SECRET_KEY = "change me before you go in production"

[CANAILLE]
LOGO = "/static/img/canaille-head.webp"
FAVICON = "/static/img/canaille-c.webp"
EMAIL_CONFIRMATION = false
ENABLE_REGISTRATION = true

[CANAILLE.ACL.DEFAULT]
PERMISSIONS = ["edit_self", "use_oidc"]
READ = [
    "user_name",
    "groups",
    "lock_date",
]
WRITE = [
    "photo",
    "given_name",
    "family_name",
    "display_name",
    "password",
    "phone_numbers",
    "emails",
    "profile_url",
    "formatted_address",
    "street",
    "postal_code",
    "locality",
    "region",
    "preferred_language",
    "employee_number",
    "department",
    "title",
    "organization",
]

[CANAILLE.ACL.ADMIN]
FILTER = {groups = "admins"}
PERMISSIONS = [
    "manage_users",
    "manage_groups",
    "manage_oidc",
    "delete_account",
    "impersonate_users",
]
WRITE = [
    "groups",
    "lock_date",
]

[CANAILLE.ACL.HALF_ADMIN]
FILTER = {groups = "moderators"}
PERMISSIONS = ["manage_users", "manage_groups", "delete_account"]
WRITE = ["groups"]

[CANAILLE_OIDC]
DYNAMIC_CLIENT_REGISTRATION_OPEN = true
DYNAMIC_CLIENT_REGISTRATION_TOKENS = [
    "xxxxxxx-yyyyyyy-zzzzzz",
]