These scenarios assume that Fedora has been configured to use fcrepo.auth.webac.userAgent.baseUri=http://example.org/agent/
I want to allow a user with username "smith123" to have read, write access to resource http://localhost:8080/rest/webacl_box1.
Expand Create this file to use as the ACL:
Code Block language text title acl.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <#authz> a acl:Authorization ; acl:agent <http://example.org/agent/smith123> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/webacl_box1> .
Run the following commands:
Code Block language bash curl -XPUT http://localhost:8080/rest/webac1_box1 curl -XPUT http://localhost:8080/rest/webacl_box1/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl
I want to let the group "Editors" have read, write access on all the items in the collection "http://localhost:8080/rest/box/bag/collection"
Expand Create this file to use as the ACL:
Code Block language text title acl.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/groups/Editors> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/box/bag/collection> .
Create this file to define the Editors group:
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block language bash curl -XPUT http://localhost:8080/rest/box/bag/collection curl -XPUT http://localhost:8080/rest/groups/Editors -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/box/bag/collection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl
I would like the collection http://localhost:8080/rest/dark/archive to be viewable only by the group "Restricted", but I would like to allow anyone to view the resource http://localhost:8080/rest/dark/archive/sunshine.
Expand Create these file to use as the ACLs and the group listing:
Code Block language text title acl_restricted.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/groups/Restricted> ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/dark/archive> .
Code Block language text title acl_open.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <> a acl:Authorization ; acl:agentClass foaf:Agent ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/dark/archive/sunshine> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/dark/archive curl -XPUT http://localhost:8080/rest/dark/archive/sunshine curl -XPUT http://localhost:8080/rest/groups/Restricted -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/dark/archive/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_restricted.ttl curl -XPUT http://localhost:8080/rest/dark/archive/sunshine/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_open.ttl
The collection http://localhost:8080/rest/public_collection should be readable by anyone but only editable by users in the group Editors.
Expand Create these file to use as the ACL and the group listing:
Code Block title Auth1.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <#authz_read> a acl:Authorization ; acl:agentClass foaf:Agent ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/public_collection> . <#authz_read_write> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/groups/Editors> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/public_collection> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/public/collection curl -XPUT http://localhost:8080/rest/groups/Editors -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/public/collection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_restricted.ttl
Only the ex:publicImage type objects in the container http://localhost:8080/rest/mixedCollection are viewable by anyone, all others are only viewable by the group Admins.
Expand Create these file to use as the ACL and the group listing:
Code Block language text title acl.ttl @prefix ex: <http://example.org/terms#> . @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <#authz_restricted> a acl:Authorization ; acl:agentGroup <http://localhost:8080/rest/group/Admins> ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/mixedCollection> . <#authz_open> a acl:Authorization ; acl:agentClass foaf:Agent ; acl:mode acl:Read ; acl:accessToClass ex:publicImage ; acl:default <http://localhost:8080/rest/mixedCollection> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/mixedCollection curl -XPUT http://localhost:8080/rest/groups/Admins -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/mixedCollection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl