Exemplo n.º 1
0
def preliminary_policy_expansion(graph):
    """Expand the policy graph with the knowledge contained within the policy.

    :graph: The policy graph
    """
    # expanding hierarchy of targets
    for target in utils.get_targets(graph):
        utils.add_iri_hierarchy_to_graph(graph,
                                         target,
                                         predicate=ODRL.partOf,
                                         reverse=True)
    # expanding hierarchy of subjects
    for assignee in utils.get_assignee(graph):
        utils.add_iri_hierarchy_to_graph(graph,
                                         assignee,
                                         predicate=MOSAICROWN.belongsTo,
                                         reverse=True)
Exemplo n.º 2
0
def main():

    graph = rdflib.Graph()
    graph.parse(source="examples/scripts/policies/assets.jsonld",
                format="json-ld")

    print(colorama.Fore.CYAN + "[*] Add IRI-based hierarchy on targets")
    for target in utils.get_targets(graph):
        utils.add_iri_hierarchy_to_graph(graph,
                                         target,
                                         predicate=ODRL.partOf,
                                         reverse=True)

    print(colorama.Fore.CYAN + "[*] Add IRI-based hierarchy on assignees")
    for assignee in utils.get_assignee(graph):
        utils.add_iri_hierarchy_to_graph(graph,
                                         assignee,
                                         predicate=MOSAICROWN.belongsTo,
                                         reverse=True)

    print(colorama.Fore.CYAN + "\n[*] The policy\n")
    print(triples_table(graph))

    print(colorama.Fore.CYAN + "\n\n[*] Actions\n")
    query = """
        PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
        SELECT DISTINCT ?rule ?assignee ?action ?target
            WHERE {
                ?policy odrl:permission ?rule .
                ?rule odrl:assignee ?assignee .
                ?rule odrl:action ?action .
                ?rule odrl:target ?targetRec .
                ?target odrl:partOf* ?targetRec .
            }
    """
    results = graph.query(query)
    print(results_table(query, results))

    generic = rdflib.URIRef("http://unibg.it/user")
    parabosc = rdflib.URIRef("http://unibg.it/user/parabosc")
    action = ODRL.read
    purpose = MOSAICROWN.statistical
    IRIs = {'students': 'http://unibg.it/table/students'}

    # Generic user access request.

    query = "SELECT students.Ethnicity FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, generic, action, purpose)

    query = "SELECT students.Ethnicity, students.CF FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, generic, action, purpose)

    query = "SELECT students.Sex, students.CF, students.Birthdate FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, generic, action, purpose)

    query = "SELECT students.IBAN FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, generic, action, purpose)

    query = "SELECT students.NotPreviouslyDefined FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, generic, action, purpose)

    # Parabosc user access request.

    query = "SELECT students.Ethnicity FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, parabosc, action, purpose)

    query = "SELECT students.Ethnicity, students.CF FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, parabosc, action, purpose)

    query = "SELECT students.Sex, students.CF, students.Birthdate FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, parabosc, action, purpose)

    query = "SELECT students.IBAN FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, parabosc, action, purpose)

    query = "SELECT students.NotPreviouslyDefined FROM students"
    targets = utils.get_targets_from_query(query, IRIs)
    utils.check_access(graph, targets, parabosc, action, purpose)
Exemplo n.º 3
0
def main():
    """Configure and run the demo example."""
    # loading the policy into RDF graph
    graph = policy_loading()

    # expand the graph with hierarchy concept on targets and assignees
    print("\n[*] Expand the policy graph with the hierarchy concept")
    preliminary_policy_expansion(graph)

    # serializing the graph to ease testing
    if debug_info:
        print('\n[*] Policy graph serialization\n')
        print(triples_table(graph))
        print('\n[*] Namespace entities')
        print('\tAdministrative user:\t', administrative)
        print('\tWrite action:\t\t', write)
        print('\tStatistical purpose:\t', statistical)

    print(separator)
    input()

    # all tables stored in the database
    target_IRIs = {
        'CardHolder': 'http://bank.eu/finance/CardHolder',
        'Payment': 'http://bank.eu/finance/Payment'
    }

    # access request generated by SQL query
    query = "SELECT CardHolder.Name FROM CardHolder"
    print(f"\n[*] Access request:\n\t{query}")
    # extracting the targets
    targets = utils.get_targets_from_query(query, target_IRIs)
    # checking access
    utils.check_access(graph, targets, administrative, read, statistical)

    print(separator)
    input()

    query = """
        SELECT C.CustomerID, P.Year, P.Month
        FROM Payment as P JOIN CardHolder as C
        GROUP BY P.Year, P.Month
        ORDER BY C.DateOfBirth
    """
    print(f"\n[*] Access request:\n\t{query}")
    targets = utils.get_targets_from_query(query, target_IRIs)
    utils.check_access(graph, targets, administrative, read, statistical)

    print(separator)
    input()

    query = """
        SELECT C.CustomerID
        FROM CardHolder as C
        WHERE C.CustomerID in (SELECT P.CustomerID
                               FROM Payment as P
                               WHERE P.Year = '2020' and P.Month = '04')
    """
    print(f"\n[*] Access request:\n\t{query}")
    targets = utils.get_targets_from_query(query, target_IRIs)
    utils.check_access(graph, targets, administrative, read, statistical)

    print(separator)
    input()

    query = "SELECT P.CustomerID, P.Month, P.Year, P.Amount FROM Payment as P"
    print(f"\n[*] Access request:\n\t{query}")
    targets = utils.get_targets_from_query(query, target_IRIs)
    utils.check_access(graph, targets, administrative, read, statistical)

    print(separator)
    input()

    query = "SELECT P.CustomerID, P.Month, P.Year FROM Payment as P"
    print(f"\n[*] Access request:\n\t{query}")
    targets = utils.get_targets_from_query(query, target_IRIs)
    utils.check_access(graph, targets, administrative, read, statistical)

    print(separator)
    input()

    query = "SELECT P.CustomerID FROM Payment as P WHERE P.Year = '2020'"
    print(f"\n[*] Access request:\n\t{query}")
    targets = utils.get_targets_from_query(query, target_IRIs)
    utils.check_access(graph, targets, administrative, use, statistical)

    print(separator)
    print()

    query = "SELECT P.CustomerID FROM Payment as P WHERE P.Year = '2020'"
    print(f"\n[*] Access request:\n\t{query}")
    targets = utils.get_targets_from_query(query, target_IRIs)
    utils.check_access(graph, targets, administrative, read, statistical)

    print(separator)
    input()

    query = "SELECT P.CustomerID FROM Payment as P WHERE P.Year = '2020'"
    print(f"\n[*] Access request:\n\t{query}")
    utils.add_iri_hierarchy_to_graph(graph,
                                     agent_a,
                                     MOSAICROWN.belongsTo,
                                     reverse=True)
    targets = utils.get_targets_from_query(query, target_IRIs)
    utils.check_access(graph, targets, agent_a, read, statistical)