• Home
• org.fcrepo
• fcrepo-integrationtest-core
• 3.8.1
• source code
• deny-policy-management-if-not-administrator.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

XACMLTestPolicies.valid-policies.deny-policy-management-if-not-administrator.xml Maven / Gradle / Ivy

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        PolicyId="deny-policy-management-if-not-administrator"
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
  <Description>deny access to POLICY datastream unless subject has administrator role</Description>
  <Target>
    <Subjects>
      <AnySubject/> 
    </Subjects>
    <Resources>
      <Resource>
        <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
          <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">POLICY</AttributeValue>        
          <ResourceAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:id"
            MustBePresent="false" 
            DataType="http://www.w3.org/2001/XMLSchema#string"/>
        </ResourceMatch>
      </Resource>
    </Resources>
    <Actions>
      <AnyAction/>
    </Actions>    
  </Target>
  <Rule RuleId="1" Effect="Deny">
    <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
      <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</AttributeValue>         
        <SubjectAttributeDesignator AttributeId="fedoraRole" DataType="http://www.w3.org/2001/XMLSchema#string"/>
      </Apply>    
    </Condition>
  </Rule>
</Policy>