Can't Set Access Resources/File

Hi everyone,
I’m trying to set access to a Resource in my Pod. This is my code

async function setAccess(resourceUrl, agentOrGroupID, access, session){

  var myResourceWithAcl, resourceAcl;

  try {

    if (isFile(resourceUrl))
      myResourceWithAcl = await getFileWithAcl(resourceUrl, { fetch : session.fetch});
    else if (isDataset(resourceUrl)){
      //myResourceWithAcl = await getSolidDatasetWithAcl(resourceUrl, { fetch : session.fetch});
      console.log("It is Dataset");
      //return false;            //TEMPORARY EXIT
      myResourceWithAcl = await getResourceInfoWithAcl(resourceUrl, { fetch : session.fetch});

    //console.log(myResourceWithAcl);                      //LOG #1
    //console.log(getEffectiveAccess(myResourceWithAcl));         //LOG #2
    if (!hasResourceAcl(myResourceWithAcl)) {
      if (!hasAccessibleAcl(myResourceWithAcl)){
        console.log("The current user does not have permission to change access rights to this Resource.");
        return false;
      console.log("The Resource-specific ACL does not exist");
      if (!hasFallbackAcl(myResourceWithAcl)) {
        console.log("The current user does not have permission to see who currently has access to this Resource.");        
        console.log("I'm creating a new one");
        resourceAcl = createAcl(myResourceWithAcl);
      else {    
        console.log("I'm creating a new one from the FallbackACl.");
        resourceAcl = createAclFromFallbackAcl(myResourceWithAcl);
      resourceAcl = getResourceAcl(myResourceWithAcl);   
    console.log(resourceAcl);         //LOG #3
    const updatedAcl = setAgentResourceAccess(

    await saveAclFor(myResourceWithAcl, updatedAcl, { fetch : session.fetch});

    return true;
  } catch (error) {

LOGs return:

PREMISE: I m acting/logging as admin of Pod
The questions i want to post are:

  • In the Log#2 why i can’t see control access for admin?
  • Why i obtain an Invalid URL? I check all parameters but all are correct.

Hi @vincenzo-dip8, unfortunately does not implement WAC (aka ACLs), so code that assumes that won’t work there.

What you can do, if it covers your use cases, is use the high-level API that automatically switches between WAC and ACPs as needed. If you need more fine-grained control, you’ll need to manually detect which is supported by the user’s Pod.

(Pinging @kay-kim, Inrupt technical writer: the solid-client WAC tutorial mentions that ESS supports WAC, implying that has enabled that support - which it hasn’t.)

1 Like

Why you say that can’t use WAC?

What i know is this:
Inrupt libraries describe 3 mechanism to control access on resources. ACP, WAC, and Universal.
I started using Universal mechanism but i found that some functions (e.g. setAccessFor) cannot be imported. I tried to import other (Universal) functions, but some cannot be see.

Those highlighted cannot be used. In visual code when i put the mouse over the function name, this highlight its declaration. With those function it just show nothing (indeed they are blue-highlighted).

Oh, even if i insert them in the code, those return me error

“nameFunction” is not a function.

Then i see on Inrupt that for ACP:

Solid Server Support

ACP is an alternative to Web Access Control and is being proposed for inclusion in the Solid specifications.

While for WAC:

Although Inrupt’s Enterprise Solid Server (ESS) supports Web Access Control (WAC) in compliance with the Solid specification, due to known security issues with WAC, WAC is not recommended for Production environments.

For production, Solid servers using Access Control Policy (ACP) is recommended. For managing access with ACP, see Manage Access to Data (ACP) instead.

Since i m not using ESS on Inrupt, but “base” version on Browser as Pod Space and i d like to interact with it, i opted for WAC.

What i can do? I repeat, some function to use as universal access cannot be imported in code

I say that because I used to work at Inrupt and I know that is the case :slight_smile:

As for the import errors, you might notice from the docs that they’re not imported from @inrupt/solid-client, but from @inrupt/solid-client/access/universal". This is primarily to avoid name collisions with the other access functions, although I’d expect in time (as submodule imports become more widespread in the JS ecosystem) that all functions move to their own modules. So instead of:

import {  getPublicAccess } from "@inrupt/solid-client";


import {  getPublicAccess } from "@inrupt/solid-client/access/universal";

Alternatively, if submodule imports don’t work for you, you can import the access object directly from the top-level, although this is undocumented and thus may be removed at any time in the future:

import { access } from "@inrupt/solid-client";

// You can now call `access.getPublicAccess()`

I’m not sure what you mean by “base version”, but runs ESS. Although I agree that the documentation currently implies that you can use WAC there, which is not the case.

I don’t know about importing from access/universal.
However i tried both your solutions but seems that cannot be imported in the sense that visual code does not describe them when passing mouse over.

Can you help me?

Did you try the access import? I think that should be recognised by VSCode. The others need some work on solid-client and an upgrade to the newer TypeScript.

That said, VSCode not recognising them should not obstruct the code from working, although of course it’ll make it slightly harder.

If i use
const { access } = require("@inrupt/solid-client");
and pass the mouse over it does not work, but seems that when i try to use access within code it permit me to recall the universal function . Today i will try.

Just a curiosity: when i digit “access” wihtin VS it suggests me access, access_v1 and v2 . Can you tell me more?

Yes, there have been breaking changes to that API, so if you had old code still relying on the previous version, you can import access_v1 rather than just access. It should be irrelevant for you - access is the latest version, and you don’t have old code so no backwards compatibility issues :slight_smile:

Still not working.

I ve noticed one thing: when i digit “access.” then VSCode show me the suggestions, but if i call access within setAccess function (as in photo) it tells me just “setAgentAccess”, while if i try immediately after access declaration, VSCode shows me also other interesting things such as if setAgentAccess should be the function within universal_v1, v2, eccc…

Another thing is this:
if i try to import the function i need from @inrupt/solid-client/dist/access/universal_v2, this shows me the code, but when execute it tells me that universal_v2 is not declared/imported/present within the package.json

Hmm, that’s weird: are you using a recent version of solid-client? What do you see if you log Object.keys(access)?

The import you mention later is wrong: it’s not /dist/access/universal_v2, but /access/universal.

I m using access/universal now, however i use this syntax,

const {} = require("universal path")

using /access/universal it returns me the fact that i must import as ES module because the “universal” file is a .mjs, while i m using .js , and const {} = require() instead of importing with “import” keyword.

This is the log of Object.keys(access)?

Hi @vincenzo-dip8

Could you try putting the fetch in a document? {fetch: session.fetch} instead of just session.fetch?

I was able to run per @Vincent’s suggestion w.r.t. access (he knows all the things!!!) (see my attached picture).

As for the docs, heh, so, PodSpaces actually has its own docs where we do state that it is running ACP. But, definitely, can make a note of it in the JS Client Lib docs as suggested. As well as add more information to our manage access page in the JS client lib docs.

sorry, i don’t have understand this.
However, i changed the fetch parameter as you, but still the same error. I don’t know how to resolve it

@Vincent i m using the last version, i hope ':). I used the npm install @inrupt/solid-client so i think it will return me the latest version

EDIT: I found the error. It was just a conflict with a parameter passed within the function i m using because to set access i pass a “access” parameter. So, when i try to call in the function th e access keyword related to the mechanism of access, it does not know the function setAgentAccess.

Now it work.

thanks a lot


Again, Hi @kay-kim and @Vincent .
I will ask you the same of above “access” but now related to the acp, respectively:

const { 
} = require("@inrupt/solid-client/acp/control");

const { 
} = require("@inrupt/solid-client/acp/policy");

const { 
} = require("@inrupt/solid-client/acp/acp");

However i get an error related to the fact that those are .mjs, so using the form const {} = require ecc… ecc… does not work.

i tried same as

const { access } = require("@inrupt/solid-client");

but now with acp or other, and it cannot be see. I only see acp_v1 2 3 4, but as deprecated.

Can you help me to get those function related to the acp?

Hi @vincenzo-dip8 – to access the acp functions directly, try using the acp_v3 (the deprecation is relative to the universal access APIs – that is the access is preferred over the acp_v3 but to use current acp APIs directly, acp_v3)

Oh, a clarification, The deprecation comment I made earlier - eh, that was a guess on my part. I haven’t had a chance to sort out everything yet - but it was my best guess. Eh.

1 Like

still thanks a lot :slight_smile: