Removing ACL Permission from resource fails using authProvider

[Laurin-W]

When I want to remove public read ACL permissions from a resource using the semapps authProvider (removePermission('foaf:Agent', 'acl:agentClass', 'acl:Read');, this fails for me.

The client performs a PUT request on the acl resource which results in an empty ACL resource (at least after filtering in the backend).

The frontend place: https://github.com/assemblee-virtuelle/semapps/blob/38395487a4c78d72f24784d5eb183db1535ceb49/src/frontend/packages/auth-provider/src/authProvider.js#L353-L370

Here, all default records are filtered and the result is then replaced with the PUT. Is that intended? When I don't filter them, I get this error: The rights cannot be changed because they are incorrect (triggered in webacl.resource.setRights).

In the backend, it fails here: https://github.com/assemblee-virtuelle/semapps/blob/d1620eb1e384d0151ba641078b670d650ba47f1c/src/middleware/packages/webacl/services/resource/actions/setRights.js#L21

I suppose, setRights should check for something like a rightsToRemove as well?

[srosset81]

Permissions management is buggy in many ways, this is why we plan to refactor it entirely in v3

Currently the code prevents a acl:Authorization to be empty. I see it's the same for the PATCH operation. I don't know if it would work if we allowed empty authorizations.

What do you need to change rights for ? In Welcome to my place, all permissions changes are made on the backend and it works pretty well. See for example https://github.com/activitypods/welcometomyplace/blob/v2.0/backend/services/locations.service.js