Versions Compared

Old Version 6

changes.mady.by.user Andrew Woods

Saved on

compared with

New Version Current

changes.mady.by.user Peter Eichman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Prerequisites

  • a running Fedora 4 with the WebAC module enabled, repository
  • curl

The commands in this guide assume that your Fedora repository is running at http://localhost:8080/fcrepo

...

.

Steps

  1. Create these four three files:

    Code Block
    languagetext
    titleaclfoo.ttl
    @prefix webacdc: <http://fedorapurl.infoorg/dc/definitionselements/v41.1/webac#>>.

<> a webac:Acl dc:title "Hello, World!".


    Code Block
    languagetext
    titlegroup.ttl
    @prefix vcard: <http://www.w3.org/2006/vcard/ns#> .

<> a vcard:Group;
    vcard:hasMember "testuser".


    @prefix : <http://wwww3.org/ns/auth/acl#>. @prefix dc: <http://purl.org/dc/elements/1.1/>. <> acl:accessControl </fcrepo/rest/acl>; dc:title "Hello, World!".
    Code Block
    languagetext
    titlefoo.ttl
    acl
    .
    Code Block
    languagetext
    titleauthz.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#>.

<><#groupRead> a acl:Authorization;
    acl:accessTo </fcrepo/rest/foo>;
    acl:agentGroup </fcrepo/rest/group>;
    acl:mode acl:Read.


  2. Upload these resources into Fedora:

    Code Block
    languagetextbash
    $ curl -X PUT http://localhost:8080/fcrepo/rest/acl -u fedoraAdmin:secret3 \
    -H "Content-Type: text/turtle" --data-binary @acl.ttl
$ curl -X PUT http://localhost:8080/fcrepo/rest/foo -u fedoraAdmin:secret3 \
    -H "Content-Type: text/turtle" --data-binary @foo.ttl
$ curl -X PUT http://localhost:8080/fcrepo/rest/group -u fedoraAdmin:secret3 \
    -H "Content-Type: text/turtle" --data-binary @group.ttl
$ curl -X PUT http://localhost:8080/fcrepo/rest/foo/fcr:acl/authz -u fedoraAdmin:secret3 \
    -H "Content-Type: text/turtle" --data-binary @authz@acl.ttl

    (Note: The order you upload these in is important, since foo references acl, and authz references foo and group)


  3. Test that testuser can read the foo resource, while adminuser cannot: 

    Code Block
    languagetextbash
    $ curl -i http://localhost:8080/fcrepo/rest/foo -u testuser:password1
$ curl -i http://localhost:8080/fcrepo/rest/foo -u adminuser:password2

    The first request should respond with 200 OK, while the second should be 403 Forbidden.

    To allow adminuser to also read the foo resource, we can add adminuser to the members of the group.

  1. Create group.sparql with the following contents:

    Code Block
    languagetext
    titlegroup.sparql
    PREFIX vcard: <http://www.w3.org/2006/vcard/ns#>

INSERT DATA {
    <> vcard:hasMember "adminuser" .
 }
WHERE {}


  2. Run this command to update the group and add adminuser to it:

    Code Block
    languagetext
    $ curl -i -X PATCH http://localhost:8080/fcrepo/rest/group \
    -u fedoraAdmin:secret3 \
    -H "Content-Type: application/sparql-update" \
    --data-binary @group.sparql

    You should receive a 204 No Content response on success.

  1. Now you should be able to repeat the command from step 3 and successfully retrieve the foo resource as adminuser

    Code Block
    languagetextbash
    $ curl -i http://localhost:8080/fcrepo/rest/foo -u adminuser:password2

    This time, you should get a 200 OK response.

...