...
I want to allow a user with username "smith123" to have read, write access to resource http://localhost:8080/rest/webacl_box1.
Expand Create this file to use as the ACL:
Code Block language text title acl.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <#authz> a acl:Authorization ; acl:agent <http://example.org/agent/smith123> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/webacl_box1> .
Run the following commands:
Code Block language bash curl -XPUT http://localhost:8080/rest/webac1_box1 curl -XPUT http://localhost:8080/rest/webacl_box1/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl
I want to let the group "Editors" have read, write access on all the items in the collection "http://localhost:8080/rest/box/bag/collection"
Expand Create this file to use as the ACL:
Code Block language text title acl.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <> a acl:Authorization ; acl:agentagentGroup <http://localhost:8080/rest/groups/Editors> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/box/bag/collection> .
Create this file to define the Editors group:
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block language bash curl -XPUT http://localhost:8080/rest/box/bag/collection curl -XPUT http://localhost:8080/rest/groups/Editors -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/box/bag/collection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl
I would like the collection http://localhost:8080/rest/dark/archive to be viewable only by the group "Restricted", but I would like to allow anyone to view the resource http://localhost:8080/rest/dark/archive/sunshine.
Expand Create these file to use as the ACLs and the group listing:
Code Block language text title acl_restricted.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <> a acl:Authorization ; acl:agentagentGroup <http://localhost:8080/rest/groups/Restricted> ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/dark/archive> .
Code Block language text title acl_open.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <> a acl:Authorization ; acl:agentagentClass foaf:Agent ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/dark/archive/sunshine> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/dark/archive curl -XPUT http://localhost:8080/rest/dark/archive/sunshine curl -XPUT http://localhost:8080/rest/groups/Restricted -H 'Content-Type: text/turtle' --data-binary @group.ttl curl -XPUT http://localhost:8080/rest/dark/archive/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_restricted.ttl curl -XPUT http://localhost:8080/rest/dark/archive/sunshine/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl_open.ttl
The collection http://localhost:8080/rest/public_collection should be readable by anyone but only editable by users in the group Editors.
Expand Using the three "files" below to create our Authorization and ACL resources.
Code Block @prefix webac: <http://fedora.info/definitions/v4/webac#> . <> a webac:Acl .title Acl.ttl Create these file to use as the ACL and the group listing:
I would execute the followingCode Block title Auth1.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <> <#authz_read> a acl:Authorization ; acl:agentagentClass foaf:Agent ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/public_collection> .
Code Block title Auth2.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <> <#authz_read_write> a acl:Authorization ; acl:agentagentGroup <http://example.org/grouplocalhost:8080/rest/groups/Editors> ; acl:mode acl:Read, acl:Write ; acl:accessTo <http://localhost:8080/rest/public_collection> .
:Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT
Code Block > curl -X POST -H "Content-type: text/turtle" --data-binary "@Acl.ttl" "http://localhost:8080/rest" http://localhost:8080/rest/acl > curl -X PUT -H "Content-type: text/turtle" --data-binary "@Auth1.ttl" "http://localhost:8080/rest/aclpublic/auth1" collection curl -XPUT http://localhost:8080/rest/acl/auth1 > curl -X PUTgroups/Editors -H "'Content-typeType: text/turtle"' --data-binary "@Auth2@group.ttl" curl -XPUT "http://localhost:8080/rest/acl/auth2" http://localhost:8080/rest/acl/auth2 > echo "PREFIX acl: <http://www.w3.org/ns/auth/acl#> INSERT DATA { <> acl:accessControl <http://localhost:8080/rest/acl> . }" | curl -X PATCHpublic/collection/fcr:acl -H "'Content-typeType: application/sparql-update"text/turtle' --uploaddata-file - "http://localhost:8080/rest/public_collection"binary @acl_restricted.ttl
Only the ex:publicImage type objects in the container http://localhost:8080/rest/mixedCollection are viewable by anyone, all others are only viewable by the group Admins.
Expand Create these file to use as the ACL and the group listing:
Code Block language text title acl Using the three "files" below to create our Authorization and ACL resources.
Code Block title Acl.ttl @prefix webacex: <http://fedoraexample.info/definitions/v4/webac#>org/terms#> . <> a webac:Acl .
Code Block title Auth_restricted.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . <>@prefix foaf: <http://xmlns.com/foaf/0.1/> . <#authz_restricted> a acl:Authorization ; acl:agentagentGroup <http://example.org/localhost:8080/rest/group/Admins> ; acl:mode acl:Read ; acl:accessTo <http://localhost:8080/rest/mixedCollection> .
Code Block title Auth_open.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . <> <#authz_open> a acl:Authorization ; acl:agentagentClass foaf:Agent ; acl:mode acl:Read ; acl:accessToClass ex:publicImage .
I would execute the following commands:
Code Block > curl -X POST -H "Content-type: text/turtle" --data-binary "@Acl.ttl" "http; acl:default <http://localhost:8080/rest" http://localhost:8080/rest/acl > curl -X PUT -H "Content-type: text/turtle" --data-binary "@Auth_restricted.ttl" "/mixedCollection> .
Code Block language text title group.ttl @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group ; vcard:hasMember <http://example.org/agent/jones456>
Run the following commands:
Code Block curl -XPUT http://localhost:8080/rest/acl/auth1" mixedCollection curl -XPUT http://localhost:8080/rest/acl/auth1 > curl -X PUT -H "Content-typegroups/Admins -H 'Content-Type: text/turtle"' --data-binary "@Auth_open@group.ttl" curl -XPUT "http://localhost:8080/rest/acl/auth2" http://localhost:8080/rest/acl/auth2 > echo "PREFIX acl: <http://www.w3.org/ns/auth/acl#> INSERT DATA { <> acl:accessControl <http://localhost:8080/rest/acl> . }" | curl -X PATCHmixedCollection/fcr:acl -H "'Content-typeType: application/sparql-update"text/turtle' --uploaddata-file - "http://localhost:8080/rest/mixedCollection"binary @acl.ttl