Warning | ||
---|---|---|
| ||
The examples on this page are incompatible with Fedora 5, as they do not follow the SOLID WebAC specification. This page is being updated to bring it into alignment with the current specification |
These scenarios assume that Fedora has been configured to use fcrepo.auth.webac.userAgent.baseUri=http://example.org/agent/ and fcrepo.auth.webac.groupAgent.baseUri=http://example.org/group/
I want to allow a user with username "smith123" to have read, write access to resource http://localhost:8080/rest/webacl_box1.
Expand Create this file to use as the ACL:
Code Block language text title acl.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <#authz> a acl:Authorization ; acl:agent <http://example.org/agent/smith123> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/webacl_box1> .
Run the following commands:
Code Block language bash curl -XPUT http://localhost:8080/rest/webac1_box1 curl -XPUT http://localhost:8080/rest/webacl_box1/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl
I want to let the group "Editors" have read, write access on all the items in the collection "http://localhost:8080/rest/box/bag/collection"
Expand Create this file to use as the ACL:
Code Block language text title acl.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/groups/Editors> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/box/bag/collection> .
Create this file to define the Editors group:
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block language bash curl -XPUT http://localhost:8080/rest/box/bag/collection curl -XPUT http://localhost:8080/rest/groups/Editors -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/box/bag/collection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl
I would like the collection http://localhost:8080/rest/dark/archive to be viewable only by the group "Restricted", but I would like to allow anyone to view the resource http://localhost:8080/rest/dark/archive/sunshine.
Expand Create these file to use as the ACLs and the group listing:
Code Block language text title acl_restricted.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/groups/Restricted> ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/dark/archive> .
Code Block language text title acl_open.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <> a acl:Authorization ; acl:agentClass foaf:Agent ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/dark/archive/sunshine> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/dark/archive curl -XPUT http://localhost:8080/rest/dark/archive/sunshine curl -XPUT http://localhost:8080/rest/groups/Restricted -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/dark/archive/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_restricted.ttl curl -XPUT http://localhost:8080/rest/dark/archive/sunshine/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_open.ttl
The collection http://localhost:8080/rest/public_collection should be readable by anyone but only editable by users in the group Editors.
Expand Create these file to use as the ACL and the group listing:
Code Block title Auth1.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <#authz_read> a acl:Authorization ; acl:agentClass foaf:Agent ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/public_collection> . <#authz_read_write> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/groups/Editors> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/public_collection> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/public/collection curl -XPUT http://localhost:8080/rest/groups/Editors -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/public/collection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_restricted.ttl
Only the ex:publicImage type objects in the container http://localhost:8080/rest/mixedCollection are viewable by anyone, all others are only viewable by the group Admins.
Expand Create these file to use as the ACL and the group listing:
Code Block language text title acl.ttl @prefix ex: <http://example.org/terms#> . @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <#authz_restricted> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/group/Admins> ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/mixedCollection> . <#authz_open> a acl:Authorization ; acl:agentClass foaf:Agent ; acl:mode acl:Read ; acl:accessToClass ex:publicImage ; acl:default <http://localhost:8080/rest/mixedCollection> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/mixedCollection curl -XPUT http://localhost:8080/rest/groups/Admins -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/mixedCollection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl
...