CONTRIBUTING000664001750001750 614612404154317 13167 0ustar00taitai000000000000RDF-ACL-0.104NAME CONTRIBUTING DESCRIPTION If you're reading this document, that means you might be thinking about helping me out with this project. Thanks! Here's some ways you could help out: * Bug reports Found a bug? Great! (Well, not so great I suppose.) The place to report them is . Don't e-mail me about it, as your e-mail is more than likely to get lost amongst the spam. An example script clearly demonstrating the bug (preferably written using Test::More) would be greatly appreciated. * Patches If you've found a bug and written a fix for it, even better! Generally speaking you should check out the latest copy of the code from the source repository rather than using the CPAN distribution. The file META.yml should contain a link to the source repository. If not, then try or submit a bug report. (As far as I'm concerned the lack of a link is a bug.) Many of my distributions are also mirrored at . To submit the patch, do a pull request on GitHub or Bitbucket, or attach a diff file to a bug report. Unless otherwise stated, I'll assume that your contributions are licensed under the same terms as the rest of the project. (If using git, feel free to work in a branch. For Mercurial, I'd prefer bookmarks within the default branch.) * Documentation If there's anything unclear in the documentation, please submit this as a bug report or patch as above. Non-toy example scripts that I can bundle would also be appreciated. * Translation Translations of documentation would be welcome. For translations of error messages and other strings embedded in the code, check with me first. Sometimes the English strings may not in a stable state, so it would be a waste of time translating them. Coding Style I tend to write using something approximating the Allman style, using tabs for indentation and Unix-style line breaks. * * I nominally encode all source files as UTF-8, though in practice most of them use a 7-bit-safe ASCII-compatible subset of UTF-8. AUTHOR Toby Inkster . COPYRIGHT AND LICENCE Copyright (c) 2012-2014 by Toby Inkster. CONTRIBUTING is available under three different licences permitting its redistribution: the CC-BY-SA_UK-2.0 licence, plus the same licences as Perl itself, which is distributed under the GNU General Public Licence version 1, and the Artistic Licence. This file is licensed under the Creative Commons Attribution-ShareAlike 2.0 UK: England & Wales License. To view a copy of this license, visit . This file is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. COPYRIGHT000664001750001750 230712404154317 12623 0ustar00taitai000000000000RDF-ACL-0.104Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: RDF-ACL Upstream-Contact: TOBYINK and Toby Inkster Source: https://metacpan.org/release/RDF-ACL Files: t/01basic.t t/02access.t t/03classes.t t/04containers.t t/05whoami.t Copyright: Copyright 2012 Toby Inkster. License: GPL-1.0+ or Artistic-1.0 Files: Changes META.json META.yml dist.ini doap.ttl Copyright: Copyright 2014 Toby Inkster. License: GPL-1.0+ or Artistic-1.0 Files: CONTRIBUTING INSTALL LICENSE TODO Copyright: Unknown License: Unknown Files: COPYRIGHT CREDITS SIGNATURE Copyright: None License: public-domain Files: README lib/RDF/ACL.pm Copyright: This software is copyright (c) 2010-2013 by Toby Inkster. License: GPL-1.0+ or Artistic-1.0 Files: Makefile.PL Copyright: Copyright 2013 Toby Inkster. License: GPL-1.0+ or Artistic-1.0 License: Artistic-1.0 This software is Copyright (c) 2014 by the copyright holder(s). This is free software, licensed under: The Artistic License 1.0 License: GPL-1.0 This software is Copyright (c) 2014 by the copyright holder(s). This is free software, licensed under: The GNU General Public License, Version 1, February 1989 CREDITS000664001750001750 7112404154314 12301 0ustar00taitai000000000000RDF-ACL-0.104Maintainer: - TOBYINK - Toby Inkster Changes000664001750001750 146212404154314 12621 0ustar00taitai000000000000RDF-ACL-0.104RDF-ACL ======= Created: 2010-01-20 Home page: Bug tracker: Maintainer: Toby Inkster 0.104 2014-09-10 [ Packaging ] - Switch to Dist::Inkt. 0.103 2013-07-16 [ Documentation ] - Copyright 2013. [ Packaging ] - Stop bundling early paleolithic version of Scalar::Util. 0.102 2012-05-30 Still alive! [ Documentation ] - Copyright 2012. [ Packaging ] - Module::Package::RDF. [ Other ] - Cleanups. - Drop RDF::TrineShortcuts dependency; use RDF::TrineX::Functions. 0.101 2011-02-09 We're not dead yet! [ Documentation ] - Copyright 2011. [ Other ] - Minor cleanups. 0.100 2010-06-20 - Updated: Support recent addition to ACL vocabulary - acl:Append. - use Scalar::Util. 0.01 2010-01-20 INSTALL000664001750001750 164112404154313 12355 0ustar00taitai000000000000RDF-ACL-0.104 Installing RDF-ACL should be straightforward. INSTALLATION WITH CPANMINUS If you have cpanm, you only need one line: % cpanm RDF::ACL If you are installing into a system-wide directory, you may need to pass the "-S" flag to cpanm, which uses sudo to install the module: % cpanm -S RDF::ACL INSTALLATION WITH THE CPAN SHELL Alternatively, if your CPAN shell is set up, you should just be able to do: % cpan RDF::ACL MANUAL INSTALLATION As a last resort, you can manually install it. Download the tarball and unpack it. Consult the file META.json for a list of pre-requisites. Install these first. To build RDF-ACL: % perl Makefile.PL % make && make test Then install it: % make install If you are installing into a system-wide directory, you may need to run: % sudo make install LICENSE000664001750001750 4365512404154313 12364 0ustar00taitai000000000000RDF-ACL-0.104This software is copyright (c) 2014 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2014 by Toby Inkster. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2014 by Toby Inkster. This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End MANIFEST000664001750001750 33312404154317 12436 0ustar00taitai000000000000RDF-ACL-0.104CONTRIBUTING COPYRIGHT CREDITS Changes INSTALL LICENSE MANIFEST META.json META.yml Makefile.PL README SIGNATURE TODO dist.ini doap.ttl lib/RDF/ACL.pm t/01basic.t t/02access.t t/03classes.t t/04containers.t t/05whoami.t META.json000664001750001750 345712404154317 12760 0ustar00taitai000000000000RDF-ACL-0.104{ "abstract" : "access control lists for the semantic web", "author" : [ "Toby Inkster", "TOBYINK " ], "dynamic_config" : 0, "generated_by" : "Moose::Meta::Class::__ANON__::SERIAL::10 version , CPAN::Meta::Converter version 2.140640", "keywords" : [], "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : "2" }, "name" : "RDF-ACL", "no_index" : { "directory" : [ "eg", "examples", "inc", "t", "xt" ] }, "optional_features" : {}, "prereqs" : { "configure" : { "requires" : { "ExtUtils::MakeMaker" : "6.17" } }, "runtime" : { "requires" : { "Data::UUID" : "0", "Error" : "0", "RDF::Query" : "0", "RDF::Query::Client" : "0", "RDF::TrineX::Functions" : "0", "Scalar::Util" : "0", "URI" : "0" } }, "test" : { "requires" : { "Test::More" : "0.61" } } }, "provides" : { "RDF::ACL" : { "file" : "lib/RDF/ACL.pm", "version" : "0.104" } }, "release_status" : "stable", "resources" : { "X_identifier" : "http://purl.org/NET/cpan-uri/dist/RDF-ACL/project", "bugtracker" : { "web" : "http://rt.cpan.org/Dist/Display.html?Queue=RDF-ACL" }, "homepage" : "https://metacpan.org/release/RDF-ACL", "license" : [ "http://dev.perl.org/licenses/" ], "repository" : { "type" : "git", "url" : "git://github.com/tobyink/p5-rdf-acl.git", "web" : "https://github.com/tobyink/p5-rdf-acl" } }, "version" : "0.104" } META.yml000664001750001750 206212404154317 12577 0ustar00taitai000000000000RDF-ACL-0.104--- abstract: 'access control lists for the semantic web' author: - 'Toby Inkster' - 'TOBYINK ' build_requires: Test::More: '0.61' configure_requires: ExtUtils::MakeMaker: '6.17' dynamic_config: 0 generated_by: 'Moose::Meta::Class::__ANON__::SERIAL::10 version , CPAN::Meta::Converter version 2.140640' keywords: [] license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: RDF-ACL no_index: directory: - eg - examples - inc - t - xt optional_features: {} provides: RDF::ACL: file: lib/RDF/ACL.pm version: '0.104' requires: Data::UUID: '0' Error: '0' RDF::Query: '0' RDF::Query::Client: '0' RDF::TrineX::Functions: '0' Scalar::Util: '0' URI: '0' resources: X_identifier: http://purl.org/NET/cpan-uri/dist/RDF-ACL/project bugtracker: http://rt.cpan.org/Dist/Display.html?Queue=RDF-ACL homepage: https://metacpan.org/release/RDF-ACL license: http://dev.perl.org/licenses/ repository: git://github.com/tobyink/p5-rdf-acl.git version: '0.104' Makefile.PL000664001750001750 1160112404154317 13317 0ustar00taitai000000000000RDF-ACL-0.104use strict; use ExtUtils::MakeMaker 6.17; my $EUMM = eval( $ExtUtils::MakeMaker::VERSION ); my $meta = { "abstract" => "access control lists for the semantic web", "author" => ["Toby Inkster", "TOBYINK "], "dynamic_config" => 0, "generated_by" => "Moose::Meta::Class::__ANON__::SERIAL::10 version , CPAN::Meta::Converter version 2.140640", "keywords" => [], "license" => ["perl_5"], "meta-spec" => { url => "http://search.cpan.org/perldoc?CPAN::Meta::Spec", version => 2, }, "name" => "RDF-ACL", "no_index" => { directory => ["eg", "examples", "inc", "t", "xt"] }, "prereqs" => { configure => { requires => { "ExtUtils::MakeMaker" => 6.17 } }, runtime => { requires => { "Data::UUID" => 0, "Error" => 0, "RDF::Query" => 0, "RDF::Query::Client" => 0, "RDF::TrineX::Functions" => 0, "Scalar::Util" => 0, "URI" => 0, }, }, test => { requires => { "Test::More" => 0.61 } }, }, "provides" => { "RDF::ACL" => { file => "lib/RDF/ACL.pm", version => 0.104 } }, "release_status" => "stable", "resources" => { bugtracker => { web => "http://rt.cpan.org/Dist/Display.html?Queue=RDF-ACL" }, homepage => "https://metacpan.org/release/RDF-ACL", license => ["http://dev.perl.org/licenses/"], repository => { type => "git", url => "git://github.com/tobyink/p5-rdf-acl.git", web => "https://github.com/tobyink/p5-rdf-acl", }, X_identifier => "http://purl.org/NET/cpan-uri/dist/RDF-ACL/project", }, "version" => 0.104, }; my %dynamic_config; my %WriteMakefileArgs = ( ABSTRACT => $meta->{abstract}, AUTHOR => ($EUMM >= 6.5702 ? $meta->{author} : $meta->{author}[0]), DISTNAME => $meta->{name}, VERSION => $meta->{version}, EXE_FILES => [ map $_->{file}, values %{ $meta->{x_provides_scripts} || {} } ], NAME => do { my $n = $meta->{name}; $n =~ s/-/::/g; $n }, test => { TESTS => "t/*.t" }, %dynamic_config, ); $WriteMakefileArgs{LICENSE} = $meta->{license}[0] if $EUMM >= 6.3001; sub deps { my %r; for my $stage (@_) { for my $dep (keys %{$meta->{prereqs}{$stage}{requires}}) { next if $dep eq 'perl'; my $ver = $meta->{prereqs}{$stage}{requires}{$dep}; $r{$dep} = $ver if !exists($r{$dep}) || $ver >= $r{$dep}; } } \%r; } my ($build_requires, $configure_requires, $runtime_requires, $test_requires); if ($EUMM >= 6.6303) { $WriteMakefileArgs{BUILD_REQUIRES} ||= deps('build'); $WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure'); $WriteMakefileArgs{TEST_REQUIRES} ||= deps('test'); $WriteMakefileArgs{PREREQ_PM} ||= deps('runtime'); } elsif ($EUMM >= 6.5503) { $WriteMakefileArgs{BUILD_REQUIRES} ||= deps('build', 'test'); $WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure'); $WriteMakefileArgs{PREREQ_PM} ||= deps('runtime'); } elsif ($EUMM >= 6.52) { $WriteMakefileArgs{CONFIGURE_REQUIRES} ||= deps('configure'); $WriteMakefileArgs{PREREQ_PM} ||= deps('runtime', 'build', 'test'); } else { $WriteMakefileArgs{PREREQ_PM} ||= deps('configure', 'build', 'test', 'runtime'); } { my ($minperl) = reverse sort( grep defined && /^[0-9]+(\.[0-9]+)?$/, map $meta->{prereqs}{$_}{requires}{perl}, qw( configure build runtime ) ); if (defined($minperl)) { die "Installing $meta->{name} requires Perl >= $minperl" unless $] >= $minperl; $WriteMakefileArgs{MIN_PERL_VERSION} ||= $minperl if $EUMM >= 6.48; } } sub FixMakefile { return unless -d 'inc'; my $file = shift; local *MAKEFILE; open MAKEFILE, "< $file" or die "FixMakefile: Couldn't open $file: $!; bailing out"; my $makefile = do { local $/; }; close MAKEFILE or die $!; $makefile =~ s/\b(test_harness\(\$\(TEST_VERBOSE\), )/$1'inc', /; $makefile =~ s/( -I\$\(INST_ARCHLIB\))/ -Iinc$1/g; $makefile =~ s/( "-I\$\(INST_LIB\)")/ "-Iinc"$1/g; $makefile =~ s/^(FULLPERL = .*)/$1 "-Iinc"/m; $makefile =~ s/^(PERL = .*)/$1 "-Iinc"/m; open MAKEFILE, "> $file" or die "FixMakefile: Couldn't open $file: $!; bailing out"; print MAKEFILE $makefile or die $!; close MAKEFILE or die $!; } my $mm = WriteMakefile(%WriteMakefileArgs); FixMakefile($mm->{FIRST_MAKEFILE} || 'Makefile'); exit(0); README000664001750001750 2157512404154313 12234 0ustar00taitai000000000000RDF-ACL-0.104NAME RDF::ACL - access control lists for the semantic web SYNOPSIS use RDF::ACL; my $acl = RDF::ACL->new('access.ttl'); my $auth = $acl->allow( webid => 'http://example.com/joe#me', item => 'http://example.com/private/document', level => ['Read', 'Write'], ); $acl->save('turtle', 'access.ttl'); # later... if ($acl->check('http://example.com/joe#me', 'http://example.com/private/document', 'Read')) { print slurp("private/document"); } else { print "Denied"; } # later... foreach my $reason ($acl->why('http://example.com/joe#me', 'http://example.com/private/document', 'Read')) { $acl->deny($reason) if defined $reason; } $acl->save('turtle', 'access.ttl'); DESCRIPTION Note that this module provides access control and does not perform authentication! Constructors `$acl->new($input, %args)` Creates a new access control list based on RDF data defined in $input. $input can be a serialised string of RDF, a file name, a URI or any other input accepted by the `parse` function of RDF::TrineX::Functions. `new()` can be called with no arguments to create a fresh, clean ACL containing no authorisations. `$acl->new_remote($endpoint)` Creates a new access control list based on RDF data accessed via a remote SPARQL Protocol 1.0 endpoint. Public Methods `$acl->check($webid, $item, $level, @data)` Checks an agent's authorisation to access an item. $webid is the WebID (URI) of the agent requesting access to the item. $item is the URL (URI) of the item being accessed. $level is a URI identifying the type of access required. As special cases, the case-insensitive string 'read' is expanded to the URI , 'write' to , 'append' to and 'control' to . If the access control list is local (not remote), zero or more additional RDF graphs can be passed (i.e. @data) containing data to take into consideration when checking the agent's authorisation. This data is trusted blindly, so should not include data that the user has themselves supplied. If the access control list is remote, then this method throws an error if any additional data is provided. (A remote ACL cannot take into account local data.) If $level is provided, this method returns a boolean. If $level is undefined or omitted, this method returns a list of URIs which each represent a type of access that the user is authorised. `$acl->why($webid, $item, $level, @data)` Investigates an agent's authorisation to access an item. Arguments as per `check`, however $level is required. Returns a list of authorisations that justify a user's access to the item with the given access level. These authorisations are equivalent to $authid values provided by `allow()`. In some cases (especially if the authorisation was created by hand, and not via `allow()`) an authorisation may not have an identifier. In these cases, the list will contain undef. `$acl->allow(%args)` Adds an authorisation to the ACL. The ACL must be mutable. The method takes a hash of named arguments: my $authid = $acl->allow( webid => 'http://example.com/joe#me', item => 'http://example.com/private/document', level => ['Read', 'Write'], ); 'item' is the URI of the item to authorise access to. As an alternative, 'item_class' may be used to authorise access to an entire class of items (using classes in the RDFS/OWL sense of the word). If neither of these arguments is provided, then the method will throw an error. Both may be provided. Either or both may be an arrayref, because an authorisation may authorise access to more than one thing. 'container' is an alternative to using 'item' or 'item_class'. It specifies the URI for a resource which in some way is a container for other resources. Setting authorisations for a container allows you to set a default authorisation for new items created within that container. (You must use the `created()` method to notify the ACL about newly created items.) 'webid' is the WebID (URI) of the person or agent being granted access. As an alternative, 'agent_class' may be used to authorise access to an entire class of agents. If neither is provided, an agent_class of is assumed. Both may be provided. Either or both may be an arrayref, because an authorisation may authorise access by more than one agent. (For consistency with 'item', 'agent' is supported as a synonym for 'webid'.) 'level' is the access level being granted. As with the `check` method, the shortcuts 'read', 'write', 'append' and 'control' may be used. An arrayref may be used. If no level is specified, 'read' is assumed. This authorisation is not automatically saved, so it is probably useful to call `save()` after adding authorisations. The method returns an identifier for the authorisation. This identifier may be needed again if you ever need to `deny()` the authorisation. This method is aware of `i_am()`/`who_am_i()`. `$acl->deny($authid)` Completely removes all traces of an authorisation from the ACL. The authorisation identifier can be found using `why()` or you may have remembered it when you first allowed the access. In some cases (especially if the authorisation was created by hand, and not via `allow()`) an authorisation may not have an identifier. In these cases, you will have to be creative in figuring out how to deny access. Returns the number of statements removed from the ACL's internal model as a result of the removal. (This will normally be at least 3.) This authorisation is not automatically saved, so it is probably useful to call `save()` after removing authorisations. This method is aware of `i_am()`/`who_am_i()`. `$acl->created($item, $container)` Finds all authorisations which are the default for new items within $container and clones each of them for newly created $item. Returns a list of authorisation identifiers. `$acl->i_am($webid)` Tells the ACL object to "act like" the agent with the given WebID. If the ACL object is acting like you, then methods that make changes to the ACL (e.g. `allow()` and `deny()`) will only work if you have 'Control' permission over the resources specified. $webid can be null to restore the usual behaviour. Returns the previous WebID the ACL was acting like as a URI object. `$acl->who_am_i` Returns the WebID of the agent that ACL is acting like (if any). `$acl->save($format, $filename)` Serialises a local (not remote) ACL. $format can be any format supported by the `serialize` function from RDF::TrineX::Functions. If $filename is provided, this method writes to the file and returns the new file size in bytes. If $filename is omitted, this method does not attempt to write to a file, and simply returns the string it would have written. `$acl->is_remote` Returns true if the ACL is remote; false if local. `$acl->is_mutable` Can this ACL be modified? `$acl->model` The graph model against which authorisation checks are made. Returned as an RDF::Trine::Model object. `$acl->endpoint` The endpoint URI for remote (non-local) ACL queries. Returned as a URI object. BUGS Please report any bugs to . SEE ALSO Web::ID. . , . AUTHOR Toby Inkster . COPYRIGHT AND LICENCE This software is copyright (c) 2010-2013 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. SIGNATURE000664001750001750 346412404154317 12621 0ustar00taitai000000000000RDF-ACL-0.104This file contains message digests of all files listed in MANIFEST, signed via the Module::Signature module, version 0.73. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: % cpansign -v It will check each file's integrity, as well as the signature's validity. If "==> Signature verified OK! <==" is not displayed, the distribution may already have been compromised, and you should not run its Makefile.PL or Build.PL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHA1 33317486c4fa2cf7fec85bf92ed38ac0f64233a0 CONTRIBUTING SHA1 cc99d2fe847efa012d9ea261789b27b2d748a9eb COPYRIGHT SHA1 d2e79e54843f5470532b458924a8d6c1f42ae854 CREDITS SHA1 d2597997d2e83cfd327de81667558645472af916 Changes SHA1 33f6d12cf73cce7352eccf168a336a130aa65922 INSTALL SHA1 34f5e12514b91055de4b164a1f2327ef5c30ba53 LICENSE SHA1 3015ad710cf674b12ac15e7571eb5f2858e36d0c MANIFEST SHA1 daa7eadc3f4f980c8a8389d8e1d2fc6ea4b79d2c META.json SHA1 17e50f4ee41a88d0fad48d97f4d755a3bb2569aa META.yml SHA1 607e02da906683a19355c0cef977d9de2a41af64 Makefile.PL SHA1 a01bc11e3d74243dd120c9dedc5b1a114e0d1880 README SHA1 c2ba1409f6fee356220d39958849a64eca14aeab TODO SHA1 f71df1886af5120aeff017d060e98e92f8175a43 dist.ini SHA1 3293e2a201fa88a8b5ef63f7a4ebf28bcfa9bc0b doap.ttl SHA1 5b04c509df5a22a452732ed2b8da5c7ffb69c2e5 lib/RDF/ACL.pm SHA1 119ae4abe44f33a3ced4d9989671786435f5dfa2 t/01basic.t SHA1 36a68e85e3a9ceae244f7eb9b7c1da689ad37371 t/02access.t SHA1 56c8d36188bd42c196f0e7f5deee72ad8eab66ff t/03classes.t SHA1 b5dc3df3987d48cb725c83a8411e3b41931e84e0 t/04containers.t SHA1 3fcf8a4cd43f11feae065c53fef669e7f1bb04b8 t/05whoami.t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQQ2M8ACgkQzr+BKGoqfTmGnQCfVvlVBDgBqIhrHtJRkC/i8IAC IG4AniNhNJmnCrXAac8X1s1owQsSafLt =Kmy/ -----END PGP SIGNATURE----- TODO000664001750001750 10512404154313 11766 0ustar00taitai000000000000RDF-ACL-0.104TODO: * Fix test 03 (russian roulette serialisation) - thanks Jonas! dist.ini000664001750001750 7012404154313 12723 0ustar00taitai000000000000RDF-ACL-0.104;;class='Dist::Inkt::Profile::TOBYINK' ;;name='RDF-ACL' doap.ttl000664001750001750 1314312404154317 13020 0ustar00taitai000000000000RDF-ACL-0.104@prefix dc: . @prefix doap: . @prefix doap-changeset: . @prefix doap-deps: . @prefix foaf: . @prefix rdfs: . @prefix xsd: . a doap:Project; dc:contributor ; doap-deps:runtime-requirement [ doap-deps:on "Data::UUID"^^doap-deps:CpanId ], [ doap-deps:on "Error"^^doap-deps:CpanId ], [ doap-deps:on "RDF::TrineX::Functions"^^doap-deps:CpanId; ], [ doap-deps:on "RDF::Query"^^doap-deps:CpanId ], [ doap-deps:on "RDF::Query::Client"^^doap-deps:CpanId ], [ doap-deps:on "Scalar::Util"^^doap-deps:CpanId ], [ doap-deps:on "URI"^^doap-deps:CpanId ]; doap-deps:test-requirement [ doap-deps:on "Test::More 0.61"^^doap-deps:CpanId ]; doap:bug-database ; doap:created "2010-01-20"^^xsd:date; doap:developer ; doap:documenter ; doap:download-page ; doap:homepage ; doap:license ; doap:maintainer ; doap:name "RDF-ACL"; doap:programming-language "Perl"; doap:release , , , , , ; doap:repository [ a doap:GitRepository; doap:browse ; ]; doap:shortdesc "access control lists for the semantic web"@en; doap:tester . a doap:Version; dc:issued "2010-01-20"^^xsd:date; doap:file-release ; doap:revision "0.01"^^xsd:string; rdfs:comment "Original version"@en. a doap:Version; dc:issued "2010-06-20"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Update; rdfs:label "Support recent addition to ACL vocabulary - acl:Append."@en; ], [ rdfs:label "use Scalar::Util."@en ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "0.100"^^xsd:string. a doap:Version; rdfs:label "We're not dead yet!"@en; dc:issued "2011-02-09"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Documentation, doap-changeset:Update; rdfs:label "Copyright 2011."@en; ], [ rdfs:label "Minor cleanups."@en ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "0.101"^^xsd:string. a doap:Version; rdfs:label "Still alive!"@en; dc:issued "2012-05-30"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ rdfs:label "Drop RDF::TrineShortcuts dependency; use RDF::TrineX::Functions."@en; ], [ a doap-changeset:Documentation, doap-changeset:Update; rdfs:label "Copyright 2012."@en; ], [ rdfs:label "Cleanups."@en ], [ a doap-changeset:Packaging; rdfs:label "Module::Package::RDF."@en; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "0.102"^^xsd:string. a doap:Version; dc:issued "2013-07-16"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Documentation, doap-changeset:Update; rdfs:label "Copyright 2013."@en; ], [ a doap-changeset:Packaging; rdfs:label "Stop bundling early paleolithic version of Scalar::Util."@en; doap-changeset:fixes ; ]; doap-changeset:versus ; ]; doap:file-release ; doap:revision "0.103"^^xsd:string. a doap:Version; dc:identifier "RDF-ACL-0.104"^^xsd:string; dc:issued "2014-09-10"^^xsd:date; doap-changeset:changeset [ doap-changeset:item [ a doap-changeset:Packaging; rdfs:label "Switch to Dist::Inkt."; ]; ]; doap-changeset:released-by ; doap:file-release ; doap:revision "0.104"^^xsd:string. a foaf:Person; foaf:homepage ; foaf:name "Toby Inkster"; foaf:page . 01basic.t000664001750001750 47712404154313 13164 0ustar00taitai000000000000RDF-ACL-0.104/tuse Test::More tests => 7; BEGIN { use_ok('RDF::ACL') }; my $acl = new_ok 'RDF::ACL'; ok($acl->can('check'), "ACL object can check"); ok($acl->can('why'), "ACL object can why"); ok($acl->can('allow'), "ACL object can allow"); ok($acl->can('deny'), "ACL object can deny"); ok($acl->can('save'), "ACL object can save");02access.t000664001750001750 267612404154313 13370 0ustar00taitai000000000000RDF-ACL-0.104/tuse Test::More tests => 8; use RDF::ACL; my $acl = RDF::ACL->new; ok(!$acl->check( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read'), "by default, deny access" ); my $authid = $acl->allow( 'webid' => ['http://example.com/joe#me'], 'item' => 'http://example.com/private/document', 'level' => ['read'] ); ok($acl->check( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read'), "allow and check seem to work" ); my $proper = < . <$authid> . <$authid> . <$authid> . CANON $proper =~ s/\r?\n/\r\n/g; is($proper, $acl->save(RDF::Trine::Serializer::NTriples::Canonical->new), "graph generated by allow seems good"); my @reasons = $acl->why( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read' ); is(1, scalar @reasons, "why seems to work"); my $reason = $reasons[0]; is($authid, $reason, "why seems sane"); is(4, $acl->deny($reason), "deny seems to work"); is(0, $acl->model->count_statements, "deny removes triples"); ok(!$acl->check( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read'), "deny works" ); 03classes.t000664001750001750 621412404154313 13555 0ustar00taitai000000000000RDF-ACL-0.104/tuse Test::More tests => 6; use RDF::ACL; my $acl = RDF::ACL->new; my $authid = $acl->allow( 'agent' => ['http://example.com/fembot#me'], 'agent_class' => ['http://xmlns.com/foaf/0.1/Person'], 'item_class' => 'http://xmlns.com/foaf/0.1/Document', 'level' => ['read'] ); my $authid2 = $acl->allow( 'agent' => ['http://example.com/fembot#me'], 'item_class' => 'http://xmlns.com/foaf/0.1/PersonalProfileDocument', 'level' => ['append', 'read'] ); my $proper = < . <$authid> . <$authid> . <$authid> . <$authid> . <$authid2> . <$authid2> . <$authid2> . <$authid2> . <$authid2> . CANON $proper =~ s/\r?\n/\r\n/g; #is($proper, $acl->save(RDF::Trine::Serializer::NTriples::Canonical->new), "allow seems to generate sensible triples"); ok(!$acl->check( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read'), "by default, deny access" ); my $agent_info = [< 'Turtle', base => 'http://example.com/']; a . a . a . AGENTINFO my $document_info = [< 'Turtle', base => 'http://example.com/']; a . a . DOCINFO ok($acl->check( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read', $agent_info, $document_info, ), "with class info, allow access!" ); my @reasons = $acl->why( 'http://example.com/fembot#me', 'http://example.com/private/document', 'Read', $agent_info, $document_info); is(2, scalar @reasons, "first explanation works ok"); my @reasons2 = $acl->why( 'http://example.com/fembot#me', 'http://example.com/private/document', 'append', $agent_info, $document_info); is(1, scalar @reasons2, "second explanation works ok"); $acl->deny($authid2); ok(!$acl->check( 'http://example.com/fembot#me', 'http://example.com/private/document', 'APPEND', $agent_info, $document_info), "removed append authorisation" ); ok($acl->check( 'http://example.com/fembot#me', 'http://example.com/private/document', 'read', $agent_info, $document_info), "but kept read" ); 04containers.t000664001750001750 120612404154313 14262 0ustar00taitai000000000000RDF-ACL-0.104/tuse Test::More tests => 2; use RDF::ACL; my $acl = RDF::ACL->new; my $authid = $acl->allow( 'webid' => ['http://example.com/joe#me'], 'container' => 'http://example.com/private/', 'level' => ['read'] ); $acl->created( 'http://example.com/private/document', 'http://example.com/private/' ); ok($acl->check( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read'), "Access granted because of container's default authorisation" ); my @reasons = $acl->why( 'http://example.com/joe#me', 'http://example.com/private/document', 'Read' ); ok($authid ne $reasons[0], "Default authorisation is cloned");05whoami.t000664001750001750 224312404154313 13404 0ustar00taitai000000000000RDF-ACL-0.104/tuse Test::More tests => 6; use RDF::ACL; use Error qw(:try); my $acl = RDF::ACL->new; my $id = $acl->allow( 'webid' => ['http://example.com/joe#me'], 'item' => 'http://example.com/private/document', 'level' => ['read'] ); $acl->i_am('http://example.com/joe#me'); is($acl->who_am_i, 'http://example.com/joe#me', "who_am_i works"); try { $acl->allow( 'webid' => ['http://example.com/joe#me'], 'item' => 'http://example.com/private/document', 'level' => ['write'] ); } catch Error::Simple with { my $e = shift; ok($e, "This is supposed to fail:- $e"); }; try { $acl->deny($id); } catch Error::Simple with { my $e = shift; ok($e, "This is also supposed to fail:- $e"); }; $acl->i_am(undef); ok($acl->allow( 'webid' => ['http://example.com/joe#me'], 'item' => 'http://example.com/private/document', 'level' => ['control'] ), "Assigning control access to joe."); $acl->i_am('http://example.com/joe#me'); ok($acl->allow( 'webid' => ['http://example.com/joe#me'], 'item' => 'http://example.com/private/document', 'level' => ['write'] ), "Now it works!"); ok($acl->deny($id), "This works too!"); ACL.pm000664001750001750 4340012404154313 13461 0ustar00taitai000000000000RDF-ACL-0.104/lib/RDFpackage RDF::ACL; use 5.010; use strict; use utf8; use Data::UUID; use Error qw(:try); use RDF::TrineX::Functions -shortcuts; use RDF::Query; use RDF::Query::Client; use Scalar::Util qw(blessed); use URI; use constant EXCEPTION => 'Error::Simple'; use constant NS_ACL => 'http://www.w3.org/ns/auth/acl#'; use constant NS_RDF => 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'; our $AUTHORITY = 'cpan:TOBYINK'; our $VERSION = '0.104'; sub rdf_query { my ($query, $model) = @_; my $class = (blessed($model) and $model->isa('RDF::Trine::Model')) ? 'RDF::Query' : 'RDF::Query::Client'; my $results = $class->new($query)->execute($model); if ($results->is_boolean) { return $results->get_boolean } if ($results->is_bindings) { return $results } if ($results->is_graph) { my $m = rdf_parse(); $m->add_hashref($results->as_hashref); return $m } return; } sub new { my $class = shift; my $model = shift; unless (blessed($model) && $model->isa('RDF::Trine::Model')) { $model = rdf_parse($model, @_); } my $self = bless { 'model' => $model, 'i_am' => undef , }, $class; return $self; } sub new_remote { my $class = shift; my $ep = shift; my $self = bless { 'endpoint' => $ep, }, $class; return $self; } sub check { my ($self, $webid, $item, $level, @datas) = @_; EXCEPTION->throw("Must provide WebID to be checked.") unless defined $webid; EXCEPTION->throw("Must provide item URI to be checked.") unless defined $item; my $model = $self->_union_model(@datas); my $aclvocab = NS_ACL; if (defined $level) { if ($level =~ /^(access|read|write|control|append)$/i) { $level = $aclvocab . (ucfirst lc $level); } my $sparql = <<"SPARQL"; PREFIX acl: <$aclvocab> ASK WHERE { { { ?authorisation acl:agentClass ?agentclass . <$webid> a ?agentclass . } UNION { ?authorisation acl:agent <$webid> . } UNION { ?authorisation acl:agentClass . } } { { ?authorisation acl:accessToClass ?accessclass . <$item> a ?accessclass . } UNION { ?authorisation acl:accessTo <$item> . } UNION { ?authorisation acl:accessToClass . } } { ?authorisation acl:mode <$level> . } } SPARQL return rdf_query($sparql, $model); } else { my $sparql = <<"SPARQL"; PREFIX acl: <$aclvocab> SELECT DISTINCT ?level WHERE { { { ?authorisation acl:agentClass ?agentclass . <$webid> a ?agentclass . } UNION { ?authorisation acl:agent <$webid> . } UNION { ?authorisation acl:agentClass . } } { { ?authorisation acl:accessToClass ?accessclass . <$item> a ?accessclass . } UNION { ?authorisation acl:accessTo <$item> . } UNION { ?authorisation acl:accessToClass . } } { ?authorisation acl:mode ?level . } } SPARQL my $iterator = rdf_query($sparql, $model); my @rv; while (my $result = $iterator->next) { push @rv, $result->{'level'}->uri if blessed($result->{'level'}) && $result->{'level'}->can('uri'); } return @rv; } } sub why { my ($self, $webid, $item, $level, @datas) = @_; EXCEPTION->throw("Must provide WebID to be checked.") unless defined $webid; EXCEPTION->throw("Must provide item URI to be checked.") unless defined $item; EXCEPTION->throw("Must provide item URI to be checked.") unless defined $item; my $model = $self->_union_model(@datas); my $aclvocab = NS_ACL; if ($level =~ /^(access|read|write|control|append)$/i) { $level = $aclvocab . (ucfirst lc $level); } my $sparql = <<"SPARQL"; PREFIX acl: <$aclvocab> SELECT DISTINCT ?authorisation WHERE { { { ?authorisation acl:agentClass ?agentclass . <$webid> a ?agentclass . } UNION { ?authorisation acl:agent <$webid> . } UNION { ?authorisation acl:agentClass . } } { { ?authorisation acl:accessToClass ?accessclass . <$item> a ?accessclass . } UNION { ?authorisation acl:accessTo <$item> . } UNION { ?authorisation acl:accessToClass . } } { ?authorisation acl:mode <$level> . } } SPARQL my $iterator = rdf_query($sparql, $model); my @rv; while (my $result = $iterator->next) { if (blessed($result->{'authorisation'}) && $result->{'authorisation'}->can('uri')) { push @rv, $result->{'authorisation'}->uri; } else { push @rv, undef; } } return @rv; } sub allow { my ($self, %args) = @_; EXCEPTION->throw("This ACL is not mutable.") unless $self->is_mutable; EXCEPTION->throw("Must provide an 'item', 'item_class' or 'container' argument.") unless (defined $args{'item'} or defined $args{'item_class'} or defined $args{'container'}); EXCEPTION->throw("Cannot provide 'container' with an 'item' or 'item_class' argument.") if ((defined $args{'container'}) and (defined $args{'item'} or defined $args{'item_class'})); $args{'agent_class'} = 'http://xmlns.com/foaf/0.1/Agent' unless (defined $args{'webid'} or defined $args{'agent'} or defined $args{'agent_class'}); $args{'level'} = NS_ACL.'Read' unless defined $args{'level'}; my $predicate_map = { 'level' => NS_ACL . 'mode' , 'item' => NS_ACL . 'accessTo' , 'item_class' => NS_ACL . 'accessToClass' , 'container' => NS_ACL . 'defaultForNew' , 'agent' => NS_ACL . 'agent' , 'agent_class' => NS_ACL . 'agentClass' , 'webid' => NS_ACL . 'agent' , }; my $data = {}; my $authid = $self->_uuid; $data->{$authid}->{NS_RDF.'type'} = [ { 'type'=>'uri', 'value'=>NS_ACL.'Authorization' }, ]; foreach my $p (keys %$predicate_map) { next unless defined $args{$p}; unless (ref $args{$p} eq 'ARRAY') { $args{$p} = [ $args{$p} ]; } foreach my $val (@{$args{$p}}) { if (defined $self->who_am_i and $p =~ /^(item|container)$/) { my $control = $self->check($self->who_am_i, $val, 'Control'); EXCEPTION->throw("WebID <".$self->who_am_i."> does not have access control for resource <$val>.") unless $control; } if ($p eq 'level' and $val =~ /^(access|read|write|control|append)$/i) { $val = NS_ACL . (ucfirst lc $val); } push @{ $data->{$authid}->{$predicate_map->{$p}} }, { 'type'=>'uri', 'value'=>$val }; } } $self->model->add_hashref($data); return $authid; } sub deny { my ($self, $id) = @_; EXCEPTION->throw("This ACL is not mutable.") unless $self->is_mutable; if (defined $self->who_am_i) { my $aclvocab = NS_ACL; my $sparql = <<"SPARQL"; PREFIX acl: <$aclvocab> SELECT DISTINCT ?resource WHERE { { <$id> acl:accessTo ?resource . } UNION { <$id> acl:accessTo ?resource . } } SPARQL my $iterator = rdf_query($sparql, $self->model); while (my $result = $iterator->next) { next unless $result->{'resource'}->is_resource; next if $self->check($self->who_am_i, $result->{'resource'}->uri, 'Control'); EXCEPTION->throw("WebID <".$self->who_am_i."> does not have access control for resource <".$result->{'resource'}->uri.">."); } } my $auth = RDF::Trine::Node::Resource->new($id); my $count = $self->model->count_statements($auth, undef, undef); $self->model->remove_statements($auth, undef, undef); return $count; } sub created { my ($self, $item, $container) = @_; EXCEPTION->throw("This ACL is not mutable.") unless $self->is_mutable; my $aclvocab = NS_ACL; my $graph = rdf_query(<<"QUERY", $self->model); PREFIX acl: <$aclvocab> CONSTRUCT { ?auth ?p ?o . } WHERE { ?auth ?p ?o ; acl:defaultForNew <$container> . FILTER ( sameTerm(?p, acl:mode) || sameTerm(?p, acl:agent) || sameTerm(?p, acl:agentClass) || sameTerm(?p, ) ) } QUERY my $data = $graph->as_hashref; my $newdata = {}; my @rv; foreach my $k (keys %$data) { my $authid = $self->_uuid; $newdata->{$authid} = $data->{$k}; $newdata->{$authid}->{$aclvocab.'accessTo'} = [{ 'type' => 'uri', 'value' => $item }]; push @rv, $authid; } $self->model->add_hashref($newdata); return @rv; } sub i_am { my $self = shift; my $old = $self->who_am_i; $self->{'i_am'} = shift; return URI->new($old); } sub who_am_i { my ($self) = @_; return $self->{'i_am'}; } sub save { my ($self, $fmt, $file) = @_; EXCEPTION->throw("This ACL is not serialisable.") if $self->is_remote; return rdf_string( $self->model, type => $fmt, output => $file, ); } sub is_remote { my ($self) = @_; return defined $self->endpoint; } sub is_mutable { my ($self) = @_; return defined $self->model; } sub model { my ($self) = @_; return $self->{'model'}; } sub endpoint { my ($self) = @_; return undef unless defined $self->{'endpoint'}; return URI->new(''.$self->{'endpoint'}); } # PRIVATE METHODS # * $acl->_uuid # # Returns a unique throwaway URI. sub _uuid { my ($self) = @_; $self->{'uuid_generator'} = Data::UUID->new unless defined $self->{'uuid_generator'}; return 'urn:uuid:' . $self->{'uuid_generator'}->create_str; } # * $acl->_union_model(@graphs) # # Creates a temporary model that is the union of the ACL # object's default data source plus additional graphs. sub _union_model { my ($self, @graphs) = @_; my $model; if ($self->is_remote) { $model = $self->endpoint; EXCEPTION->throw("Cannot provide additional data to consider for remote ACL.") if @graphs; } elsif (@graphs) { $model = rdf_parse($self->model, model => RDF::TrineX::Functions::model()); foreach my $given (@graphs) { my @given = ref($given) eq 'ARRAY' ? @$given : $given; rdf_parse(@given, model => $model); } } else { $model = $self->model; } return $model; } __PACKAGE__ __END__ =head1 NAME RDF::ACL - access control lists for the semantic web =head1 SYNOPSIS use RDF::ACL; my $acl = RDF::ACL->new('access.ttl'); my $auth = $acl->allow( webid => 'http://example.com/joe#me', item => 'http://example.com/private/document', level => ['Read', 'Write'], ); $acl->save('turtle', 'access.ttl'); # later... if ($acl->check('http://example.com/joe#me', 'http://example.com/private/document', 'Read')) { print slurp("private/document"); } else { print "Denied"; } # later... foreach my $reason ($acl->why('http://example.com/joe#me', 'http://example.com/private/document', 'Read')) { $acl->deny($reason) if defined $reason; } $acl->save('turtle', 'access.ttl'); =head1 DESCRIPTION Note that this module provides access control and does not perform authentication! =head2 Constructors =over 4 =item C<< $acl->new($input, %args) >> Creates a new access control list based on RDF data defined in $input. $input can be a serialised string of RDF, a file name, a URI or any other input accepted by the C function of L. C<< new() >> can be called with no arguments to create a fresh, clean ACL containing no authorisations. =item C<< $acl->new_remote($endpoint) >> Creates a new access control list based on RDF data accessed via a remote SPARQL Protocol 1.0 endpoint. =back =head2 Public Methods =over 4 =item C<< $acl->check($webid, $item, $level, @data) >> Checks an agent's authorisation to access an item. $webid is the WebID (URI) of the agent requesting access to the item. $item is the URL (URI) of the item being accessed. $level is a URI identifying the type of access required. As special cases, the case-insensitive string 'read' is expanded to the URI Ehttp://www.w3.org/ns/auth/acl#ReadE, 'write' to Ehttp://www.w3.org/ns/auth/acl#WriteE, 'append' to Ehttp://www.w3.org/ns/auth/acl#AppendE and 'control' to Ehttp://www.w3.org/ns/auth/acl#ControlE. If the access control list is local (not remote), zero or more additional RDF graphs can be passed (i.e. @data) containing data to take into consideration when checking the agent's authorisation. This data is trusted blindly, so should not include data that the user has themselves supplied. If the access control list is remote, then this method throws an error if any additional data is provided. (A remote ACL cannot take into account local data.) If $level is provided, this method returns a boolean. If $level is undefined or omitted, this method returns a list of URIs which each represent a type of access that the user is authorised. =item C<< $acl->why($webid, $item, $level, @data) >> Investigates an agent's authorisation to access an item. Arguments as per C<< check >>, however $level is required. Returns a list of authorisations that justify a user's access to the item with the given access level. These authorisations are equivalent to $authid values provided by C<< allow() >>. In some cases (especially if the authorisation was created by hand, and not via C<< allow() >>) an authorisation may not have an identifier. In these cases, the list will contain undef. =item C<< $acl->allow(%args) >> Adds an authorisation to the ACL. The ACL must be mutable. The method takes a hash of named arguments: my $authid = $acl->allow( webid => 'http://example.com/joe#me', item => 'http://example.com/private/document', level => ['Read', 'Write'], ); 'item' is the URI of the item to authorise access to. As an alternative, 'item_class' may be used to authorise access to an entire class of items (using classes in the RDFS/OWL sense of the word). If neither of these arguments is provided, then the method will throw an error. Both may be provided. Either or both may be an arrayref, because an authorisation may authorise access to more than one thing. 'container' is an alternative to using 'item' or 'item_class'. It specifies the URI for a resource which in some way is a container for other resources. Setting authorisations for a container allows you to set a default authorisation for new items created within that container. (You must use the C<< created() >> method to notify the ACL about newly created items.) 'webid' is the WebID (URI) of the person or agent being granted access. As an alternative, 'agent_class' may be used to authorise access to an entire class of agents. If neither is provided, an agent_class of Ehttp://xmlns.com/foaf/0.1/AgentE is assumed. Both may be provided. Either or both may be an arrayref, because an authorisation may authorise access by more than one agent. (For consistency with 'item', 'agent' is supported as a synonym for 'webid'.) 'level' is the access level being granted. As with the C<< check >> method, the shortcuts 'read', 'write', 'append' and 'control' may be used. An arrayref may be used. If no level is specified, 'read' is assumed. This authorisation is not automatically saved, so it is probably useful to call C<< save() >> after adding authorisations. The method returns an identifier for the authorisation. This identifier may be needed again if you ever need to C<< deny() >> the authorisation. This method is aware of C<< i_am() >>/C<< who_am_i() >>. =item C<< $acl->deny($authid) >> Completely removes all traces of an authorisation from the ACL. The authorisation identifier can be found using C<< why() >> or you may have remembered it when you first allowed the access. In some cases (especially if the authorisation was created by hand, and not via C<< allow() >>) an authorisation may not have an identifier. In these cases, you will have to be creative in figuring out how to deny access. Returns the number of statements removed from the ACL's internal model as a result of the removal. (This will normally be at least 3.) This authorisation is not automatically saved, so it is probably useful to call C<< save() >> after removing authorisations. This method is aware of C<< i_am() >>/C<< who_am_i() >>. =item C<< $acl->created($item, $container) >> Finds all authorisations which are the default for new items within $container and clones each of them for newly created $item. Returns a list of authorisation identifiers. =item C<< $acl->i_am($webid) >> Tells the ACL object to "act like" the agent with the given WebID. If the ACL object is acting like you, then methods that make changes to the ACL (e.g. C<< allow() >> and C<< deny() >>) will only work if you have 'Control' permission over the resources specified. $webid can be null to restore the usual behaviour. Returns the previous WebID the ACL was acting like as a L object. =item C<< $acl->who_am_i >> Returns the WebID of the agent that ACL is acting like (if any). =item C<< $acl->save($format, $filename) >> Serialises a local (not remote) ACL. $format can be any format supported by the C function from L. If $filename is provided, this method writes to the file and returns the new file size in bytes. If $filename is omitted, this method does not attempt to write to a file, and simply returns the string it would have written. =item C<< $acl->is_remote >> Returns true if the ACL is remote; false if local. =item C<< $acl->is_mutable >> Can this ACL be modified? =item C<< $acl->model >> The graph model against which authorisation checks are made. Returned as an L object. =item C<< $acl->endpoint >> The endpoint URI for remote (non-local) ACL queries. Returned as a L object. =back =head1 BUGS Please report any bugs to L. =head1 SEE ALSO L. L. L, L. =head1 AUTHOR Toby Inkster Etobyink@cpan.orgE. =head1 COPYRIGHT AND LICENCE This software is copyright (c) 2010-2013 by Toby Inkster. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =head1 DISCLAIMER OF WARRANTIES THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.