Skip to content

Commit

Permalink
Restore previous auth queries but keep VALUES $this { UNDEF }
Browse files Browse the repository at this point in the history
  • Loading branch information
@namedgraph
namedgraph committed Nov 25, 2024
1 parent e199678 commit a063ea7
Showing 1 changed file with 48 additions and 42 deletions.
90 changes: 48 additions & 42 deletions src/main/webapp/WEB-INF/web.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,37 +29,43 @@ DESCRIBE ?auth
FROM <urn:x-arq:UnionGraph>
WHERE
{
VALUES ?this { UNDEF }
{
SELECT ?auth ?this ?Type
{
{ ?auth acl:agent $agent}
UNION
{ ?auth acl:agentGroup ?Group .
?Group foaf:member $agent
}
UNION
{ ?auth acl:agentClass foaf:Agent }
UNION
{ ?auth acl:agentClass $AuthenticatedAgentClass }
VALUES $this { UNDEF }
?auth acl:mode $Mode .
{ ?auth acl:agent $agent}
UNION
{ ?auth acl:agentGroup ?Group .
?Group foaf:member $agent
}
UNION
{ ?auth acl:agentClass foaf:Agent }
UNION
{ ?auth acl:agentClass $AuthenticatedAgentClass }
{ ?auth acl:accessTo ?this }
UNION
{ ?auth acl:accessToClass ?Type }
UNION
{ ?auth acl:accessToClass ?Class .
?Type (rdfs:subClassOf)* ?Class
}
}
}
SERVICE $endpoint
{
SELECT ?this ?Type
{
{ GRAPH ?this
{ ?this a ?Type }
?auth acl:mode $Mode .
{ ?auth acl:accessTo $this }
UNION
{ ?auth acl:accessTo $Container
SERVICE $endpoint
{ GRAPH $Container
{ { $Container a def:Root }
UNION
{ $Container a dh:Container }
}
FILTER NOT EXISTS { GRAPH $this
{ $this ?thisP ?thisO }
}
}
}
UNION
{ { ?auth acl:accessToClass ?Type }
UNION
{ ?auth acl:accessToClass ?Class .
?Type (rdfs:subClassOf)* ?Class
}
SERVICE $endpoint
{ { GRAPH $this
{ $this a ?Type }
}
UNION
{ GRAPH $Container
Expand All @@ -68,18 +74,18 @@ WHERE
{ $Container a dh:Container }
$Container a ?Type
}
FILTER NOT EXISTS { GRAPH ?this
{ ?this ?thisP ?thisO }
FILTER NOT EXISTS { GRAPH $this
{ $this ?thisP ?thisO }
}
}
UNION
{ GRAPH ?g
{ ?this a <http://www.semanticdesktop.org/ontologies/2007/03/22/nfo#FileDataObject> ;
{ $this a <http://www.semanticdesktop.org/ontologies/2007/03/22/nfo#FileDataObject> ;
a ?Type
}
}
}
}
}
}
]]></param-value>
</context-param>
Expand All @@ -95,8 +101,8 @@ DESCRIBE ?auth
FROM <urn:x-arq:UnionGraph>
WHERE
{
VALUES ?this { UNDEF }
VALUES $this { UNDEF }
{ ?auth acl:mode acl:Control .
?doc foaf:primaryTopic ?auth
{ ?auth acl:agent $agent }
Expand All @@ -108,12 +114,12 @@ WHERE
UNION
{ ?auth acl:agentClass $AuthenticatedAgentClass ;
acl:mode $Mode
{ ?auth acl:accessTo ?this
{ ?auth acl:accessTo $this
OPTIONAL
{ ?this a ?Type }
{ $this a ?Type }
}
UNION
{ ?this a ?Type
{ $this a ?Type
{ ?auth acl:accessToClass ?Type }
UNION
{ ?auth acl:accessToClass ?Class .
Expand All @@ -124,20 +130,20 @@ WHERE
UNION
{ ?auth acl:agentClass foaf:Agent ;
acl:mode acl:Read
{ ?auth acl:accessTo ?this
{ ?auth acl:accessTo $this
OPTIONAL
{ ?this a ?Type }
{ $this a ?Type }
}
UNION
{ ?this a ?Type
{ $this a ?Type
{ ?auth acl:accessToClass ?Type }
UNION
{ ?auth acl:accessToClass ?Class .
?Type (rdfs:subClassOf)* ?Class
}
}
# only namespace, signup, OAuth2 login and WebID profiles can be public in admin app, nothing else
FILTER ( ?this IN (uri(concat(str($base), "ns")), uri(concat(str($base), "sign%20up")), uri(concat(str($base), "oauth2/login")), uri(concat(str($base), "oauth2/authorize/google"))) || strstarts(str(?this), concat(str($base), "acl/agents/")) || strstarts(str(?this), concat(str($base), "acl/public-keys/")))
FILTER ( $this IN (uri(concat(str($base), "ns")), uri(concat(str($base), "sign%20up")), uri(concat(str($base), "oauth2/login")), uri(concat(str($base), "oauth2/authorize/google"))) || strstarts(str($this), concat(str($base), "acl/agents/")) || strstarts(str($this), concat(str($base), "acl/public-keys/")))
}
}
]]></param-value>
Expand Down

0 comments on commit a063ea7

Please sign in to comment.