timbl
commented
2 years ago Can e in fact solve this by doing a PATCH ... INSERT instead of a PUT to create each chat file -- or do the WAC rules require you to have Write access for that too?
Closed timbl closed 2 years ago
timbl
commented
2 years ago Can e in fact solve this by doing a PATCH ... INSERT instead of a PUT to create each chat file -- or do the WAC rules require you to have Write access for that too?
timbl
commented
2 years ago Should we check whether the PUT should in fact have been rejected for those with Append perms?
timbl
commented
2 years ago See https://gitter.im/solid/solidos?at=617cea2798c13e755005f8c8 and following
timbl
commented
2 years ago createMessageTable for Fri Oct 29 2021 01:00:00 GMT+0100 (British Summer Time)
mashlib.min.js:8 @@@ SERVER_MKDIRP_BUG: Should only happen once: create chat file: <https://drive.verborgh.org/public/2021/chat/2021/10/31/chat.ttl>
mashlib.min.js:8 createIfNotExists: doc does NOT exist, will create... <https://drive.verborgh.org/public/2021/chat/2021/10/31/chat.ttl>
/public/2021/chat/2021/10/31/chat.ttl:1 Failed to load resource: the server responded with a status of 403 ()
mashlib.min.js:8 createIfNotExists doc FAILED: <https://drive.verborgh.org/public/2021/chat/2021/10/31/chat.ttl>: Error: Web error: 403 on PUT of <https://drive.verborgh.org/public/2021/chat/2021/10/31/chat.ttl>
mashlib.min.js:67 Uncaught (in promise) Error: Web error: 403 on PUT of <https://drive.verborgh.org/public/2021/chat/2021/10/31/chat.ttl>
at mashlib.min.js:67Note the @@@ SERVER_MKDIRP_BUG sound like different client code being temporarily put in to compensate. for non-standard Solid servers which do not generate all the intervening directories in the path for a a patch.
timbl
commented
2 years ago Maybe setting SERVER_MKDIRP_BUG to false will fix the problem by replacing the PUT with a PATCH
RubenVerborgh
commented
2 years ago Can e in fact solve this by doing a PATCH ... INSERT instead of a PUT to create each chat file -- or do the WAC rules require you to have Write access for that too?
The access codes we're currently following are https://github.com/solid/specification/issues/14#issuecomment-683480525 (although there are open issues like https://github.com/solid/web-access-control-spec/issues/97 that touch Create).
There, it says indeed that PATCH C/R must return a 200 if the agent has Append and the payload is only INSERT, regardless of whether the resource exists. So that should work!
csarven
commented
2 years ago There, it says indeed that PATCH C/R must return a 200 if the agent has Append and the payload is only INSERT, regardless of whether the resource exists.
Which row are you referring to?
With PATCH, Append on C/R will only update C/R, not create C/R.
PUT and PATCH:
Create requires Append (or Write) on C/ and Write on C/R.
PUT:
Replace requires Write on C/R.
RubenVerborgh
commented
2 years ago @csarven Apologies, I misread; your interpretation is correct. Last row here:
So Append on C.
The Append on C/R case is the topic of https://github.com/solid/web-access-control-spec/issues/97, which is why it works on CSS. Maybe this case is an extra argument of why that should work.
If you happen to the person who makes the first message of the day, and you are a user who has append permission only to the chat space, then you can't create that first file because that requires Write not Append.
(This is not a problem if the message by an owner who created the chat)