<taskModel xmlns="http://ce.org/cea-2018" about="urn:cetask.wpi.edu:examples:policytaskmodel:XacmlInit">
	<!-- functions that output an XACML policy
		 Part of the initialization code for the task model in policytaskmodel.xml
		 (Project for CS 525U)
		 Author: Paul Freitas
		 Date: 4/8/08 -->
		 
	<script init="true">
		$stringEqualMatch = "urn:oasis:names:tc:xacml:1.0:function:string-equal";
		$xStringType = "http://www.w3.org/2001/XMLSchema#string";
		
		function XACMLanySubject() {
			return <![CDATA["<Subjects><AnySubject/></Subjects>"]]>;
		}
		
		function XACMLanyResource() {
			return <![CDATA["<Resources><AnyResource/></Resources>"]]>;
		}
		
		function XACMLanyAction() {
			return <![CDATA["<Actions><AnyAction/></Actions>"]]>;
		}
		
		function XACMLsubMatchRole(role) {
			return <![CDATA["\t\t\t\t<SubjectMatch MatchId=\"" + $stringEqualMatch + "\">\n" +
								"\t\t\t\t\t<AttributeValue DataType=\"" + $xStringType + "\">" + role + "</AttributeValue>\n" +
								"\t\t\t\t\t<SubjectAttributeDesignator AttributeId=\"role\" Datatype=\"" + $xStringType + "\"/>\n" +
								"\t\t\t\t</SubjectMatch>\n"]]>
		}
		
		
		function XACMLactMatchAction(action) {
			return <![CDATA["\t\t\t\t<ActionMatch MatchId=\"" + $stringEqualMatch + "\">\n" +
								"\t\t\t\t\t<AttributeValue DataType=\"" + $xStringType + "\">" + action + "</AttributeValue>\n" +
								"\t\t\t\t\t<ActionAttributeDesignator AttributeId=\"action-id\" Datatype=\"" + $xStringType + "\"/>\n" +
								"\t\t\t\t</ActionMatch>\n"]]>
		}
		
		function XACMLsepDuties(sdc) {
			return <![CDATA["<Rule RuleId=\"SepDutiesConstraint" + sdc.role1 + "-" + sdc.role2 + "\" Effect=\"Deny\">\n" +
								"\t<Target>\n\t\t<Subjects>\n" +
								"\t\t\t<Subject>\n" +
								XACMLsubMatchRole(sdc.role1) +
								XACMLsubMatchRole(sdc.role2) +									
								"\n\t\t\t</Subject>\n\t\t</Subjects>\n" +
								XACMLanyResource() +
								XACMLanyAction() +
								"\t</Target>\n</Rule>"]]>;
		}
		
		function XACMLcell(row,col,dec) {
			var retval = ""
			
			retval += <![CDATA["<Rule RuleId=\"cell-" + row + "-" + col + "\" Effect=\""]]>;
			if(dec == ACDecision.PERMIT) {
				retval += "Permit";
			} else if(dec == ACDecision.DENY) {
				retval += "Deny";
			} else {
				return ""; //not applicable
			}
			retval += <![CDATA["\">\n" +
					  "\t<Target>\n\t\t<Subjects\n" +
					  "\t\t\t<Subject>\n" +
					  XACMLsubMatchRole(row) +
					  "\t\t\t</Subject>\n\t\t</Subjects>\n" +
					  XACMLanyResource() +
					  "\t\t<Actions>\n\t\t\t<Action>\n" +
					  XACMLactMatchAction(col) +
					  "\t\t\t</Action>\n\t\t</Actions>\n" +
					  "\t</Target>\n</Rule>"]]>;
					  
			return retval;
		}
		
		function createPolicy(m,c) {
			var i;
			var policy = "";
			
			//add preamble
			policy += <![CDATA["<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
							   "<Policy xmlns=\"urn:oasis:names:tc:xacml:1.0:policy\"" +
									"\tPolicyId=\"PolicyAuthorOutput\"\n" +
									"\tRuleCombiningAlgId=\"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:"]]>;
			if(m.combinator == PERMITOVERRIDES) {
				policy += "permit-overrides\"&lt;\n";
			} else if(m.combinator == DENYOVERRIDES) {
				policy += "deny-overrides\"&lt;\n";
			} else if(m.combinator == FIRSTAPPLICABLE ) {
				policy += "first-applicable\"&lt;\n";
			} else {
				throw "Unrecognized rule combiner";
			}
			
			policy += <![CDATA["\t<Target/>\n"]]>;
			
			//handle separation of duties
			for(i = 0; i &lt; c.length; i++) {
				if(c[i].constraintType == "SeparationOfDutiesConstraint") {
					policy += XACMLsepDuties(c[i]);
				}
			}
			//now handle each row of the matrix
			for(i = 0; i &lt; m.rownames.length; i++) {
				for(j = 0; j &lt; m.colnames.length; j++) {
					policy += XACMLcell(m.rownames[i],m.colnames[i],m.get(m.rownames[i],m.colnames[i]));
				}
			}
			
			//add end
			policy += <![CDATA["</Policy>\n"]]>;
			
			return policy;
		}
	</script>
</taskModel>