From n² wiki

Nearby: Guides and Tutorials

Capabilities in the Platform

Access to resources in the platform is controlled using capabilities. By default capabilities are assigned to roles which are identified by URIs. Every store has the following role defined by default:

• Administrator (http://api.talis.com/stores/{storename}/roles/admin) - has all capabilities

There is a special pseudo role called "Everybody" which represents capabilities granted to all users regardless of any specific roles. Users are assigned roles and may have any number of roles. A user has the capabilities of all their assigned roles. For example if a "Power User" role for a store has the "Extended Search" and "Harvest" capabilities and an "Updater" role has the "Full Update" capability then a user with both roles will gain all three capabilities.

Users are defined by the platform level, roles are defined by the store.

By default all bigfoot services are open to access by Everybody which means that no authentication is required. When a request is made to a service the store should check which roles have that capability. If the Everybody role does not have the capability then the service will respond to the request with an authentication challenge (or read authentication information if it was present in the original request)

User authentication information is used to determine the identity of the user. The store then looks up the roles for that user and determines if they have the appropriate capability. If so the request is actioned as usual. If not a 403 response is generated. Clients must authenticate using HTTP Digest Authentication.

Capability Definitions

A number of capabilities are defined for stores:

Basic Search

Discovery of data held in the contentbox and metabox.

For example:

• GET on /items
• GET and POST on /services/sparql
• GET on /services/facet
• GET on /services/augment
• GET on frames that use the metabox

Extended Search

Discovery of data held in user graphs

For example:

• GET and POST on /services/multisparql

Harvest

Access to original data in a sequential, exhaustive manner.

For example:

• GET on /services/oai-pmh

Versioned Update

Modifications of data in metabox with versioned changesets

For example:

• POST to /meta/changesets

Full Update

Posting directly to metabox, posting to contentbox, deleting items from contentbox

For example:

• POST to /meta
• POST to /meta/graphs
• POST to /items
• DELETE to /items/foo

Configure Store

Altering all aspects of store configuration