blob: 3de3955d373496c365dec330535fdf77ff139400 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#
# Authentication login is matched against the "user" key, and collection's path is matched against the "collection" key.
# You can use Python's ConfigParser interpolation values %(login)s and %(path)s.
# You can also get groups from the user regex in the collection with {0}, {1}, etc.
#
# For example, for the "user" key, ".+" means "authenticated user" and ".*" means "anybody" (including anonymous users).
#
# Section names are only used for naming the rule.
# Leading or ending slashes are trimmed from collection's path.
#
# This means all users starting with "admin" may read any collection
[admin]
user: ^admin.*$
collection: .*
permission: r
# This means all users may read and write any collection starting with public.
# We do so by just not testing against the user string.
[public]
user: .*
collection: ^public(/.+)?$
permission: rw
# A little more complex: give read access to users from a domain for all
# collections of all the users (ie. user@domain.tld can read domain/\*).
[domain-wide-access]
user: ^.+@(.+)\..+$
collection: ^{0}/.+$
permission: r
# Allow authenticated user to read all collections
[allow-everyone-read]
user: .+
collection: .*
permission: r
# Give write access to owners
[owner-write]
user: .+
collection: ^%(login)s(/.+)?$
permission: rw
# Allow CardDavMATE-, CalDavZAP- or InfCloud- WEBclient to work
# anonymous users have read access to "/" but no files or subdir
[infcloud]
user: .*
collection: /
permission: r
|