What is the state of the art way of adjusting resource ACL nowadays? Are we still supposed to do low level operations with solid-auth-client, or is there some library that can do the following:
Create new ACL for file.ttl, applying all permissions from parent ACL
Add public append permission to file.ttl keeping everything else as is.
You could use the libraries I’ve written for that, but keep in mind that they are not maintained (at least by me). Also the documentation isn’t that good and doesn’t reflect everything it can do iirc.
With solid-acl-parser you can read turtle strings into an object, modify it there with a simple API, and parse it back to turtle. Here’s a simple example (more documentation is here):
// Parse the turtle to an AclDoc object which we can modify
const parser = new AclParser({ aclUrl, fileUrl })
const doc = await parser.turtleToAclDoc(turtleString)
// Give the webId WRITE and CONTROL permissions
doc.addRule([WRITE, CONTROL], webId)
// or in your case: doc.addRule(APPEND, Agents.PUBLIC)
// Parse it back to turtle so we can store it in the pod
const newTurtle = await parser.aclDocToTurtle(doc)
And if you also don’t want to manually fetch and save the acl file, I’ve written a wrapper solid-acl-utils which does that for you:
const aclApi = new AclApi(fetch, { autoSave: false }) // create one per acl file you want to modify
const acl = aclApi.loadFromFileUrl('https://pod.example.org/file.ttl')
acl.addRule([READ, WRITE], webId)
acl.addRule(READ, Agents.PUBLIC)
await acl.saveToPod()
These should make it rather simple to modify acl files, but as said above: I’m not going to maintain it, some things may be broken (though I’ve written tests for everything which came into my mind).
Sure, if somebody wants to keep it up to date and fix things when issues arise, I think it would be good to transfer it. I just don’t have the time to maintain this project, but I’d be happy if someone else forks it and takes care about it. I could also remove the solid-acl-parser on npm in favor of newer versions.
If this is done, it would probably also make sense to look if the databrowser could use it too. Currently it uses its own implementation iirc. Merging them to one would probably make sense
I also want to note, that my implementation is just one way of doing this. It parses the whole acl file into an object, modifies it, and parses it back. Another way would be to use a library to directly manipulate the turtle (e.g. with SPARQL statements)
Hey @A_A I had some time to try your lib and it is exactly what I was looking for. Thank you very much.
I am encountering just a small problem, perhaps you have an idea:
Couldn’t retrieve the acl location from the link header
This occurs, if I try to add an ACL to a container and there is now ACL except the root acl. If at least one of the parent containers has an ACL everything works fine. But the root ACL cannot be discovered somehow. Might as well be a bug in NSS, not sure.
With curl I can get a link to the ACL file from a Pod root:
Apparently node-solid-server only sets the link header for GET but not for OPTIONS requests on the root. Here’s a simple script to reproduce it from the browser console when logged in to your pod:
So I believe that it’s an issue of node-solid-server not adding rel="acl" to the link header.
EDIT: For HEAD it works fine. I’m not that familiar with the difference between HEAD and OPTIONS, so probably that should be used instead. If you know more about it just let me know and I’ll change it
To discover the auxiliary resources directly associated with a given Solid resource, a Solid client MUST issue a HEAD or GET request to the target resource URL and inspect the Link headers in the response.
Basically you can use everything defined in this map and all methods defined in this class. So if you don’t find a functionality in the documentation you can take a look there (and open a PR to add it to the documentation :))
Hi @A_A, those libraries are great, as is your pod explorer.
is there any change you can add support for the origin predicate? this would allow trusted apps.
@A_A the issue is that if I create an ACL for a file inheriting (defaulting to) an origin predicate, the subject still points to the default location).
You can see that the origin predicate still points to the parent.
I tried to bodge it by changing the structure just before saving it, but it does not have a setter, so I was wondering if you were inclined to add origin support.