source: TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/policy.xml @ 5466

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/policy.xml@5466
Revision 5466, 3.1 KB checked in by cbyrom, 10 years ago (diff)

Add to code to allow the OAI editor to be used with the new openid
based security system. Add the policy file and secured ini file +
adjust handling of users - enforcing page access via URL content

  • basically either by provider ID or via 'admin=1' parameter for

admin users. For the latter, provider security_redirector module to
allow admin users to use same point of entry as normal users.

Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy PolicyId="AuthZTest" xmlns="urn:ndg:security:authz:1.0:policy">
3    <Description>Restrict access for OAI Editor</Description>
4   
5    <Target>
6        <URIPattern>^\home.*((?!\.css|\.js|\.jpg|\.gif).)*$</URIPattern>
7    </Target>
8    <Target>
9        <URIPattern>^((?!\.css|\.js|\.jpg|\.gif).)*$</URIPattern>
10        <Attributes>
11            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:admin</Attribute>
12            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:bodc</Attribute>
13            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:badc</Attribute>
14        </Attributes>
15        <AttributeAuthority>
16            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri>
17        </AttributeAuthority>
18    </Target>
19    <!-- NB, admin users cannot access the bare 'home' url - they need to be redirected
20    to the '/home?admin=1' url - add everyone else to this target though -->
21    <Target>
22        <URIPattern>^/home$</URIPattern>
23        <Attributes>
24            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:bodc</Attribute>
25            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:badc</Attribute>
26        </Attributes>
27        <AttributeAuthority>
28            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri>
29        </AttributeAuthority>
30    </Target>
31    <Target>
32        <URIPattern>^/.*?admin=1$</URIPattern>
33        <Attributes>
34            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:admin</Attribute>
35        </Attributes>
36        <AttributeAuthority>
37            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri>
38        </AttributeAuthority>
39    </Target>
40    <!-- only admin users can create or delete provider info -->
41    <!-- Target>
42        <URIPattern>^/deleteProviderInfo.*$</URIPattern>
43        <Attributes>
44            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:admin</Attribute>
45        </Attributes>
46        <AttributeAuthority>
47            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri>
48        </AttributeAuthority>
49    </Target>
50    <Target>
51        <URIPattern>^/createProviderInfo$</URIPattern>
52        <Attributes>
53            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:admin</Attribute>
54        </Attributes>
55        <AttributeAuthority>
56            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri>
57        </AttributeAuthority>
58    </Target-->
59    <Target>
60        <URIPattern>^/.*badc$</URIPattern>
61        <Attributes>
62            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:badc</Attribute>
63        </Attributes>
64        <AttributeAuthority>
65            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri>
66        </AttributeAuthority>
67    </Target>
68    <Target>
69        <URIPattern>^/.*bodc$</URIPattern>
70        <Attributes>
71            <Attribute>urn:badc:security:authz:1.0:attr:oai_editor:bodc</Attribute>
72        </Attributes>
73        <AttributeAuthority>
74            <uri>https://ndg3beta.badc.rl.ac.uk/AttributeAuthority</uri>
75        </AttributeAuthority>
76    </Target>
77</Policy>
Note: See TracBrowser for help on using the repository browser.