{% extends "base.html" %} {% load i18n %} {% load acs_filters %} {% block content %} {% if title %}

{{ title }}

{% endif %} {% if messages %}

{% endif %}

{% trans "Predicate Definitions" %}

{% if working_predicate %}

{% trans "Define this predicate:" %} {% if working_predicate.type == "urn:entrouvert:acs:constants:predicate-required" %} {% if working_predicate.definition_name %}

{% trans "The working predicate is" %} {{ working_predicate.definition_name }} {% trans "is required" %}. {% if working_predicate.singlevalued %}{% trans "The attribute must be single-valued." %}{% endif %}

{% else %}

{% trans "The working predicate is of type" %} {% trans "predicate required" %}.

{% endif %} {% if working_predicate.definition_name %} {% if working_predicate.singlevalued and not working_predicate.sources_selected or not working_predicate.singlevalued%}

{% trans "Add a source:" %}

{% endif %} {% if working_predicate.sources_selected %}

{% trans "Source already defined:" %}

{% endif %} {% else %}

{% trans "Choose an attribute definition:" %}

{% trans "You can indicate that an attribute might be provided by one source among many, it is a or statement. Then, you can't enforce that an attribute be provided by a unique source among multiple. You can not also enforce singlevalued attributes if you want to let the choice in the source. Then, if you want that an attribute be single-valued, you will only be authorized to select one source. If you want single-valued attribute but let the choice in the source, you have to declare multiple predicate." %}

{% endif %} {% else %} {% if working_predicate.type == "urn:entrouvert:acs:constants:predicate-role" %} {% if working_predicate.role %}

{% trans "The working predicate is role" %} {{ working_predicate.role }} {% trans "is required" %}.

{% else %}

{% trans "The working predicate is of type" %} {% trans "role required" %}.

{% trans "Choose a role" %}:

{% endif %} {% else %}

{% trans "The working predicate is of type" %} {{ working_predicate.type_friendly }}.

{% if not working_predicate.multivalues_step_one %}

{% trans "The predicate have two operands. The first one indicate an attribute expected from a source. The second one might be one or multiple values, or an a different attribute from the same source, or another attribute issued from a different source." %}

{% trans "You can indicate that an attribute might be provided by one source among many, it is a or statement. Then, you can't enforce that an attribute be provided by a unique source among multiple. You can not also enforce singlevalued attributes if you want to let the choice in the source. Then, if you want that an attribute be single-valued, you will only be authorized to select one source. If you want single-valued attribute but let the choice in the source, you have to declare multiple predicate." %}

{% trans "If you authorize that an attribute be multivalued or you to let the choice in sources, you will be prompt to choose how multivalues must be handled." %}

{% trans "By checking the following box you indicate that the operand one must be single-valued." %}

{% trans "By checking the following box you indicate that the opernad two must be single-valued or that you wish indicate a unique value of comparison." %}

{% else %}

{% if working_predicate.operandone_singlevalued %} {% trans "Operand one must be single-valued." %} {% else %} {% trans "Operand one may be multivalued." %} {% endif %} {% if working_predicate.operandtwo_singlevalued %} {% trans "Operand two must be single-valued." %} {% else %} {% trans "Operand two may be multivalued." %} {% endif %}

{% if not working_predicate.multivalues_step_two %}

{% trans "Choose how multivalued attribued are compared:" %}

{% else %}

{{ working_predicate.multivalues_explanation }}

{% if working_predicate.operand1_defined %}

{% trans "Operand one is attribute" %} {{ working_predicate.operand1_defined.definition_name }} {% if working_predicate.operand1_defined.type == "definition" %} {% trans " from" %}( {% for s_id, s_name in working_predicate.operand1_defined.sources_selected %} {{ s_name }}, {% endfor %})

{% else %} {% trans "of values" %}( {% for value in working_predicate.operand1_defined.values_selected %} {{ value }}, {% endfor %})

{% endif %} {% endif %} {% if working_predicate.operand2_defined %} {% if working_predicate.operand2_defined.type == "definition" %}

{% trans "Operand two is attribute" %} {{ working_predicate.operand2_defined.definition_name }} {% trans " from" %}( {% for s_id, s_name in working_predicate.operand2_defined.sources_selected %} {{ s_name }}, {% endfor %})

{% else %}

{% trans "Compared with values" %}( {% for value in working_predicate.operand2_defined.values_selected %} {{ value }}, {% endfor %})

{% endif %} {% endif %} {% if not working_predicate.operand1_defined or not working_predicate.operand2_defined %} {% if not working_predicate.working_operand %}

{% trans "Compared with" %}:

{% else %} {% if not working_predicate.working_operand.definition_name %} {% if not working_predicate.operand1_defined %}

{% trans "Choose an attribute as operand one of the comparison:" %} {% else %}

{% trans "Choose an attribute as operand two of the comparison:" %} {% endif %}

{% else %} {% if working_predicate.working_operand.type == "definition" %} {% if not working_predicate.operand1_defined %}

{% trans "Operand one is the attribute" %} {{ working_predicate.working_operand.definition_name }}

{% if working_predicate.operandone_singlevalued and not working_predicate.working_operand.sources_selected or not working_predicate.operandone_singlevalued%}

{% trans "From:" %}

{% endif %} {% else %}

{% trans "Operand two is the attribute" %} {{ working_predicate.working_operand.definition_name }}

{% if working_predicate.operandtwo_singlevalued and not working_predicate.working_operand.sources_selected or not working_predicate.operandtwo_singlevalued%}

{% trans "From:" %}

{% endif %} {% endif %} {% if working_predicate.working_operand.sources_selected %}

{% trans "Sources already defined:" %}

{% endif %} {% else %}

{% trans "Compared with..." %}

{% if not working_predicate.operand1_defined %} {% if working_predicate.operandone_singlevalued and not working_predicate.working_operand.values_selected or not working_predicate.operandone_singlevalued%}

{% trans "Add a value:" %}

{% endif %} {% else %} {% if working_predicate.operandtwo_singlevalued and not working_predicate.working_operand.values_selected or not working_predicate.operandtwo_singlevalued%}

{% trans "Add a value:" %}

{% endif %} {% endif %} {% if working_predicate.working_operand.values_selected %}

{% trans "Values already defined:" %}

{% endif %} {% endif %} {% endif %} {% endif %} {% else %}

{% endif %} {% endif %} {% endif %} {% endif %} {% endif %}

{% endif %} {% if predicates %}

{% trans "Predicates already defined:" %}

{% endif %} {% if predicate_types %}

{% trans "Add a new predicate:" %}

{% endif %}

{% if predicates %}

{% trans "Define the logic expression combining predicates" %}

{% trans "Use the predicates identifier. AND is '&', OR is '|', NOT is '-'. Use parenthesis for priority." %} (e.g. (1&2)|(-3))

{% if rule %} {% if what_to_display and how_to_display %}

{% if who_to_display %}

{% trans "Who" %}

{% trans "Usually an ABAC is set for 'Anybody' since the access is granted to anybody able to satisfy the abac rule, including having roles. However who may choos a user in the list below to indicate that you want to grant an access to a user only if the user also satisfy the rule." %}

{% endif %}

{% trans "What" %}

{% trans "How" %}


{% else %} {% if not working_predicate %}

{% trans 'You have not enough rights or there is not enough material in the policy to set a to set a permission.' %}

{% endif %} {% endif %} {% endif %}
{% endif %}
{% trans "Back" %}
{% endblock %}