aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/design6
-rw-r--r--docs/notes12
2 files changed, 9 insertions, 9 deletions
diff --git a/docs/design b/docs/design
index 4bb5587..8f4b20d 100644
--- a/docs/design
+++ b/docs/design
@@ -148,9 +148,9 @@ Server Design
* Optional ACLs for get, store, show, destroy, and flag operations.
If there is an ACL for get, store, or show, that overrides the
- normal permissions of the owner. In the absence of an ACL for
- destroy or flag, only wallet administrators can destroy an object or
- set flags on that object. This entry would need no special ACLs.
+ normal permissions of the owner. In the absence of an ACL for flag,
+ only wallet administrators can set flags on that object. This entry
+ would need no special ACLs.
* Trace fields storing the user, remote host, and timestamp for when
this object was last created, stored, and downloaded.
diff --git a/docs/notes b/docs/notes
index 84a82d1..5a7d3bc 100644
--- a/docs/notes
+++ b/docs/notes
@@ -46,7 +46,7 @@ Server Issues
ACL Management
- Supported operations are: get, store, create (possibly triggered by a
+ Supported operations are: get, store, create (possibly triggered by a
get or store of something that didn't already exist), destroy, show,
and setting or clearing flags. Each of these need a separate ACL
potentially. Not sure if we're going to need separate ACLs for each
@@ -62,10 +62,9 @@ Server Issues
that returns a default ACL given the object type and name if the
object doesn't already exist.
- Owner rights provides get, store, and show, but not destroy or setting
- or clearing flags (not destroy because it's too destructive and we
- don't want it done accidentally). This can be overridden by more
- precise ACL settings. So the ACL logic would go like this:
+ Owner rights provides get, store, show, and destroy, but not setting
+ or clearing flags. This can be overridden by more precise ACL
+ settings. So the ACL logic would go like this:
* If the user is an administrator and the operation isn't get or
store, operation is permitted.
@@ -74,7 +73,8 @@ Server Issues
that specific ACL, apply that ACL.
* If the object exists but with no specific ACL setting and the
- operation is one of get, store, or show, apply the owner ACL.
+ operation is one of get, store, show, or destroy, apply the owner
+ ACL.
* If the object doesn't exist and the action is get, store, or
create, punt to a local policy if it exists and see if it returns a
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 00:04:58 +0000