What is required to make changes to an acl file


#1

Hi

I want my solid app to create a folder and then change the acl file allow other solid users access. I create the folder and then access the Link header which gives me the name “.acl”. But when I try to create this file I get the following error:

No permission to access this resource

What do I need to do to allow my app to make changes to this acl file?

Thanks
Des


How to give other users access to parts of a user's POD
#2

The user and the app need acl:Control permission


#3

Ah ok. So that’s in the list of options when the user first logs in? The problem is I can’t find any way back to that screen once a user has connected and accepted the default options


#4

I have the same problem. I am working on an app to grant fine-grained permissions to other apps (https://sam.divoplade.fr/v). The source code is developed at https://sam.divoplade.fr/src.

If you want to implement the same thing, let me know so that we can harmonize our vocabularies.

There are two ways to get permission.

  • have global acl:Control ;
  • have a container in which the same acl:Authorization lists you as an acl:agent and the app as an acl:origin (beware, the solid ui will put these two in separate acl:Authorizations), and do all the controlling stuff in this container. You need to discard all other global permissions for this to work (your trustedApp object should just have an origin, no acl:Access).

Generally people will be very wary of giving up global acl:Control because then your app can lock the owner out!


#5

To display the Preferences view:

  1. Either click the Solid logo or select Preferences from the dropdown menu in the top-right of the Data Browser.
  2. Click the Preferences tab.


#6

I see. I hadn’t really considered all the security implications of my approach. Decided its better to change my design so that users only change documents in their own pods and other users can then coordinate by monitoring the relevant docs.
Tx


#7

If you have Write permission, you can also edit the profile so as to remove your app from the trusted apps and log your user out. Next time your user logs in with your app, the prompt to trust the app will come back.