...
Create these four files:
Code Block language text title acl.ttl @prefix webac: <http://fedora.info/definitions/v4/webac#>. @prefix ldp: <http://www.w3.org/ns/ldp#>. <> a webac:Acl .
Code Block language text title group.ttl @prefix ldp: <http://www.w3.org/ns/ldp#>. @prefix foaf: <http://xmlns.com/foaf/0.1/> . <> a ldp:BasicContainer, foaf:Group; foaf:member "testuser".Code Block language text title foo.ttl @prefix ldp: <http://www.w3.org/ns/ldp#>. @prefix acl: <http://www.w3.org/ns/auth/acl#>. @prefix dc: <http://purl.org/dc/elements/1.1/>. <> a ldp:BasicContainer; acl:accessControl </fcrepo/rest/acl>; dc:title "Hello, World!".Code Block language text title authz.ttl @prefix acl: <http://www.w3.org/ns/auth/acl#>. <> a acl:Authorization; acl:accessTo </fcrepo/rest/foo>; acl:agentClass </fcrepo/rest/group>; acl:mode acl:Read.Upload these resources into Fedora:
Code Block language text $ curl -X PUT http://localhost:8080/fcrepo/rest/acl -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @acl.ttl $ curl -X PUT http://localhost:8080/fcrepo/rest/foo -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @foo.ttl $ curl -X PUT http://localhost:8080/fcrepo/rest/group -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @group.ttl $ curl -X PUT http://localhost:8080/fcrepo/rest/acl/authz -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @authz.ttl(Note: The order you upload these in is important, since
fooreferencesacl, andauthzreferencesfooandgroup)Test that
testusercan read thefooresource, whileadminusercannot:Code Block language text $ curl -i http://localhost:8080/fcrepo/rest/foo -u testuser:password1 $ curl -i http://localhost:8080/fcrepo/rest/foo -u adminuser:password2
The first request should respond with 200 OK, while the second should be 403 Forbidden.
To allow
adminuserto also read thefooresource, we can addadminuserto the members of the group.
...