File permisions

Migarve55 · March 5, 2019, 3:30pm

Say that I have a folder with a file.
Can I make a file so a user can only read it or write?

Is there a way to set write/read permissions using the RDF js library?

happybeing · March 5, 2019, 4:13pm

I don’t know which if any libraries help you do this, but access is controlled for a specific resource by creating a “.acl” file (same name as the file but add .acl to the end) and defining the permissions as an “access control list” in the .acl file (look that up in the Solid spec).

I haven’t done it myself, so sorry if there’s an easier way that I don’t know yet (other than in the Data Browser UI that is).

Migarve55 · March 5, 2019, 4:14pm

Thank you, that is a start

megoth · March 5, 2019, 10:34pm

Given that the WebID to the user you want to access is <friends-webid>, you can grant Read+Write-access to that WebID for a resource <path-to-resource-x> by PUTing <path-to-resource-x-acl> with the following:

@prefix acl: <http://www.w3.org/ns/auth/acl#>.
<#friend>
    a acl:Authorization;
    acl:agent <friends-webid>;
    acl:accessTo <path-to-resource-x>;
    acl:mode acl:Read, acl:Write.

You can either construct that string programmatically, or you can construct the graph by something like

const acl = $rdf.graph()
[...]
acl.add(<subject>, <predicate>, <object>) // add triples manually
[...] // five triples in the above examples
$rdf.serialize(null, acl, <path-to-resource-x>, (err, body) => {
  // use something like updateManager to PUT the body
})

Needless to say, we want easier ways of doing this… Access Control is on the roadmap of the Solid React SDK, so hopefully we get some good examples there for how to go about this.

EDIT: It’s very important that you don’t rely on a specific location of the ACL-file, as described by the WAC spec. E.g. if URI to resource is <resource-uri>, ACL is not necessarily <resource-uri>.acl. You should check with the server by doing a HEAD request and look for the rel="acl" in the Link part of the response.

jeffz · March 7, 2019, 4:37am

@megoth is adding “.acl” to a URL a safe way to locate the ACL file? The spec says that we can’t rely on a specific location for the ACL file. Which means other servers might implement a different ACL location, So to be safe, we’d need to first access the resource, then read the header link with rel=“acl” to find the ACL file’s location.

megoth · March 7, 2019, 9:04am

@jeffz Oh, you’re completely correct, I’ll change my post to reflect that as well

Migarve55 · March 7, 2019, 10:34am

Thanks for the support. I have another question, is to possible to add read rights to an entire folder, such that all files inside can be read by an specific webId?

megoth · March 7, 2019, 12:05pm

Yes, there’s support for inherited authorizations in WAC with acl:accessTo. You can see an example on this in the root ACL for new accounts.

Topic		Replies	Views
Sharing files in private folders programmatically (React/JavaScript) Solid App Development FAQs	3	2431	May 1, 2020
Access Control Help	8	307	March 9, 2023
JS Library for working with acl files Solid App Development FAQs	5	1159	June 30, 2019
How can user check for write permissions? (Without control permissions) Linked Data	3	536	April 25, 2021
Using acl files to define access rights Solid App Development FAQs	8	1077	June 18, 2020

File permisions

Related Topics