New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
strawman delegate implementation #8
Conversation
|
||
final List<URI> actionURIs = actionsAsURIs(actions); | ||
|
||
final Optional<URI> effectiveACL = getEffectiveAcl(new FedoraResourceImpl(userSession.getNode(absPath))); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may need an "internal-session" as the userSession
will likely not have permissions to read the ACL resources.
As a side note, we will need a WebAC implementation of |
I would also note that I used |
@@ -15,6 +15,17 @@ | |||
*/ | |||
package org.fcrepo.auth.webac; | |||
|
|||
// The WEBAC_HAS_ACL variable does not exist (we don't even have a namespace for it yet). | |||
import static org.fcrepo.auth.webac.URIConstants.WEBAC_HAS_ACL; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we use acl:accessControl for this? From the ontology
<rdf:Property rdf:about="http://www.w3.org/ns/auth/acl#accessControl">
<comment>The Access Control file for this information resource.
This may of course be a virtual resorce implemented by the access control system.
Note also HTTP's header Link: foo.meta ;rel=meta can be used for this.</comment>
<domain rdf:resource="http://www.w3.org/2006/gen/ont#InformationResource"/>
<label>access control</label>
<range rdf:resource="http://www.w3.org/2006/gen/ont#InformationResource"/>
<subPropertyOf rdf:resource="http://www.w3.org/2000/01/rdf-schema#seeAlso"/>
</rdf:Property>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@whikloj, that property seems appropriate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 nice call
@acoburn, are we actually planning on hijacking |
@awoods If you look at the examples in the WebAC wiki, you will see that
Do you feel that this diverges from what the WebACL document lays out? |
@acoburn, nevermind... I was mentally hooked on |
map.put("DELETE", WEBAC_MODE_WRITE); | ||
map.put("PATCH", WEBAC_MODE_WRITE); | ||
map.put("OPTIONS", WEBAC_MODE_READ); | ||
actionMap = Collections.unmodifiableMap(map); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no idea if this matches any type of reality. Is the actions
array (below) composed of Strings like "GET", or "POST"? Without knowing any better, that's what I'm assuming.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Incidentally, if @acoburn is correct, this is one reason why we don't want to have resources created or updated or deleted by requests to URIs that aren't their own.
Are we scrapping this PR in favor of a new one? or is there a plan for closure today? |
I'm still working on this PR, though it is dependent on @whikloj and the creation of a WebACRolesProvider interface |
Sorry, but I thought @mohideen was going to work on the WebACRolesProvider implementation as he was already working on the AuthHandler interface, I was working on the WebACAuthenticationImpl. Did I get that mixed up? |
d294e09
to
d51d883
Compare
d51d883
to
3069cb9
Compare
cc91941
to
ce2d1d6
Compare
Added unit tests with the provided TTL resources. Added more debugging log output. Need to add more comments, and have support for acls residing on ancestor nodes. |
Conflicts: src/main/java/org/fcrepo/auth/webac/WebACAuthorizationDelegate.java src/main/java/org/fcrepo/auth/webac/impl/WebACAccessRolesProvider.java src/test/java/org/fcrepo/auth/webac/impl/WebACAccessRolesProviderTest.java
Updated the Map with ModeshapePermissions to WebAC access modes.
Removed RBACL-based test class. Added license header, and move WebACRecipesIT into the correct package.
This PR is now deprecated in favor of #28 (and other yet-to-be-issued PRs) |
@acoburn, please feel free to close this PR if that is the intent of your previous comment. |
This doesn't even pretend to be a correct implementation (it doesn't even consider type-based accessToClass resources), but it is a start. Please feel free to tear it apart!