Versions Compared

Old Version 1

changes.mady.by.user Andrew Woods

Saved on

compared with

New Version 2

changes.mady.by.user Peter Eichman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
@prefix acl:   <http://www.w3.org/ns/auth/acl#> .
@prefix ex:    <http://example.org/ns#> .
@prefix foaf:  <http://xmlns.com/foaf/0.1/> .
@prefix ldp:   <http://www.w3.org/ns/ldp#> .
@prefix pcdm:  <http://pcdm.org/models#> .
@prefix vcard: <http://www.w3.org/2006/vcard/ns#> .
@prefix webac: <http://fedora.info/definitions/v4/webac#> .

...

However, listing individual users this way can get unwieldy, so you can also use the acl:agentClassagentGroup property to specify a group of users:

Code Block
languagetext
<> acl:agentClassagentGroup </groups/jedi> .

The object of the acl:agentClassagentGroup property must be a URI to a group resource (of type foafvcard:Group) containing a list of its members:

Code Block
languagetext
# contents of </groups/jedi>, using strings to identify members:
<> a foafvcard:Group;
    foafvcard:memberhasMember "obiwan";
    foafvcard:memberhasMember "yoda";
    foafvcard:memberhasMember "luke" .
 
# contents of </groups/jedi>, using URIs to identify members:
<> a foafvcard:Group;
    foafvcard:memberhasMember ex:obiwan;
    foafvcard:memberhasMember ex:yoda;
    foafvcard:memberhasMember ex:luke .

(Fedora Implementation Note: As currently implemented, the group resource must also be stored in Fedora; there is no support for referencing external URIs with the acl:agentClassagentGroup property.)

"What?" - Resources and Resource Types

...

Code Block
languagetext
# </acls/rebels>
<> a webac:Acl;
    ldp:contains <commanders>.

# </acls/rebels/commanders>
<> a acl:Authorization;
    acl:agentClassagentGroup </groups/rebel-commanders>;
    acl:accessTo </collections/rebels/plans>;
    # modes will be discussed in the next section
    acl:mode acl:Read, acl:Write.

# partial contents of </collections/rebels/plans>:
<> acl:accessControl </acls/rebels> .

...

Code Block
languagetext
# </acls/rebels>
<> a webac:Acl;
    ldp:contains <commanders-plans>
    ldp:contains <pilots-plans>;
    ldp:contains <pilots-flight-plans>.

# </acls/rebels/commanders-plans>
# commanders...
<> a acl:Authorization;
    # ...listed in this group...
    acl:agentClassagentGroup </groups/rebel-commanders>;
    # ...have read-write access to...
    acl:mode acl:Read, acl:Write;
    # ...the plans
    acl:accessTo </collections/rebels/plans>.

# </acls/rebels/pilots-plans>
# but pilots...
<> a acl:Authorization;
    # ...listed in this group...
    acl:agentClassagentGroup </groups/rebel-pilots>;
    # ...have read-only access to...
    acl:mode acl:Read;
    # ...the plans
    acl:accessTo </collections/rebels/plans>.

# </acls/rebels/pilots-flight-plans>
# however, pilots...
<> a acl:Authorization;
    # ...listed in this group...
    acl:agentClassagentGroups </groups/rebel-pilots>;
    # ...do have read-write access to...
    acl:mode acl:Read, acl:Write;
    # ...their flight plan documents
    acl:accessToClass ex:FlightPlan.

# </collections/rebels/plans>
# this resource is protected by the ACL at this URI
<> acl:accessControl </acls/rebels> .

# </collections/rebels/flights>
# this collection also specifies an ACL so all of its child resources will be
# covered by an ACL
<> acl:accessControl </acls/rebels>;
   ldp:contains <trench-run>.

# </collections/rebels/flights/trench-run>
# users in the group rebel-pilots will have read-write access to this resource
<> a ex:FlightPlan.

...