# -*- mode: conf -*- # vim:ft=cfg # Rights management file for Radicale - A simple calendar server # # The default path for this file is /etc/radicale/rights # The path can be specified in the rights section of the configuration file # # Section names are used for naming rules and must be unique. # The first rule matching both user and collection patterns will be used. # Example: owner_only plugin # Allow reading root collection for authenticated users #[root] #user: .+ #collection: #permissions: R # Allow reading and writing principal collection (same as username) #[principal] #user: .+ #collection: {user} #permissions: RW # Allow reading and writing calendars and address books that are direct # children of the principal collection #[calendars] #user: .+ #collection: {user}/[^/]+ #permissions: rw # Example: owner_write plugin # Only listed additional rules for the owner_only plugin example. # Allow reading principal collections of all users #[read-all-principals] #user: .+ #collection: [^/]+ #permissions: R # Allow reading all calendars and address books that are direct children of any # principal collection #[read-all-calendars] #user: .+ #collection: [^/]+/[^/]+ #permissions: r # Example: authenticated plugin # Allow reading and writing root and principal collections of all users #[root-and-principals] #user: .+ #collection: [^/]* #permissions: RW # Allow reading and writing all calendars and address books that are direct # children of any principal collection #[calendars] #user: .+ #collection: [^/]+/[^/]+ #permissions: rw # Example: Allow user "admin" to read everything #[admin-read-all] #user: admin #collection: .* #permissions: Rr # Example: Allow everybody (including unauthenticated users) to read # the collection "public" # Allow reading collection "public" for authenticated users #[public-principal] #user: .+ #collection: public #permissions: R # Allow reading all calendars and address books that are direct children of # the collection "public" for authenticated users #[public-calendars] #user: .+ #collection: public/[^/]+ #permissions: r # Allow access to public calendars and address books via HTTP GET for everyone #[public-calendars-restricted] #user: .* #collection: public/[^/]+ #permissions: i # Example: Grant users of the form user@domain.tld read access to the # collection "domain.tld" # Allow reading the domain collection #[read-domain-principal] #user: .+@([^@]+) #collection: {0} #permissions: R # Allow reading all calendars and address books that are direct children of # the domain collection #[read-domain-calendars] #user: .+@([^@]+) #collection: {0}/[^/]+ #permissions: r # User can read the root of all collection. And discovers your collection. [user-read-root-collection] user: .+ collection: ^/ permission: r # Give read and write access to owners [owner-read-write] user: .+ collection: ^{user}|^{user}/.* permission: rw