/
blitz-graph-rules.xml
83 lines (68 loc) · 3.59 KB
/
blitz-graph-rules.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?xml version="1.0" encoding="UTF-8"?>
<!--
#
# Copyright (C) 2014-2015 University of Dundee & Open Microscopy Environment.
# All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<!--
Key for rule specifications:
In square brackets, what action to take on the object:
E = exclude: do not operate on, unlink from target objects
I = include: operate on
D = delete
O = outside: do not operate on, do not even unlink from target objects
In matches, starting these action letters with a ! negates the given set.
For changes, in the square brackets an additional action is available:
- = process: apply rule set to the object and its relationships
In curly braces, the orphan status of the object:
i = irrelevant: don't care about orphan status
r = relevant: care about orphan status but don't know it
o = orphan: it is an orphan
a = attached: it is not an orphan
This may be present alongside [E] only. Orphan status is processed for excluded objects only.
In matches, starting these orphan status letters with a ! negates the given set.
After a forward slash for matches, the permissions required for the object by the user:
u = may be updated
d = may be deleted
o = owns
In matches, starting these permissions letters with a ! negates the given set.
After a forward slash for changes, the permissions checked:
n = none, propagates to subsequent related changes
For the equals signs:
== is not nullable
=? is nullable
= is either of the above
A /o suffix means that the two objects must have the same owner.
Following $ is the name of a condition that may or may not be set by the request.
Rules are executed in the order in which they are listed. However, if depending on order, note that rules
based on multiple relationships cannot match when the common linking object is not the object being processed.
-->
<bean id="graphPolicyRule" class="ome.services.graphs.GraphPolicyRule" abstract="true"/>
<import resource="graph-rules/blitz-chgrp-rules.xml"/>
<import resource="graph-rules/blitz-chmod-rules.xml"/>
<import resource="graph-rules/blitz-chown-rules.xml"/>
<import resource="graph-rules/blitz-delete-rules.xml"/>
<import resource="graph-rules/blitz-disk-usage-rules.xml"/>
<import resource="graph-rules/blitz-duplicate-rules.xml"/>
<import resource="graph-rules/blitz-container-rules.xml"/>
<import resource="graph-rules/blitz-contained-rules.xml"/>
</beans>