// Polkit rules for BAMS privileged operations
// Place in /etc/polkit-1/rules.d/50-bams.rules

polkit.addRule(function(action, subject) {
    if (action.id == "com.bams.disk.create" ||
        action.id == "com.bams.disk.delete" ||
        action.id == "com.bams.iscsi.modify" ||
        action.id == "com.bams.bacula.restart") {
        if (subject.isInGroup("bams-admin")) {
            return polkit.Result.YES;
        }
    }
    if (action.id == "com.bams.tape.operate" ||
        action.id == "com.bams.bacula.inventory") {
        if (subject.isInGroup("bams-admin") || subject.isInGroup("bams-operator")) {
            return polkit.Result.YES;
        }
    }
});