From a063ea7f2cfeaad87cab5a3e0d4ba89a1d82ca7a Mon Sep 17 00:00:00 2001 From: Martynas Date: Mon, 25 Nov 2024 22:13:09 +0100 Subject: [PATCH] Restore previous auth queries but keep `VALUES $this { UNDEF }` --- src/main/webapp/WEB-INF/web.xml | 90 ++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 42 deletions(-) diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index cbc00e441..507035101 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -29,37 +29,43 @@ DESCRIBE ?auth FROM WHERE { - VALUES ?this { UNDEF } - { - SELECT ?auth ?this ?Type - { - { ?auth acl:agent $agent} - UNION - { ?auth acl:agentGroup ?Group . - ?Group foaf:member $agent - } - UNION - { ?auth acl:agentClass foaf:Agent } - UNION - { ?auth acl:agentClass $AuthenticatedAgentClass } + VALUES $this { UNDEF } - ?auth acl:mode $Mode . + { ?auth acl:agent $agent} + UNION + { ?auth acl:agentGroup ?Group . + ?Group foaf:member $agent + } + UNION + { ?auth acl:agentClass foaf:Agent } + UNION + { ?auth acl:agentClass $AuthenticatedAgentClass } - { ?auth acl:accessTo ?this } - UNION - { ?auth acl:accessToClass ?Type } - UNION - { ?auth acl:accessToClass ?Class . - ?Type (rdfs:subClassOf)* ?Class - } - } - } - SERVICE $endpoint - { - SELECT ?this ?Type - { - { GRAPH ?this - { ?this a ?Type } + ?auth acl:mode $Mode . + + { ?auth acl:accessTo $this } + UNION + { ?auth acl:accessTo $Container + SERVICE $endpoint + { GRAPH $Container + { { $Container a def:Root } + UNION + { $Container a dh:Container } + } + FILTER NOT EXISTS { GRAPH $this + { $this ?thisP ?thisO } + } + } + } + UNION + { { ?auth acl:accessToClass ?Type } + UNION + { ?auth acl:accessToClass ?Class . + ?Type (rdfs:subClassOf)* ?Class + } + SERVICE $endpoint + { { GRAPH $this + { $this a ?Type } } UNION { GRAPH $Container @@ -68,18 +74,18 @@ WHERE { $Container a dh:Container } $Container a ?Type } - FILTER NOT EXISTS { GRAPH ?this - { ?this ?thisP ?thisO } + FILTER NOT EXISTS { GRAPH $this + { $this ?thisP ?thisO } } } UNION { GRAPH ?g - { ?this a ; + { $this a ; a ?Type } } } - } + } } ]]> @@ -95,8 +101,8 @@ DESCRIBE ?auth FROM WHERE { - VALUES ?this { UNDEF } - + VALUES $this { UNDEF } + { ?auth acl:mode acl:Control . ?doc foaf:primaryTopic ?auth { ?auth acl:agent $agent } @@ -108,12 +114,12 @@ WHERE UNION { ?auth acl:agentClass $AuthenticatedAgentClass ; acl:mode $Mode - { ?auth acl:accessTo ?this + { ?auth acl:accessTo $this OPTIONAL - { ?this a ?Type } + { $this a ?Type } } UNION - { ?this a ?Type + { $this a ?Type { ?auth acl:accessToClass ?Type } UNION { ?auth acl:accessToClass ?Class . @@ -124,12 +130,12 @@ WHERE UNION { ?auth acl:agentClass foaf:Agent ; acl:mode acl:Read - { ?auth acl:accessTo ?this + { ?auth acl:accessTo $this OPTIONAL - { ?this a ?Type } + { $this a ?Type } } UNION - { ?this a ?Type + { $this a ?Type { ?auth acl:accessToClass ?Type } UNION { ?auth acl:accessToClass ?Class . @@ -137,7 +143,7 @@ WHERE } } # only namespace, signup, OAuth2 login and WebID profiles can be public in admin app, nothing else - FILTER ( ?this IN (uri(concat(str($base), "ns")), uri(concat(str($base), "sign%20up")), uri(concat(str($base), "oauth2/login")), uri(concat(str($base), "oauth2/authorize/google"))) || strstarts(str(?this), concat(str($base), "acl/agents/")) || strstarts(str(?this), concat(str($base), "acl/public-keys/"))) + FILTER ( $this IN (uri(concat(str($base), "ns")), uri(concat(str($base), "sign%20up")), uri(concat(str($base), "oauth2/login")), uri(concat(str($base), "oauth2/authorize/google"))) || strstarts(str($this), concat(str($base), "acl/agents/")) || strstarts(str($this), concat(str($base), "acl/public-keys/"))) } } ]]>