• Home
• org.fcrepo
• fcrepo-module-auth-xacml
• 4.5.1
• source code
• ReadNormalNodePermissionPolicySet.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

policies.ReadNormalNodePermissionPolicySet.xml Maven / Gradle / Ivy

<?xml version="1.0" encoding="UTF-8"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation = "urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd"
        PolicySetId="info:fedora/policies/ReadNormalNodePermissionPolicySet"
        PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
  <Target/>
  <Policy PolicyId="fcrepo-xacml:ReadNormalNodePermissionPolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
    <Target/>
    <!-- <Rule RuleId="fcrepo-xacml:RuleDenyReadACLProperties" Effect="Deny">
      <Target>
        <Resources>
          <Resource>
            <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
              <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://fedora.info/definitions/v4/authorization#Rbacl</AttributeValue>
              <ResourceAttributeDesignator MustBePresent="true" AttributeId="http://www.w3.org/1999/02/22-rdf-syntax-ns#type" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
            </ResourceMatch>
          </Resource>
          <Resource>
            <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
              <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://fedora.info/definitions/v4/authorization#Assignment</AttributeValue>
              <ResourceAttributeDesignator MustBePresent="true" AttributeId="http://www.w3.org/1999/02/22-rdf-syntax-ns#type" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
            </ResourceMatch>
          </Resource>
        </Resources>
        <Actions>
          <Action>
            <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
              <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
              <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
            </ActionMatch>
          </Action>
        </Actions>
      </Target>
    </Rule> -->
    <Rule RuleId="fcrepo-xacml:RulePermitReadNormalNode" Effect="Permit">
      <Target>
        <Actions>
          <Action>
            <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
              <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
              <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
            </ActionMatch>
          </Action>
        </Actions>
      </Target>
    </Rule>
    <Rule RuleId="fcrepo-xacml:RuleDenyNonReadActions" Effect="Deny"/>
  </Policy>
</PolicySet>