strawman delegate implementation #8
Conversation
|
|
||
| final List<URI> actionURIs = actionsAsURIs(actions); | ||
|
|
||
| final Optional<URI> effectiveACL = getEffectiveAcl(new FedoraResourceImpl(userSession.getNode(absPath))); |
There was a problem hiding this comment.
We may need an "internal-session" as the userSession will likely not have permissions to read the ACL resources.
|
As a side note, we will need a WebAC implementation of |
|
I would also note that I used |
| @@ -15,6 +15,17 @@ | |||
| */ | |||
| package org.fcrepo.auth.webac; | |||
|
|
|||
| // The WEBAC_HAS_ACL variable does not exist (we don't even have a namespace for it yet). | |||
| import static org.fcrepo.auth.webac.URIConstants.WEBAC_HAS_ACL; | |||
There was a problem hiding this comment.
Could we use acl:accessControl for this? From the ontology
<rdf:Property rdf:about="http://www.w3.org/ns/auth/acl#accessControl">
<comment>The Access Control file for this information resource.
This may of course be a virtual resorce implemented by the access control system.
Note also HTTP's header Link: foo.meta ;rel=meta can be used for this.</comment>
<domain rdf:resource="http://www.w3.org/2006/gen/ont#InformationResource"/>
<label>access control</label>
<range rdf:resource="http://www.w3.org/2006/gen/ont#InformationResource"/>
<subPropertyOf rdf:resource="http://www.w3.org/2000/01/rdf-schema#seeAlso"/>
</rdf:Property>
There was a problem hiding this comment.
@whikloj, that property seems appropriate.
|
@acoburn, are we actually planning on hijacking |
|
@awoods If you look at the examples in the WebAC wiki, you will see that Do you feel that this diverges from what the WebACL document lays out? |
|
@acoburn, nevermind... I was mentally hooked on |
| map.put("DELETE", WEBAC_MODE_WRITE); | ||
| map.put("PATCH", WEBAC_MODE_WRITE); | ||
| map.put("OPTIONS", WEBAC_MODE_READ); | ||
| actionMap = Collections.unmodifiableMap(map); |
There was a problem hiding this comment.
I have no idea if this matches any type of reality. Is the actions array (below) composed of Strings like "GET", or "POST"? Without knowing any better, that's what I'm assuming.
There was a problem hiding this comment.
Incidentally, if @acoburn is correct, this is one reason why we don't want to have resources created or updated or deleted by requests to URIs that aren't their own.
|
Are we scrapping this PR in favor of a new one? or is there a plan for closure today? |
|
I'm still working on this PR, though it is dependent on @whikloj and the creation of a WebACRolesProvider interface |
|
Sorry, but I thought @mohideen was going to work on the WebACRolesProvider implementation as he was already working on the AuthHandler interface, I was working on the WebACAuthenticationImpl. Did I get that mixed up? |
acoburn
force-pushed
the
delegate_impl
branch
3 times, most recently
from
d294e09
to
d51d883
Compare
acoburn
force-pushed
the
delegate_impl
branch
from
d51d883
to
3069cb9
Compare
acoburn
force-pushed
the
delegate_impl
branch
from
cc91941
to
ce2d1d6
Compare
|
Added unit tests with the provided TTL resources. Added more debugging log output. Need to add more comments, and have support for acls residing on ancestor nodes. |
Conflicts: src/main/java/org/fcrepo/auth/webac/WebACAuthorizationDelegate.java src/main/java/org/fcrepo/auth/webac/impl/WebACAccessRolesProvider.java src/test/java/org/fcrepo/auth/webac/impl/WebACAccessRolesProviderTest.java
Updated the Map with ModeshapePermissions to WebAC access modes.
Removed RBACL-based test class. Added license header, and move WebACRecipesIT into the correct package.
|
This PR is now deprecated in favor of #28 (and other yet-to-be-issued PRs) |
|
@acoburn, please feel free to close this PR if that is the intent of your previous comment. |
This doesn't even pretend to be a correct implementation (it doesn't even consider type-based accessToClass resources), but it is a start. Please feel free to tear it apart!