@@ -9,6 +9,7 @@ const $rdf = require('rdflib')
99
1010const ACL = $rdf . Namespace ( 'http://www.w3.org/ns/auth/acl#' )
1111const FOAF = $rdf . Namespace ( 'http://xmlns.com/foaf/0.1/' )
12+ const ALICE = $rdf . Namespace ( 'https://alice.example.com/' )
1213
1314const prefixes = `@prefix acl: <http://www.w3.org/ns/auth/acl#> .
1415@prefix foaf: <http://xmlns.com/foaf/0.1/>.
@@ -327,3 +328,35 @@ test('acl-check checkAccess() test - default/inherited', function (t) {
327328
328329 t . end ( )
329330} )
331+
332+ test ( 'aclCheck checkAccess() test - with use of originTrustedModes' , t => {
333+ const resource = ALICE ( 'docs/file1' )
334+ const aclDoc = ALICE ( 'docs/.acl' )
335+ const aclUrl = aclDoc . uri
336+
337+ const origin = $rdf . sym ( 'https://apps.example.com' )
338+ const aclStore = $rdf . graph ( )
339+ // grants read, write and control access to Alice
340+ const ACLtext = `${ prefixes }
341+ <#auth> a acl:Authorization;
342+ acl:mode acl:Read, acl:Write, acl:Control;
343+ acl:agent alice:me;
344+ acl:accessTo ${ resource }
345+ `
346+ $rdf . parse ( ACLtext , aclStore , aclUrl , 'text/turtle' )
347+
348+ const agent = alice
349+ const directory = null
350+ const trustedOrigins = [ ]
351+ const originTrustedModes = [ ACL ( 'Read' ) , ACL ( 'Write' ) ]
352+
353+ const readWriteModeRequired = [ ACL ( 'Read' ) , ACL ( 'Write' ) ]
354+ const readWriteModeResult = aclLogic . checkAccess ( aclStore , resource , directory , aclDoc , agent , readWriteModeRequired , origin , trustedOrigins , originTrustedModes )
355+ t . ok ( readWriteModeResult , 'Should get access to modes when origin is listed as trusted app' )
356+
357+ const controlModeRequired = [ ACL ( 'Control' ) ]
358+ const controlModeResult = aclLogic . checkAccess ( aclStore , resource , directory , aclDoc , agent , controlModeRequired , origin , trustedOrigins , originTrustedModes )
359+ t . ok ( ! controlModeResult , 'All Required Access Modes Not Granted' , 'Correct reason' )
360+
361+ t . end ( )
362+ } )
0 commit comments