WebACL
This package allows you to handle rights through the WebACL standard.
Features#
- View and modify rights of any resources
- Automatically add rights when LDP resources, LDP containers or ActivityPub collections are created
- Create ACL groups, manage members of these groups
Dependencies#
Sub-services#
- WebAclResourceService
- WebAclGroupService
- WebAclCacheCleanerService
Install#
Usage#
This service must be used with an instance of Fuseki which can handle WebAcl.
We recommend to use the image semapps/jena-fuseki-webacl (see page on Docker Hub)
You will also need to add the WebAcl middleware to the broker settings.
The WebAclMiddleware:
- Protects the actions of the LDP service
- Automatically updates ACL when LDP resources, LDP containers or ActivityPub collections are added or removed.
Caching#
If you wish to properly cache the WebAcl and improve performances, we recommend that you add a Cacher middleware before the WebACL middleware.
See the Moleculer caching documentation to know what options can be passed.
Settings#
| Property | Type | Default | Description |
|---|---|---|---|
baseUrl | String | required | Base URL of the LDP server |
General notes#
- The SemApps middleware will always connect to the SPARQL endpoint with a Basic Authorization header containing the
adminuser and its password. - If the middleware is doing a query on behalf of a SemApps user, it will send the WebID URI of this user in the HTTP header
X-SemappsUser. - If no user is logged-in and the middleware is making a request as a public (anonymous) user, then the
X-SemappsUserheader will be sent with the valueanon. - If to the contrary, the middleware is modifying the ACLs, it will send no header, or a header with the
X-SemappsUserset tosystem.