Tests to add

[michielbdejong]

So far, I have a test that checks if the pod root ACL doc exists and has at least one triple. We want to test how an ACL doc affects access rights. For all tests we would create a test folder with some fixture tree in there, and see how the server interprets the ACL docs we put in. The fixture tree root could have an empty ACL doc, to make sure nothing outside the test folder affects the behaviour.

ACL doc application

• empty/ (with an empty ACL doc) -> Alice should not be allowed to GET empty/
• empty/noAclDoc/, without ACL doc -> Alice should not be allowed to GET empty/noAclDoc/
• empty/noAclDoc/noAclDoc.txt, without ACL doc -> Alice should not be allowed to GET empty/noAclDoc/noAclDoc.txt
• accessTo/, (with ACL doc where Alice has acl:accessTo read access) -> Alice should be allowed to GET accessTo/
• accessTo/noAclDoc/ (without ACL doc) -> Alice should not be allowed to GET accessTo/noAclDoc/
• accessTo/noAclDoc/noAclDoc.txt (without ACL doc) -> Alice should not be allowed to GET accessTo/noAclDoc/noAclDoc.txt
• default/, (with ACL doc where Alice has acl:default read access) -> Alice should not be allowed to GET default/
• default/noAclDoc/, (without ACL doc) -> Alice should be allowed to GET default/noAclDoc/
• default/noAclDoc/noAclDoc/, (without ACL doc) -> Alice should be allowed to GET default/noAclDoc/noAclDoc/
• default/noAclDoc/noAclDoc/noAclDoc.txt (without ACL doc) -> Alice should be allowed to GET default/noAclDoc/noAclDoc/noAclDoc.txt

Things you can do and necessary+sufficient access rights for it:

Create

• POST a container: (acl:Append or acl:Write)
• PUT a non-existing container: acl:Write + acl:Write on the parent(s)
• PUT a non-existing non-container: acl:Write + acl:Write on the parent(s)
• PATCH-INS a non-existing non-container: acl:Write + acl:Write on the parent(s)

Read

• HEAD a non-container resource: acl:Read
• HEAD a container: acl:Read
• GET a non-container resource: acl:Read
• GET a container: acl:Read

Update

• PATCH-INS an existing non-container: (acl:Append or acl:Write)
• PATCH-replace an existing non-container: acl:Write
• PATCH-DEL an existing non-container: acl:Write

Delete

• DELETE an existing non-container: acl:Write + acl:Write on the parent
• DELETE an existing empty container: acl:Write + acl:Write on the parent

Control

• create an ACL doc: acl:Control on the target resource
• read an ACL doc: acl:Control on the target resource
• update an ACL doc: acl:Control on the target resource
• delete an ACL doc: acl:Control on the target resource

[michielbdejong]

so for instance for create:POST I could do 1 test with acl:Append (should succeed), one with acl:Write (should succeed), and then one with everything else (i.e. accessTo Read, Control and default R/A/W/C) and that should fail.

I should use two users for recursiveDelete to work after I set a restrictive ACL. Also, rdflib seems to hijack the fetcher, for instance:

Create › Using PUT › Is not allowed with default Read access

    Fetcher: <https://localhost:8443/solid-crud-tests-1599138436666/defaultRead/> Forbidden

      1082 |       }
      1083 | 
    > 1084 |       var err = new Error('Fetcher: ' + errorMessage); // err.ok = false // Is taken as a response, will work too @@ phase out?
           |                 ^
      1085 | 
      1086 |       err.status = statusCode;
      1087 |       err.statusText = errorMessage;

      at Fetcher.failFetch (../rdflib/lib/fetcher.js:1084:17)
      at ../rdflib/lib/fetcher.js:1792:26
          at runMicrotasks (<anonymous>)

where I'm only using authFetcher and not rdflib to run that test, so I'll use one authFetcher for setting up the fixtures and then a separate one for running the tests.