...

Prerequisites

• a running Fedora 4 with the WebAC module enabled, repository
• curl

The commands in this guide assume that your Fedora repository is running at http://localhost:8080/fcrepo

...

.

Steps

1. Create these three files:

   Code Block
   language text title foo.ttl
   @prefix dc: <http://purl.org/dc/elements/1.1/>. <> dc:title "Hello, World!".

   
   

   Code Block
   language text title group.ttl
   @prefix vcard: <http://www.w3.org/2006/vcard/ns#> . <> a vcard:Group; vcard:hasMember "testuser".

   
   

   Code Block
   language text title acl.ttl
   @prefix acl: <http://www.w3.org/ns/auth/acl#>. <#groupRead> a acl:Authorization; acl:accessTo </fcrepo/rest/foo>; acl:agentGroup </fcrepo/rest/group>; acl:mode acl:Read.

   
   

2. Upload these resources into Fedora:

   Code Block
   language bash
   curl -X PUT http://localhost:8080/fcrepo/rest/foo -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @foo.ttl curl -X PUT http://localhost:8080/fcrepo/rest/group -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @group.ttl curl -X PUT http://localhost:8080/fcrepo/rest/foo/fcr:acl -u fedoraAdmin:secret3 \ -H "Content-Type: text/turtle" --data-binary @acl.ttl

   
   

3. Test that testuser can read the foo resource, while adminuser cannot: 

   Code Block
   language bash
   curl -i http://localhost:8080/fcrepo/rest/foo -u testuser:password1 curl -i http://localhost:8080/fcrepo/rest/foo -u adminuser:password2

   The first request should respond with 200 OK, while the second should be 403 Forbidden.

   To allow adminuser to also read the foo resource, we can add adminuser to the members of the group.

...