...
Create these three files:
Code Block language text title groupfoo.ttl @prefix vcarddc: <http://wwwpurl.w3.org/2006/vcard/ns#> dc/elements/1.1/>. <> a vcard:Group; vcard:hasMember "testuser"dc:title "Hello, World!".
Code Block language text title foogroup.ttl @prefix dcvcard: <http://purlwww.w3.org/dc2006/elements/1.1/>vcard/ns#> . <> dc:title "Hello, World! a vcard:Group; vcard:hasMember "testuser".
Code Block language text title acl.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#>. <#groupRead> a acl:Authorization; acl:accessTo </fcrepo/rest/foo>; acl:agentGroup </fcrepo/rest/group>; acl:mode acl:Read.
Upload these resources into Fedora:
Code Block language bash curl -X PUT http://localhost:8080/fcrepo/rest/groupfoo -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @group@foo.ttl curl -X PUT http://localhost:8080/fcrepo/rest/foogroup -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @foo@group.ttl curl -X PUT http://localhost:8080/fcrepo/rest/foo/fcr:acl -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @acl.ttl
Test that
testuser
can read thefoo
resource, whileadminuser
cannot:Code Block language bash curl -i http://localhost:8080/fcrepo/rest/foo -u testuser:password1 curl -i http://localhost:8080/fcrepo/rest/foo -u adminuser:password2
The first request should respond with 200 OK, while the second should be 403 Forbidden.
To allow
adminuser
to also read thefoo
resource, we can addadminuser
to the members of the group.
...