I’m currently creating an application for my Masters Dissertation using react, using the reac-sdk and the javascript solid-client library.
Here’s my question:
I want to create a container and within this container i want to create 4 datasets for the app. I want to be able to have these datasets viewable for other users if the user wishes to.
I have been trying to give access to other users using the universalAccess API but I ran into the issue of there not being an acl resource to modify. I then created an empty acl resource when creating the container and proceeded to lock myself out of the resource.
Would someone be able to describe the flow in which I should be doing in order to allow this functionality to work?
If any further information is needed please ask.
Thanks
Out of curiousity, what project are you working on?
Depending on what exactly you want, one way would be (code not tested, based on the libraries documentation):
// your 4 datasets
const datasets = ["https://example.com/foo/resource", ...]
// users that should have access to these 4 datasets
const users = ["https://id.example.com/someWebId", ...]
// access rights
const accessRights = { read: true, write: true }
for (const webId of users) {
for (const dataset of datasets) {
// fetch is the authenticated fetch you got from the solid-client auth libraries
await universalAccess.setAgentAccess(dataset, webId, accessRights, { fetch })
}
}
Does this help you? If no, where and how exactly did it go wrong? Or if that’s not what you want, can you clarify?
Regarding this, if the server uses WAC (which if I’m not mistaken means it uses acl files) then setAgentAcess should automatically create the acl file. So at lesat in theory, I don’t think it is an issue if the ACL file does not exist yet.
My solution to this is to create a blank .acl for the resource but when I’m doing that I’m locking myself out of the resource. I’ve then tried to grant the authenticated user access and still somehow locking myseld out.
For this workaround, try to not create it blank but instead create it with control permissions for yourself to not lock yourself out. I’m not sure of the top of my head how this works with the library, but it should be possible. Here is the documentation on it: Manage Access to Data (WAC) — Inrupt JavaScript Client Libraries
If you create it blank, it essentially means no one has permissions. Thus you need to create it already with some contents to prevent lock-out.
However, note that this is not “universal” as it is only for servers using WAC access control. So maybe try if your solution does not break with eg https://start.inrupt.com which (iirc) uses ACP for access control.
You may try to PATCH the .acl file directly (patching non-existent .acl should work, too; it does for me with NSS and CSS) along the lines of:
import { fetch } from 'solid-client-authn-browser'
const body = `
INSERT DATA {
<https://example.com/mypod/path/to/my/folder/.acl#ReadWriteControl> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/ns/auth/acl#Authorization> .
<https://example.com/mypod/path/to/my/folder/.acl#ReadWriteControl> <http://www.w3.org/ns/auth/acl#accessTo> <https://example.com/mypod/path/to/my/folder/> .
<https://example.com/mypod/path/to/my/folder/.acl#ReadWriteControl> <http://www.w3.org/ns/auth/acl#default> <https://example.com/mypod/path/to/my/folder/> .
<https://example.com/mypod/path/to/my/folder/.acl#ReadWriteControl> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read> .
<https://example.com/mypod/path/to/my/folder/.acl#ReadWriteControl> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Write> .
<https://example.com/mypod/path/to/my/folder/.acl#ReadWriteControl> <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Control> .
<https://example.com/mypod/path/to/my/folder/.acl#ReadWriteControl> <http://www.w3.org/ns/auth/acl#agent> <https://grouptest2.solidcommunity.net/profile/card#me> .
}
`
const aclUrl = 'https://example.com/mypod/path/to/my/folder/.acl'
// inside async function
// fetch has to be authenticated
await fetch(aclUrl, {
method: 'PATCH',
body,
headers: { 'content-type': 'application/sparql-update' },
})
This particular example sets access for a folder. If you want to set it for a file, i believe you just need to change the body:
remove the triple (line) which contains #default
replace all occurrences of /path/to/my/folder/ with /path/to/my/filename.extension (put whatever is relevant for you)
I think you could also do this with PUT and different body; this is just an example i happened to work with, recently. Hope this helps. If you try it and still have issues with it, maybe i could look at it further. I may have left some bugs in there.