diff --git a/compose/base-compose.yml b/compose/base-compose.yml index a22dc52..02a26ee 100644 --- a/compose/base-compose.yml +++ b/compose/base-compose.yml @@ -23,13 +23,11 @@ services: restart: always logging: *default-logging database: - image: semtech/sparql-parser:0.0.14 + image: semtech/sparql-parser:feature-odrl-configuration environment: - USE_ODRL_POLICY: 'false' LISP_DYNAMIC_SPACE_SIZE: 8192 volumes: - ../config/authorization:/config - - ../config/odrl-parser:/odrl - ../data/authorization:/data labels: - 'logging=true' diff --git a/compose/data-space.yml b/compose/data-space.yml index 365e314..511f8a6 100644 --- a/compose/data-space.yml +++ b/compose/data-space.yml @@ -1,10 +1,6 @@ services: dcat: image: lblod/dcat-service:0.0.1 - odrl-parser: - image: lblod/odrl-parser-service:0.0.5 - volumes: - - ../config/odrl-parser:/config vc-issuer: image: lblod/oid4vc-login-service:0.0.1 environment: diff --git a/compose/validation.yml b/compose/validation.yml index c6d1e30..18c6bbd 100644 --- a/compose/validation.yml +++ b/compose/validation.yml @@ -11,6 +11,7 @@ services: - logging=true logging: *default-logging environment: + DEFAULT_MU_AUTH_SCOPE: "http://services.semantic.works/annotation-review-service" TZ: Europe/Brussels frontend-human-validator: image: lblod/frontend-decide-human-validator:0.0.4 diff --git a/config/authorization/config.lisp b/config/authorization/config.lisp index 8ec6f84..79664c3 100644 --- a/config/authorization/config.lisp +++ b/config/authorization/config.lisp @@ -7,7 +7,7 @@ (add-delta-messenger "http://deltanotifier/") -; CONFIGURATION +;; CONFIGURATION (in-package :client) (setf *log-sparql-query-roundtrip* t) @@ -19,18 +19,12 @@ (in-package :server) (setf *log-incoming-requests-p* t) -; ACCESS RIGHTS -;; The following functionality allows to easily switch between the manually written policy and one -;; generated from an ODRL policy. When updating the app's policy, apply the necessary changes in the -;; `decide.lisp' file. -(defparameter *use-odrl-policy-p* - (and (uiop:getenv "USE_ODRL_POLICY") - (string-equal (uiop:getenv "USE_ODRL_POLICY") "true")) - "Indicate whether to use the configuration generated from ODRL or the rules in this file.") - -(let ((config-path - (if *use-odrl-policy-p* - "./odrl/decideAuthorizationPolicy.lisp" - "./config/decide.lisp"))) - (format t "~& >> Loading policy from file: ~A" config-path) - (load config-path)) +(in-package :odrl-config) +(setf *use-odrl-config-p* t) + +;; ACCESS RIGHTS +;; The access policy is defined using ODRL in `./config.ttl'. +;; If you do want to use the Lisp configuration, uncomment the following 3 lines: +;; (setf *use-odrl-config-p* nil) ; Disables loading the ODRL config +;; (unless *use-odrl-config-p* ; Extra check to be sure only correct file is loaded +;; (load "./config/decide.lisp")) ; Load the policy in the lisp file diff --git a/config/odrl-parser/config.ttl b/config/authorization/config.ttl similarity index 55% rename from config/odrl-parser/config.ttl rename to config/authorization/config.ttl index 8824084..f0591f4 100644 --- a/config/odrl-parser/config.ttl +++ b/config/authorization/config.ttl @@ -1,30 +1,39 @@ +# For more details in writing authorisation policies in ODRL, see +# sparql-parser's README. +# +@prefix adms: . @prefix besluit: . @prefix cms: . @prefix cogs: . @prefix core: . @prefix dcat: . @prefix dct: . +@prefix defend: . @prefix eli: . @prefix eli-dl: . @prefix ext: . -@prefix harvesting: . @prefix foaf: . +@prefix generiek: . +@prefix harvesting: . @prefix locn: . +@prefix mandaat: . @prefix ndo: . @prefix nfo: . -@prefix schema: . @prefix sh: . @prefix oa: . @prefix odrl: . @prefix oparl-temp: . @prefix org: . @prefix perceel: . +@prefix person: . +@prefix schema: . @prefix security: . @prefix skos: . @prefix tasks: . @prefix vcard: . @prefix wikidata: . @prefix wot: . +@prefix sh: . ext:muAuthProfile a odrl:Profile ; dct:description "ODRL profile describing access to mu-auth resources." . @@ -32,9 +41,22 @@ ext:muAuthProfile a odrl:Profile ; ext:decideAuthorizationPolicy a odrl:Set ; odrl:profile ext:muAuthProfile ; odrl:permission ext:allowReadForPublic , - odrl:allowReadForHarvesting , - odrl:allowWriteForHarvesting , - odrl:allowReadForHarvestingPublic . + ext:allowReadForOrganizations , + ext:allowReadForHarvestedFreiburg , + ext:allowReadForHarvestedGent , + ext:allowReadForHarvestedPdf , + ext:allowReadForHarvesting , + ext:allowWriteForHarvesting , + ext:allowReadForOrganization , + ext:allowReadForOsloOrganizations , + ext:allowReadForAiSlice , + ext:allowReadForHumanValidation , + ext:allowWriteForHumanValidation , + ext:allowReadAnnotationForPublic , + ext:allowReadAnnotationForGhent , + ext:allowReadAnnotationForFreiburg , + ext:allowReadAnnotationForPdf , + ext:allowAnnotationReadForAiSlice . # Parties for groups ext:decideSystem a odrl:Party ; @@ -54,24 +76,62 @@ ext:authenticatedParty a odrl:PartyCollection ; }""" ; dct:description "This represents all logged in users of the system." . +ext:organizationMemberParty a odrl:PartyCollection ; + vcard:fn "organization-member" ; + ext:queryParameters "session_group" ; + ext:definedBy """PREFIX ext: + PREFIX mu: + SELECT ?session_group ?session_role WHERE { + ext:sessionGroup/mu:uuid ?session_group. + }""" . # Asset collections for graphs -ext:decidePublicSlice a odrl:AssetCollection ; - vcard:fn "public" ; - # no query parameters added to the group so the graph is exactly this uri - ext:graphPrefix ; - dct:description "This asset collection contains all information that is available to the public in the context of the DECIDe app." . - ext:decideHarvestingSlice a odrl:AssetCollection ; vcard:fn "harvesting" ; ext:graphPrefix ; dct:description "This asset collection contains all information that is available in as part the harvesting done by the DECIDE app." . -ext:decideHarvestingPublicSlice a odrl:AssetCollection ; - vcard:fn "harvesting-public" ; - ext:graphPrefix ; - dct:description "This asset collection contains all information that is available to public as part of the harvesting done by the DECIDE app." . +# NOTE (24/03/2026): plural organizationS +ext:decideOrganizationsSlice a odrl:AssetCollection ; + vcard:fn "organizations" ; + ext:graphPrefix . + +# NOTE (24/03/2026): singular organization +ext:decideOrganizationSlice a odrl:AssetCollection ; + vcard:fn "organization" ; + ext:graphPrefix . + +# NOTE (10/02/2026): Graph does NOT +# contain the `besluit:Bestuurseenheid` type (only `org:Organization`), using +# that graph causes resource service to bug out for acm/idm login. +ext:decideOsloOrganizationsSlice a odrl:AssetCollection ; + vcard:fn "oslo-organizations" ; + ext:graphPrefix . +ext:decideHarvestedFreiburgSlice a odrl:AssetCollection ; + vcard:fn "harvested-freiburg" ; + ext:graphPrefix . + +ext:decideHarvestedGentSlice a odrl:AssetCollection ; + vcard:fn "harvested-gent" ; + ext:graphPrefix . + +ext:decideHarvestedPdfSlice a odrl:AssetCollection ; + vcard:fn "harvested-pdf" ; + ext:graphPrefix . + +ext:decidePublicSlice a odrl:AssetCollection ; + vcard:fn "public" ; + ext:graphPrefix ; + dct:description "This asset collection contains all information that is available to the public in the context of the DECIDe app." . + +ext:decideHumanValidationSlice a odrl:AssetCollection ; + vcard:fn "human-validation" ; + ext:graphPrefix . + +ext:decideAiSlice a odrl:AssetCollection ; + vcard:fn "ai" ; + ext:graphPrefix . # Permissions for grants ext:allowReadForPublic a odrl:Permission ; @@ -80,28 +140,109 @@ ext:allowReadForPublic a odrl:Permission ; odrl:assigner ext:decideSystem ; odrl:assignee ext:publicParty . -odrl:allowReadForHarvesting a odrl:Permission ; +ext:allowReadForOrganizations a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideOrganizationsSlice ; # NOTE (24/03/2026): plural organizationS + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty . + +ext:allowReadForHarvestedFreiburg a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideHarvestedFreiburgSlice ; + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty . + +ext:allowReadForHarvestedGent a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideHarvestedGentSlice ; + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty . + +ext:allowReadForHarvestedPdf a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideHarvestedPdfSlice ; + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty . + +ext:allowReadForHarvesting a odrl:Permission ; odrl:action odrl:read ; odrl:target ext:decideHarvestingSlice ; odrl:assigner ext:decideSystem ; odrl:assignee ext:authenticatedParty . -odrl:allowWriteForHarvesting a odrl:Permission ; +ext:allowWriteForHarvesting a odrl:Permission ; odrl:action odrl:modify ; odrl:target ext:decideHarvestingSlice ; odrl:assigner ext:decideSystem ; odrl:assignee ext:authenticatedParty . -odrl:allowReadForHarvestingPublic a odrl:Permission ; +ext:allowReadForOrganization a odrl:Permission ; odrl:action odrl:read ; - odrl:target ext:decideHarvestingPublicSlice ; + odrl:target ext:decideOrganizationSlice ; # NOTE (24/03/2026): Singular organization + odrl:assigner ext:decideSystem ; + odrl:assignee ext:organizationMemberParty . + +ext:allowReadForOsloOrganizations a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideOsloOrganizationsSlice ; + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty . + +ext:allowReadForAiSlice a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideAiSlice ; odrl:assigner ext:decideSystem ; odrl:assignee ext:publicParty . +ext:allowReadForHumanValidation a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideHumanValidationSlice ; + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty ; + ext:scope "http://services.semantic.works/annotation-review-service" . + +ext:allowWriteForHumanValidation a odrl:Permission ; + odrl:action odrl:modify ; + odrl:target ext:decideHumanValidationSlice ; + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty ; + ext:scope "http://services.semantic.works/annotation-review-service" . + +ext:allowReadAnnotationForPublic a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decidePublicSlice ; + odrl:assignee ext:publicParty ; + ext:scope "http://services.semantic.works/annotation-review-service" . + +ext:allowReadAnnotationForGhent a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideHarvestedGentSlice ; + odrl:assignee ext:publicParty ; + ext:scope "http://services.semantic.works/annotation-review-service" . + +ext:allowReadAnnotationForFreiburg a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideHarvestedFreiburgSlice ; + odrl:assignee ext:publicParty ; + ext:scope "http://services.semantic.works/annotation-review-service" . + +ext:allowReadAnnotationForPdf a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideHarvestedPdfSlice ; + odrl:assignee ext:publicParty ; + ext:scope "http://services.semantic.works/annotation-review-service" . + +ext:allowAnnotationReadForAiSlice a odrl:Permission ; + odrl:action odrl:read ; + odrl:target ext:decideAiSlice ; + odrl:assigner ext:decideSystem ; + odrl:assignee ext:publicParty ; + ext:scope "http://services.semantic.works/annotation-review-service" . # Assets (SHACL shapes) for type specifications ext:BesluitAdministrativeUnitAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decidePublicSlice ; + odrl:partOf ext:decidePublicSlice , + ext:decideOsloOrganizationsSlice; sh:targetClass besluit:Bestuurseenheid . ext:CmsPageAsset a odrl:Asset, sh:NodeShape ; @@ -133,7 +274,10 @@ ext:DctPeriodOfTimeAsset a odrl:Asset, sh:NodeShape ; ext:ElidlActivityAsset a odrl:Asset, sh:NodeShape ; odrl:partOf ext:decidePublicSlice , - ext:decideHarvestingPublicSlice ; + ext:decideHarvestingPublicSlice , + ext:decideHarvestedFreiburgSlice , + ext:decideHarvestedGentSlice , + ext:decideHarvestedPdfSlice ; sh:targetClass eli-dl:Activity . ext:ElidlDecisionAsset a odrl:Asset, sh:NodeShape ; @@ -178,7 +322,10 @@ ext:EliComplexWorkAsset a odrl:Asset, sh:NodeShape ; ext:EliExpressionAsset a odrl:Asset, sh:NodeShape ; odrl:partOf ext:decidePublicSlice , - ext:decideHarvestingPublicSlice ; + ext:decideHarvestingPublicSlice , + ext:decideHarvestedFreiburgSlice , + ext:decideHarvestedGentSlice , + ext:decideHarvestedPdfSlice ; sh:targetClass eli:Expression . ext:EliLegalExpressionAsset a odrl:Asset, sh:NodeShape ; @@ -188,11 +335,17 @@ ext:EliLegalExpressionAsset a odrl:Asset, sh:NodeShape ; ext:EliManifestationAsset a odrl:Asset, sh:NodeShape ; odrl:partOf ext:decidePublicSlice , - ext:decideHarvestingPublicSlice ; + ext:decideHarvestingPublicSlice , + ext:decideHarvestedFreiburgSlice , + ext:decideHarvestedGentSlice , + ext:decideHarvestedPdfSlice ; sh:targetClass eli:Manifestation . ext:EliWorkAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decidePublicSlice ; + odrl:partOf ext:decidePublicSlice , + ext:decideHarvestedFreiburgSlice , + ext:decideHarvestedGentSlice , + ext:decideHarvestedPdfSlice ; sh:targetClass eli:Work . ext:FoafAgentAsset a odrl:Asset, sh:NodeShape ; @@ -200,9 +353,18 @@ ext:FoafAgentAsset a odrl:Asset, sh:NodeShape ; sh:targetClass foaf:Agent . ext:FoafPersonAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decidePublicSlice ; + odrl:partOf ext:decidePublicSlice , + ext:decideOrganizationSlice ; sh:targetClass foaf:Person . +ext:FoafOnlineAccountAsset a odrl:Asset, sh:NodeShape ; + odrl:partOf ext:decideOrganizationSlice ; + sh:targetClass foaf:OnlineAccount . + +ext:AdmsIdentifierAsset a odrl:Asset, sh:NodeShape ; + odrl:partOf ext:decideOrganizationSlice ; + sh:targetClass adms:Identifier . + ext:OparltempLocationAsset a odrl:Asset, sh:NodeShape ; odrl:partOf ext:decidePublicSlice ; sh:targetClass oparl-temp:Location . @@ -212,7 +374,11 @@ ext:OrgMembershipAsset a odrl:Asset, sh:NodeShape ; sh:targetClass org:Membership . ext:OrgOrganizationAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decidePublicSlice ; + odrl:partOf ext:decidePublicSlice , + ext:decideOrganizationsSlice , + ext:decideHarvestedFreiburgSlice , + ext:decideHarvestedGentSlice , + ext:decideHarvestedPdfSlice ; sh:targetClass org:Organization . ext:SkosConceptAsset a odrl:Asset, sh:NodeShape ; @@ -248,43 +414,60 @@ ext:WikidataQ2785216Asset a odrl:Asset, sh:NodeShape ; sh:targetClass wikidata:Q2785216 . ext:OaAnnotationAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decidePublicSlice ; + odrl:partOf ext:decidePublicSlice , + ext:decideAiSlice ; sh:targetClass oa:Annotation . -ext:AaSpecificResourceAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decidePublicSlice ; +ext:OaSpecificResourceAsset a odrl:Asset, sh:NodeShape ; + odrl:partOf ext:decidePublicSlice , + ext:decideAiSlice ; sh:targetClass oa:SpecificResource . ext:OaTextPositionSelectorAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decidePublicSlice ; + odrl:partOf ext:decidePublicSlice , + ext:decideAiSlice ; sh:targetClass oa:TextPositionSelector . ext:TasksTaskAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decideHarvestingSlice ; + odrl:partOf ext:decideHarvestingSlice , + ext:decidePublicSlice ; sh:targetClass tasks:Task . ext:TasksScheduledTaskAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decideHarvestingSlice ; + odrl:partOf ext:decideHarvestingSlice , + ext:decidePublicSlice ; sh:targetClass tasks:ScheduledTask . ext:TasksCronScheduleAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decideHarvestingSlice ; + odrl:partOf ext:decideHarvestingSlice , + ext:decidePublicSlice ; sh:targetClass tasks:CronSchedule . ext:CogsJobAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decideHarvestingSlice ; + odrl:partOf ext:decideHarvestingSlice , + ext:decidePublicSlice ; sh:targetClass cogs:Job . +ext:ExtAnnotionJobAsset a odrl:Asset, sh:NodeShape ; + odrl:partOf ext:decidePublicSlice ; + sh:targetClass ext:AnnotationJob . + +ext:ExtReviewAnnotationAsset a odrl:Asset, sh:NodeShape ; + odrl:partOf ext:decideHumanValidationSlice ; + sh:targetClass ext:ReviewAnnotation . + ext:NodeShapeAsset a odrl:Asset, sh:NodeShape ; odrl:partOf ext:decideHarvestingSlice ; sh:targetClass sh:NodeShape . ext:CogsScheduledJobAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decideHarvestingSlice ; + odrl:partOf ext:decideHarvestingSlice , + ext:decidePublicSlice ; sh:targetClass cogs:ScheduledJob . ext:SchemaRepeatFrequencyAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decideHarvestingSlice ; + odrl:partOf ext:decideHarvestingSlice , + ext:decidePublicSlice ; sh:targetClass schema:repeatFrequency . ext:CoreErrorAsset a odrl:Asset, sh:NodeShape ; @@ -297,16 +480,23 @@ ext:HarvestingHarvestingCollectionAsset a odrl:Asset, sh:NodeShape ; ext:NfoRemoteDataObjectAsset a odrl:Asset, sh:NodeShape ; odrl:partOf ext:decideHarvestingSlice , - ext:decideHarvestingPublicSlice ; + ext:decideHarvestingPublicSlice , + ext:decideHarvestedFreiburgSlice , + ext:decideHarvestedGentSlice , + ext:decideHarvestedPdfSlice ; sh:targetClass nfo:RemoteDataObject . ext:NfoFileDataObjectAsset a odrl:Asset, sh:NodeShape ; odrl:partOf ext:decideHarvestingSlice , - ext:decideHarvestingPublicSlice ; + ext:decideHarvestingPublicSlice , + ext:decideHarvestedFreiburgSlice , + ext:decideHarvestedGentSlice , + ext:decideHarvestedPdfSlice ; sh:targetClass nfo:FileDataObject . ext:NfoDataContainerAsset a odrl:Asset, sh:NodeShape ; - odrl:partOf ext:decideHarvestingSlice ; + odrl:partOf ext:decideHarvestingSlice , + ext:decidePublicSlice ; sh:targetClass nfo:DataContainer . ext:NdoDownloadEventAsset a odrl:Asset, sh:NodeShape ; diff --git a/config/authorization/decide.lisp b/config/authorization/decide.lisp index 6345ea8..cfb82b9 100644 --- a/config/authorization/decide.lisp +++ b/config/authorization/decide.lisp @@ -1,3 +1,6 @@ +;; WARNING +;; This configuration is no longer used, any changes should be applied in `./config.ttl'. This file is kept as backup/reference configuration. +;; (in-package :acl) (define-prefixes @@ -182,40 +185,35 @@ :to harvesting :for "logged-in") -;; our ODRL implementation currently cannot handle scopes, but it would be more secure to do so -; (with-scope "http://services.semantic.works/annotation-review-service" -; (grant (read write) -; :to human-validation -; :for "public" -; )) - -; (with-scope "http://services.semantic.works/annotation-review-service" -; (grant (read) -; :to public -; :for "public" -; )) - -; (with-scope "http://services.semantic.works/annotation-review-service" -; (grant (read) -; :to harvested-gent -; :for "public" -; )) - -; (with-scope "http://services.semantic.works/annotation-review-service" -; (grant (read) -; :to harvested-freiburg -; :for "public" -; )) - -; (with-scope "http://services.semantic.works/annotation-review-service" -; (grant (read) -; :to harvested-pdf -; :for "public" -; )) -;; instead we need to give public write access to user reviews -(grant (read write) - :to-graph human-validation - :for-allowed-group "public") +(with-scope "http://services.semantic.works/annotation-review-service" + (grant (read write) + :to-graph human-validation + :for-allowed-group "public")) + +(with-scope "http://services.semantic.works/annotation-review-service" + (grant (read) + :to-graph public + :for-allowed-group "public")) + +(with-scope "http://services.semantic.works/annotation-review-service" + (grant (read) + :to-graph harvested-gent + :for-allowed-group "public")) + +(with-scope "http://services.semantic.works/annotation-review-service" + (grant (read) + :to-graph harvested-freiburg + :for-allowed-group "public")) + +(with-scope "http://services.semantic.works/annotation-review-service" + (grant (read) + :to-graph harvested-pdf + :for-allowed-group "public")) + +(with-scope "http://services.semantic.works/annotation-review-service" + (grant (read) + :to-graph ai + :for-allowed-group "public")) (supply-allowed-group "logged-in" :query "PREFIX session: @@ -237,7 +235,7 @@ ;; TODO: Is this supposed to be the final graph? ;; NOTE (10/02/2026): Graphs does NOT contain the -;; `besluit:Bestuurseenheid' type (only `org:Organization'), used that one causes resource service +;; `besluit:Bestuurseenheid' type (only `org:Organization'), using that one causes resource service ;; to bug out (define-graph oslo-organizations ("http://mu.semte.ch/graphs/bestuurseenheden-bestuursorganen") ("besluit:Bestuurseenheid" -> _)) diff --git a/config/odrl-parser/config.nt b/config/odrl-parser/config.nt deleted file mode 100644 index 9977471..0000000 --- a/config/odrl-parser/config.nt +++ /dev/null @@ -1,291 +0,0 @@ - . - . - . - . - . - . - . - . - "This asset collection contains all information that is available in as part the harvesting done by the DECIDE app." . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "This party represent all (possibly not logged in) users of the system." . - . - . - . - "ODRL profile describing access to mu-auth resources." . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "public" . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "harvesting-public" . - . - . - . - . - . - . - . - . - "logged-in" . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "The DECIDe system party used as an assigner of the permissions in this policy." . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "PREFIX session: \n SELECT DISTINCT ?account\n WHERE {\n session:account ?account .\n }" . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "public" . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "DECIDe System" . - "This represents all logged in users of the system." . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "harvesting" . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - "This asset collection contains all information that is available to public as part of the harvesting done by the DECIDE app." . - . - . - . - . - . - . - . - . - . - . - "This asset collection contains all information that is available to the public in the context of the DECIDe app." . - . - . - . - . - . - . - . - . - . - . diff --git a/config/odrl-parser/decideAuthorizationPolicy.lisp b/config/odrl-parser/decideAuthorizationPolicy.lisp deleted file mode 100644 index db3b179..0000000 --- a/config/odrl-parser/decideAuthorizationPolicy.lisp +++ /dev/null @@ -1,142 +0,0 @@ -(in-package :acl) - -(define-prefixes - :wot "https://www.w3.org/2019/wot/security#" - :wikidata "http://www.wikidata.org/entity/" - :vcard "http://www.w3.org/2006/vcard/ns#" - :tasks "http://redpencil.data.gift/vocabularies/tasks/" - :skos "http://www.w3.org/2004/02/skos/core#" - :security "http://lblod.data.gift/vocabularies/security/" - :perceel "https://data.vlaanderen.be/ns/perceel#" - :org "http://www.w3.org/ns/org#" - :oparl-temp "http://mu.semte.ch/vocabularies/ext/oparl/" - :odrl "http://www.w3.org/ns/odrl/2/" - :oa "http://www.w3.org/ns/oa#" - :sh "http://www.w3.org/ns/shacl#" - :schema "http://schema.org/" - :nfo "http://www.semanticdesktop.org/ontologies/2007/03/22/nfo#" - :ndo "http://oscaf.sourceforge.net/ndo.html#" - :locn "http://www.w3.org/ns/locn#" - :foaf "http://xmlns.com/foaf/0.1/" - :harvesting "http://lblod.data.gift/vocabularies/harvesting/" - :ext "http://mu.semte.ch/vocabularies/ext/" - :eli-dl "http://data.europa.eu/eli/eli-draft-legislation-ontology#" - :eli "http://data.europa.eu/eli/ontology#" - :dct "http://purl.org/dc/terms/" - :dcat "http://www.w3.org/ns/dcat#" - :core "http://open-services.net/ns/core#" - :cogs "http://vocab.deri.ie/cogs#" - :cms "http://mu.semte.ch/vocabulary/cms/" - :besluit "http://data.vlaanderen.be/ns/besluit#" - :rm "http://mu.semte.ch/vocabularies/logical-delete/" - :typedLiterals "http://mu.semte.ch/vocabularies/typed-literals/" - :mu "http://mu.semte.ch/vocabularies/core/" - :xsd "http://www.w3.org/2001/XMLSchema#" - :app "http://mu.semte.ch/app/" - :owl "http://www.w3.org/2002/07/owl#" - :rdf "http://www.w3.org/1999/02/22-rdf-syntax-ns#") - -;; Graphs -;; This asset collection contains all information that is available to public as part of the harvesting done by the DECIDE app. -(define-graph harvesting-public ("http://mu.semte.ch/graphs/harvesting") - ("nfo:RemoteDataObject" -> _) - ("nfo:FileDataObject" -> _) - ("eli:Expression" -> _) - ("eli:LegalExpression" -> _) - ("eli:Manifestation" -> _) - ("eli-dl:Activity" -> _)) - -;; This asset collection contains all information that is available in as part the harvesting done by the DECIDE app. -(define-graph harvesting ("http://mu.semte.ch/graphs/harvesting") - ("core:Error" -> _) - ("dcat:Catalog" -> _) - ("cogs:Job" -> _) - ("nfo:DataContainer" -> _) - ("sh:NodeShape" -> _) - ("wot:SecurityScheme" -> _) - ("dcat:Dataset" -> _) - ("cogs:ScheduledJob" -> _) - ("nfo:FileDataObject" -> _) - ("wot:OAuth2SecurityScheme" -> _) - ("tasks:CronSchedule" -> _) - ("security:OAuth2Credentials" -> _) - ("security:BasicAuthenticationCredentials" -> _) - ("tasks:Task" -> _) - ("security:AuthenticationConfiguration" -> _) - ("schema:repeatFrequency" -> _) - ("nfo:RemoteDataObject" -> _) - ("harvesting:HarvestingCollection" -> _) - ("wot:BasicSecurityScheme" -> _) - ("tasks:ScheduledTask" -> _) - ("security:Credentials" -> _) - ("ndo:DownloadEvent" -> _) - ("dcat:Distribution" -> _)) - -;; This asset collection contains all information that is available to the public in the context of the DECIDe app. -(define-graph public ("http://mu.semte.ch/graphs/public") - ("eli-dl:Decision" -> _) - ("locn:Address" -> _) - ("locn:Geometry" -> _) - ("oparl-temp:Location" -> _) - ("org:Membership" -> _) - ("dct:PeriodOfTime" -> _) - ("dcat:Catalog" -> _) - ("eli-dl:LegislativeProcessWork" -> _) - ("dct:Location" -> _) - ("oa:TextPositionSelector" -> _) - ("eli-dl:Participation" -> _) - ("schema:TouristAttraction" -> _) - ("eli:LegalExpression" -> _) - ("eli:ComplexWork" -> _) - ("oa:Annotation" -> _) - ("dcat:Dataset" -> _) - ("eli:Work" -> _) - ("wikidata:Q2785216" -> _) - ("eli-dl:Vote" -> _) - ("skos:Concept" -> _) - ("org:Organization" -> _) - ("eli:Expression" -> _) - ("cms:Page" -> _) - ("eli-dl:ForeseenActivity" -> _) - ("besluit:Bestuurseenheid" -> _) - ("eli-dl:DraftLegislationWork" -> _) - ("eli-dl:Activity" -> _) - ("eli-dl:ProcessStage" -> _) - ("oa:SpecificResource" -> _) - ("eli-dl:ParliamentaryTerm" -> _) - ("skos:ConceptScheme" -> _) - ("foaf:Agent" -> _) - ("dcat:Distribution" -> _) - ("perceel:Perceel" -> _) - ("foaf:Person" -> _) - ("dct:MediaTypeOrExtent" -> _) - ("eli-dl:LegislativeProcess" -> _) - ("eli:Manifestation" -> _)) - - -;; Groups -;; This represents all logged in users of the system. -(supply-allowed-group "logged-in" - :query "PREFIX session: - SELECT DISTINCT ?account - WHERE { - session:account ?account . - }") - -;; This party represent all (possibly not logged in) users of the system. -(supply-allowed-group "public") - - -;; Grants -(grant (read) - :to-graph harvesting-public - :for-allowed-group "public") - -(grant (write read) - :to-graph harvesting - :for-allowed-group "logged-in") - -(grant (read) - :to-graph public - :for-allowed-group "public") - diff --git a/config/odrl-parser/prefixes.ttl b/config/odrl-parser/prefixes.ttl deleted file mode 100644 index 770394f..0000000 --- a/config/odrl-parser/prefixes.ttl +++ /dev/null @@ -1,24 +0,0 @@ -@prefix besluit: . -@prefix cms: . -@prefix cogs: . -@prefix core: . -@prefix dcat: . -@prefix dct: . -@prefix eli: . -@prefix eli-dl: . -@prefix ext: . -@prefix harvesting: . -@prefix foaf: . -@prefix ndo: . -@prefix nfo: . -@prefix schema: . -@prefix sh: . -@prefix odrl: . -@prefix oparl-temp: . -@prefix org: . -@prefix security: . -@prefix skos: . -@prefix tasks: . -@prefix vcard: . -@prefix wot: . -@prefix sh: . diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 18d49c1..3af2f34 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -30,8 +30,6 @@ services: restart: "no" file: restart: "no" - odrl-parser: - restart: "no" vc-issuer: restart: "no" mocklogin: diff --git a/scripts/config.json b/scripts/config.json index 149876a..e82755f 100644 --- a/scripts/config.json +++ b/scripts/config.json @@ -1,20 +1,4 @@ { "version": "0.1", - "scripts": [ - { - "documentation": { - "command": "ttl-to-ntriples", - "description": "Convert a ttl-files to corresponding n-triple files.", - "arguments": ["-r", "--replace"] - }, - "environment": { - "image": "python:3.13.7", - "interactive": false, - "script": "ttl-to-ntriples/run.sh" - }, - "mounts": { - "app": "/app/" - } - } - ] + "scripts": [] } diff --git a/scripts/ttl-to-ntriples/run.sh b/scripts/ttl-to-ntriples/run.sh deleted file mode 100755 index 1a37286..0000000 --- a/scripts/ttl-to-ntriples/run.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/bash - -pip install rdflib argparse -python ttl-to-ntriples.py $1 diff --git a/scripts/ttl-to-ntriples/ttl-to-ntriples.py b/scripts/ttl-to-ntriples/ttl-to-ntriples.py deleted file mode 100755 index c2a0b9b..0000000 --- a/scripts/ttl-to-ntriples/ttl-to-ntriples.py +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/python - -import os -import argparse -from rdflib import Graph - -# NOTE (05/09/2025): To further generalise this script, this constant should be -# made into a argument that can be passed by the caller. -CONFIG_PATH = "/app/config/odrl-parser/" -TTL_EXT = ".ttl" -NTRIPLES_EXT = ".nt" - -parser = argparse.ArgumentParser() -parser.add_argument("-r", "--replace", action="store_true") -args = parser.parse_args() - -if os.path.isdir(CONFIG_PATH): - os.chdir(CONFIG_PATH) - for file in os.listdir(): - target = file.replace(TTL_EXT, NTRIPLES_EXT) - if file.endswith(TTL_EXT) and (args.replace or not os.path.exists(target)): - print(" >> Found " + file) - graph = Graph() - graph.parse(file, format="turtle") - graph = graph.skolemize(basepath="http://lblod.data.gift/bnode/") - graph.serialize(format="nt11", destination=target) - print(" >> Wrote " + target) -else: - print(" >> Error: path does not exist: ", CONFIG_PATH)