AtomGraph
diff --git a/‎http-tests/system/admin/POST-clear-401.sh‎
Lines changed: 18 additions & 0 deletions b/‎http-tests/system/admin/POST-clear-401.sh‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-clear-403.sh‎
Lines changed: 25 additions & 0 deletions b/‎http-tests/system/admin/POST-clear-403.sh‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-clear-readers-403.sh‎
Lines changed: 25 additions & 0 deletions b/‎http-tests/system/admin/POST-clear-readers-403.sh‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-clear.sh‎
Lines changed: 19 additions & 0 deletions b/‎http-tests/system/admin/POST-clear.sh‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-packages-install-401.sh‎
Lines changed: 18 additions & 0 deletions b/‎http-tests/system/admin/POST-packages-install-401.sh‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-packages-install-403.sh‎
Lines changed: 25 additions & 0 deletions b/‎http-tests/system/admin/POST-packages-install-403.sh‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-packages-install-readers-403.sh‎
Lines changed: 25 additions & 0 deletions b/‎http-tests/system/admin/POST-packages-install-readers-403.sh‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-packages-uninstall-401.sh‎
Lines changed: 18 additions & 0 deletions b/‎http-tests/system/admin/POST-packages-uninstall-401.sh‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-packages-uninstall-403.sh‎
Lines changed: 25 additions & 0 deletions b/‎http-tests/system/admin/POST-packages-uninstall-403.sh‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎http-tests/system/admin/POST-packages-uninstall-readers-403.sh‎
Lines changed: 25 additions & 0 deletions b/‎http-tests/system/admin/POST-packages-uninstall-readers-403.sh‎
Lines changed: 25 additions & 0 deletions
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /clear without a certificate should return 401
+# Only owners have access to /clear via full-control authorization in admin.trig
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "uri=${END_USER_BASE_URL}ns#" \
+  "${ADMIN_BASE_URL}clear" \
+| grep -q "$STATUS_UNAUTHORIZED"
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /clear with a writer (not owner) should return 403
+# /clear is only in the full-control authorization which is restricted to owners
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/writers/"
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "uri=${END_USER_BASE_URL}ns#" \
+  "${ADMIN_BASE_URL}clear" \
+| grep -q "$STATUS_FORBIDDEN"
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /clear with a reader should return 403
+# /clear is only in the full-control authorization which is restricted to owners
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/readers/"
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "uri=${END_USER_BASE_URL}ns#" \
+  "${ADMIN_BASE_URL}clear" \
+| grep -q "$STATUS_FORBIDDEN"
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /clear with owner should succeed
+# Owner POSTs the end-user namespace ontology URI to clear it from memory (reload on next request)
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$OWNER_CERT_FILE":"$OWNER_CERT_PWD" \
+  -H "Accept: text/turtle" \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "uri=${END_USER_BASE_URL}ns#" \
+  "${ADMIN_BASE_URL}clear" \
+| grep -qE "^($STATUS_OK|$STATUS_NO_CONTENT)$"
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /packages/install without a certificate should return 401
+# Only owners have access to /packages/install via full-control authorization in admin.trig
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "package-uri=https://packages.linkeddatahub.com/skos/#this" \
+  "${ADMIN_BASE_URL}packages/install" \
+| grep -q "$STATUS_UNAUTHORIZED"
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /packages/install with a writer (not owner) should return 403
+# /packages/install is only in the full-control authorization which is restricted to owners
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/writers/"
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "package-uri=https://packages.linkeddatahub.com/skos/#this" \
+  "${ADMIN_BASE_URL}packages/install" \
+| grep -q "$STATUS_FORBIDDEN"
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /packages/install with a reader should return 403
+# /packages/install is only in the full-control authorization which is restricted to owners
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/readers/"
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "package-uri=https://packages.linkeddatahub.com/skos/#this" \
+  "${ADMIN_BASE_URL}packages/install" \
+| grep -q "$STATUS_FORBIDDEN"
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /packages/uninstall without a certificate should return 401
+# Only owners have access to /packages/uninstall via full-control authorization in admin.trig
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "package-uri=https://packages.linkeddatahub.com/skos/#this" \
+  "${ADMIN_BASE_URL}packages/uninstall" \
+| grep -q "$STATUS_UNAUTHORIZED"
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /packages/uninstall with a writer (not owner) should return 403
+# /packages/uninstall is only in the full-control authorization which is restricted to owners
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/writers/"
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "package-uri=https://packages.linkeddatahub.com/skos/#this" \
+  "${ADMIN_BASE_URL}packages/uninstall" \
+| grep -q "$STATUS_FORBIDDEN"
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# POST /packages/uninstall with a reader should return 403
+# /packages/uninstall is only in the full-control authorization which is restricted to owners
+
+add-agent-to-group.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  --agent "$AGENT_URI" \
+  "${ADMIN_BASE_URL}acl/groups/readers/"
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X POST \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  --data-urlencode "package-uri=https://packages.linkeddatahub.com/skos/#this" \
+  "${ADMIN_BASE_URL}packages/uninstall" \
+| grep -q "$STATUS_FORBIDDEN"