1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
|
use Test::More tests => 6;
use RDF::ACL;
my $acl = RDF::ACL->new;
my $authid = $acl->allow(
'agent' => ['http://example.com/fembot#me'],
'agent_class' => ['http://xmlns.com/foaf/0.1/Person'],
'item_class' => 'http://xmlns.com/foaf/0.1/Document',
'level' => ['read']
);
my $authid2 = $acl->allow(
'agent' => ['http://example.com/fembot#me'],
'item_class' => 'http://xmlns.com/foaf/0.1/PersonalProfileDocument',
'level' => ['append', 'read']
);
my $proper;
if ($authid lt $authid2) {
$proper = <<CANON;
<$authid> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/auth/acl#Authorization> .
<$authid> <http://www.w3.org/ns/auth/acl#accessToClass> <http://xmlns.com/foaf/0.1/Document> .
<$authid> <http://www.w3.org/ns/auth/acl#agent> <http://example.com/fembot#me> .
<$authid> <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Person> .
<$authid> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .
<$authid2> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/auth/acl#Authorization> .
<$authid2> <http://www.w3.org/ns/auth/acl#accessToClass> <http://xmlns.com/foaf/0.1/PersonalProfileDocument> .
<$authid2> <http://www.w3.org/ns/auth/acl#agent> <http://example.com/fembot#me> .
<$authid2> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Append> .
<$authid2> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .
CANON
} else {
$proper = <<CANON;
<$authid2> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/auth/acl#Authorization> .
<$authid2> <http://www.w3.org/ns/auth/acl#accessToClass> <http://xmlns.com/foaf/0.1/PersonalProfileDocument> .
<$authid2> <http://www.w3.org/ns/auth/acl#agent> <http://example.com/fembot#me> .
<$authid2> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Append> .
<$authid2> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .
<$authid> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/auth/acl#Authorization> .
<$authid> <http://www.w3.org/ns/auth/acl#accessToClass> <http://xmlns.com/foaf/0.1/Document> .
<$authid> <http://www.w3.org/ns/auth/acl#agent> <http://example.com/fembot#me> .
<$authid> <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Person> .
<$authid> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .
CANON
};
$proper =~ s/\r?\n/\r\n/g;
#is($proper, $acl->save(RDF::Trine::Serializer::NTriples::Canonical->new), "allow seems to generate sensible triples");
ok(!$acl->check(
'http://example.com/joe#me',
'http://example.com/private/document',
'Read'),
"by default, deny access"
);
my $agent_info = [<<AGENTINFO, parser => 'Turtle', base => 'http://example.com/'];
<http://example.com/joe#me> a <http://xmlns.com/foaf/0.1/Person> .
<http://example.com/joe#me> a <http://xmlns.com/foaf/0.1/Agent> .
<http://example.com/fembot#me> a <http://xmlns.com/foaf/0.1/Agent> .
AGENTINFO
my $document_info = [<<DOCINFO, parser => 'Turtle', base => 'http://example.com/'];
<http://example.com/private/document> a <http://xmlns.com/foaf/0.1/Document> .
<http://example.com/private/document> a <http://xmlns.com/foaf/0.1/PersonalProfileDocument> .
DOCINFO
ok($acl->check(
'http://example.com/joe#me',
'http://example.com/private/document',
'Read',
$agent_info,
$document_info,
),
"with class info, allow access!"
);
my @reasons = $acl->why(
'http://example.com/fembot#me',
'http://example.com/private/document',
'Read',
$agent_info,
$document_info);
is(2, scalar @reasons, "first explanation works ok");
my @reasons2 = $acl->why(
'http://example.com/fembot#me',
'http://example.com/private/document',
'append',
$agent_info,
$document_info);
is(1, scalar @reasons2, "second explanation works ok");
$acl->deny($authid2);
ok(!$acl->check(
'http://example.com/fembot#me',
'http://example.com/private/document',
'APPEND',
$agent_info,
$document_info),
"removed append authorisation"
);
ok($acl->check(
'http://example.com/fembot#me',
'http://example.com/private/document',
'read',
$agent_info,
$document_info),
"but kept read"
);
|