-
Notifications
You must be signed in to change notification settings - Fork 150
Expand file tree
/
Copy pathnamespace-ontology.trig.template
More file actions
153 lines (120 loc) · 6.31 KB
/
namespace-ontology.trig.template
File metadata and controls
153 lines (120 loc) · 6.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
@prefix def: <https://w3id.org/atomgraph/linkeddatahub/default#> .
@prefix ldh: <https://w3id.org/atomgraph/linkeddatahub#> .
@prefix ac: <https://w3id.org/atomgraph/client#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
@prefix dh: <https://www.w3.org/ns/ldt/document-hierarchy#> .
@prefix sd: <http://www.w3.org/ns/sparql-service-description#> .
@prefix sp: <http://spinrdf.org/sp#> .
@prefix sioc: <http://rdfs.org/sioc/ns#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix dct: <http://purl.org/dc/terms/> .
@prefix spin: <http://spinrdf.org/spin#> .
@prefix lacl: <https://w3id.org/atomgraph/linkeddatahub/admin/acl#> .
@prefix adm: <https://w3id.org/atomgraph/linkeddatahub/admin#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix cert: <http://www.w3.org/ns/auth/cert#> .
@prefix spin: <http://spinrdf.org/spin#> .
# namespace ontology
<${admin_origin}/ontologies/namespace/>
{
<${admin_origin}/ontologies/namespace/> a dh:Item ;
sioc:has_container <${admin_origin}/ontologies/> ;
dct:title "Namespace" ;
foaf:primaryTopic <${end_user_origin}/ns#> .
<${end_user_origin}/ns#> a owl:Ontology ;
rdfs:label "Namespace" ;
rdfs:comment "Namespace of the application" ;
foaf:isPrimaryTopicOf <${end_user_origin}/ns> ;
owl:imports <https://w3id.org/atomgraph/linkeddatahub/default#> ;
owl:versionInfo "1.0-SNAPSHOT" .
}
# public namespace authorization
<${admin_origin}/acl/authorizations/public-namespace/>
{
<${admin_origin}/acl/authorizations/public-namespace/> a dh:Item ;
sioc:has_container <${admin_origin}/acl/authorizations/> ;
dct:title "Public namespace access" ;
foaf:primaryTopic <${admin_origin}/acl/authorizations/public-namespace/#this> .
<${admin_origin}/acl/authorizations/public-namespace/#this> a acl:Authorization ;
rdfs:label "Public namespace access" ;
rdfs:comment "Allows non-authenticated access" ;
acl:accessTo <${end_user_origin}/ns> ; # end-user ontologies are public
acl:mode acl:Read, acl:Append ; # allow queries over GET as well as POST
acl:agentClass foaf:Agent, acl:AuthenticatedAgent .
}
# SPARQL endpoint authorization
<${admin_origin}/acl/authorizations/sparql-endpoint/>
{
<${admin_origin}/acl/authorizations/sparql-endpoint/> a dh:Item ;
sioc:has_container <${admin_origin}/acl/authorizations/> ;
dct:title "SPARQL endpoint access" ;
foaf:primaryTopic <${admin_origin}/acl/authorizations/sparql-endpoint/#this> .
<${admin_origin}/acl/authorizations/sparql-endpoint/#this> a acl:Authorization ;
rdfs:label "SPARQL endpoint access" ;
rdfs:comment "Allows only authenticated access" ;
acl:accessTo <${end_user_origin}/sparql> ;
acl:mode acl:Read, acl:Append ; # allow queries over GET as well as POST
acl:agentClass acl:AuthenticatedAgent .
}
# SPARQL update authorization
<${admin_origin}/acl/authorizations/sparql-update/>
{
<${admin_origin}/acl/authorizations/sparql-update/> a dh:Item ;
sioc:has_container <${admin_origin}/acl/authorizations/> ;
dct:title "SPARQL update access" ;
foaf:primaryTopic <${admin_origin}/acl/authorizations/sparql-update/#this> .
<${admin_origin}/acl/authorizations/sparql-update/#this> a acl:Authorization ;
rdfs:label "SPARQL update access" ;
rdfs:comment "Allows only authenticated access" ;
acl:accessTo <${end_user_origin}/update> ;
acl:mode acl:Append ; # allow updates over POST
acl:agentClass acl:AuthenticatedAgent .
}
# write/append authorization
<${admin_origin}/acl/authorizations/write-append/>
{
<${admin_origin}/acl/authorizations/write-append/> a dh:Item ;
sioc:has_container <${admin_origin}/acl/authorizations/> ;
dct:title "Write/append access" ;
foaf:primaryTopic <${admin_origin}/acl/authorizations/write-append/#this> .
<${admin_origin}/acl/authorizations/write-append/#this> a acl:Authorization ;
rdfs:label "Write/append access" ;
rdfs:comment "Allows write access to all documents and containers" ;
acl:accessToClass dh:Item, dh:Container, def:Root ;
acl:accessTo <${end_user_origin}/sparql>, <${end_user_origin}/importer>, <${end_user_origin}/add>, <${end_user_origin}/generate>, <${end_user_origin}/ns> ;
acl:mode acl:Write, acl:Append ;
acl:agentGroup <${admin_origin}/acl/groups/owners/#this>, <${admin_origin}/acl/groups/writers/#this> .
}
# full access authorization
<${admin_origin}/acl/authorizations/full-control/>
{
<${admin_origin}/acl/authorizations/full-control/> a dh:Item ;
sioc:has_container <${admin_origin}/acl/authorizations/> ;
dct:title "Full control" ;
foaf:primaryTopic <${admin_origin}/acl/authorizations/full-control/#this> .
<${admin_origin}/acl/authorizations/full-control/#this> a acl:Authorization ;
rdfs:label "Full control" ;
rdfs:comment "Allows full read/write access to all application resources" ;
acl:accessToClass dh:Item, dh:Container, def:Root ;
acl:accessTo <${end_user_origin}/sparql>, <${end_user_origin}/importer>, <${end_user_origin}/add>, <${end_user_origin}/generate>, <${end_user_origin}/ns> ;
acl:mode acl:Read, acl:Append, acl:Write, acl:Control ;
acl:agentGroup <${admin_origin}/acl/groups/owners/#this> .
}
# read access
<${admin_origin}/acl/authorizations/read/>
{
<${admin_origin}/acl/authorizations/read/> a dh:Item ;
sioc:has_container <${admin_origin}/acl/authorizations/> ;
dct:title "Read access" ;
foaf:primaryTopic <${admin_origin}/acl/authorizations/read/#this> .
<${admin_origin}/acl/authorizations/read/#this> a acl:Authorization ;
rdfs:label "Read access" ;
rdfs:comment "Allows read access to all resources" ;
acl:accessToClass dh:Item, dh:Container, def:Root, <http://www.semanticdesktop.org/ontologies/2007/03/22/nfo#FileDataObject> ;
acl:accessTo <${end_user_origin}/sparql> ;
acl:mode acl:Read ;
acl:agentGroup <${admin_origin}/acl/groups/owners/#this>, <${admin_origin}/acl/groups/writers/#this>, <${admin_origin}/acl/groups/readers/#this> .
}