@@ -21,7 +21,7 @@ graph m-graph:AccessControl.Agents {
2121 m-user:anon a mms:User ;
2222 mms:id "anon" .
2323
24- <http://layer1-service/users/ldap/user/user01> a mms:User ;
24+ <http://layer1-service/users/ldap/user/user01> a mms:User ;
2525 mms:id "ldap/user/user01" .
2626
2727 <http://layer1-service/users/ldap/user/user02> a mms:User ;
@@ -31,7 +31,8 @@ graph m-graph:AccessControl.Agents {
3131 mms:id "ldap/group/group01" .
3232
3333 m-group:SuperAdmins a mms:Group ;
34- mms:id "super_admins" .
34+ mms:id "super_admins" ;
35+ mms:etag "mms-init-etag-value-group-SuperAdmins" .
3536}
3637
3738# default policies
@@ -80,6 +81,9 @@ graph m-graph:Schema {
8081 rdfs:label "InterimLock" ;
8182 rdfs:subClassOf mms:Lock .
8283
84+ mms:Artifact a rdfs:Class ;
85+ rdfs:label "Artifact" .
86+
8387 mms:Snapshot a rdfs:Class ;
8488 rdfs:label "Snapshot" .
8589
@@ -146,12 +150,16 @@ graph m-graph:AccessControl.Definitions {
146150 mms:Repo a rdfs:Class ;
147151 rdfs:label "Repo level scope" ;
148152 rdfs:subClassOf mms:Scope ;
149- mms:implies mms:Ref .
153+ mms:implies mms:Ref, mms:Artifact, mms:Commit .
150154
151155 mms:Collection a rdfs:Class ;
152156 rdfs:label "Collection level scope" ;
153157 rdfs:subClassOf mms:Scope .
154158
159+ mms:Artifact a rdfs:Class ;
160+ rdfs:label "Artifact level scope" ;
161+ rdfs:subClassOf mms:Scope .
162+
155163 mms:Ref a rdfs:Class ;
156164 rdfs:label "Ref level scope" ;
157165 rdfs:subClassOf mms:Scope ;
@@ -229,10 +237,20 @@ graph m-graph:AccessControl.Definitions {
229237 mms-object:Permission.ReadRepo a mms:Permission .
230238
231239 mms-object:Permission.UpdateRepo a mms:Permission ;
232- mms:implies mms-object:Permission.ReadRepo .
240+ mms:implies mms-object:Permission.ReadRepo, mms-object:Permission.ReadCommit, mms-object:Permission.UpdateBranch, mms-object:Permission.UpdateLock, mms-object:Permission.UpdateCommit, mms-object:Permission.UpdateRef .
233241
234242 mms-object:Permission.DeleteRepo a mms:Permission ;
235- mms:implies mms-object:Permission.UpdateRepo, mms-object:Permission.CreateBranch, mms-object:Permission.DeleteBranch, mms-object:Permission.CreateLock, mms-object:Permission.DeleteLock, mms-object:Permission.CreateDiff, mms-object:Permission.DeleteDiff .
243+ mms:implies mms-object:Permission.UpdateRepo, mms-object:Permission.CreateRef, mms-object:Permission.DeleteRef, mms-object:Permission.CreateArtifact, mms-object:Permission.DeleteArtifact, mms-object:Permission.CreateDiff, mms-object:Permission.DeleteDiff .
244+
245+ mms-object:Permission.CreateRef a mms:Permission .
246+
247+ mms-object:Permission.ReadRef a mms:Permission .
248+
249+ mms-object:Permission.UpdateRef a mms:Permission ;
250+ mms:implies mms-object:Permission.ReadRef, mms-object:Permission.UpdateBranch, mms-object:Permission.UpdateLock .
251+
252+ mms-object:Permission.DeleteRef a mms:Permission ;
253+ mms:implies mms-object:Permission.CreateBranch, mms-object:Permission.DeleteBranch, mms-object:Permission.CreateLock, mms-object:Permission.DeleteLock .
236254
237255 mms-object:Permission.CreateBranch a mms:Permission .
238256
@@ -248,9 +266,32 @@ graph m-graph:AccessControl.Definitions {
248266
249267 mms-object:Permission.ReadLock a mms:Permission .
250268
251- mms-object:Permission.DeleteLock a mms:Permission ;
269+ mms-object:Permission.UpdateLock a mms:Permission ;
252270 mms:implies mms-object:Permission.ReadLock .
253271
272+ mms-object:Permission.DeleteLock a mms:Permission ;
273+ mms:implies mms-object:Permission.UpdateLock .
274+
275+ mms-object:Permission.CreateArtifact a mms:Permission .
276+
277+ mms-object:Permission.ReadArtifact a mms:Permission .
278+
279+ mms-object:Permission.UpdateArtifact a mms:Permission ;
280+ mms:implies mms-object:Permission.ReadArtifact .
281+
282+ mms-object:Permission.DeleteArtifact a mms:Permission ;
283+ mms:implies mms-object:Permission.UpdateArtifact .
284+
285+ mms-object:Permission.CreateCommit a mms:Permission .
286+
287+ mms-object:Permission.ReadCommit a mms:Permission .
288+
289+ mms-object:Permission.UpdateCommit a mms:Permission ;
290+ mms:implies mms-object:Permission.ReadCommit .
291+
292+ mms-object:Permission.DeleteCommit a mms:Permission ;
293+ mms:implies mms-object:Permission.UpdateCommit .
294+
254295 mms-object:Permission.CreateAccessControlAny a mms:Permission .
255296
256297 mms-object:Permission.ReadAccessControlAny a mms:Permission .
0 commit comments