Change access for folder (WAC)

Hi,

I’m trying to write a function to change a person’s access to a folder. Later I would even like to give someone access to a folder in general with a function. The login works so far that I can also use other functions to upload data to a folder or to query a folder’s contents.

When executing the following function, I get the following error message when saving:

[Error] Failed to load resource: the server responded with a status of 403 (Forbidden) https://myAccount.solidcommunity.net/myTestFolder/.acl.acl

[Error] Unhandled Promise Rejection: Error: Storing the Resource at [https://myAccount.solidcommunity.net/myTestFolder/.acl.acl] failed: [403] [Forbidden].

The SolidDataset that was sent to the Pod is listed below.

SolidDataset: https://myAccount.solidcommunity.net/myTestFolder/.acl

Thing (no URL yet — identifier: #……)

Property: http://www.w3.org/1999/02/22-rdf-syntax-ns#type

Thing: https://myAccount.solidcommunity.net/myTestFolder/.acl#ControlReadWrite

Property: http://www.w3.org/1999/02/22-rdf-syntax-ns#type

Property: http://www.w3.org/ns/auth/acl#default

(0 new values added / 0 values removed)

Thing (no URL yet — identifier: #…….)

Property: http://www.w3.org/1999/02/22-rdf-syntax-ns#type

(4 new values added / 0 values removed)
(anonyme Funktion) (my-demo-app.e31bb0bc.js:123650)
asyncFunctionResume
(anonyme Funktion)
promiseReactionJobWithoutPromise
promiseReactionJob

My Funktion:

  async function testAccess() {
    if (!session.info.isLoggedIn) {
      // You must be authenticated.
      document.getElementById(
          "fileWriteStatus"
      ).textContent = `...you can't do this until you first login!`;
      return;
    }
    const myDatasetWithAcl = await getSolidDatasetWithAcl( "https://myAccount.solidcommunity.net/myTestFolder/", {
      fetch: session.fetch
    });

    const accessByAgent = getAgentAccessAll(myDatasetWithAcl, {
      fetch: session.fetch
    });

    let resourceAcl;
    if (!hasResourceAcl(myDatasetWithAcl)) {
      if (!hasAccessibleAcl(myDatasetWithAcl)) {
        throw new Error(
            "The current user does not have permission to change access rights to this Resource."
        );
      }
      if (!hasFallbackAcl(myDatasetWithAcl)) {
        throw new Error(
            "The current user does not have permission to see who currently has access to this Resource."
        );
      }
      resourceAcl = createAclFromFallbackAcl(myDatasetWithAcl);
    } else {
      resourceAcl = getResourceAcl(myDatasetWithAcl);
    }

    const updatedAcl = setAgentResourceAccess(
        resourceAcl,
        "https://friendsAccount.solidweb.org/profile/card#me",
        { read: true, append: false, write: false, control: false }
    );

   const savedAcl = saveAclFor(resourceAcl, updatedAcl, {
      fetch: session.fetch
    });
}

Return results:

myDatasetWithAcl:

[Log] DatasetCore (my-demo-app.e31bb0bc.js, line 143728)

internal_acl: {resourceAcl: DatasetCore, fallbackAcl: null}

internal_resourceInfo: {sourceIri: "https://myAccount.solidcommunity.net/myTestFolder/„, isRawData: false, contentType: “text/turtle”, linkedResources: {acl: [“https://myAccount.solidcommunity.net/myTestFolder/.acl”], describedBy: [“https://myAccount.solidcommunity.net/myTestFolder/.meta”], type: [“The W3C Linked Data Platform (LDP) Vocabulary”, “The W3C Linked Data Platform (LDP) Vocabulary”]}, aclUrl: “https://myAccount.solidcommunity.net/myTestFolder/.acl”, …}

quads: Set {Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: Literal, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: Literal, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, …} (13)

DatasetCore Prototyp

accessByAgent:

[Log] Object (my-demo-app.e31bb0bc.js, line 143736)

https://myAccount.solidcommunity.net/profile/card#me: {read: true, append: true, write: true, control: true}

https://myFriendsAccount.solidweb.org/profile/card#me: {read: false, append: true, write: false, control: false}

mailto:name@mail.com: {read: true, append: true, write: true, control: true}

Object Prototyp

resourceAcl → else branch:

[Log] DatasetCore (my-demo-app.e31bb0bc.js, line 143761)

internal_accessTo: "https://myAccount.solidcommunity.net/myTestFolder/„

internal_resourceInfo: {sourceIri: “https://myAccount.solidcommunity.net/myTestFolder/.acl”, isRawData: false, contentType: “text/turtle”, linkedResources: {acl: [“https://myAccount.solidcommunity.net/myTestFolder/.acl.acl”], describedBy: [“https://myAccount.solidcommunity.net/myTestFolder/.acl.meta”], type: [“The W3C Linked Data Platform (LDP) Vocabulary”]}, aclUrl: “https://myAccount.solidcommunity.net/myTestFolder/.acl.acl”, …}

quads: Set {Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, …} (17)

DatasetCore Prototyp

updatedAcl:

[Log] DatasetCore (my-demo-app.e31bb0bc.js, line 143778)

internal_accessTo: "https://myAccount.solidcommunity.net/myTestFolder/„

internal_changeLog: {additions: Array, deletions: Array}

internal_resourceInfo: {sourceIri: “https://myAccount.solidcommunity.net/myTestFolder/.acl”, isRawData: false, contentType: “text/turtle”, linkedResources: {acl: [“https://myAccount.solidcommunity.net/myTestFolder/.acl.acl”], describedBy: [“https://myAccount.solidcommunity.net/myTestFolder/.acl.meta”], type: [“The W3C Linked Data Platform (LDP) Vocabulary”]}, aclUrl: “https://myAccount.solidcommunity.net/myTestFolder/.acl.acl”, …}

quads: Set {Quad {subject: BlankNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph, equals: function, …}, Quad {subject: BlankNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph, equals: function, …}, Quad {subject: BlankNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph, equals: function, …}, Quad {subject: BlankNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph, equals: function, …}, Quad {id: “”, subject: NamedNode, predicate: NamedNode, object: NamedNode, graph: DefaultGraph}, …} (16)

DatasetCore Prototyp

savedAcl:

[Log] Promise (my-demo-app.e31bb0bc.js, line 143783)

result: Error: Storing the Resource at [https://myAccount.solidcommunity.net/myTestFolder/.acl.acl] failed: [403] [Forbidden]. The SolidDataset that was sent to the Pod is listed below. # SolidDataset: https://myAccount.solidcommunity.net/myTestFolder/.acl ## Thing (no URL yet — identifier: #………) Property: http://www.w3.org/1999/02/22-rdf-syntax-ns#type - http://www.w3.org/ns/auth/acl#Authorization (URL) Property: http://www.w3.org/ns/auth/acl#default - https://myAccount.solidcommunity.net/myTestFolder/ (URL) Property: http://www.w3.org/ns/auth/acl#mode - http://www.w3.org/ns/auth/acl#Append (URL) Property: http://www.w3.org/ns/auth/acl#agent - https://myFriendsAccount.solidweb.org/profile/card#me (URL) (4 new values added / 0 values removed) ## Thing: https://myAccount.solidcommunity.net/myTestFolder/.acl#ControlReadWrite Property: http://www.w3.org/1999/02/22-rdf-syntax-ns#type - http://www.w3.org/ns/auth/acl#Authorization (URL) Property: http://www.w3.org/ns/auth/acl#accessTo - https://myAccount.solidcommunity.net/myTestFolder/ (URL) Property: http://www.w3.org/ns/auth/acl#agent - https://myAccount.solidcommunity.net/profile/card#me (URL) - mailto:name@mail.com (URL) Property: http://www.w3.org/ns/auth/acl#default - https://myAccount.solidcommunity.net/myTestFolder/ (URL) Property: http://www.w3.org/ns/auth/acl#mode - http://www.w3.org/ns/auth/acl#Control (URL) - http://www.w3.org/ns/auth/acl#Read (URL) - http://www.w3.org/ns/auth/acl#Write (URL) (0 new values added / 0 values removed) ## Thing (no URL yet — identifier: #……….) Property: http://www.w3.org/1999/02/22-rdf-syntax-ns#type - http://www.w3.org/ns/auth/acl#Authorization (URL) Property: http://www.w3.org/ns/auth/acl#mode - http://www.w3.org/ns/auth/acl#Read (URL) Property: http://www.w3.org/ns/auth/acl#accessTo - https://myAccount.solidcommunity.net/myTestFolder/ (URL) Property: http://www.w3.org/ns/auth/acl#agent - https://myFriendsAccount.solidweb.org/profile/card#me (URL) (4 new values added / 0 values removed)

status: “rejected”

Promise Prototyp

You have :

https://myaccount.solidcommunity.net/myTestFolder/.acl.acl

This is not possible. An ACL resource can not have an ACL resource of its own. Only containers and non-ACL resources can have associated ACL documents.

Yes, that also seems strange to me, but I don’t understand exactly why it happens. Just try to understand that. But I don’t see any difference to the example (Manage Access to Data (WAC) — Inrupt JavaScript Client Libraries).

I only access the functions of the API. All functions used within my function are imported from
"@ inrupt / solid-client".

Hi @paixsn, welcome! Your problem lies in this line of code:

That code says "save the updated ACL updatedAcl as the ACL for resourceAcl" - which is the unchanged version of the ACL.

So instead of saving https://myAccount.solidcommunity.net/myTestFolder/.acl (which is the ACL for https://myAccount.solidcommunity.net/myTestFolder/), it’s trying to save https://myAccount.solidcommunity.net/myTestFolder/.acl.acl (which it thinks is the ACL for https://myAccount.solidcommunity.net/myTestFolder/.acl.acl - but since an ACL file can’t have an ACL file, that’s not allowed).

Instead, you’ll want to pass saveAclFor the Resource for which you want to save the updated ACL, i.e. myDatasetWithAcl. Thus, the correct code snippet would be like it is in the docs:

   const savedAcl = saveAclFor(myDatasetWithAcl, updatedAcl, {
      fetch: session.fetch
    });

Let us know if that solves your problem.

1 Like

Oh, I didn’t see that, now it works. Many Thanks :slight_smile:

1 Like