Open Laurin-W opened 3 months ago
Permissions management is buggy in many ways, this is why we plan to refactor it entirely in v3
Currently the code prevents a acl:Authorization
to be empty. I see it's the same for the PATCH
operation. I don't know if it would work if we allowed empty authorizations.
What do you need to change rights for ? In Welcome to my place, all permissions changes are made on the backend and it works pretty well. See for example https://github.com/activitypods/welcometomyplace/blob/v2.0/backend/services/locations.service.js
When I want to remove public read ACL permissions from a resource using the semapps authProvider (
removePermission('foaf:Agent', 'acl:agentClass', 'acl:Read');
, this fails for me.The client performs a
PUT
request on the acl resource which results in an empty ACL resource (at least after filtering in the backend).The frontend place: https://github.com/assemblee-virtuelle/semapps/blob/38395487a4c78d72f24784d5eb183db1535ceb49/src/frontend/packages/auth-provider/src/authProvider.js#L353-L370
Here, all default records are filtered and the result is then replaced with the
PUT
. Is that intended? When I don't filter them, I get this error:The rights cannot be changed because they are incorrect
(triggered inwebacl.resource.setRights
).In the backend, it fails here: https://github.com/assemblee-virtuelle/semapps/blob/d1620eb1e384d0151ba641078b670d650ba47f1c/src/middleware/packages/webacl/services/resource/actions/setRights.js#L21
I suppose,
setRights
should check for something like arightsToRemove
as well?