From 03415210a74739563a54c1b3a9ae786027a0d8be Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Sat, 19 Jan 2013 02:21:23 +0100
Subject: =?UTF-8?q?CanCreate=20=E2=86=92=20CanAdd?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ldap/acl.ldif | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

(limited to 'ldap/acl.ldif')

diff --git a/ldap/acl.ldif b/ldap/acl.ldif
index c84d328..0528545 100644
--- a/ldap/acl.ldif
+++ b/ldap/acl.ldif
@@ -89,7 +89,7 @@ olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
 # Users can search (e.g., to list the entries they have created).
 # Additional permissions may be added later on.
 olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
-        attrs=entry,creatorsName,fripostOwner,fripostPostmaster,fripostCanCreateAlias,fripostCanCreateList
+        attrs=entry,creatorsName,fripostOwner,fripostPostmaster,fripostCanAddAlias,fripostCanAddList
     by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" =s break
     by dn.onelevel="ou=services,o=mailHosting,dc=fripost,dc=dev" none break
 #
@@ -108,19 +108,19 @@ olcAccess: to dn.regex="^(fvu|fva|fvl)=(postmaster|abuse),fvd=[^,]+,ou=virtual,o
 # 2,3. People that can create aliases can list the members of the group.
 olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
         filter=(objectClass=FripostVirtualDomain)
-        attrs=fripostCanCreateAlias
+        attrs=fripostCanAddAlias
     by dnattr=fripostPostmaster write
     by dnattr=fripostOwner read
-    by set.exact="this/fripostCanCreateAlias & (user | user/-1)" read
+    by set.exact="this/fripostCanAddAlias & (user | user/-1)" read
 #
 # 1. The postmaster of a domain can give (or take back) people the right to create lists.
 # 2,3. People that can create lists can list the members of the group.
 olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
         filter=(objectClass=FripostVirtualDomain)
-        attrs=fripostCanCreateList
+        attrs=fripostCanAddList
     by dnattr=fripostPostmaster write
     by dnattr=fripostOwner read
-    by set.exact="this/fripostCanCreateList & (user | user/-1)" read
+    by set.exact="this/fripostCanAddList & (user | user/-1)" read
 #
 # 1-3. Noone (but the managers) can appoint domain Owners or Postmasters.
 # But people that can create aliases and lists can list the members of their group.
@@ -129,7 +129,7 @@ olcAccess: to dn.regex="^(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$
         attrs=fripostOwner,fripostPostmaster
     by dnattr=fripostOwner read
     by dnattr=fripostPostmaster read
-    by set.exact="(this/fripostCanCreateAlias | this/fripostCanCreateList)& (user | user/-1)" read
+    by set.exact="(this/fripostCanAddAlias | this/fripostCanAddList) & (user | user/-1)" read
     by dn.onelevel,expand="$1" +d
     by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" +0
 #
@@ -144,14 +144,14 @@ olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
 # 1. Domain owners can edit their entry's attributes.
 # 2. So can domain postmasters.
 # 3. Domain users can read the public domain attributes.
-# 4. So can users with "canCreateAlias" or "canCreateList" access.
+# 4. So can users with "canAddAlias" or "canAddList" access.
 olcAccess: to dn.regex="^(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
         filter=(objectClass=FripostVirtualDomain)
         attrs=fvd,fripostIsStatusActive,description
     by dnattr=fripostOwner write
     by dnattr=fripostPostmaster write
     by dn.onelevel,expand="$1" read
-    by set.exact="(this/fripostCanCreateAlias | this/fripostCanCreateList) & (user | user/-1)" read
+    by set.exact="(this/fripostCanAddAlias | this/fripostCanAddList) & (user | user/-1)" read
 #
 # 1. Domain owners can edit their entry's attributes.
 # 2. So can domain postmasters.
@@ -165,14 +165,14 @@ olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
 # 1. Domain owners can delete the domain (and read the entry).
 # 2. So can domain postmasters.
 # 3. Domain users can read the domain entry (but not delete it).
-# 4. So can users with "canCreateAlias" or "canCreateList" rights.
+# 4. So can users with "canAddAlias" or "canAddList" rights.
 olcAccess: to dn.regex="^(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
         filter=(objectClass=FripostVirtualDomain)
         attrs=entry
     by dnattr=fripostOwner +zrd
     by dnattr=fripostPostmaster +zrd
     by dn.onelevel,expand="$1" +rd
-    by set.exact="(this/fripostCanCreateAlias | this/fripostCanCreateList) & (user | user/-1)" +rd
+    by set.exact="(this/fripostCanAddAlias | this/fripostCanAddList) & (user | user/-1)" +rd
     by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" +0
 #
 # Noone (but the managers) can change quotas.
@@ -223,7 +223,7 @@ olcAccess: to dn.regex="^fva=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
 # 1. The alias owners can read and delete the entry.
 # 2. So can the domain owner.
 # 3. So can the domain postmaster.
-# 4. Users with "canCreateAlias" access (either explicitely, or as a wildcard) for the domain can create aliases for that domain.
+# 4. Users with "canAddAlias" access (either explicitely, or as a wildcard) for the domain can create aliases for that domain.
 # (But *not* delete them, unless also owner.)
 olcAccess: to dn.regex="^fva=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
         filter=(objectClass=FripostVirtualAlias)
@@ -231,7 +231,7 @@ olcAccess: to dn.regex="^fva=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
     by dnattr=fripostOwner +zrd continue
     by group/fripostVirtualDomain/fripostOwner.expand="$1" +wrd
     by group/fripostVirtualDomain/fripostPostmaster.expand="$1" +wrd
-    by set.exact="this/-1/fripostCanCreateAlias & (user | user/-1)" +a
+    by set.exact="this/-1/fripostCanAddAlias & (user | user/-1)" +a
     by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" +0
 #
 # 1. The list owner can list the ownership of the entry.
@@ -277,7 +277,7 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
 # 1. The list owners can read the entry.
 # 2. So can the domain's Owner.
 # 3. So can the domain's Postmaster.
-# 4. Users with "canCreateList" capability (either explicitely, or as a wildcard) for the domain can create lists for that domain.
+# 4. Users with "canAddList" capability (either explicitely, or as a wildcard) for the domain can create lists for that domain.
 # (But *not* delete them, unless also owner.)
 # 6. The list creator can read the entry.
 olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
@@ -286,7 +286,7 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
     by dnattr=fripostOwner +rd continue
     by group/fripostVirtualDomain/fripostOwner.expand="$1" +rad
     by group/fripostVirtualDomain/fripostPostmaster.expand="$1" +rad
-    by set.exact="this/-1/fripostCanCreateList & (user | user/-1)" +a
+    by set.exact="this/-1/fripostCanAddList & (user | user/-1)" +a
     by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" +0
     by dn.exact="cn=ListCreator,ou=services,o=mailHosting,dc=fripost,dc=dev" =rsd
 #
-- 
cgit v1.2.3