Add authorization endpoint to default mu-project

madnificent · piemonkey · commit 03a0b92dcb90 · 2023-10-17T11:41:58.000+02:00
diff --git a/config/authorization/config.ex b/config/authorization/config.ex
@@ -0,0 +1,36 @@
+alias Acl.Accessibility.Always, as: AlwaysAccessible
+alias Acl.Accessibility.ByQuery, as: AccessByQuery
+alias Acl.GraphSpec.Constraint.Resource.AllPredicates, as: AllPredicates
+alias Acl.GraphSpec.Constraint.Resource.NoPredicates, as: NoPredicates
+alias Acl.GraphSpec.Constraint.ResourceFormat, as: ResourceFormatConstraint
+alias Acl.GraphSpec.Constraint.Resource, as: ResourceConstraint
+alias Acl.GraphSpec, as: GraphSpec
+alias Acl.GroupSpec, as: GroupSpec
+alias Acl.GroupSpec.GraphCleanup, as: GraphCleanup
+
+defmodule Acl.UserGroups.Config do
+  def user_groups do
+    [
+      # PUBLIC
+      %GroupSpec{
+        name: "public",
+        useage: [:read, :write, :read_for_write],
+        access: %AlwaysAccessible{},
+        graphs: [ %GraphSpec{
+                    graph: "http://mu.semte.ch/graphs/public",
+                    constraint: %ResourceConstraint{
+                      resource_types: [
+                        "http://xmlns.com/foaf/0.1/Person"
+                      ],
+                      inverse_predicates: %AllPredicates{}
+                    } } ] },
+      # CLEANUP
+      #
+      %GraphCleanup{
+        originating_graph: "http://mu.semte.ch/application",
+        useage: [:write],
+        name: "clean"
+      }
+    ]
+  end
+end
diff --git a/config/authorization/delta.ex b/config/authorization/delta.ex
@@ -0,0 +1,5 @@
+defmodule Delta.Config do
+  def targets do
+    [ "http://delta-notifier" ]
+  end
+end
diff --git a/config/delta/rules.js b/config/delta/rules.js
@@ -0,0 +1,16 @@
+export default [
+  {
+    match: {
+      subject: { }
+    },
+    callback: {
+      url: "http://resource/.mu/delta",
+      method: "POST"
+    },
+    options: {
+      resourceFormat: "v0.0.1",
+      gracePeriod: 250,
+      ignoreFromSelf: true
+    }
+  }
+];
diff --git a/config/resources/domain.lisp b/config/resources/domain.lisp
@@ -1,4 +1,11 @@
 (in-package :mu-cl-resources)
 
+(setf *verify-content-type-header* nil)
+(setf *verify-accept-header* nil)
+(setf *include-count-in-paginated-responses* t)
+(setf *supply-cache-headers-p* t)
+(setf sparql:*experimental-no-application-graph-for-sudo-select-queries* t)
+(setf *cache-model-properties-p* t)
+
 ;; reading in the domain.json
 (read-domain-file "domain.json")
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -0,0 +1,6 @@
+version: '3.4'
+
+services:
+  triplestore:
+    ports:
+      - "8890:8890"
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -15,17 +15,32 @@ services:
       - resource:resource
     volumes:
       - ./config/dispatcher:/config
+  resource:
+    image: semtech/mu-cl-resources:1.22.1
+    links:
+      - database:database
+    volumes:
+      - ./config/resources:/config
   database:
+    image: semtech/mu-authorization:0.6.0-beta.8
+    environment:
+      MU_SPARQL_ENDPOINT: "http://triplestore:8890/sparql"
+      ERROR_ON_UNWRITTEN_DATA: "true"
+    volumes:
+      - ./config/authorization:/config
+    labels:
+      - "logging=true"
+  delta-notifier:
+    image: semtech/mu-delta-notifier:0.1.0
+    volumes:
+      - ./config/delta:/config
+    labels:
+      - "logging=true"
+  triplestore:
     image: redpencil/virtuoso:1.1.0
     environment:
       SPARQL_UPDATE: "true"
       DEFAULT_GRAPH: "http://mu.semte.ch/application"
     volumes:
       - ./data/db:/data
       - ./config/virtuoso/virtuoso.ini:/data/virtuoso.ini
-  resource:
-    image: semtech/mu-cl-resources:1.21.1
-    links:
-      - database:database
-    volumes:
-      - ./config/resources:/config
