| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 |
- # Allow all rights for the Administrator
- [root]
- user: Administrator
- collection: .*
- permissions: RW
- # Allow reading principal collection (same as username)
- [principal]
- user: .+
- collection: {user}
- permissions: R
- # Allow reading and writing private collection (same as username)
- [private]
- user: .+
- collection: {user}/private/
- permissions: RW
- # Allow reading and writing calendars and address books that are direct
- # children of the principal collection for the member of some groups
- [calendarsWriter]
- groups: sysadmins,teachers,administration,administrators
- collection: {user}/[^/]+
- permissions: rw
- # Allow reading calendars and address books that are direct
- # children of the principal collection for other users
- [calendarsReader]
- user: .+
- collection: {user}/[^/]+
- permissions: r
- # Rights management file for Radicale - A simple calendar server
- #
- # The default path for this file is /etc/radicale/rights
- # The path can be specified in the rights section of the configuration file
- #
- # Section names are used for naming rules and must be unique.
- # The first rule matching both user and collection patterns will be used.
- # Example: owner_only plugin
- # Allow reading root collection for authenticated users
- #[root]
- #user: .+
- #collection:
- #permissions: R
- # Allow reading and writing principal collection (same as username)
- #[principal]
- #user: .+
- #collection: {user}
- #permissions: RW
- # Allow reading and writing calendars and address books that are direct
- # children of the principal collection
- #[calendars]
- #user: .+
- #collection: {user}/[^/]+
- #permissions: rw
- # Example: owner_write plugin
- # Only listed additional rules for the owner_only plugin example.
- # Allow reading principal collections of all users
- #[read-all-principals]
- #user: .+
- #collection: [^/]+
- #permissions: R
- # Allow reading all calendars and address books that are direct children of any
- # principal collection
- #[read-all-calendars]
- #user: .+
- #collection: [^/]+/[^/]+
- #permissions: r
- # Example: authenticated plugin
- # Allow reading and writing root and principal collections of all users
- #[root-and-principals]
- #user: .+
- #collection: [^/]*
- #permissions: RW
- # Allow reading and writing all calendars and address books that are direct
- # children of any principal collection
- #[calendars]
- #user: .+
- #collection: [^/]+/[^/]+
- #permissions: rw
- # Example: Allow user "admin" to read everything
- #[admin-read-all]
- #user: admin
- #collection: .*
- #permissions: Rr
- # Example: Allow everybody (including unauthenticated users) to read
- # the collection "public"
- # Allow reading collection "public" for authenticated users
- #[public-principal]
- #user: .+
- #collection: public
- #permissions: R
- # Allow reading all calendars and address books that are direct children of
- # the collection "public" for authenticated users
- #[public-calendars]
- #user: .+
- #collection: public/[^/]+
- #permissions: r
- # Allow access to public calendars and address books via HTTP GET for everyone
- #[public-calendars-restricted]
- #user: .*
- #collection: public/[^/]+
- #permissions: i
- # Example: Grant users of the form user@domain.tld read access to the
- # collection "domain.tld"
- # Allow reading the domain collection
- #[read-domain-principal]
- #user: .+@([^@]+)
- #collection: {0}
- #permissions: R
- # Allow reading all calendars and address books that are direct children of
- # the domain collection
- #[read-domain-calendars]
- #user: .+@([^@]+)
- #collection: {0}/[^/]+
- #permissions: r
|
