# Auto-generated AIR default deny policy.

@prefix air: <http://dig.csail.mit.edu/TAMI/2007/amord/air#>.
@prefix log: <http://www.w3.org/2000/10/swap/log#>.
@prefix math: <http://www.w3.org/2000/10/swap/math#>.
@prefix s: <http://dig.csail.mit.edu/2009/IARPA-PIR/sparql#>.
@prefix : <>.

# User-defined namespaces:
@prefix example: <http://www.example.com/#> .

@forAll :P, :Q, :T, :V.

:sample-defaultdeny a air:Policy;
    air:label "A sample auto-generated default deny policy.";
    air:rule :sample-defaultdeny-check.
        
:sample-defaultdeny-check a air:BeliefRule;
    air:label "sample-defaultdeny query check";
    air:pattern {
        :Q a s:SPARQLQuery;
           s:retrieve :P;
           s:clause :W.
    };
    air:description ("Make sure this is a query.");
    # Goes to the first rule. If there are no attributes,
    # simply go to the default rule.
    air:rule :sample-defaultdeny-noncompliance-rule.

:sample-defaultdeny-noncompliance-rule a air:BeliefRule;
    air:label "sample-defaultdeny, a default deny policy.";
    air:pattern {
        :W s:triplePattern :T;
        :T log:notIncludes { [] example:name [] };
        :T log:notIncludes { [] example:age [] };
        :T log:notIncludes { [] example:dob [] };
        :T log:notIncludes { [] example:ssn [] };
        };
    air:description ("This policy only enables access to example:name example:age example:dob example:ssn . Found a triple pattern that mentions another predicate: " :T );
    air:assert{ :Q air:non-compliant-with :sample-defaultdeny } ;
    # No more policies, go to the base case.
    air:alt [ air:rule :sample-defaultdeny-default ] .


:sample-defaultdeny-default a air:BeliefRule;
    air:label "sample-defaultdeny default rule";
    air:pattern { # Empty search.
        };
    air:description ("We could not find any attributes that must be included. Asserting compliance by default.");
    air:assert{ :Q air:compliant-with :sample-defaultdeny } .
    
#ends