; At first, create habitants of the house and define their passwords
+user mother +passw totoro
+user father +passw vzor58
+user jenny +passw rabbit
+user bill +passw cthultu
; Now we need split users into four roles, so we create them
; And assign roles to users. Each user has two.
user mother +role parent +role girl
user father +role parent +role boy
user jenny +role child +role girl
user bill +role child +role boy
; (note that last added role has highest priority)
; There are four rooms in the house. Let's define right for each one.
; It can be useful define right for whole home and for all rooms in home:
; (These rights will match any string which begins with "home/" or "home/rooms/"
; In other words: if you give right home/rooms/* to someone, test on rights
; home/rooms/kitchen, home/rooms/garage, home/rooms/garage/car etc. will be true)
; There is a car in the garage
; Only boys has access to garage and only girls to the kitchen.
role boy +right home/rooms/garage
role girl +right home/rooms/kitchen
; Only parents can use parent's bedroom
role parent + right home/rooms/bedroom
; Both, parents and children can use livingroom
role parent +right home/rooms/livingroom
role child +right home/rooms/livingroom
; Allow use anything in garage to boys
role boy +right home/rooms/garage/*
; But bill cannot use car.
user bill +right home/rooms/garage/car "0"
; (Now there are two new things: We assign right to the user, not to the role
; and we set value of the right to "0" which means "deny". Individual right
; take precedence before right coming from role)
Elapsed time: 12.93 ms