summaryrefslogtreecommitdiffstats
path: root/etc/zaqar/policy.json
diff options
context:
space:
mode:
Diffstat (limited to 'etc/zaqar/policy.json')
-rw-r--r--etc/zaqar/policy.json93
1 files changed, 50 insertions, 43 deletions
diff --git a/etc/zaqar/policy.json b/etc/zaqar/policy.json
index 89d5076..1a6c49e 100644
--- a/etc/zaqar/policy.json
+++ b/etc/zaqar/policy.json
@@ -1,46 +1,53 @@
{
+ "global_readonly": "(role:global_readonly)",
+ "readonly": "((project_id:%(project_id)s and role:readonly) or rule:global_readonly)",
+ "_member_role": "(role:member or role:_member_)",
+ "member": "(project_id:%(project_id)s and rule:_member_role)",
+ "admin": "(is_admin:True or role:admin)",
+ "owner": "(user_id:%(user_id)s and rule:_member_role)",
+
"context_is_admin": "role:admin",
- "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
- "default": "rule:admin_or_owner",
-
- "queues:get_all": "",
- "queues:create": "",
- "queues:get": "",
- "queues:delete": "",
- "queues:update": "",
- "queues:stats": "",
-
- "messages:get_all": "",
- "messages:create": "",
- "messages:get": "",
- "messages:delete": "",
- "messages:delete_all": "",
-
- "claims:get_all": "",
- "claims:create": "",
- "claims:get": "",
- "claims:delete": "",
- "claims:update": "",
-
- "subscription:get_all": "",
- "subscription:create": "",
- "subscription:get": "",
- "subscription:delete": "",
- "subscription:update": "",
- "subscription:confirm": "",
-
- "pools:get_all": "rule:context_is_admin",
- "pools:create": "rule:context_is_admin",
- "pools:get": "rule:context_is_admin",
- "pools:delete": "rule:context_is_admin",
- "pools:update": "rule:context_is_admin",
-
- "flavors:get_all": "",
- "flavors:create": "rule:context_is_admin",
- "flavors:get": "",
- "flavors:delete": "rule:context_is_admin",
- "flavors:update": "rule:context_is_admin",
-
- "ping:get": "",
- "health:get": "rule:context_is_admin"
+
+ "default": "rule:admin or rule:member",
+
+ "queues:get_all": "rule:admin or rule:member",
+ "queues:create": "rule:admin or rule:member",
+ "queues:get": "rule:admin or rule:member",
+ "queues:delete": "rule:admin or rule:member",
+ "queues:update": "rule:admin or rule:member",
+ "queues:stats": "rule:admin or rule:member",
+
+ "messages:get_all": "rule:admin or rule:member",
+ "messages:create": "rule:admin or rule:member",
+ "messages:get": "rule:admin or rule:member",
+ "messages:delete": "rule:admin or rule:member",
+ "messages:delete_all": "rule:admin or rule:member",
+
+ "claims:get_all": "rule:admin or rule:member",
+ "claims:create": "rule:admin or rule:member",
+ "claims:get": "rule:admin or rule:member",
+ "claims:delete": "rule:admin or rule:member",
+ "claims:update": "rule:admin or rule:member",
+
+ "subscription:get_all": "rule:admin or rule:member",
+ "subscription:create": "rule:admin or rule:member",
+ "subscription:get": "rule:admin or rule:member",
+ "subscription:delete": "rule:admin or rule:member",
+ "subscription:update": "rule:admin or rule:member",
+ "subscription:confirm": "rule:admin or rule:member",
+
+ "pools:get_all": "rule:admin or rule:member",
+ "pools:create": "rule:admin or rule:member",
+ "pools:get": "rule:admin or rule:member",
+ "pools:delete": "rule:admin or rule:member",
+ "pools:update": "rule:admin or rule:member",
+
+ "flavors:get_all": "rule:admin or rule:member",
+ "flavors:create": "rule:admin or rule:member",
+ "flavors:get": "rule:admin or rule:member",
+ "flavors:delete": "rule:admin or rule:member",
+ "flavors:update": "rule:admin or rule:member",
+
+ "ping:get": "rule:admin or rule:member",
+ "health:get": "rule:admin or rule:member"
}
generated by cgit (git 2.34.1) at 2024-04-18 03:55:39 +0000