def preliminary_policy_expansion(graph):
"""Expand the policy graph with the knowledge contained within the policy.
:graph: The policy graph
"""
# expanding hierarchy of targets
for target in utils.get_targets(graph):
utils.add_iri_hierarchy_to_graph(graph,
target,
predicate=ODRL.partOf,
reverse=True)
# expanding hierarchy of subjects
for assignee in utils.get_assignee(graph):
utils.add_iri_hierarchy_to_graph(graph,
assignee,
predicate=MOSAICROWN.belongsTo,
reverse=True)
def main():
graph = rdflib.Graph()
graph.parse(source="examples/scripts/policies/assets.jsonld",
format="json-ld")
print(colorama.Fore.CYAN + "[*] Add IRI-based hierarchy on targets")
for target in utils.get_targets(graph):
utils.add_iri_hierarchy_to_graph(graph,
target,
predicate=ODRL.partOf,
reverse=True)
print(colorama.Fore.CYAN + "[*] Add IRI-based hierarchy on assignees")
for assignee in utils.get_assignee(graph):
utils.add_iri_hierarchy_to_graph(graph,
assignee,
predicate=MOSAICROWN.belongsTo,
reverse=True)
print(colorama.Fore.CYAN + "\n[*] The policy\n")
print(triples_table(graph))
print(colorama.Fore.CYAN + "\n\n[*] Actions\n")
query = """
PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
SELECT DISTINCT ?rule ?assignee ?action ?target
WHERE {
?policy odrl:permission ?rule .
?rule odrl:assignee ?assignee .
?rule odrl:action ?action .
?rule odrl:target ?targetRec .
?target odrl:partOf* ?targetRec .
}
"""
results = graph.query(query)
print(results_table(query, results))
generic = rdflib.URIRef("http://unibg.it/user")
parabosc = rdflib.URIRef("http://unibg.it/user/parabosc")
action = ODRL.read
purpose = MOSAICROWN.statistical
IRIs = {'students': 'http://unibg.it/table/students'}
# Generic user access request.
query = "SELECT students.Ethnicity FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, generic, action, purpose)
query = "SELECT students.Ethnicity, students.CF FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, generic, action, purpose)
query = "SELECT students.Sex, students.CF, students.Birthdate FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, generic, action, purpose)
query = "SELECT students.IBAN FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, generic, action, purpose)
query = "SELECT students.NotPreviouslyDefined FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, generic, action, purpose)
# Parabosc user access request.
query = "SELECT students.Ethnicity FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, parabosc, action, purpose)
query = "SELECT students.Ethnicity, students.CF FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, parabosc, action, purpose)
query = "SELECT students.Sex, students.CF, students.Birthdate FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, parabosc, action, purpose)
query = "SELECT students.IBAN FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, parabosc, action, purpose)
query = "SELECT students.NotPreviouslyDefined FROM students"
targets = utils.get_targets_from_query(query, IRIs)
utils.check_access(graph, targets, parabosc, action, purpose)
def main():
"""Configure and run the demo example."""
# loading the policy into RDF graph
graph = policy_loading()
# expand the graph with hierarchy concept on targets and assignees
print("\n[*] Expand the policy graph with the hierarchy concept")
preliminary_policy_expansion(graph)
# serializing the graph to ease testing
if debug_info:
print('\n[*] Policy graph serialization\n')
print(triples_table(graph))
print('\n[*] Namespace entities')
print('\tAdministrative user:\t', administrative)
print('\tWrite action:\t\t', write)
print('\tStatistical purpose:\t', statistical)
print(separator)
input()
# all tables stored in the database
target_IRIs = {
'CardHolder': 'http://bank.eu/finance/CardHolder',
'Payment': 'http://bank.eu/finance/Payment'
}
# access request generated by SQL query
query = "SELECT CardHolder.Name FROM CardHolder"
print(f"\n[*] Access request:\n\t{query}")
# extracting the targets
targets = utils.get_targets_from_query(query, target_IRIs)
# checking access
utils.check_access(graph, targets, administrative, read, statistical)
print(separator)
input()
query = """
SELECT C.CustomerID, P.Year, P.Month
FROM Payment as P JOIN CardHolder as C
GROUP BY P.Year, P.Month
ORDER BY C.DateOfBirth
"""
print(f"\n[*] Access request:\n\t{query}")
targets = utils.get_targets_from_query(query, target_IRIs)
utils.check_access(graph, targets, administrative, read, statistical)
print(separator)
input()
query = """
SELECT C.CustomerID
FROM CardHolder as C
WHERE C.CustomerID in (SELECT P.CustomerID
FROM Payment as P
WHERE P.Year = '2020' and P.Month = '04')
"""
print(f"\n[*] Access request:\n\t{query}")
targets = utils.get_targets_from_query(query, target_IRIs)
utils.check_access(graph, targets, administrative, read, statistical)
print(separator)
input()
query = "SELECT P.CustomerID, P.Month, P.Year, P.Amount FROM Payment as P"
print(f"\n[*] Access request:\n\t{query}")
targets = utils.get_targets_from_query(query, target_IRIs)
utils.check_access(graph, targets, administrative, read, statistical)
print(separator)
input()
query = "SELECT P.CustomerID, P.Month, P.Year FROM Payment as P"
print(f"\n[*] Access request:\n\t{query}")
targets = utils.get_targets_from_query(query, target_IRIs)
utils.check_access(graph, targets, administrative, read, statistical)
print(separator)
input()
query = "SELECT P.CustomerID FROM Payment as P WHERE P.Year = '2020'"
print(f"\n[*] Access request:\n\t{query}")
targets = utils.get_targets_from_query(query, target_IRIs)
utils.check_access(graph, targets, administrative, use, statistical)
print(separator)
print()
query = "SELECT P.CustomerID FROM Payment as P WHERE P.Year = '2020'"
print(f"\n[*] Access request:\n\t{query}")
targets = utils.get_targets_from_query(query, target_IRIs)
utils.check_access(graph, targets, administrative, read, statistical)
print(separator)
input()
query = "SELECT P.CustomerID FROM Payment as P WHERE P.Year = '2020'"
print(f"\n[*] Access request:\n\t{query}")
utils.add_iri_hierarchy_to_graph(graph,
agent_a,
MOSAICROWN.belongsTo,
reverse=True)
targets = utils.get_targets_from_query(query, target_IRIs)
utils.check_access(graph, targets, agent_a, read, statistical)