Initial public import
[afterthought.git] / acls / S.acl
1 /REQUEST['admin' != /caller/@roles]-> {
2     /caller[@roles = 'pi'] ->{
3         /REQUEST/Add -> {
4             @site_id = /REQUEST/caller/@site_ids
5                         and count(@slice_ids) >= @max_slices
6                         and @enabled
7         }
8         /REQUEST/Delete -> {
9             /[not not @peer_id] -> { (false) }
10             whitelist = ;
11             /[true] -> {
12                 /[/REQUEST/caller/@person_id == @person_ids
13                     or ('pi' == //REQUEST/caller/@roles and @site_id == //REQUEST/caller/@site_ids)
14                     and (not whitelist or @slice_id == whitelist)]
15             }
16
17         }
18         /REQUEST/Update -> {
19             [not not @peer_id] -> { /[false] }
20             whitelist = /node/@slice_ids_whitelist;
21             /[true] -> {
22                      /[/REQUEST/caller/@person_id == @person_ids
23                         or ('pi' == //REQUEST/caller/@roles and @site_id == //REQUEST/caller/@site_ids)
24                         and (not whitelist or @slice_id == whitelist)]
25                  }
26         }
27         /REQUEST/Get {
28             caller_site_ids = /REQUEST/caller/@site_ids;
29             ;
30             /[@slice_id == /DB/sites[@site_id == caller_site_ids]/@slice_ids]
31         }
32     }
33     ||
34     /[true] -> / [false]
35 }
36 ||
37 /[true] {
38    / [true]
39 }