| |
@@ -557,23 +557,23 @@
|
| |
_default_policies = {
|
| |
'build_from_srpm': '''
|
| |
has_perm admin :: allow
|
| |
- all :: deny
|
| |
+ all :: deny Only admin can do this via default policy
|
| |
''',
|
| |
'build_from_repo_id': '''
|
| |
has_perm admin :: allow
|
| |
- all :: deny
|
| |
+ all :: deny Only admin can do this via default policy
|
| |
''',
|
| |
'build_from_scm': '''
|
| |
has_perm admin :: allow
|
| |
# match scm_type CVS CVS+SSH && match scm_host scm.example.com && match scm_repository /cvs/example :: allow
|
| |
# match scm_type GIT GIT+SSH && match scm_host git.example.org && match scm_repository /example :: allow
|
| |
# match scm_type SVN SVN+SSH && match scm_host svn.example.org && match scm_repository /users/* :: allow
|
| |
- all :: deny
|
| |
+ all :: deny Only admin can do this via default policy
|
| |
''', # noqa: E501
|
| |
'package_list': '''
|
| |
has_perm admin :: allow
|
| |
has_perm tag :: allow
|
| |
- all :: deny
|
| |
+ all :: deny Only admin/tag can do this via default policy
|
| |
''',
|
| |
'channel': '''
|
| |
has req_channel :: req
|
| |
@@ -582,7 +582,7 @@
|
| |
''',
|
| |
'vm': '''
|
| |
has_perm admin win-admin :: allow
|
| |
- all :: deny
|
| |
+ all :: deny Only admin/win-admin can do this via default policy
|
| |
''',
|
| |
'cg_import': '''
|
| |
all :: allow
|
| |
Related: https://pagure.io/koji/issue/3397