<?xml version="1.0" encoding="ISO-8859-1"?>
<profiles>

	<!-- FIXME: check for unused services -->

	<!-- External system services are still missing-->
	<!-- ====================================================================== -->

	<profile name="Administrator" extends="UserAdmin">

		<!-- Group maintenance services -->
		<allow service="group.remove"/>
		<allow service="group.update"/>

		<!-- Category maintenance services -->
		<allow service="category.remove"/>
		<allow service="category.update"/>

		<!-- Localization -->
		<allow service="localization"/>
		<allow service="xml.group.update"/>
		<allow service="xml.category.update"/>
		<allow service="xml.operation.update"/>
		<allow service="xml.region.update"/>

		<!-- Utilities  -->
		<allow service="util.import"/>
		<allow service="util.ping"/>
		<allow service="util.empty"/>
		<allow service="util.select"/>

		<!-- Edit the context sensitive help -->
		<allow service="help.edit.form"/>
		<allow service="help.update"/>

		<!-- Insert metadata from ISO19115 XML files from a local directory -->
		<allow service="metadata.batchimport.form"/>

		<!-- Search for orphaned metadata records -->
		<allow service="metadata.searchunused.form"/>
		<allow service="metadata.searchunused"/>

		<!-- Harvesting facilities -->
		<allow service="harvesting"/>
		<allow service="xml.harvesting.get"/>
		<allow service="xml.harvesting.add"/>
		<allow service="xml.harvesting.update"/>
		<allow service="xml.harvesting.remove"/>
		<allow service="xml.harvesting.start"/>
		<allow service="xml.harvesting.stop"/>
		<allow service="xml.harvesting.run"/>
		<allow service="xml.harvesting.info"/>

		<!-- Thesaurus facilities -->
		<allow service="thesaurus.admin"/>
		<allow service="thesaurus.edit"/>
		<allow service="thesaurus.update"/>
		<allow service="thesaurus.upload"/>
		<allow service="thesaurus.download"/>
		<allow service="thesaurus.delete"/>
		<allow service="thesaurus.editelement"/>
		<allow service="thesaurus.addelement"/>
		<allow service="thesaurus.deleteelement"/>
		<allow service="thesaurus.updateelement"/>
		<allow service="thesaurus.add"/>

        <!-- Contact directory services -->
        <allow service="contactdirectory.admin"/>
        <allow service="contactdirectory.edit"/>
        <allow service="contactdirectory.upload"/>
        <allow service="contactdirectory.download"/>
        <allow service="contactdirectory.delete"/>
        <allow service="contacts.deleteelement"/>
    
        <!-- CRS services -->
        <allow service="crs.admin"/>
        <allow service="crs.edit"/>
        <allow service="crs.update"/>
        <allow service="crs.upload"/>
        <allow service="crs.download"/>
        <allow service="crs.delete"/>
        <allow service="crs.view"/>
        <allow service="crs.list"/>


		<allow service="config"/>
		<allow service="xml.config.get"/>
		<allow service="xml.config.set"/>
    
        <!-- Lucene index maintenance services -->
        <allow service="metadata.admin.index.rebuild"/>
	</profile>

	<!-- ====================================================================== -->

	<profile name="UserAdmin" extends="Reviewer">

		<!-- User maintenance services -->
		<allow service="user.get"/>
		<allow service="user.list"/>
		<allow service="user.remove"/>
		<allow service="user.update"/>

		<!-- Transfer ownership services -->
		<allow service="transfer.ownership"/>
		<allow service="xml.ownership.editors"/>
		<allow service="xml.ownership.groups"/>
		<allow service="xml.ownership.transfer"/>

	</profile>

	<!-- ====================================================================== -->

	<profile name="Reviewer" extends="Editor"/>

	<!-- ====================================================================== -->

	<profile name="Editor" extends="RegisteredUser">

		<!-- Allow to see the list of groups the user is member of -->
		<allow service="group.list"/>
		<allow service="group.get"/>

		<!-- These are the metadata categories forms -->
		<allow service="metadata.category"/>
		<allow service="metadata.category.form"/>
		<allow service="category.list"/>
		<allow service="category.get"/>

		<!-- Allow to add a metadata record -->
		<allow service="metadata.add"/>
		<allow service="metadata.add.form"/>

		<!-- These are the metadata privileges forms -->
		<allow service="metadata.admin"/>
		<allow service="metadata.admin.form"/>

		<!-- Allow to delete a metadata record -->
		<allow service="metadata.delete"/>
		<allow service="metadata.massiveDelete"/>

		<allow service="metadata.duplicate.form"/>
		<allow service="metadata.create.form"/>
		<allow service="metadata.create"/>
		<allow service="metadata.create.tab"/>
		<allow service="metadata.create.service"/>

		<!-- Allow to edit a metadata record -->
		<allow service="metadata.edit"/>
		<allow service="metadata.edit.tab"/>
		<allow service="metadata.edit.frame"/>
        <allow service="metadata.elem.add"/>
		<allow service="metadata.elem.delete"/>
		<allow service="metadata.elem.down"/>
		<allow service="metadata.elem.up"/>
        <allow service="metadata.xlink.add"/>
		<allow service="metadata.xslupdate"/>
		<allow service="metadata.update"/>
        <allow service="metadata.update.tab"/>    
		<allow service="metadata.update.finish"/>
		<allow service="metadata.update.validate"/>
		<allow service="metadata.update.onlineSrc"/>
		
		<!-- Allow to update metadata child -->
		<allow service="metadata.update.child"/>
		
		<!-- Allow to update service metadata -->
		<allow service="metadata.services.updater"/>

		<!-- Allow to add a metadata record in XML format -->
		<allow service="metadata.xmlinsert.form"/>
		<allow service="metadata.insert"/>

		<!-- Allow to upload a file -->
		<allow service="file.upload"/>
        <allow service="del.upload"/>
		<allow service="resources.upload"/>
		<allow service="resources.del"/>

		<!-- Allow thumbnail services -->
		<allow service="metadata.thumbnail.form"/>
		<allow service="metadata.thumbnail.set"/>
		<allow service="metadata.thumbnail.unset"/>

		<!-- Allow GeoNetwork Mapping services -->
		<allow service="xml.metadata.insert"/>
		<allow service="xml.metadata.delete"/>
		<allow service="xml.user.list"/>

		<!-- MEF facilities -->
		<allow service="mef.import"/>

		<!-- Relation services -->
		<allow service="xml.relation.insert"/>
		<allow service="xml.relation.delete"/>


        <!-- Contact services -->
        <allow service="contactdirectory.view"/>
        <allow service="contactdirectory.list"/>
	    <allow service="contacts.newelement"/>
        <allow service="contacts.duplicateelement"/>
        <allow service="contacts.updateelement"/>
        <allow service="contacts.saveelement"/>
        <allow service="contacts.viewelement"/>

    
	</profile>

	<!-- ====================================================================== -->

	<profile name="RegisteredUser" extends="Guest">

		<!-- gives access to the admin form -->
		<allow service="admin"/>

		<!-- Allow the user to change it's password -->
		<allow service="user.pwedit"/>
		<allow service="user.pwupdate"/>
		<allow service="user.infoedit"/>
		<allow service="user.infoupdate"/>
		<allow service="user.logout"/>

	</profile>

	<!-- ====================================================================== -->

	<profile name="Guest">

		<!-- Basic services to search and display the results -->
		<allow service="main.home"/>
		<allow service="main.searchform.simple.embedded"/> <!--  ETj -->		
		<allow service="main.searchform.advanced.embedded"/> <!--  ETj -->		
		<allow service="main.search"/>
        <allow service="main.simple.search"/>
		<allow service="main.search.embedded"/> <!--  ETj -->
		<allow service="main.present"/>
		<allow service="main.present.embedded"/> <!--  ETj -->
		<allow service="metadata.show"/>
        <allow service="metadata.show.tab"/>
		<allow service="metadata.show.embedded"/> <!--  ETj -->
        <allow service="metadata.bbox.estimate"/>
		<allow service="remote.show"/>
		<allow service="rating.popup"/>

		<!-- Select metadata service -->
		<allow service="metadata.select"/>
		
		<!-- Login and logout services -->
		<allow service="user.login"/>

		<!-- User privileges -->
		<allow service="user.privileges.error"/>
		<allow service="res"/>

		<!-- Get help -->
		<allow service="help"/>
		<allow service="links"/>
		<allow service="about"/>

		<!-- Give feedback -->
		<allow service="feedback"/>
		<allow service="feedback.insert"/>

		<!-- Download a file -->
		<allow service="file.download"/>
		<allow service="file.disclaimer"/>
		<allow service="feedback.download.insert"/>
		<allow service="resources.get"/>

		<!-- Get metadata from external application -->
		<allow service="external.getmetadata"/>
		<allow service="resources.getgraphover"/>
		<allow service="graphover.show"/>

		<!-- WMC -->
		<allow service="intermap.wmc.setWmcContext"/>

		<!-- CSV services -->
		<allow service="csv.search"/>
		<allow service="selection.search"/>
		
		<!-- XML services -->
		<allow service="xml.user.login"/>
		<allow service="xml.user.logout"/>
		<allow service="xml.search"/>
		<allow service="xml.search.keywords"/>
		<allow service="xml.metadata.get"/>
        <allow service="xml.keyword.get"/>
		<allow service="xml.info"/>
		<allow service="xml.forward"/>
		<allow service="xml.region.get"/>

        <!-- JSON services -->
        <allow service="json.metadata.get"/>

		<!-- Portal XML services -->
		<allow service="portal.search"/>
		<allow service="portal.opensearch"/>
		<allow service="portal.search.keywords"/>
		<allow service="portal.search.present"/>
		<allow service="portal.present"/>
		<allow service="portal.full"/>
		<allow service="portal.get"/>
		<allow service="portal.latest.updated"/>
		<allow service="portal.featured"/>
		<allow service="portal.categories"/>
		<allow service="portal.sources"/>

		<!-- Metadata export services -->
		<allow service="pdf.search"/>
        <allow service="kml.search"/>
		<allow service="dc.xml"/>
		<allow service="fgdc.xml"/>
		<allow service="iso19115.pdf"/>
        <allow service="iso19139.pdf"/>     
        <allow service="iso19115to19139.xml"/>
		<allow service="iso19139.xml"/>
		<allow service="iso_arccatalog8.xml"/>
		<allow service="iso19139.pdf.discovery"/>
		<allow service="iso19139.pdf.essential"/>
		<allow service="iso19110.essential"/>

		<!-- RSS services -->
		<allow service="rss.latest"/>
		<allow service="rss.search"/>
		<allow service="rss.present"/>

		<!-- KML services -->
		<allow service="google.kml"/>
<!--		<allow service="search.kml"/>
		<allow service="search.present.kml"/> -->

		<!-- Allow GeoNetwork Mapping services -->
		<allow service="xml.group.list"/>

		<!-- Catalogue Services for the Web -->
		<allow service="csw"/>

		<!-- Open Archive Initiative, Protocol for Metadata Harvesting -->
		<allow service="oaipmh"/>
		
		<!-- MEF facilities -->
		<allow service="mef.export"/>

		<!-- Relation services -->
		<allow service="xml.relation.get"/>

		<!-- Metadata schema related -->
		<allow service="xml.schema.info"/>

		<!-- Rating services -->
		<allow service="xml.metadata.rate"/>
		
		<!-- Thesaurus services -->
	 	<allow service="keywords.search"/>
	 	<allow service="keywords.sort"/>
	 	<allow service="keywords.select"/>
	 	<allow service="keywords.editsearch"/>
		<allow service="keywords.getselected"/>
	 	<allow service="thesaurus.list"/>
		<allow service="thesaurus.view"/><!-- FIXME : Check if needed -->
		<allow service="xml.thesaurus.getList"/>
		<allow service="search.keywords"/>

        
        <!-- Contact search services -->
        <allow service="contacts.search"/>
        <allow service="contacts.sort"/>
        <allow service="contacts.select"/>
        <allow service="contacts.editsearch"/>
        <allow service="contacts.getselected"/>
        
 
        <!-- CRS search services -->
        <allow service="crs.editsearch"/>
        <allow service="crs.editsearchresults"/>
        <allow service="crs.listsearchresults"/>
        <allow service="crs.search"/>
    
		<!-- Test i18n -->
		<allow service="test.i18n"/>
        <allow service="test.i18n.xml"/>
		<allow service="test.csw"/>	
		
		<allow service="resource.get"/>

		<!-- Config pour Geonantes pour recuperation des vignettes -->
		<allow service="util.identifiant" />
		<allow service="resources.getbyuuid" />		
	</profile>

	<!-- ====================================================================== -->
</profiles>

