search

Otto-AA / solid-acl-utils

A js library for working with acl files. It allows you to add/change/remove permissions of files and folders in solid pods.
MIT License
3 stars 3 forks source link

creating an ACL from a default with an origin rule points the origin in new ACL to the default location #7

Open tsojcanth opened 4 years ago

tsojcanth commented 4 years ago

I create an ACL for a file inheriting (defaulting to) an origin predicate, the subject in the new ACL still points to the default location).

for example, starting with an empty https://gaia.solid.community/is.darcy/test/ folder and the following contents in https://gaia.solid.community/is.darcy/.acl:

@prefix : <#>.
@prefix is: <./>.
@prefix n1: <http://www.w3.org/ns/auth/acl#>.
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix c: </profile/card#>.

:owner
    a n1:Authorization;
    n1:accessTo is:;
    n1:agent c:me, <mailto:gaia@lostpages.co.uk>;
    n1:default is:;
    n1:mode n1:Control, n1:Read, n1:Write.

:trusted-apps
    a acl:Authorization;
    acl:agent c:me;
    acl:accessTo <./>;
    acl:default <./>;
    acl:origin     <https://localhost>;
    acl:mode acl:Read, acl:Write, acl:Control.

And then running this code:

            const { AclApi, AclParser, Permissions} = SolidAclUtils;
            const { READ } = Permissions;
            let fileUrl = "https://gaia.solid.community/is.darcy/test/"; // a folder defaulting to its parent

            const fetch = solid.auth.fetch.bind(solid.auth);
            const aclApi = new AclApi(fetch, { autoSave: true })
            return aclApi.loadFromFileUrl(fileUrl).then(
                (acl) => acl.addRule(READ, 'https://giulio.solid.community/profile/card#me')

the resulting https://gaia.solid.community/is.darcy/test/.acl is the following:

@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

<#owner> a acl:Authorization;
    acl:agent </profile/card#me>, <mailto:gaia@lostpages.co.uk>;
    acl:accessTo <./>;
    acl:mode acl:Control, acl:Read, acl:Write.
<#trusted-apps> a acl:Authorization;
    acl:agent </profile/card#me>;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write, acl:Control.
<https://gaia.solid.community/is.darcy/.acl#trusted-apps> acl:origin <https://localhost>.
<#Read-0> a acl:Authorization;
    acl:agent <https://giulio.solid.community/profile/card#me>;
    acl:accessTo <./>;
    acl:mode acl:Read.

As soon as the new ACL is saved the site loses control privileges on the subfolder.

Otto-AA commented 4 years ago

As stated in the README, I don't intend maintenance of this repository. So if you want this to be added, either your or someone else will need to make a PR (which I'd merge if it looks good)

This would only require changes in solid-acl-parser (solid-acl-utils is only a wrapper for that). In particular, I think following things should be changed:

I think the implementation will be similar to accessTo and defaultForNew, so you could take a look at that and probably just copy it. And you could add a test case which shows that it works as intended.

I guess this would solve the inheriting problem.

If you also want to adjust this option, you could consider adding a addOriginRule method to AclDoc.ts similar to addDefaultRule