parsav  Diff

Differences From Artifact [ea4e893c12]:

• File doc/acl.md — part of check-in [bbfea467bf] at 2020-12-27 02:31:30 on branch trunk — permissions work now (user: lexi, size: 3811) [annotate] [blame] [check-ins using]

To Artifact [53956f184b]:

• File doc/acl.md — part of check-in [8f954221a1] at 2020-12-27 04:08:20 on branch trunk — look ma, im tweetin (user: lexi, size: 3811) [annotate] [blame] [check-ins using]

     7      7   * **mutuals**: matches users you follow who also follow you
     8      8   * **followed**: matches users you follow
     9      9   * **followers**: matches users who follow you
    10     10   * **groupies**: matches users who follow you, but whom you do not follow
    11     11   * **mentioned**: matches users who are mentioned in the post
    12     12   * **staff**: matches instance staff (equivalent to `~%0`)
    13     13   * **admin**: matches the individual named as the instance administrator, if any
    14         -* **@**`handle`: matches the user `handle`
    15         -* **+**`circle`: matches users you have categorized under `circle`
    16         -* **#**`room`: matches users who are members of `room`
    17         -* **%**`rank`: matches users of `rank` or higher (e.g. `%3` matches users of rank 3, 2, and 1). as a special case, `%0` matches ordinary users
    18         -* **#**`room`**%**`rank`: matches users who hold `rank` in `room`
    19         -* **<**`title`**>**: matches peers of the net who have been created `title` by the sovereign
    20         -* **#**`room`**<**`title`**>**: matches peers of the chat who have been created `title` by `room` staff
           14  +* **@**_handle_: matches the user *handle*
           15  +* **+**_circle_: matches users you have categorized under *circle*
           16  +* **#**_room_: matches users who are members of *room*
           17  +* **%**_rank_: matches users of *rank* or higher (e.g. `%3` matches users of rank 3, 2, and 1). as a special case, `%0` matches ordinary users
           18  +* **#**_room_**%**_rank_: matches users who hold *rank* in *room*
           19  +* **<**_title_**>**: matches peers of the net who have been created *title* by the sovereign
           20  +* **#**_room_**<**_title_**>**: matches peers of the chat who have been created *title* by *room* staff
    21     21   
    22     22   to evaluate an ACL expression, `parsav` reads each term from start to finish. for each term, it considers whether it describes the user who is attempting to access the content. if the term matches, its policy is applied and the expression completes. if the term doesn't match, the server proceeds on to the next term and the process repeats until it finds a matching term or runs out of terms, applying the fallback policy.
    23     23   
    24     24   **policy** is whether a term grants or denies access. the default term policy is **allow**, but you can control the policy with the keywords `allow` and `deny`. if a term finishes evaluating without any match being found, a fallback policy is applied; this fallback is the opposite of whatever the current policy is. this sounds confusing but makes ACL expressions much more intuitive; `allow @bob` and `deny trent` do exactly what you'd expect — the former allows bob and only bob in; the latter denies access only to trent, but grants access to the rest of the world.
    25     25   
    26     26   expressions must contain at least one term to be valid. if they consist only of policy keywords, they will be rejected.
    27     27