diff options
Diffstat (limited to 'etc/mistral/policy.json')
-rw-r--r-- | etc/mistral/policy.json | 98 |
1 files changed, 49 insertions, 49 deletions
diff --git a/etc/mistral/policy.json b/etc/mistral/policy.json index a5787af..3278023 100644 --- a/etc/mistral/policy.json +++ b/etc/mistral/policy.json @@ -1,64 +1,64 @@ { "admin_only": "is_admin:True", "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner and rule:deny_readonly", + "default": "rule:admin_or_owner", - "action_executions:delete": "rule:admin_or_owner and rule:deny_readonly", - "action_execution:create": "rule:admin_or_owner and rule:deny_readonly", - "action_executions:get": "rule:admin_or_owner and rule:deny_readonly", - "action_executions:list": "rule:admin_or_owner and rule:deny_readonly", - "action_executions:update": "rule:admin_or_owner and rule:deny_readonly", + "action_executions:delete": "rule:admin_or_owner", + "action_execution:create": "rule:admin_or_owner", + "action_executions:get": "rule:admin_or_owner", + "action_executions:list": "rule:admin_or_owner", + "action_executions:update": "rule:admin_or_owner", - "actions:create": "rule:admin_or_owner and rule:deny_readonly", - "actions:delete": "rule:admin_or_owner and rule:deny_readonly", - "actions:get": "rule:admin_or_owner and rule:deny_readonly", - "actions:list": "rule:admin_or_owner and rule:deny_readonly", - "actions:update": "rule:admin_or_owner and rule:deny_readonly", + "actions:create": "rule:admin_or_owner", + "actions:delete": "rule:admin_or_owner", + "actions:get": "rule:admin_or_owner", + "actions:list": "rule:admin_or_owner", + "actions:update": "rule:admin_or_owner", - "cron_triggers:create": "rule:admin_or_owner and rule:deny_readonly", - "cron_triggers:delete": "rule:admin_or_owner and rule:deny_readonly", - "cron_triggers:get": "rule:admin_or_owner and rule:deny_readonly", - "cron_triggers:list": "rule:admin_or_owner and rule:deny_readonly", + "cron_triggers:create": "rule:admin_or_owner", + "cron_triggers:delete": "rule:admin_or_owner", + "cron_triggers:get": "rule:admin_or_owner", + "cron_triggers:list": "rule:admin_or_owner", - "environments:create": "rule:admin_or_owner and rule:deny_readonly", - "environments:delete": "rule:admin_or_owner and rule:deny_readonly", - "environments:get": "rule:admin_or_owner and rule:deny_readonly", - "environments:list": "rule:admin_or_owner and rule:deny_readonly", - "environments:update": "rule:admin_or_owner and rule:deny_readonly", + "environments:create": "rule:admin_or_owner", + "environments:delete": "rule:admin_or_owner", + "environments:get": "rule:admin_or_owner", + "environments:list": "rule:admin_or_owner", + "environments:update": "rule:admin_or_owner", - "executions:create": "rule:admin_or_owner and rule:deny_readonly", - "executions:delete": "rule:admin_or_owner and rule:deny_readonly", - "executions:get": "rule:admin_or_owner and rule:deny_readonly", - "executions:list": "rule:admin_or_owner and rule:deny_readonly", - "executions:update": "rule:admin_or_owner and rule:deny_readonly", + "executions:create": "rule:admin_or_owner", + "executions:delete": "rule:admin_or_owner", + "executions:get": "rule:admin_or_owner", + "executions:list": "rule:admin_or_owner", + "executions:update": "rule:admin_or_owner", - "members:create": "rule:admin_or_owner and rule:deny_readonly", - "members:delete": "rule:admin_or_owner and rule:deny_readonly", - "members:get": "rule:admin_or_owner and rule:deny_readonly", - "members:list": "rule:admin_or_owner and rule:deny_readonly", - "members:update": "rule:admin_or_owner and rule:deny_readonly", + "members:create": "rule:admin_or_owner", + "members:delete": "rule:admin_or_owner", + "members:get": "rule:admin_or_owner", + "members:list": "rule:admin_or_owner", + "members:update": "rule:admin_or_owner", - "services:list": "rule:admin_or_owner and rule:deny_readonly", + "services:list": "rule:admin_or_owner", - "tasks:get": "rule:admin_or_owner and rule:deny_readonly", - "tasks:list": "rule:admin_or_owner and rule:deny_readonly", - "tasks:update": "rule:admin_or_owner and rule:deny_readonly", + "tasks:get": "rule:admin_or_owner", + "tasks:list": "rule:admin_or_owner", + "tasks:update": "rule:admin_or_owner", - "workbooks:create": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:delete": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:get": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:list": "rule:admin_or_owner and rule:deny_readonly", - "workbooks:update": "rule:admin_or_owner and rule:deny_readonly", + "workbooks:create": "rule:admin_or_owner", + "workbooks:delete": "rule:admin_or_owner", + "workbooks:get": "rule:admin_or_owner", + "workbooks:list": "rule:admin_or_owner", + "workbooks:update": "rule:admin_or_owner", - "workflows:create": "rule:admin_or_owner and rule:deny_readonly", - "workflows:delete": "rule:admin_or_owner and rule:deny_readonly", - "workflows:get": "rule:admin_or_owner and rule:deny_readonly", - "workflows:list": "rule:admin_or_owner and rule:deny_readonly", - "workflows:update": "rule:admin_or_owner and rule:deny_readonly", + "workflows:create": "rule:admin_or_owner", + "workflows:delete": "rule:admin_or_owner", + "workflows:get": "rule:admin_or_owner", + "workflows:list": "rule:admin_or_owner", + "workflows:update": "rule:admin_or_owner", - "event_triggers:create": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:delete": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:get": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:list": "rule:admin_or_owner and rule:deny_readonly", - "event_triggers:update": "rule:admin_or_owner and rule:deny_readonly" + "event_triggers:create": "rule:admin_or_owner", + "event_triggers:delete": "rule:admin_or_owner", + "event_triggers:get": "rule:admin_or_owner", + "event_triggers:list": "rule:admin_or_owner", + "event_triggers:update": "rule:admin_or_owner" } |