Page History

__<Rule_RuleId="1"_Effect="Deny">
____<Condition_FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
______<Apply_FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
________<!- - Compare object model with loginID (really needs to compare owner) - ->
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:fedora:names:fedora:2.1:resource:object:contentModel"/>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:fedora:names:fedora:2.1:subject:loginId"/>
</Apply>
</Apply>
<!-- OR allow administrative access - ->
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<SubjectAttributeDesignator AttributeId="fedoraRole" MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string" />
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">fedoraInternalCall-1</AttributeValue>
</Apply>
</Apply>
</Apply>
</Condition>
</Rule>