We are not sure how we could share files between users


#1

Hello!
My team and I are developing a route viweing/sharing/storing app using solid. We are requested to offer the possibility of sharing routes stored in your POD with your friends.
We are not sure what approach we should follow:
- We where thinking of directly upload the .json route file to the friend’s POD (in some kind of “shared
routes” folder, but we had troubles with permissions.
- Our second approach is to send an url to your friend, so that he identifies himself and gets the route to
their own POD. Our problem is that, assuming we shouldn’t need any external media, we should send
that url as a kind of message via Solid, and we are not sure if we can do that.

Thank you all!


#2

Hi
First question: why do you want to copy the data to the friend’s pod ?
The data can live on the first pod and a link to it can be send to friend’s pod Inbox. ( Everyone of two must grant the other to ‘poster’ on his inbox folder)
To avoid sharing issue when developing I grant everyone to editor. So I can develop, and adjust then the rights.
One issue I’ve encountered in this case, is that All Solid libs doesn’t need same access : one push all the data at one time and other create a file then patch it, so the rights may not be the same because the first only need write and the second need patch/append what Solid lib do you use ? query-ldflex? Tripledoc? solid-file-client? rdflid?..


#3

Yep, our second approach, after thinking a little, was to send an url to your friend’s inbox. We are using solid-file-client, we haven’t tried to write to the inbox from the app yet, but while using the web GUI, we are not able to pot anything into other user’s inbox. Maybe we seem lost, that’s because we are facing this whitout having any idea, so I appreciate your patience. Thanks!


#4

No patience here, just sharing experiments :wink::blush:.
I’ve test inbox notification on the first shot of Solidarity Chat https://scenaristeur.github.io/solidarity/archive/ (just swipe to the right to see your inbox messages) there is a ChatTest channel where you can do some tests. The arrow button allows you to reply & send notification if there recipient has well configured his inbox


Here is how each inbox folder must be configured Solidarity - first shot for a 🐈

Here is how Solidarity post a notification to the inbox friend https://github.com/scenaristeur/solidarity/blob/eaf8ff8e10829e40de336b3ce8a32dccb8e9c20a/src/hola/input-simple-element.js#L170

Feel free to ask if this is not clear :blush:

@jeffz solid-file-client is one lib that say "be sure your app is authorized " but there is no problem with the app it’s a problem with the webid’s rights. I’ve discovered that recently but not have the time to post an issue yet . It’s a little bit confusing as it (I think) create first the file then patch it. That was the propos of my previous post. So first try to enlarge authorization when you dev , to not be blocked.
If it’s 401, that means that only the authorized user can post. If it’s 403, that means that the app is not a trustedApp , but I encountered some other when dev my last app with create file function : my app is correctly authorized, when ‘everyone’ is granted to Poster level I have a’ 403 verify your app auth’ and when I upgrade the ‘Everyone’ to Editor level the file is written.


#6

Here is the problem. It does not have to do with patch at all. It has to do with the difference between PUT and POST. If you use PUT to write to a file that already exists, it will overwrite the file in a single operation and the file will have the same name you gave it. If you use POST to write to a file that already exists, it will NOT overwrite the file, it will create another file with a random number prepended onto the filename. For the purpose of copying files, users almost always want PUT because it does what they expect - gives them a file of the same name. For this reason PUT is the default write method in Solid-File-Client. But Solid-File-Client also supports POST with the postFile() method. You are running into a situation where you must use that rather than the default PUT-based write methods, otherwise you may get a 401 unauthorized user error.

Here is why : in NSS (but not mandated by the spec, I believe) the submitter and poster access levels (acl:Append) can not use PUT to write, only POST. The editor and owner levels (acl:Write) can use either. So if you are writing somewhere you only have submitter or poster permissions, you need to use postFile() rather than createFile().

@michielbdejong, @jaxoncreed, am I correct on the NSS part?


#7

Hi there @jeffz, I’ve just tried to use the postFile() method instead of createFile(), and now I do not get the 401 error, but the 403 error instead ( net::ERR_ABORTED 403 (All Required Access Modes Not Granted ). @uo264074 has given all permissions (READ, WRITE, APPEND and CONTROL) to my POD (https://www.adrianperezmanso.solid.community). I don’t know if we are actually doing something wrong, probably we are, because as you commented in the gitter chat, 403 error is given when POD has not these permissions. Thank you for collaborating.


#8

I will add that my teammate @AdrianPerezManso also has Editor level in my inbox.


#9

@uo264074 have you also given @AdrianPerezManso 's app trustedApp status in your profile? That is what causes 403 errors, not anything about access permissions on the resource itself. If you don’t know how to set trustedApp, just ask.


#10

We have not released this functionality yet, so @AdrianPerezManso is running the app locally (https://localhost:3000). And yes, I have given all permission to that URL, is that is what you mean with “trusted app”, because I’m not sure.


#11

Use the databrowser to go to your pod. Click on the person icon on the upper right. Select “preferences”. In the screen that comes up, again select “preferences”. Now move to the chart that says “manage your trusted apps”. Then put his app protocol, domain, and port without a trailing slash.


#12

I think that is what i have:


#13

That looks good. Is @AdrianPerezManso logged in when they try to access it?


#14

I’m the one running the app locally at http://localhost:3000, logged in, and I do the postFile() to write into @uo264074 inbox, but it throws that error


#15

Is there more information in the developer tools console of your browser? More detail error messages of content of logs? Please post that.


#16

This is what I get


#17

Can you confirm that this script fails on a file you should have access to?

<!doctype html>
<html>
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width" />
    <title>Solid File Client crud-browser tests</title>
    <script src="https://cdn.jsdelivr.net/npm/solid-auth-client@2.3.0/dist-lib/\
solid-auth-client.bundle.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/solid-file-client@1.0.2/dist/wind\
ow/solid-file-client.bundle.js"></script>
  </head>
  <body>
    <script>

        // CHANGE THIS FILENAME TO SOMETHING YOU SHOULD HAVE ACCESS TO
        const file='https://jeffz.solid.community/public/test-folder/foo.ttl'

        try{
          let fc = new SolidFileClient(solid.auth,{enableLogging:true})
     	  fc.postFile( file, 'some content','text/turtle')
        }	
        catch {(e)=>{alert(e)}}
      </script>
    </body>
</html>


#18

We are actually doing the application using React, so we are not sure if we can use this in the application. Sorry for the lack of information, but we are practically new to React and Solid.


#19

It doesn’t matter what framework you are using , you need to be able to find out if an app on your computer can write to someone else’s pod with appropriate permissions. In order to test that , reduce it to the simplest possible test of a write and if it fails where it succeeds for others (that script succeeds for me) then you know that the problem is in the server or permissions, not your app. If that script succeeds with the same file that fails in your app, then you know the problem is in your app. [Edit I had one two many )s in the script, I edited it out]


#20

We have tried this script with file = “https://victor.inrupt.net/public/test.html”, and this is what we get:


#21

victor or victorgon ?