Skip to content
Provides a graphical user interface to edit XACML policies for objects in a repository or collection.
PHP Other
Latest commit 242dabc Mar 18, 2016 @manez manez Merge pull request #130 from ruebot/7.x-ISLANDORA-1616
Address ISLANDORA-1616; Take avantage of new GitHub functionality and…
Failed to load latest commit information.
.github
api Minor POLICY DS fixes. Sep 23, 2015
build
css
includes
tests
.gitattributes
.gitignore Updated tests for coding standards. Apr 18, 2013
.travis.yml
CONTRIBUTING.md
LICENSE.txt
README.md Update README.md Sep 11, 2015
TODO.txt
build.xml
islandora_xacml_editor.api.php
islandora_xacml_editor.info
islandora_xacml_editor.install
islandora_xacml_editor.module Account for soft dependency, add helper function, cmodel filtering. Nov 3, 2015

README.md

Islandora XACML Editor Build Status

Introduction

The Islandora XACML Editor provides a graphical user interface to edit XACML policies for objects in a repository or collection. It adds a new tab to each collection called Child Policy and a tab to each item called Item Policy, where permissions can be set on a per User or per Role basis for:

  • Object Management: Controls who can set XACML policies for an object/collection.
  • Object Viewing: Controls who can view an object/collection.
  • Datastreams and MIME types: Controls who can view datastreams by DSID and MIME type.

Requirements

This module requires the following modules/libraries:

Installation

Install as usual, see this for further information.

Configuration

Fedora Configuration

It may be desirable--and in fact necessary for some modules--to disable/remove one of the default XACML policies which denies any interactions with the POLICY datastream to users without the "administrator" role.

This policy is located here: $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-policy-management-if-not-administrator.xml

Solr Searching Hook

In order to comply with XACML restrictions placed on objects, a hook is used to filter results that do not conform to a searching user's roles and name. This hook will not function correctly if the Solr fields for ViewableByUser and ViewableByRole are not defined correctly as they are set in the XSLT. These values can be set through the admin page for the module.

image

Notes

The XACML editor hooks into ingesting through the interface. When a child is added through the interface, the parent's POLICY will be applied if one exists.

If XACML policies are written or edited by hand, it may result in unexpected behaviour.

Documentation

Further documentation for this module is available at our wiki.

Troubleshooting/Issues

Having problems or solved a problem? Check out the Islandora google groups for a solution.

Maintainers/Sponsors

Current maintainers:

Development

If you would like to contribute to this module, please check out CONTRIBUTING.md. In addition, we have helpful Documentation for Developers info, as well as our Developers section on the Islandora.ca site.

License

GPLv3

Something went wrong with that request. Please try again.