow",
"action": ["user.*"]
"object": ["user/*"],
}
]
}

0 comments on commit fa42754

Please sign in to comment.