grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Add a caching layer to the hgweb portion. This should take some strain off of mercurial anf our cpu quota
2020-04-15, Gary Kramlich
410414a1fbe7
Add a caching layer to the hgweb portion. This should take some strain off of mercurial anf our cpu quota
#
This
is
a
https
:
//
casbin
.
org
model
for
implementing
role
based
access
control
.
#
#
This
model
is
based
on
the
priorty
example
from
the
casbin
documentation
.
It
#
will
evaluate
polcies
in
a
top
to
bottom
approach
accepting
the
first
one
that
#
matches
.
This
means
that
you
have
to
be
careful
when
defining
your
policies
.
#
#
Say
you
would
like
to
disable
public
access
by
default
but
then
grant
it
to
#
specific
repositories
later
.
This
would
need
to
be
defined
in
the
following
#
way
:
#
#
p
,
public
,
/
foo
,
read
,
allow
#
p
,
public
,
/*, read, deny
#
# If it was instead written as the following, the deny rule would be the first
# one matched and thus the allow would never be considered.
#
# p, public, /*, read, deny
# p, public, /foo, read, allow
#
# If this model does not work for you, you are able to change it thanks to
# casbin.
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act, eft
[role_definition]
g = _, _
g2 = _, _
[policy_effect]
e = priority(p.eft) || deny
[matchers]
m = (g(r.sub, p.sub) || p.sub == "public") && keyMatch(r.obj, p.obj) && g2(r.act, p.act)
