hasFallbackAcl returns false

Hi everyone,

I am trying to give another user access to one of my containers. For that, I am using your sample code. But I am having the error The current user does not have permission to see who currently has access to this Resource at if (!hasFallbackAcl(myDatasetWithAcl)).

The same code seems to be working for other people – I see this from other forum questions.

Also, getAgentAccessAll returns null.

What am I doing wrong?

This is the acl file for the folder: https://karr.solidcommunity.net/testfolder/.acl
And this is the content of this acl file:

@prefix : <#>.
@prefix tes: <./>.
@prefix c: </profile/card#>.
@prefix acl: <http://www.w3.org/ns/auth/acl#>.

:owner
    a acl:Authorization;
    acl:accessTo tes:;
    acl:agent c:me, <mailto:myemail@gmail.com>;
    acl:default tes:;
    acl:mode acl:Control, acl:Read, acl:Write.
const artistDatasetUrl = "https://karr.solidcommunity.net/testfolder/";

const myDatasetWithAcl = await getSolidDatasetWithAcl(artistDatasetUrl, { fetch: session.fetch });

const accessByAgent = getAgentAccessAll(myDatasetWithAcl, {fetch: session.fetch });

let resourceAcl;
if (!hasResourceAcl(myDatasetWithAcl)) {
	if (!hasAccessibleAcl(myDatasetWithAcl)) {
		throw new Error(
			"The current user does not have permission to change access rights to this Resource."
		);
	}
	if (!hasFallbackAcl(myDatasetWithAcl)) {
		throw new Error(
			"The current user does not have permission to see who currently has access to this Resource."
		);
	}
	resourceAcl = createAclFromFallbackAcl(myDatasetWithAcl);
} else {
	resourceAcl = getResourceAcl(myDatasetWithAcl);
}

Thank you in advance.

Hi @karr,

It’s not your issue, but since getAgentAccessAll just reads access directly from myDatasetWithAcl (i.e. it doesn’t need to make additional HTTP requests), it does not take a second argument (i.e. the {fetch: session.fetch} does not do anything there).

So basically the error message says it all: the user you are logged in with does not have permission to see that data. There can be two reasons for that.

The first is that the user themselves does not have permission in general. Assuming you are logged in as https://karr.solidcommunity.net/profile/card#me, that is not the case here - your ACL file gives them permission.

The second, and most likely, reason, is that the user does not have permission to view who has access using this app. Now it used to be the case on solidcommunity.net that you would be asked to allow the app to do that when you first signed in, but it appears that is no longer true. This is the screen you would have gotten:

(Credits to @acailly whose screenshot I nicked :slight_smile: )

The “Give other people and apps access” checkbox was unchecked by default, so presumably, that will mean that your app has been granted Read and Write access, but not Control access, by default.

Instructions for giving your app Control access after the fact can be found here. Let us know if that helps.

Hi Vincent,

Many thanks for your quick response!

The issue was with the control type of access of my Solid application. Once I have granted the app with control access, I am able to access the access control list of the folder.

Now, I have another issue. I have added the below code to grant another person access to the same folder. But the code doesn’t seem to do anything or at least what I expect.

setAgentResourceAccess(resourceAcl, "https://karr.inrupt.net/profile/card#me", {
	read: true, write: false, append: false, control: false
})

Briefly, what I want is to grant user B access to a resource of user A.

User A: karr.solidcommunity.net/profile/card#me
Resource: karr.solidcommunity.net/testfolder
User B: karr.inrupt.net/profile/card#me

If you could help me with this, I would really appreciate it.

Finally, I have solved it myself. What was missing is saving the updated ACL:

const updatedAcl = setAgentResourceAccess(resourceAcl, "https://karr.inrupt.net/profile/card#me", { read: false, write: false, append: false, control: false });

saveAclFor(myDatasetWithAcl, updatedAcl, { fetch: session.fetch });
2 Likes

Sorry, just saw this now. Thanks for reporting back with the solution, that will surely be helpful to someone in the future!