Access control policies to implement:
Core vobject policies (add/remove objects, etc.)
- core:allow-all-if-local-site
- core:allow-parent-if-local-site
- core:allow-child-if-local-site
- core:allow-parent-from-site-list (whitelist of site id or url)
- core:allow-parent-from-object-list (whitelist of vobject urls)
- core:deny-parent-from-site-list (blacklist of site id or url)
- core:deny-parent-from-object-list (blacklist of vobject urls)
- core:script (run a script to determine answer)
- core:allow-child-from-site-list (whitelist of site id or url)
- core:allow-child-from-object-list (whitelist of vobject urls)
- core:deny-child-from-site-list (blacklist of site id or url)
- core:deny-child-from-object-list (blacklist of vobject urls)
- policy that checks a property (eg numeric scalar or velctor value within a range limit), also listens to property and undoes action (eg delink child) if prop changes to disallowed value
.
.