[Yanel-commits] rev 49560 - in
public/yanel/trunk/src/realms/yanel-website/content: .
b67016da-d515-4227-8204-7ff9384588ed.yarep
b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions
b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533
b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648
b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872
memo at wyona.com
memo at wyona.com
Fri May 14 09:19:31 CEST 2010
Author: memo
Date: 2010-05-14 09:19:31 +0200 (Fri, 14 May 2010)
New Revision: 49560
Added:
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/content
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/meta
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/content
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/meta
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/content
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/meta
Modified:
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed
public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/meta
Log:
documentation for access policies updated
Modified: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed 2010-05-14 07:06:51 UTC (rev 49559)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed 2010-05-14 07:19:31 UTC (rev 49560)
@@ -1,35 +1,55 @@
-<?xml version="1.0"?><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Created from template ...</title> <link rel="neutron-introspection" type="application/neutron+xml" href="?yanel.resource.usecase=introspection"/></head><body>
-<h1>Access Control Policies</h1>
-
-<h2>Inheritance of policies or usecases</h2>
-One can block inherited policies for <b>all</b> usecases<br/> <p>
-</p><pre><?xml version="1.0"?><br/><br/><policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false"><br/><br/> <usecase id="view"><br/> <!--<world permission="false"/>--><br/> <user id="lenya" permission="true"/><br/> </usecase><br/><br/> <usecase id="open"><br/> <user id="lenya" permission="true"/><br/> </usecase><br/><br/> <usecase id="write"><br/> <user id="lenya" permission="true"/><br/> </usecase><br/><br/></policy><br/></pre>
-<p>
-or also for a particular usecase<br/>
-</p>
-<p>
-</p><pre><?xml version="1.0"?><br/><br/><policy xmlns="http://www.wyona.org/security/1.0"><br/><br/> <usecase id="view" use-inherited-policies="false"<br/> <!--<world permission="false"/>--><br/> <user id="lenya" permission="true"/><br/> </usecase><br/><br/></policy><br/></pre>
-
-<h2>Default usecases</h2>
-<p>
-The defaul usecases are currently hard-coded within <code>org.wyona.yanel.servlet.YanelServlet</code> and <code>org.wyona.security.impl.PolicyManagerImplVersion2</code>
-</p>
-<ul>
- <li><b>view:</b> Allows to access the resource generated content</li>
- <li><b>yanel.resource.meta:</b> Allows to access the meta data of resource (e.g. resource type)</li>
- <li><b>open:</b> Allows to access the source content of a resource</li>
- <li><b>write:</b> Allows to write/save data to the source content of a resource</li>
- <li><b>delete:</b> Allows to delete a resource</li>
- <li><b>resource.create:</b> Allows to create a resource</li>
- <li><b>toolbar:</b> Allows to access the Yanel toolbar</li>
- <li><b>introspection:</b> Allows to access the Neutron introspection of a resource</li>
- <li><b>policy.read:</b> Allows to view the access policy of a resource</li>
- <li><b>policy.update:</b> Allows to modify the access policy of a resource</li>
-</ul>
-
-<h2>Custom usecases</h2>
-<p>
-For example workflow transitions!
-</p>
-</body>
-</html>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<title>Access Control Policies</title>
+</head>
+<body>
+<h1>Access Control Policies</h1>
+<h2>Inheritance of policies or usecases</h2>
+<p>One can block inherited policies for <strong>all</strong> usecases</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false"><br /><br /> <usecase id="view"><br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="open"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="write"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<p>or also for a particular usecase</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0"><br /><br /> <usecase id="view" use-inherited-policies="false"<br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<h2>Default usecases</h2>
+<p>The defaul usecases are currently hard-coded within <code>org.wyona.yanel.servlet.YanelServlet</code> and <code>org.wyona.security.impl.PolicyManagerImplVersion2</code></p>
+<ul>
+<li><strong>view:</strong> Allows to access the resource generated content</li>
+<li><strong>yanel.resource.meta:</strong> Allows to access the meta data of resource (e.g. resource type)</li>
+<li><strong>open:</strong> Allows to access the source content of a resource</li>
+<li><strong>write:</strong> Allows to write/save data to the source content of a resource</li>
+<li><strong>delete:</strong> Allows to delete a resource</li>
+<li><strong>resource.create:</strong> Allows to create a resource</li>
+<li><strong>toolbar:</strong> Allows to access the Yanel toolbar</li>
+<li><strong>introspection:</strong> Allows to access the Neutron introspection of a resource</li>
+<li><strong>policy.read:</strong> Allows to view the access policy of a resource</li>
+<li><strong>policy.update:</strong> Allows to modify the access policy of a resource</li>
+</ul>
+<h2>Custom usecases</h2>
+<p>For example workflow transitions!</p>
+<h2>How it works</h2>
+<p>The access control directory mimics the data directory. Each <code>file-or-dir-name.policy</code> file sets the rules for its namesake in the respective data directory. If the filename is the name of a directory, it defines the access for the corresponding directory, if it is the name of a single file, it defines the rules for this file only. Definitions for directories are inherited by all subdirectories, exceptions need to be defined at the corresponding level (see the following example). The root policy that is installed by default and defines the rules for the whole realm is called <code>.policy</code>, and is in the root folder of the policies (<code>realm-dir/ac-policies</code> by default).</p>
+<h3>Example setup</h3>
+<p>Here is an example that shows what needs to be done to block view acces to all parts of a website except a special page (useful for production websites "under construction"). We will assume that the page that we want to show is <code>realm-dir/data-repository/en/construction.html</code>.</p>
+<ul>
+<li>Leave the default policy open, i.e. in the file <code>.policy</code> in the root access control directory (<code>realm-dir/ac-policies/.policy</code> by default, defined in <code>realm-dir/config/ac-policies-repository.xml</code>), let everybody view everything:<br />
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+<li>Restrict viewing for everybody for the content (assuming it's all under <code>data-repository/en/</code>): create a policy file called <code>en.policy</code> and set<br />
+<pre> <usecase id="view"><br /> <world permission="false"/><br /> </usecase><br /></pre>
+</li>
+<li>Make a directory for the path of the file you want to show, and a policy file for it:<br />
+<pre>mkdir realm-dir/ac-policies/en<br />vi realm-dir/ac-policies/en/construction.html.policy<br /></pre>
+<p>and allow viewing:</p>
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+<li>You will also need to allow viewing for auxiliary files, like <code>*.css</code>. Assuming these can be found in the directory <code>realm-dir/data-repository/app</code>, create a file <code>realm-dir/ac-policies/en/app.policy</code> and set:<br />
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+</ul>
+<p>Similarly, you can now allow access to the whole site for a group of registered users by setting</p>
+<pre> <usecase id="view"><br /> <group id="editors" permission="true"/><br /> </usecase></pre>
+<p>for the previously closed parts of the realm.</p>
+</body>
+</html>
\ No newline at end of file
Modified: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/meta
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/meta 2010-05-14 07:06:51 UTC (rev 49559)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/meta 2010-05-14 07:19:31 UTC (rev 49560)
@@ -1,7 +1,7 @@
+yarep_size<long>:5235
+yarep_checkinDate<date>:2010-05-14T10:04:13:917+0200
+yarep_lastModifed<long>:1273824253000
yarep_type<string>:resource
+yarep_checkoutUserID<string>:lenya
+yarep_checkoutDate<date>:2010-05-14T10:03:58:404+0200
yarep_isCheckedOut<boolean>:false
-yarep_checkoutDate<date>:2008-01-22T23:53:53+0100
-yarep_size<long>:1499
-yarep_checkoutUserID<string>:michi
-yarep_lastModifed<long>:1201042499000
-yarep_checkinDate<date>:2008-01-22T23:54:59+0100
Added: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/content
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/content (rev 0)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/content 2010-05-14 07:19:31 UTC (rev 49560)
@@ -0,0 +1,34 @@
+<?xml version="1.0"?><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Created from template ...</title> <link rel="neutron-introspection" type="application/neutron+xml" href="?yanel.resource.usecase=introspection"/></head><body>
+<h1>Access Control Policies</h1>
+<h2>Inheritance of policies or usecases</h2>
+<p>One can block inherited policies for <strong>all</strong> usecases</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false"><br /><br /> <usecase id="view"><br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="open"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="write"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<p>or also for a particular usecase</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0"><br /><br /> <usecase id="view" use-inherited-policies="false"<br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<h2>Default usecases</h2>
+<p>The defaul usecases are currently hard-coded within <code>org.wyona.yanel.servlet.YanelServlet</code> and <code>org.wyona.security.impl.PolicyManagerImplVersion2</code></p>
+<ul>
+<li><strong>view:</strong> Allows to access the resource generated content</li>
+<li><strong>yanel.resource.meta:</strong> Allows to access the meta data of resource (e.g. resource type)</li>
+<li><strong>open:</strong> Allows to access the source content of a resource</li>
+<li><strong>write:</strong> Allows to write/save data to the source content of a resource</li>
+<li><strong>delete:</strong> Allows to delete a resource</li>
+<li><strong>resource.create:</strong> Allows to create a resource</li>
+<li><strong>toolbar:</strong> Allows to access the Yanel toolbar</li>
+<li><strong>introspection:</strong> Allows to access the Neutron introspection of a resource</li>
+<li><strong>policy.read:</strong> Allows to view the access policy of a resource</li>
+<li><strong>policy.update:</strong> Allows to modify the access policy of a resource</li>
+</ul>
+<h2>Custom usecases</h2>
+<p>For example workflow transitions!</p>
+<h2>How it works</h2>
+<pre>The access control directory mimics the data directory. Each file-or-dir-name.policy file sets the rules for <br /></pre>
+<h2>How to block parts of the realm</h2>
+<p>Here is an example that shows what needs to be done to block view acces to all parts of a website except a special page (useful for production websites "under construction"):</p>
+<ul>
+<li>Leave the default policy open: in the </li>
+</ul>
+</body>
+</html>
\ No newline at end of file
Added: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/meta
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/meta (rev 0)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273821889533/meta 2010-05-14 07:19:31 UTC (rev 49560)
@@ -0,0 +1,12 @@
+yarep_size<long>:2973
+workflow-state<string>:draft
+yarep_checkinDate<date>:2008-01-22T23:54:59:000+0100
+yarep_type<string>:resource
+yarep_lastModifed<long>:1273821889000
+yarep_revisionCreator<string>:lenya
+yarep_checkoutUserID<string>:lenya
+workflow-date<date>:2010-05-14T09:24:49:618+0200
+yarep_isCheckedOut<boolean>:false
+yarep_checkoutDate<date>:2010-05-14T09:20:06:854+0200
+yarep_revisionCreationDate<date>:2010-05-14T09:24:49:540+0200
+yarep_revisionComment<string>:Updated with tinyMCE
Added: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/content
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/content (rev 0)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/content 2010-05-14 07:19:31 UTC (rev 49560)
@@ -0,0 +1,55 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<title>Untitled document</title>
+</head>
+<body>
+<h1>Access Control Policies</h1>
+<h2>Inheritance of policies or usecases</h2>
+<p>One can block inherited policies for <strong>all</strong> usecases</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false"><br /><br /> <usecase id="view"><br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="open"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="write"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<p>or also for a particular usecase</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0"><br /><br /> <usecase id="view" use-inherited-policies="false"<br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<h2>Default usecases</h2>
+<p>The defaul usecases are currently hard-coded within <code>org.wyona.yanel.servlet.YanelServlet</code> and <code>org.wyona.security.impl.PolicyManagerImplVersion2</code></p>
+<ul>
+<li><strong>view:</strong> Allows to access the resource generated content</li>
+<li><strong>yanel.resource.meta:</strong> Allows to access the meta data of resource (e.g. resource type)</li>
+<li><strong>open:</strong> Allows to access the source content of a resource</li>
+<li><strong>write:</strong> Allows to write/save data to the source content of a resource</li>
+<li><strong>delete:</strong> Allows to delete a resource</li>
+<li><strong>resource.create:</strong> Allows to create a resource</li>
+<li><strong>toolbar:</strong> Allows to access the Yanel toolbar</li>
+<li><strong>introspection:</strong> Allows to access the Neutron introspection of a resource</li>
+<li><strong>policy.read:</strong> Allows to view the access policy of a resource</li>
+<li><strong>policy.update:</strong> Allows to modify the access policy of a resource</li>
+</ul>
+<h2>Custom usecases</h2>
+<p>For example workflow transitions!</p>
+<h2>How it works</h2>
+<p>The access control directory mimics the data directory. Each <code>file-or-dir-name.policy</code> file sets the rules for its namesake in the respective data directory. If the filename is the name of a directory, it defines the access for the corresponding directory, if it is the name of a single file, it defines the rules for this file only. Definitions for directories are inherited by all subdirectories, exceptions need to be defined at the corresponding level (see the following example). The root policy that is installed by default and defines the rules for the whole realm is called <code>.policy</code>, and is in the root folder of the policies (<code>realm-dir/ac-policies</code> by default).</p>
+<h3>Example setup</h3>
+<p>Here is an example that shows what needs to be done to block view acces to all parts of a website except a special page (useful for production websites "under construction"). We will assume that the page that we want to show is <code>realm-dir/data-repository/en/construction.html</code>.</p>
+<ul>
+<li>Leave the default policy open, i.e. in the file <code>.policy</code> in the root access control directory (<code>realm-dir/ac-policies/.policy</code> by default, defined in <code>realm-dir/config/ac-policies-repository.xml</code>), let everybody view everything:<br />
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+<li>Restrict viewing for everybody for the content (assuming it's all under <code>data-repository/en/</code>): create a policy file called <code>en.policy</code> and set<br />
+<pre> <usecase id="view"><br /> <world permission="false"/><br /> </usecase><br /></pre>
+</li>
+<li>Make a directory for the path of the file you want to show, and a policy file for it:<br />
+<pre>mkdir realm-dir/ac-policies/en<br />vi realm-dir/ac-policies/en/construction.html.policy<br /></pre>
+<p>and allow viewing:</p>
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+<li>You will also need to allow viewing for auxiliary files, like <code>*.css</code>. Assuming these can be found in the directory <code>realm-dir/data-repository/app</code>, create a file <code>realm-dir/ac-policies/en/app.policy</code> and set:<br />
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+</ul>
+<p>Similarly, you can now allow access to the whole site for a group of registered users by setting</p>
+<pre> <usecase id="view"><br /> <group id="editors" permission="true"/><br /> </usecase></pre>
+<p>for the previously closed parts of the realm.</p>
+</body>
+</html>
\ No newline at end of file
Added: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/meta
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/meta (rev 0)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273823995648/meta 2010-05-14 07:19:31 UTC (rev 49560)
@@ -0,0 +1,12 @@
+yarep_size<long>:5229
+workflow-state<string>:draft
+yarep_checkinDate<date>:2010-05-14T09:24:49:571+0200
+yarep_lastModifed<long>:1273823995000
+yarep_type<string>:resource
+yarep_revisionCreator<string>:lenya
+yarep_checkoutUserID<string>:lenya
+workflow-date<date>:2010-05-14T09:59:55:753+0200
+yarep_checkoutDate<date>:2010-05-14T09:25:07:621+0200
+yarep_isCheckedOut<boolean>:false
+yarep_revisionCreationDate<date>:2010-05-14T09:59:55:694+0200
+yarep_revisionComment<string>:Updated with tinyMCE
Added: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/content
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/content (rev 0)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/content 2010-05-14 07:19:31 UTC (rev 49560)
@@ -0,0 +1,55 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<title>Access Control Policies</title>
+</head>
+<body>
+<h1>Access Control Policies</h1>
+<h2>Inheritance of policies or usecases</h2>
+<p>One can block inherited policies for <strong>all</strong> usecases</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false"><br /><br /> <usecase id="view"><br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="open"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /> <usecase id="write"><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<p>or also for a particular usecase</p>
+<p> </p>
+<pre><?xml version="1.0"?><br /><br /><policy xmlns="http://www.wyona.org/security/1.0"><br /><br /> <usecase id="view" use-inherited-policies="false"<br /> <!--<world permission="false"/>--><br /> <user id="lenya" permission="true"/><br /> </usecase><br /><br /></policy><br /></pre>
+<h2>Default usecases</h2>
+<p>The defaul usecases are currently hard-coded within <code>org.wyona.yanel.servlet.YanelServlet</code> and <code>org.wyona.security.impl.PolicyManagerImplVersion2</code></p>
+<ul>
+<li><strong>view:</strong> Allows to access the resource generated content</li>
+<li><strong>yanel.resource.meta:</strong> Allows to access the meta data of resource (e.g. resource type)</li>
+<li><strong>open:</strong> Allows to access the source content of a resource</li>
+<li><strong>write:</strong> Allows to write/save data to the source content of a resource</li>
+<li><strong>delete:</strong> Allows to delete a resource</li>
+<li><strong>resource.create:</strong> Allows to create a resource</li>
+<li><strong>toolbar:</strong> Allows to access the Yanel toolbar</li>
+<li><strong>introspection:</strong> Allows to access the Neutron introspection of a resource</li>
+<li><strong>policy.read:</strong> Allows to view the access policy of a resource</li>
+<li><strong>policy.update:</strong> Allows to modify the access policy of a resource</li>
+</ul>
+<h2>Custom usecases</h2>
+<p>For example workflow transitions!</p>
+<h2>How it works</h2>
+<p>The access control directory mimics the data directory. Each <code>file-or-dir-name.policy</code> file sets the rules for its namesake in the respective data directory. If the filename is the name of a directory, it defines the access for the corresponding directory, if it is the name of a single file, it defines the rules for this file only. Definitions for directories are inherited by all subdirectories, exceptions need to be defined at the corresponding level (see the following example). The root policy that is installed by default and defines the rules for the whole realm is called <code>.policy</code>, and is in the root folder of the policies (<code>realm-dir/ac-policies</code> by default).</p>
+<h3>Example setup</h3>
+<p>Here is an example that shows what needs to be done to block view acces to all parts of a website except a special page (useful for production websites "under construction"). We will assume that the page that we want to show is <code>realm-dir/data-repository/en/construction.html</code>.</p>
+<ul>
+<li>Leave the default policy open, i.e. in the file <code>.policy</code> in the root access control directory (<code>realm-dir/ac-policies/.policy</code> by default, defined in <code>realm-dir/config/ac-policies-repository.xml</code>), let everybody view everything:<br />
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+<li>Restrict viewing for everybody for the content (assuming it's all under <code>data-repository/en/</code>): create a policy file called <code>en.policy</code> and set<br />
+<pre> <usecase id="view"><br /> <world permission="false"/><br /> </usecase><br /></pre>
+</li>
+<li>Make a directory for the path of the file you want to show, and a policy file for it:<br />
+<pre>mkdir realm-dir/ac-policies/en<br />vi realm-dir/ac-policies/en/construction.html.policy<br /></pre>
+<p>and allow viewing:</p>
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+<li>You will also need to allow viewing for auxiliary files, like <code>*.css</code>. Assuming these can be found in the directory <code>realm-dir/data-repository/app</code>, create a file <code>realm-dir/ac-policies/en/app.policy</code> and set:<br />
+<pre> <usecase id="view"><br /> <world permission="true"/><br /> </usecase></pre>
+</li>
+</ul>
+<p>Similarly, you can now allow access to the whole site for a group of registered users by setting</p>
+<pre> <usecase id="view"><br /> <group id="editors" permission="true"/><br /> </usecase></pre>
+<p>for the previously closed parts of the realm.</p>
+</body>
+</html>
\ No newline at end of file
Added: public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/meta
===================================================================
--- public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/meta (rev 0)
+++ public/yanel/trunk/src/realms/yanel-website/content/b67016da-d515-4227-8204-7ff9384588ed.yarep/revisions/1273824253872/meta 2010-05-14 07:19:31 UTC (rev 49560)
@@ -0,0 +1,12 @@
+yarep_size<long>:5235
+workflow-state<string>:draft
+yarep_checkinDate<date>:2010-05-14T09:59:55:731+0200
+yarep_type<string>:resource
+yarep_lastModifed<long>:1273824253000
+yarep_revisionCreator<string>:lenya
+yarep_checkoutUserID<string>:lenya
+workflow-date<date>:2010-05-14T10:04:13:935+0200
+yarep_isCheckedOut<boolean>:false
+yarep_checkoutDate<date>:2010-05-14T10:03:58:404+0200
+yarep_revisionCreationDate<date>:2010-05-14T10:04:13:889+0200
+yarep_revisionComment<string>:Updated with tinyMCE
More information about the Yanel-commits
mailing list