...
Use the following recipes to create WebAC-protected resources
Default ACL
...
Code Block |
---|
# root container should be read-only by default
curl -i -u testuser:testpass -X PUT http://localhost:8080/rest/test-default
# expect 403
# create a resource with admin
curl -i -u fedoraAdmin:fedoraAdmin -X PUT http://localhost:8080/rest/test-default
# expect 201
# resources inheriting the default acl should be read-only
curl -i -u testuser:testpass -X GET http://localhost:8080/rest/test-default
# expect 200
curl -i -u testuser:testpass -X PUT http://localhost:8080/rest/test-default/child
# expect 403 |
Platform | Tested by | Success? RC-2 | Notes |
---|---|---|---|
Mac | Danny Bernstein | ||
Simple read-only
Code Block |
---|
# create a resources with admin curl -i -u testuser:testpass fedoraAdmin:fedoraAdmin -X PUT http://localhost:8080/rest/test-read-only curl -i -u fedoraAdmin:fedoraAdmin -X PUT http://localhost:8080/rest/test-read-only/child # expect 403 put read-only acl on parent echo " @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <#restricted> a acl:Authorization ; acl:agent 'testuser' ; acl:mode acl:Read; acl:default <http://localhost:8080/rest/test-read-only> ; acl:accessTo <http://localhost:8080/rest/test-read-only> . " | curl -i -u fedoraAdmin:fedoraAdmin -d @- -X PUT -H "Content-Type: text/turtle" http://localhost:8080/rest/test-read-only/fcr:acl # expect 201 resources inheriting the default acl should be read-only curl -i -u testuser:testpass -X GET http://localhost:8080/rest/test-read-only # expect 200 curl -i -u testuser:testpass -X PUT http://localhost:8080/rest/test-read-only/new-child # expect 403 |
...
- Create resource to protect
- Create ACL on protected resource (read-only)
- Create child of protected resource
- Verify expected access privileges on target and child
...