JS Library for working with acl files


#1

Is there already a library for working with .acl files (parsing, changing and creating permissions)?

I’ve already seen it being mentioned several times in the forum, but it doesn’t seem to exist yet. Solid-react-sdk has it listed on the roadmap, but I didn’t see any progress there in the last months.

And if not, is there some guide, tutorial or spec for it? I am considering to add it to solid-filemanager when I find the time for it. So if it is not too big a project, I’d create an acl library if it doesn’t exist yet. Any help for that would be appreciated.


#2

As I can remember, POD Explorer https://nmalcev.github.io/pod-explorer/ can manage .acl.
I’ve not tried to change acl, but you can take a look at
https://github.com/nmalcev/pod-explorer/blob/master/static/scripts/models/acl_manager.js

ps : I’ve got some pb to connect to Pod Explorer app today (perharps https://nmalcev.github.io/pod-explorer/pages/popup.html needs an update)


#3

If you are looking for a Javascript library, I believe both rdflib.js and N3.js can be used to read/write .acls


#4

Thanks @Smag0

I’ve been looking for something like this, but maybe a bit more generic and as its own package. I’ll need to take a closer look at it though. The error with the Pod Explorer is possibly solved by logout-login. For me it worked.


#5

Thanks for the suggestions @james.martin, but I’ve searched for a more abstract view on acl files. For instance something like this:

const { Acl, Permission, Actor } = require('acl-package')
const acl = new Acl(turtleString)
const permissions =  new Permission(READ, WRITE)
const actor = new Actor(webId)
acl.addAccess(actor, permissions)
const turtle = acl.toTurtle()
// And now make api call to put the .acl file

#6

I’ve started working on it now and I’d like your advice on a few questions:

If I have an .acl like this:

# ACL resource for the private folder
@prefix acl: <http://www.w3.org/ns/auth/acl#>.

# The owner has all permissions
<#owner>
    a acl:Authorization;
    acl:agent <https://otman.solid.community/profile/card#me>;
    acl:accessTo <./>;
    acl:defaultForNew <./>;
    acl:mode acl:Read, acl:Write, acl:Control.
  • What information is the subject (<#owner>) carrying? Is it just for grouping the permissions and agents together? Or does it actually has an impact on how the access is granted? Would it (theoretically) have any impact if I split up one subject group into multiple with the same subject?
  • What would happen if we use the same subject (e.g. <#owner>) two times?
  • When modifying, how should I handle predicates inside <#owner> which aren’t related to WAC? Are these even allowed? I think if I just delete them, I could break things, and if I modify the rule without deleting them, I could break things too.
  • Each rule has a a acl:Authorization; statement inside. I guess I shouldn’t process statements without this type declaration, but what kind of content except for acl:Authorization declarations could I expect in an acl file?
  • Regarding accessTo: In general an acl file only relates to one ressource/container, right? But in case one wants to use the same acl file for multiple files this predicate would be used for that?

I’d be glad if you can help me with any of these questions. If you want to take a look at the current status of the project, it is on github here: https://github.com/Otto-AA/acl-utils/
But it is still in active development, so there is no documentation yet and the features are not finished (it ignores accessTo and default... predicates for now and grouping and minifying by subjects has to be added).