...
If you use acl:accessTo to protect a container, and add an acl:default predicate, that authorization rule by default will also apply to any of that container's children, unless that child has its own acl:accessControl property, as described belowACL.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<> acl:accessTo </collections/rebels> ; acl:default </collections/rebels> . |
The second is to use the acl:accessToClass property to state that the authorization rule applies to any resource with the named RDF type:
...
| language | text |
|---|
...
. For example, this authorization will apply to any pcdm:Container
...
Note that adding acl:accessTo or acl:accessToClass to an authorization is only one half of what is required to protect a resource with a WebAC ACL. The other half is to specify on the resource itself that it is protected by the ACL that contains that authorizationresources contained by /collections/rebels that do not have their own ACL:
| Code Block | ||
|---|---|---|
| ||
# </acls/rebels> <> a webac:Acl; ldp:contains <commanders>. # </acls/rebels/commanders> <> a acl:Authorization; acl:agentGroup </groups/rebel-commanders>; acl:accessToaccessToClass pcdm:Container ; acl:default </collections/rebels/plans>; # modes will be discussed in the next section acl:mode acl:Read, acl:Write. # partial contents of </collections/rebels/plans>: <> acl:accessControl </acls/rebels> rebels> |
| Note |
|---|
While Fedora will not prevent you from using If your intent is to just protect the single resource, that intent is more clearly stated through using |
"How?" - Modes of Interaction
...