XML Definitionen¶
Dieses Kapitel enthält die XML Definitionen der im Raptor System verwendeten Dateiformate. Du kannst sie mit einem entsprechenden Editor verwenden um die Syntax deiner Dateien zu überprüfen und bessere Vorschläge für neue Elemente zu erhalten.
Zugriffsregeln¶
1<?xml version="1.0" encoding="utf-8"?>
2<xs:schema
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 attributeFormDefault="unqualified"
5 elementFormDefault="qualified"
6 xmlns="http://educateit.ch/software/Raptor/AccessRules/1"
7 targetNamespace="http://educateit.ch/software/Raptor/AccessRules/1"
8 xmlns:xs="http://www.w3.org/2001/XMLSchema">
9
10
11 <!--
12 Common definitions
13 -->
14 <xs:simpleType name="ObjectType">
15 <xs:restriction base="xs:string">
16 <xs:enumeration value="User"/>
17 <xs:enumeration value="Computer"/>
18 <xs:enumeration value="WebPage"/>
19 <xs:enumeration value="Application"/>
20 <xs:enumeration value="Process"/>
21 </xs:restriction>
22 </xs:simpleType>
23
24
25 <!-- Definition of the boolean matching rules -->
26 <xs:complexType name="AccessStringCompareType">
27 <xs:simpleContent>
28 <xs:extension base="xs:string">
29 <xs:attribute name="caseSensitivity" default="CaseSensitive" use="optional">
30 <xs:annotation>
31 <xs:documentation>Specifies if this operation should work case sensitive or case insensitive.
32 </xs:documentation>
33 </xs:annotation>
34 <xs:simpleType>
35 <xs:restriction base="xs:string">
36 <xs:enumeration value="CaseSensitive"/>
37 <xs:enumeration value="CaseInsensitive"/>
38 </xs:restriction>
39 </xs:simpleType>
40 </xs:attribute>
41 </xs:extension>
42 </xs:simpleContent>
43 </xs:complexType>
44
45 <xs:group name="AccessValueMatchElements">
46 <xs:choice>
47 <xs:element name="Contains" type="AccessStringCompareType">
48 <xs:annotation>
49 <xs:documentation>
50 This operation is true if the given string is contained in the matching string.
51 If this operation is applied on a list of strings, every string in the list is tested. If
52 one string in the list matches, the result of this operation is true. If this operation
53 is applied on any other type. The type is converted into a string, which can lead
54 to undefined behavior.
55 </xs:documentation>
56 </xs:annotation>
57 </xs:element>
58 <xs:element name="Equals" type="AccessStringCompareType">
59 <xs:annotation>
60 <xs:documentation>
61 This operation is true if the given string is equal to the matching string.
62 If this operation is applied on a list of strings, every string in the list is tested. If
63 one string in the list matches, the result of this operation is true. If this operation
64 is applied to an integer, an integer comparison is done. If this operation is
65 applied to an boolean, an boolean comparsion is done. Valid boolean values are
66 "true" and "false". For any other type, the type is converted into a string, which can
67 lead to undefined behaviour.
68 </xs:documentation>
69 </xs:annotation>
70 </xs:element>
71 <xs:element name="RegExp" type="AccessStringCompareType">
72 <xs:annotation>
73 <xs:documentation>
74 This operation is true, if the given regular expression matches the tested string.
75 For any other type, the type is converted into a string, which can lead to
76 undefined behaviour.
77 </xs:documentation>
78 </xs:annotation>
79 </xs:element>
80 <xs:element name="MinInclusive" type="xs:integer">
81 <xs:annotation>
82 <xs:documentation>
83 This operation is true if the tested integer is greater or equal the given value.
84 For any other type, the operation is false.
85 </xs:documentation>
86 </xs:annotation>
87 </xs:element>
88 <xs:element name="MaxInclusive" type="xs:integer">
89 <xs:annotation>
90 <xs:documentation>
91 This operation is true if the tested integer is less or equal the given value.
92 For any other type, the operation is false.
93 </xs:documentation>
94 </xs:annotation>
95 </xs:element>
96 <xs:element name="And" type="AccessValueMatchGroupType">
97 <xs:annotation>
98 <xs:documentation>
99 The boolean "and" operation contains a list of operations which all have to be true
100 to make the "and" operation true.
101 </xs:documentation>
102 </xs:annotation>
103 </xs:element>
104 <xs:element name="Or" type="AccessValueMatchGroupType">
105 <xs:annotation>
106 <xs:documentation>
107 The boolean "or" operation contains a list of operations. If one of this
108 operations is true, the "or" operation is true.
109 </xs:documentation>
110 </xs:annotation>
111 </xs:element>
112 <xs:element name="Not" type="AccessValueMatchSingleType">
113 <xs:annotation>
114 <xs:documentation>
115 The boolean "not" operation contains one single operation. It reverses the result of
116 this operation and returns the opposite result.
117 </xs:documentation>
118 </xs:annotation>
119 </xs:element>
120 </xs:choice>
121 </xs:group>
122
123 <xs:complexType name="AccessValueMatchGroupType">
124 <xs:group ref="AccessValueMatchElements" minOccurs="2" maxOccurs="unbounded"/>
125 </xs:complexType>
126
127 <xs:complexType name="AccessValueMatchSingleType">
128 <xs:group ref="AccessValueMatchElements"/>
129 </xs:complexType>
130
131 <xs:complexType name="AccessAnyMatchType">
132 <!-- must be empty -->
133 </xs:complexType>
134
135 <!-- the definition of the controlled subject elements-->
136 <xs:group name="AccessCSElements">
137 <xs:choice>
138 <xs:element name="LoginUsername" type="AccessValueMatchSingleType">
139 <xs:annotation>
140 <xs:documentation>Matches the name of the user which is accessing the resource.</xs:documentation>
141 </xs:annotation>
142 </xs:element>
143 <xs:element name="LoginGroup" type="AccessValueMatchSingleType">
144 <xs:annotation>
145 <xs:documentation>Matches the list of groups in which the logged in user is member of.
146 </xs:documentation>
147 </xs:annotation>
148 </xs:element>
149 <xs:element name="Any" type="AccessAnyMatchType">
150 <xs:annotation>
151 <xs:documentation>The "any" operation is true in every case and can be used as wildcard.
152 </xs:documentation>
153 </xs:annotation>
154 </xs:element>
155 <xs:element name="And" type="AccessCSGroupType">
156 <xs:annotation>
157 <xs:documentation>
158 The boolean "and" operation contains a list of operations which all have to be true
159 to make the "and" operation true.
160 </xs:documentation>
161 </xs:annotation>
162 </xs:element>
163 <xs:element name="Or" type="AccessCSGroupType">
164 <xs:annotation>
165 <xs:documentation>
166 The boolean "or" operation contains a list of operations. If one of this
167 operations is true, the "or" operation is true.
168 </xs:documentation>
169 </xs:annotation>
170 </xs:element>
171 <xs:element name="Not" type="AccessCSSingleType">
172 <xs:annotation>
173 <xs:documentation>
174 The boolean "not" operation contains one single operation. It reverses the result of
175 this operation and returns the opposite result.
176 </xs:documentation>
177 </xs:annotation>
178 </xs:element>
179 </xs:choice>
180 </xs:group>
181 <xs:complexType name="AccessCSGroupType">
182 <xs:group ref="AccessCSElements" minOccurs="2" maxOccurs="unbounded"/>
183 </xs:complexType>
184 <xs:complexType name="AccessCSSingleType">
185 <xs:group ref="AccessCSElements"/>
186 </xs:complexType>
187
188 <!-- the definition of the target elements -->
189 <xs:complexType name="AccessObjectValueMatchType">
190 <xs:complexContent>
191 <xs:extension base="AccessValueMatchSingleType">
192 <xs:attribute name="informationBlock" type="xs:string" use="required">
193 <xs:annotation>
194 <xs:documentation>The internal id of the information block.</xs:documentation>
195 </xs:annotation>
196 </xs:attribute>
197 <xs:attribute name="valueName" type="xs:string" use="required">
198 <xs:annotation>
199 <xs:documentation>The internal name of the value.</xs:documentation>
200 </xs:annotation>
201 </xs:attribute>
202 </xs:extension>
203 </xs:complexContent>
204 </xs:complexType>
205 <xs:group name="AccessTargetElements">
206 <xs:choice>
207 <xs:element name="ObjectType">
208 <xs:annotation>
209 <xs:documentation>This matches the object type of the checked object.</xs:documentation>
210 </xs:annotation>
211 <xs:complexType>
212 <xs:sequence>
213 <xs:element name="Equals" type="ObjectType">
214 <xs:annotation>
215 <xs:documentation>Compares the object type.</xs:documentation>
216 </xs:annotation>
217 </xs:element>
218 </xs:sequence>
219 </xs:complexType>
220 </xs:element>
221 <xs:element name="ObjectName" type="AccessValueMatchSingleType">
222 <xs:annotation>
223 <xs:documentation>This matches the object name of the checked object.</xs:documentation>
224 </xs:annotation>
225 </xs:element>
226 <xs:element name="ObjectContext" type="AccessValueMatchSingleType">
227 <xs:annotation>
228 <xs:documentation>This matches the object context of the checked object.</xs:documentation>
229 </xs:annotation>
230 </xs:element>
231 <xs:element name="ObjectValue" type="AccessObjectValueMatchType">
232 <xs:annotation>
233 <xs:documentation>
234 This matches an object value in a given information block.
235 Note that this information block has to be a permanent block.
236 </xs:documentation>
237 </xs:annotation>
238 </xs:element>
239 <xs:element name="Any" type="AccessAnyMatchType">
240 <xs:annotation>
241 <xs:documentation>The "any" operation is true in every case and can be used as wildcard.
242 </xs:documentation>
243 </xs:annotation>
244 </xs:element>
245 <xs:element name="And" type="AccessTargetGroupType">
246 <xs:annotation>
247 <xs:documentation>
248 The boolean "and" operation contains a list of operations which all have to be true
249 to make the "and" operation true.
250 </xs:documentation>
251 </xs:annotation>
252 </xs:element>
253 <xs:element name="Or" type="AccessTargetGroupType">
254 <xs:annotation>
255 <xs:documentation>
256 The boolean "or" operation contains a list of rules. If one of this
257 operations is true, the "or" operation is true.
258 </xs:documentation>
259 </xs:annotation>
260 </xs:element>
261 <xs:element name="Not" type="AccessTargetSingleType">
262 <xs:annotation>
263 <xs:documentation>
264 The boolean "not" operation contains one single rule. It reverses the result of
265 this operation and returns the opposite result.
266 </xs:documentation>
267 </xs:annotation>
268 </xs:element>
269 </xs:choice>
270 </xs:group>
271 <xs:complexType name="AccessTargetGroupType">
272 <xs:group ref="AccessTargetElements" maxOccurs="unbounded"/>
273 </xs:complexType>
274 <xs:complexType name="AccessTargetSingleType">
275 <xs:group ref="AccessTargetElements"/>
276 </xs:complexType>
277
278 <!-- Every rule has to contain the subject and the target -->
279 <xs:complexType name="AccessRule">
280 <xs:sequence>
281 <xs:element name="ControlledSubject" type="AccessCSSingleType">
282 <xs:annotation>
283 <xs:documentation>
284 Defines the controlled subject for this rule. This should contain a single element to match the
285 subject
286 for which the access is controlled.
287 </xs:documentation>
288 </xs:annotation>
289 </xs:element>
290 <xs:element name="Target" type="AccessTargetSingleType">
291 <xs:annotation>
292 <xs:documentation>
293 Defines the target for this rule. This should contain a single element to match the target
294 for which the access is controlled.
295 </xs:documentation>
296 </xs:annotation>
297 </xs:element>
298 </xs:sequence>
299 <xs:attribute name="scope" use="optional" default="Object">
300 <xs:annotation>
301 <xs:documentation>The scope of this rule. Object rules limit the access to whole objects.
302 </xs:documentation>
303 </xs:annotation>
304 <xs:simpleType>
305 <xs:restriction base="xs:string">
306 <xs:enumeration value="Object">
307 <xs:annotation>
308 <xs:documentation>Limit the access for the whole object.</xs:documentation>
309 </xs:annotation>
310 </xs:enumeration>
311 </xs:restriction>
312 </xs:simpleType>
313 </xs:attribute>
314 </xs:complexType>
315
316 <!-- A sequence of Allow and Deny rules -->
317 <xs:complexType name="AccessType">
318 <xs:annotation>
319 <xs:documentation>The section with a list of access rules. The rules are processed in the order of
320 declaration.
321 </xs:documentation>
322 </xs:annotation>
323 <xs:choice minOccurs="0" maxOccurs="unbounded">
324 <xs:element name="Allow" type="AccessRule">
325 <xs:annotation>
326 <xs:documentation>
327 An allow rule. If the controlled subject and the target of this rule match, the access is
328 granted
329 and the processing of further rules is stopped.
330 </xs:documentation>
331 </xs:annotation>
332 </xs:element>
333 <xs:element name="Deny" type="AccessRule">
334 <xs:annotation>
335 <xs:documentation>
336 An deny rule. If the controlled subject and the target of this rule match, the access is
337 rejected
338 and the processing of further rules is stopped.
339 </xs:documentation>
340 </xs:annotation>
341 </xs:element>
342 </xs:choice>
343 <xs:attribute name="version" type="xs:integer"/>
344 </xs:complexType>
345
346 <xs:element name="AccessRules" type="AccessType"/>
347
348</xs:schema>
Anwendungszuordnung¶
1<?xml version="1.0" encoding="utf-8"?>
2<xs:schema
3 attributeFormDefault="unqualified"
4 elementFormDefault="qualified"
5 targetNamespace="http://educateit.ch/software/Raptor/ApplicationMap/1"
6 xmlns="http://educateit.ch/software/Raptor/ApplicationMap/1"
7 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
8 xmlns:xs="http://www.w3.org/2001/XMLSchema">
9
10 <xs:simpleType name="ApplicationName">
11 <xs:restriction base="xs:string">
12 <xs:minLength value="1"/>
13 <xs:maxLength value="64"/>
14 <xs:pattern value="^[-a-zA-Z0-9._() ]+$"/>
15 </xs:restriction>
16 </xs:simpleType>
17
18 <xs:simpleType name="ProcessName">
19 <xs:restriction base="xs:string">
20 <xs:pattern value="^[-a-zA-Z0-9._]+$"/>
21 </xs:restriction>
22 </xs:simpleType>
23
24 <xs:complexType name="Process">
25 <xs:attribute name="name" type="ProcessName"/>
26 </xs:complexType>
27
28 <xs:complexType name="Application">
29 <xs:sequence minOccurs="1" maxOccurs="unbounded">
30 <xs:element name="Process" type="Process" nillable="true"/>
31 </xs:sequence>
32 <xs:attribute name="name" type="ApplicationName" use="required"/>
33 <xs:attribute name="filtered" type="xs:boolean" use="required"/>
34 </xs:complexType>
35
36 <xs:element name="RaptorApplicationMap">
37 <xs:complexType>
38 <xs:sequence>
39 <xs:element maxOccurs="unbounded" name="Application" type="Application"/>
40 </xs:sequence>
41 <xs:attribute name="version" type="xs:integer" use="required"/>
42 </xs:complexType>
43
44 <xs:unique name="UniqueApplicationName">
45 <xs:selector xpath="Application"/>
46 <xs:field xpath="@name"/>
47 </xs:unique>
48
49 <xs:unique name="UniqueProcessName">
50 <xs:selector xpath="Process"/>
51 <xs:field xpath="@name"/>
52 </xs:unique>
53
54 </xs:element>
55
56</xs:schema>
Expertensystem¶
1<?xml version="1.0" encoding="utf-8"?>
2<xs:schema
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 attributeFormDefault="unqualified"
5 elementFormDefault="qualified"
6 xmlns="http://educateit.ch/software/Raptor/ExpertSystem/1"
7 targetNamespace="http://educateit.ch/software/Raptor/ExpertSystem/1"
8 xmlns:xs="http://www.w3.org/2001/XMLSchema">
9
10 <xs:simpleType name="ObjectType">
11 <xs:restriction base="xs:string">
12 <xs:enumeration value="User"/>
13 <xs:enumeration value="Computer"/>
14 <xs:enumeration value="WebPage"/>
15 <xs:enumeration value="Application"/>
16 <xs:enumeration value="Process"/>
17 </xs:restriction>
18 </xs:simpleType>
19
20 <xs:complexType name="ExpertSystemRuleType">
21 <xs:annotation>
22 <xs:documentation>
23 A test of the expert system. The content of this tag has to be a valid ECMA script.
24 </xs:documentation>
25 </xs:annotation>
26 <xs:simpleContent>
27 <xs:extension base="xs:string">
28 <xs:attribute name="id" type="xs:string" use="required">
29 <xs:annotation>
30 <xs:documentation>
31 The unique id of this test. The id should be a simple string identifier which is used to
32 reference to this test. For example in error messages.
33 </xs:documentation>
34 </xs:annotation>
35 </xs:attribute>
36 <xs:attribute name="caption" type="xs:string" use="required">
37 <xs:annotation>
38 <xs:documentation>
39 The human readable caption of this test. This caption is displayed
40 in the client to identify this test for the user.
41 </xs:documentation>
42 </xs:annotation>
43 </xs:attribute>
44 <xs:attribute name="objectType" type="ObjectType" use="required">
45 <xs:annotation>
46 <xs:documentation>
47 The type of object for which this test was written. The test is only executed for
48 an object with the same type.
49 </xs:documentation>
50 </xs:annotation>
51 </xs:attribute>
52 </xs:extension>
53 </xs:simpleContent>
54 </xs:complexType>
55
56 <xs:complexType name="ExpertSystemType">
57 <xs:annotation>
58 <xs:documentation>
59 The expert system rule list. Contains a list of tests.
60 </xs:documentation>
61 </xs:annotation>
62 <xs:sequence>
63 <xs:element name="Test" type="ExpertSystemRuleType" minOccurs="0" maxOccurs="unbounded"/>
64 </xs:sequence>
65 <xs:attribute name="version" type="xs:integer"/>
66 </xs:complexType>
67
68 <xs:element name="ExpertSystem" type="ExpertSystemType"/>
69
70</xs:schema>
