...
Create these four files:
Code Block language text title acl.ttl @prefix webac: <http://fedora.info/definitions/v4/webac#>. @prefix ldp: <http://www.w3.org/ns/ldp#>. <> a webac:Acl .
Code Block language text title group.ttl @prefix ldp: <http://www.w3.org/ns/ldp#>. @prefix foaf: <http://xmlns.com/foaf/0.1/> . <> a foaf:Group; foaf:member "testuser".
Code Block language text title foo.ttl @prefix ldp: <http://www.w3.org/ns/ldp#>. @prefix acl: <http://www.w3.org/ns/auth/acl#>. @prefix dc: <http://purl.org/dc/elements/1.1/>. <> a acl:accessControl </fcrepo/rest/acl>; dc:title "Hello, World!".
Code Block language text title authz.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#>. <> a acl:Authorization; acl:accessTo </fcrepo/rest/foo>; acl:agentClass </fcrepo/rest/group>; acl:mode acl:Read.
Upload these resources into Fedora:
Code Block language text $ curl -X PUT http://localhost:8080/fcrepo/rest/acl -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @acl.ttl $ curl -X PUT http://localhost:8080/fcrepo/rest/foo -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @foo.ttl $ curl -X PUT http://localhost:8080/fcrepo/rest/group -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @group.ttl $ curl -X PUT http://localhost:8080/fcrepo/rest/acl/authz -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @authz.ttl
(Note: The order you upload these in is important, since
foo
referencesacl
, andauthz
referencesfoo
andgroup
)Test that
testuser
can read thefoo
resource, whileadminuser
cannot:Code Block language text $ curl -i http://localhost:8080/fcrepo/rest/foo -u testuser:password1 $ curl -i http://localhost:8080/fcrepo/rest/foo -u adminuser:password2
The first request should respond with 200 OK, while the second should be 403 Forbidden.
To allow
adminuser
to also read thefoo
resource, we can addadminuser
to the members of the group.
Create group.sparql with the following contents:
Code Block language text title group.sparql PREFIX foaf: <http://xmlns.com/foaf/0.1/> INSERT { <> foaf:member "adminuser" . } WHERE {}
Run this command to update the group and add
adminuser
to it:Code Block language text $ curl -i -X PATCH http://localhost:8080/fcrepo/rest/group \ -u fedoraAdmin:secret3 \ -H "Content-Type: application/sparql-update" \ --data-binary @group.sparql
You should receive a 204 No Content response on success.
Now you should be able to repeat the command from step 3 and successfully retrieve the
foo
resource asadminuser
:Code Block language text $ curl -i http://localhost:8080/fcrepo/rest/foo -u adminuser:password2
This time, you should get a 200 OK response.
...