2022-11-22 13:29:11 +01:00
|
|
|
# -*- mode: conf -*-
|
|
|
|
# vim:ft=cfg
|
|
|
|
|
|
|
|
# Rights management file for Radicale - A simple calendar server
|
2016-04-07 00:00:41 +02:00
|
|
|
#
|
2022-11-22 13:29:11 +01:00
|
|
|
# The default path for this file is /etc/radicale/rights
|
|
|
|
# The path can be specified in the rights section of the configuration file
|
2016-04-07 00:00:41 +02:00
|
|
|
#
|
2022-11-22 13:29:11 +01:00
|
|
|
# Section names are used for naming rules and must be unique.
|
|
|
|
# The first rule matching both user and collection patterns will be used.
|
|
|
|
|
|
|
|
|
|
|
|
# Example: owner_only plugin
|
|
|
|
|
|
|
|
# Allow reading root collection for authenticated users
|
|
|
|
#[root]
|
|
|
|
#user: .+
|
|
|
|
#collection:
|
|
|
|
#permissions: R
|
|
|
|
|
|
|
|
# Allow reading and writing principal collection (same as username)
|
|
|
|
#[principal]
|
|
|
|
#user: .+
|
|
|
|
#collection: {user}
|
|
|
|
#permissions: RW
|
|
|
|
|
|
|
|
# Allow reading and writing calendars and address books that are direct
|
|
|
|
# children of the principal collection
|
|
|
|
#[calendars]
|
|
|
|
#user: .+
|
|
|
|
#collection: {user}/[^/]+
|
|
|
|
#permissions: rw
|
|
|
|
|
|
|
|
|
|
|
|
# Example: owner_write plugin
|
|
|
|
# Only listed additional rules for the owner_only plugin example.
|
|
|
|
|
|
|
|
# Allow reading principal collections of all users
|
|
|
|
#[read-all-principals]
|
|
|
|
#user: .+
|
|
|
|
#collection: [^/]+
|
|
|
|
#permissions: R
|
|
|
|
|
|
|
|
# Allow reading all calendars and address books that are direct children of any
|
|
|
|
# principal collection
|
|
|
|
#[read-all-calendars]
|
|
|
|
#user: .+
|
|
|
|
#collection: [^/]+/[^/]+
|
|
|
|
#permissions: r
|
|
|
|
|
|
|
|
|
|
|
|
# Example: authenticated plugin
|
|
|
|
|
|
|
|
# Allow reading and writing root and principal collections of all users
|
|
|
|
#[root-and-principals]
|
|
|
|
#user: .+
|
|
|
|
#collection: [^/]*
|
|
|
|
#permissions: RW
|
|
|
|
|
|
|
|
# Allow reading and writing all calendars and address books that are direct
|
|
|
|
# children of any principal collection
|
|
|
|
#[calendars]
|
|
|
|
#user: .+
|
|
|
|
#collection: [^/]+/[^/]+
|
|
|
|
#permissions: rw
|
|
|
|
|
|
|
|
|
|
|
|
# Example: Allow user "admin" to read everything
|
|
|
|
#[admin-read-all]
|
|
|
|
#user: admin
|
|
|
|
#collection: .*
|
|
|
|
#permissions: Rr
|
|
|
|
|
|
|
|
|
|
|
|
# Example: Allow everybody (including unauthenticated users) to read
|
|
|
|
# the collection "public"
|
|
|
|
|
|
|
|
# Allow reading collection "public" for authenticated users
|
|
|
|
#[public-principal]
|
|
|
|
#user: .+
|
|
|
|
#collection: public
|
|
|
|
#permissions: R
|
|
|
|
|
|
|
|
# Allow reading all calendars and address books that are direct children of
|
|
|
|
# the collection "public" for authenticated users
|
|
|
|
#[public-calendars]
|
|
|
|
#user: .+
|
|
|
|
#collection: public/[^/]+
|
|
|
|
#permissions: r
|
|
|
|
|
|
|
|
# Allow access to public calendars and address books via HTTP GET for everyone
|
|
|
|
#[public-calendars-restricted]
|
|
|
|
#user: .*
|
|
|
|
#collection: public/[^/]+
|
|
|
|
#permissions: i
|
|
|
|
|
|
|
|
# Example: Grant users of the form user@domain.tld read access to the
|
|
|
|
# collection "domain.tld"
|
|
|
|
|
|
|
|
# Allow reading the domain collection
|
|
|
|
#[read-domain-principal]
|
|
|
|
#user: .+@([^@]+)
|
|
|
|
#collection: {0}
|
|
|
|
#permissions: R
|
|
|
|
|
|
|
|
# Allow reading all calendars and address books that are direct children of
|
|
|
|
# the domain collection
|
|
|
|
#[read-domain-calendars]
|
|
|
|
#user: .+@([^@]+)
|
|
|
|
#collection: {0}/[^/]+
|
|
|
|
#permissions: r
|
|
|
|
|
|
|
|
|
2016-04-07 00:00:41 +02:00
|
|
|
|
2016-04-12 14:56:23 +02:00
|
|
|
# User can read the root of all collection. And discovers your collection.
|
|
|
|
[user-read-root-collection]
|
2016-04-12 13:15:39 +02:00
|
|
|
user: .+
|
2016-04-12 14:56:23 +02:00
|
|
|
collection: ^/
|
2016-04-07 00:00:41 +02:00
|
|
|
permission: r
|
|
|
|
|
2016-04-12 14:56:23 +02:00
|
|
|
# Give read and write access to owners
|
|
|
|
[owner-read-write]
|
2016-04-12 13:15:39 +02:00
|
|
|
user: .+
|
2022-11-22 13:29:11 +01:00
|
|
|
collection: ^{user}|^{user}/.*
|
2016-04-07 00:00:41 +02:00
|
|
|
permission: rw
|