Error 500 while trying to create a .acl

We are trying to create a .acl for an specific file so that we can implement a sharing functionality. We’ve been trying both with the solid-acl-utils and the solid-acl-parser. We are not being able to create those .acl files. This is the code snippet trying to do so:

var fetch = auth.fetch.bind(auth);

        var aclApi = new SolidAclUtils.AclApi(fetch, { autoSave: true });

        var baseSource = session.webId.split(“profile/card#me”)[0];

        var source = baseSource + “viade/routes/”;

        var routeURL = source + this.getRouteName();


        if (!await this.fc.itemExists(routeURL + “.acl”)) {

            await this.fc.createFile(routeURL + “.acl”, “”, “text/turtle”);


        var acl = await aclApi.loadFromFileUrl(routeURL);

        await acl.addRule(SolidAclUtils.Permissions.READ, friend.webId);

If you could give me any clue about how to create that file, would be great.

There is currently a bug in version 5.2.4 of NSS that gives a 500 error when attempting to create a .acl. That version is on Version 5.2.3 on does not have that bug. The bug is being worked on but a fix is not yet ready.

You may be able to work around the bug temporarily by using something like this:

  fetch( url, {method:"PUT",body:text,headers:{"content-type":ctype}} )

WARNING : in the code you showed you are creating the file with no content. This will have disastrous effects if it works. A .acl file that has no content will lock you out of either editing or deleting itself and the resource it references. NEVER CREATE AN ACL FILE THAT DOES NOT EXPLICITLY GIVE YOU OR SOMEONE YOU TRUST CONTROL OVER THE RESOURCE.


Really appreciate your help, and thank you for the last advice.
Now, with your approach, I’m getting a 400 Error (Bad Request). This is what I’ve tried:

await fetch( routeURL + “.acl”, {method:“PUT”,body:text,headers:{“content-type”:“text/turtle”}} )

Text is defined above.

My guess is that you have bad content, so you need to show what you put in “text”.

Sure, there you got it:

var text = “@prefix  acl:  <>  .”;

        text += “<#authorization1>”;

        text += "    a             acl:Authorization;";

        text += "    acl:agent     <>;";

        text += "    acl:accessTo  <" + this.getRouteName + “>;”;

        text += "    acl:mode      acl:Read,"; 

        text += "                  acl:Write,"; 

        text += "                  acl:Control.";

Well, I’m out of ideas. Good luck.

This works for me with template string with something like that (here i added a condition in the template string, just for the fun :wink:

with solid-file-client but as said @jeffz there is a bug on 5.2.4 version,

that works on that has been revert

Edit ! Is this .acl for a file or a folde? The last example was for a file. If it is for a folder, you have to have a line with acl:default like that


You hit the target! We wanted to modify files’ permissions. Thank you so much, after some issues, we already have it working!

1 Like

:blush: let’s decentralize & share the difficulties
Let’s decentralishare !:joy:


Hi again,

I’m working with @uo264074 and we are now facing another problem with .acl files. We are trying to do the same thing as before, which we achieved, but now with .jpg files. We get an error in the console related to CORS policy when executing fc.itemExists(aclUrl) method from solid-file-client library and I don’t understand why. Here you have the code it is executed. The error is the following:

You can never read a .acl file unless you are listed in it as having Control rights to it. That means that even itemExists() will fail if you try to read an .acl file you do not Control. The only solution is for you to give yourself and the app Control over the resource, then you can use itemExists() on the .acl.

This inability to read acl files you don’t control is a property of Solid, not of solid-file-client. You will run into the same issue with a plain HEAD request that you do with itemExists() which is essentially just a synonym for HEAD.

The thing is we have modified .acl for other file in other method (see here) and that seems to work fine, i.e we don’t get the CORS policy error, so I don’t understand why in the first we get the error but this we don’t. Are we missing something?

The thing is, if you have Write permissions, you can create, modify or delete the file but unless you have Control you can not read the access control file. So there is no contradiction between the fact that you were able to modify it but not read its .acl file.

I think you don’t get what I mean. The thing is if you look there are two methods modifyPermissionsRoute() and modifyPermissionsMedia() and both of them call at some point manageAcl(). The first method works perfectly fine but the second does not, and they both check if their respective .acl exists and if it doesn’t it creates one and then adds the READ rule.

Edit : I’m wrong, that is a CORS error. What I said about access control is true, but not relevant to your situation. Are you using the same browser in both cases?

We are using Google Chrome in both cases

Sorry, I don’t know much about CORS. Good luck.