vitro/webapp/web/WEB-INF/resources/permission_config.n3

# $This file is distributed under the terms of the license in /doc/license.txt$ 

@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .

auth:ADMIN 
    a auth:PermissionSet ;
    rdfs:label "Site Admin" ;
    
    # ADMIN-only permissions
    auth:hasPermission simplePermission:AccessSpecialDataModels ;
    auth:hasPermission simplePermission:ManageMenus ;
    auth:hasPermission simplePermission:ManageProxies ;
    auth:hasPermission simplePermission:ManageSearchIndex ;
    auth:hasPermission simplePermission:ManageUserAccounts ;
    auth:hasPermission simplePermission:RebuildVClassGroupCache ;
    auth:hasPermission simplePermission:RefreshVisualizationCache ;
    auth:hasPermission simplePermission:SeeStartupStatus ;
    auth:hasPermission simplePermission:UseAdvancedDataToolsPages ;
    auth:hasPermission simplePermission:UseMiscellaneousAdminPages ;
    
    # permissions for CURATOR and above.
    auth:hasPermission simplePermission:EditOntology ;
    auth:hasPermission simplePermission:EditSiteInformation ;
    auth:hasPermission simplePermission:ManagePortals ;
    auth:hasPermission simplePermission:ManageTabs ;
    auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;
    auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;
    
    # permissions for EDITOR and above.
    auth:hasPermission simplePermission:DoBackEndEditing ;
    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
    auth:hasPermission simplePermission:SeeRevisionInfo ;
    auth:hasPermission simplePermission:SeeSiteAdminPage ;
    auth:hasPermission simplePermission:UseMiscellaneousEditorPages ;

    # permissions for ANY logged-in user.
    auth:hasPermission simplePermission:DoFrontEndEditing ;
    auth:hasPermission simplePermission:EditOwnAccount ;
    auth:hasPermission simplePermission:ManageOwnProxies ;
    auth:hasPermission simplePermission:QueryUserAccountsModel ;
    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
    auth:hasPermission simplePermission:UseMiscellaneousPages ;
    
    # permissions for ANY user, even if they are not logged in.
    auth:hasPermission simplePermission:QueryFullModel ;
    
    # role-based permissions for ADMIN
    auth:hasPermission displayByRole:Admin ;
    .

auth:CURATOR 
    a auth:PermissionSet ;
    rdfs:label "Curator" ;
    
    # permissions for CURATOR and above.
    auth:hasPermission simplePermission:EditOntology ;
    auth:hasPermission simplePermission:EditSiteInformation ;
    auth:hasPermission simplePermission:ManagePortals ;
    auth:hasPermission simplePermission:ManageTabs ;
    auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;
    auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;
    
    # permissions for EDITOR and above.
    auth:hasPermission simplePermission:DoBackEndEditing ;
    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
    auth:hasPermission simplePermission:SeeRevisionInfo ;
    auth:hasPermission simplePermission:SeeSiteAdminPage ;
    auth:hasPermission simplePermission:UseMiscellaneousEditorPages ;

    # permissions for ANY logged-in user.
    auth:hasPermission simplePermission:DoFrontEndEditing ;
    auth:hasPermission simplePermission:EditOwnAccount ;
    auth:hasPermission simplePermission:ManageOwnProxies ;
    auth:hasPermission simplePermission:QueryUserAccountsModel ;
    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
    auth:hasPermission simplePermission:UseMiscellaneousPages ;
    
    # permissions for ANY user, even if they are not logged in.
    auth:hasPermission simplePermission:QueryFullModel ;
    
    # role-based permissions for CURATOR
    auth:hasPermission displayByRole:Curator ;
    .

auth:EDITOR 
    a auth:PermissionSet ;
    rdfs:label "Editor" ;
    
    # permissions for EDITOR and above.
    auth:hasPermission simplePermission:DoBackEndEditing ;
    auth:hasPermission simplePermission:SeeIndividualEditingPanel ;
    auth:hasPermission simplePermission:SeeRevisionInfo ;
    auth:hasPermission simplePermission:SeeSiteAdminPage ;
    auth:hasPermission simplePermission:UseMiscellaneousEditorPages ;

    # permissions for ANY logged-in user.
    auth:hasPermission simplePermission:DoFrontEndEditing ;
    auth:hasPermission simplePermission:EditOwnAccount ;
    auth:hasPermission simplePermission:ManageOwnProxies ;
    auth:hasPermission simplePermission:QueryUserAccountsModel ;
    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
    auth:hasPermission simplePermission:UseMiscellaneousPages ;
    
    # permissions for ANY user, even if they are not logged in.
    auth:hasPermission simplePermission:QueryFullModel ;
    
    # role-based permissions for EDITOR
    auth:hasPermission displayByRole:Editor ;
    .

auth:SELF_EDITOR
    a auth:PermissionSet ;
    a auth:PermissionSetForNewUsers ;
    rdfs:label "Self Editor" ;

    # permissions for ANY logged-in user.
    auth:hasPermission simplePermission:DoFrontEndEditing ;
    auth:hasPermission simplePermission:EditOwnAccount ;
    auth:hasPermission simplePermission:ManageOwnProxies ;
    auth:hasPermission simplePermission:QueryUserAccountsModel ;
    auth:hasPermission simplePermission:UseBasicAjaxControllers ;
    auth:hasPermission simplePermission:UseMiscellaneousPages ;
    
    # permissions for ANY user, even if they are not logged in.
    auth:hasPermission simplePermission:QueryFullModel ;

    # role-based permissions for SELF_EDITOR
    #     For role-based display, SelfEditor is like Public. 
    #     SelfEditor uses its special permissions to edit/display its own values.
    auth:hasPermission displayByRole:Public ; 
    .

auth:PUBLIC
    a auth:PermissionSet ;
    a auth:PermissionSetForPublic ;
    rdfs:label "Public" ;
    
    # permissions for ANY user, even if they are not logged in.
    auth:hasPermission simplePermission:QueryFullModel ;

    # role-based permissions for PUBLIC
    auth:hasPermission displayByRole:Public ;
    .
NIHVIVO-3523 For the first iteration, let's implement MANAGE_MENUS as a SimplePermission. This version still needs the loader and the policy and... 2011-12-16 20:52:23 +00:00			`# $This file is distributed under the terms of the license in /doc/license.txt$`

NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .`
NIHVIVO-3523 For the first iteration, let's implement MANAGE_MENUS as a SimplePermission. This version still needs the loader and the policy and... 2011-12-16 20:52:23 +00:00			`@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .`
NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .`
NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets. 2012-01-06 21:58:16 +00:00			`@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .`
NIHVIVO-3523 For the first iteration, let's implement MANAGE_MENUS as a SimplePermission. This version still needs the loader and the policy and... 2011-12-16 20:52:23 +00:00
			`auth:ADMIN`
			`a auth:PermissionSet ;`
NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`rdfs:label "Site Admin" ;`
NIHVIVO-3523 Convert all simple CURATOR-or-above requested actions to SimplePermissions. 2011-12-21 21:23:04 +00:00
			`# ADMIN-only permissions`
NIHVIVO-3523 Convert all simple ADMIN-only requested actions to SimplePermissions. 2011-12-21 20:46:17 +00:00			`auth:hasPermission simplePermission:AccessSpecialDataModels ;`
NIHVIVO-3523 For the first iteration, let's implement MANAGE_MENUS as a SimplePermission. This version still needs the loader and the policy and... 2011-12-16 20:52:23 +00:00			`auth:hasPermission simplePermission:ManageMenus ;`
NIHVIVO-3523 Convert all simple ADMIN-only requested actions to SimplePermissions. 2011-12-21 20:46:17 +00:00			`auth:hasPermission simplePermission:ManageProxies ;`
			`auth:hasPermission simplePermission:ManageSearchIndex ;`
			`auth:hasPermission simplePermission:ManageUserAccounts ;`
			`auth:hasPermission simplePermission:RebuildVClassGroupCache ;`
			`auth:hasPermission simplePermission:RefreshVisualizationCache ;`
			`auth:hasPermission simplePermission:SeeStartupStatus ;`
			`auth:hasPermission simplePermission:UseAdvancedDataToolsPages ;`
			`auth:hasPermission simplePermission:UseMiscellaneousAdminPages ;`
NIHVIVO-3523 Convert all simple CURATOR-or-above requested actions to SimplePermissions. 2011-12-21 21:23:04 +00:00
			`# permissions for CURATOR and above.`
			`auth:hasPermission simplePermission:EditOntology ;`
			`auth:hasPermission simplePermission:EditSiteInformation ;`
			`auth:hasPermission simplePermission:ManagePortals ;`
			`auth:hasPermission simplePermission:ManageTabs ;`
			`auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;`
			`auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;`
NIHVIVO-3523 Convert all simple EDITOR-or-above requested actions to SimplePermissions. 2011-12-21 21:41:13 +00:00
			`# permissions for EDITOR and above.`
			`auth:hasPermission simplePermission:DoBackEndEditing ;`
			`auth:hasPermission simplePermission:SeeIndividualEditingPanel ;`
			`auth:hasPermission simplePermission:SeeRevisionInfo ;`
			`auth:hasPermission simplePermission:SeeSiteAdminPage ;`
			`auth:hasPermission simplePermission:UseMiscellaneousEditorPages ;`
NIHVIVO-3523 Convert all simple SELF_EDITOR-or-above requested actions to SimplePermissions. 2011-12-21 22:08:33 +00:00
			`# permissions for ANY logged-in user.`
			`auth:hasPermission simplePermission:DoFrontEndEditing ;`
			`auth:hasPermission simplePermission:EditOwnAccount ;`
			`auth:hasPermission simplePermission:ManageOwnProxies ;`
			`auth:hasPermission simplePermission:QueryUserAccountsModel ;`
			`auth:hasPermission simplePermission:UseBasicAjaxControllers ;`
			`auth:hasPermission simplePermission:UseMiscellaneousPages ;`
NIHVIVO-3523 Convert all simple PUBLIC-or-above requested actions to SimplePermissions. 2011-12-22 15:33:48 +00:00
			`# permissions for ANY user, even if they are not logged in.`
			`auth:hasPermission simplePermission:QueryFullModel ;`
NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets. 2012-01-06 21:58:16 +00:00
			`# role-based permissions for ADMIN`
			`auth:hasPermission displayByRole:Admin ;`
NIHVIVO-3523 For the first iteration, let's implement MANAGE_MENUS as a SimplePermission. This version still needs the loader and the policy and... 2011-12-16 20:52:23 +00:00			`.`

NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`auth:CURATOR`
			`a auth:PermissionSet ;`
			`rdfs:label "Curator" ;`
NIHVIVO-3523 Convert all simple CURATOR-or-above requested actions to SimplePermissions. 2011-12-21 21:23:04 +00:00
			`# permissions for CURATOR and above.`
			`auth:hasPermission simplePermission:EditOntology ;`
			`auth:hasPermission simplePermission:EditSiteInformation ;`
			`auth:hasPermission simplePermission:ManagePortals ;`
			`auth:hasPermission simplePermission:ManageTabs ;`
			`auth:hasPermission simplePermission:SeeVerbosePropertyInformation ;`
			`auth:hasPermission simplePermission:UseMiscellaneousCuratorPages ;`
NIHVIVO-3523 Convert all simple EDITOR-or-above requested actions to SimplePermissions. 2011-12-21 21:41:13 +00:00
			`# permissions for EDITOR and above.`
			`auth:hasPermission simplePermission:DoBackEndEditing ;`
			`auth:hasPermission simplePermission:SeeIndividualEditingPanel ;`
			`auth:hasPermission simplePermission:SeeRevisionInfo ;`
			`auth:hasPermission simplePermission:SeeSiteAdminPage ;`
			`auth:hasPermission simplePermission:UseMiscellaneousEditorPages ;`
NIHVIVO-3523 Convert all simple SELF_EDITOR-or-above requested actions to SimplePermissions. 2011-12-21 22:08:33 +00:00
			`# permissions for ANY logged-in user.`
			`auth:hasPermission simplePermission:DoFrontEndEditing ;`
			`auth:hasPermission simplePermission:EditOwnAccount ;`
			`auth:hasPermission simplePermission:ManageOwnProxies ;`
			`auth:hasPermission simplePermission:QueryUserAccountsModel ;`
			`auth:hasPermission simplePermission:UseBasicAjaxControllers ;`
			`auth:hasPermission simplePermission:UseMiscellaneousPages ;`
NIHVIVO-3523 Convert all simple PUBLIC-or-above requested actions to SimplePermissions. 2011-12-22 15:33:48 +00:00
			`# permissions for ANY user, even if they are not logged in.`
			`auth:hasPermission simplePermission:QueryFullModel ;`
NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets. 2012-01-06 21:58:16 +00:00
			`# role-based permissions for CURATOR`
			`auth:hasPermission displayByRole:Curator ;`
NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`.`

			`auth:EDITOR`
			`a auth:PermissionSet ;`
			`rdfs:label "Editor" ;`
NIHVIVO-3523 Convert all simple EDITOR-or-above requested actions to SimplePermissions. 2011-12-21 21:41:13 +00:00
			`# permissions for EDITOR and above.`
			`auth:hasPermission simplePermission:DoBackEndEditing ;`
			`auth:hasPermission simplePermission:SeeIndividualEditingPanel ;`
			`auth:hasPermission simplePermission:SeeRevisionInfo ;`
			`auth:hasPermission simplePermission:SeeSiteAdminPage ;`
			`auth:hasPermission simplePermission:UseMiscellaneousEditorPages ;`
NIHVIVO-3523 Convert all simple SELF_EDITOR-or-above requested actions to SimplePermissions. 2011-12-21 22:08:33 +00:00
			`# permissions for ANY logged-in user.`
			`auth:hasPermission simplePermission:DoFrontEndEditing ;`
			`auth:hasPermission simplePermission:EditOwnAccount ;`
			`auth:hasPermission simplePermission:ManageOwnProxies ;`
			`auth:hasPermission simplePermission:QueryUserAccountsModel ;`
			`auth:hasPermission simplePermission:UseBasicAjaxControllers ;`
			`auth:hasPermission simplePermission:UseMiscellaneousPages ;`
NIHVIVO-3523 Convert all simple PUBLIC-or-above requested actions to SimplePermissions. 2011-12-22 15:33:48 +00:00
			`# permissions for ANY user, even if they are not logged in.`
			`auth:hasPermission simplePermission:QueryFullModel ;`
NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets. 2012-01-06 21:58:16 +00:00
			`# role-based permissions for EDITOR`
			`auth:hasPermission displayByRole:Editor ;`
NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`.`

			`auth:SELF_EDITOR`
			`a auth:PermissionSet ;`
NIHVIVO-3523 Convert all simple PUBLIC-or-above requested actions to SimplePermissions. 2011-12-22 15:33:48 +00:00			`a auth:PermissionSetForNewUsers ;`
NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`rdfs:label "Self Editor" ;`
NIHVIVO-3523 Convert all simple SELF_EDITOR-or-above requested actions to SimplePermissions. 2011-12-21 22:08:33 +00:00
			`# permissions for ANY logged-in user.`
			`auth:hasPermission simplePermission:DoFrontEndEditing ;`
			`auth:hasPermission simplePermission:EditOwnAccount ;`
			`auth:hasPermission simplePermission:ManageOwnProxies ;`
			`auth:hasPermission simplePermission:QueryUserAccountsModel ;`
			`auth:hasPermission simplePermission:UseBasicAjaxControllers ;`
			`auth:hasPermission simplePermission:UseMiscellaneousPages ;`
NIHVIVO-3523 Convert all simple PUBLIC-or-above requested actions to SimplePermissions. 2011-12-22 15:33:48 +00:00
			`# permissions for ANY user, even if they are not logged in.`
			`auth:hasPermission simplePermission:QueryFullModel ;`
NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets. 2012-01-06 21:58:16 +00:00
			`# role-based permissions for SELF_EDITOR`
			`# For role-based display, SelfEditor is like Public.`
			`# SelfEditor uses its special permissions to edit/display its own values.`
			`auth:hasPermission displayByRole:Public ;`
NIHVIVO-3523 Convert all simple PUBLIC-or-above requested actions to SimplePermissions. 2011-12-22 15:33:48 +00:00			`.`

			`auth:PUBLIC`
			`a auth:PermissionSet ;`
			`a auth:PermissionSetForPublic ;`
			`rdfs:label "Public" ;`

			`# permissions for ANY user, even if they are not logged in.`
			`auth:hasPermission simplePermission:QueryFullModel ;`
NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets. 2012-01-06 21:58:16 +00:00
			`# role-based permissions for PUBLIC`
			`auth:hasPermission displayByRole:Public ;`
NIHVIVO-3523 Write the PermissionSetsLoader. 2011-12-20 21:24:52 +00:00			`.`