Merge pull request #21 from michielbdejong/trusted-apps-with-default-owners

kjetilk · web-flow · commit f9b8efa222f0 · 2019-03-15T12:04:15.000+01:00
also get trusted apps from default owners of resource container
diff --git a/src/acl-check.js b/src/acl-check.js
@@ -44,9 +44,19 @@ function accessDenied (kb, doc, directory, aclDoc, agent, modesRequired, origin,
   return ok
 }
 
-async function getTrustedModesForOrigin (kb, aclDoc, doc, origin, fetch) {
-  const docAuths = kb.each(null, ACL('accessTo'), doc, aclDoc)
-  const ownerAuths = docAuths.filter(auth => kb.holds(auth, ACL('mode'), ACL('Control'), aclDoc))
+async function getTrustedModesForOrigin (kb, doc, directory, aclDoc, origin, fetch) {
+  // FIXME: this is duplicate code from the modesAllowed function, will refactor,
+  // see https://github.com/solid/acl-check/issues/22
+  var auths
+  if (!directory) { // Normal case, ACL for a file
+    auths = kb.each(null, ACL('accessTo'), doc, aclDoc)
+    log(`   ${auths.length} direct authentications about ${doc}`)
+  } else {
+    auths = kb.each(null, ACL('default'), directory, null)
+    auths = auths.concat(kb.each(null, ACL('defaultForNew'), directory, null)) // Deprecated but keep for ages
+    log(`   ${auths.length}  default authentications about ${directory} in ${aclDoc}`)
+  }
+  const ownerAuths = auths.filter(auth => kb.holds(auth, ACL('mode'), ACL('Control'), aclDoc))
   const owners = ownerAuths.reduce((acc, auth) => acc.concat(kb.each(auth, ACL('agent'))), []) //  owners
   let result
   try {
diff --git a/test/unit/get-trusted-modes-for-origin-test.js b/test/unit/get-trusted-modes-for-origin-test.js
@@ -15,7 +15,7 @@ const prefixes = `
 @prefix alice: ${ALICE('#')} .
 `
 
-test('aclCheck getTrustedModesForOrigin() getting trusted modes from publisherStore', t => {
+test('aclCheck getTrustedModesForOrigin() getting trusted modes from publisherStore (acl:accessTo on resource)', t => {
   const origin = $rdf.sym('https://apps.example.com')
   const doc = ALICE('some/doc.txt')
   const aclDoc = ALICE('some/doc.txt.acl')
@@ -36,7 +36,35 @@ test('aclCheck getTrustedModesForOrigin() getting trusted modes from publisherSt
   `
   $rdf.parse(publisherText, publisherStore, publisher.uri, 'text/turtle')
 
-  aclLogic.getTrustedModesForOrigin(publisherStore, aclDoc, doc, origin, Promise.resolve.bind(Promise)).then(result => {
+  aclLogic.getTrustedModesForOrigin(publisherStore, doc, null, aclDoc, origin, Promise.resolve.bind(Promise)).then(result => {
+    t.deepEqual(result, [ACL('Read'), ACL('Write')], 'Should get a list of modes')
+    t.end()
+  })
+})
+
+test('aclCheck getTrustedModesForOrigin() getting trusted modes from publisherStore (acl:accessTo on container)', t => {
+  const origin = $rdf.sym('https://apps.example.com')
+  const container = ALICE('some/')
+  const doc = ALICE('some/doc.txt')
+  const aclDoc = ALICE('some/doc.txt.acl')
+  const publisher = alice
+  const requester = bob
+  const publisherStore = $rdf.graph()
+  const aclFileText = `${prefixes}
+<#owner>
+    a acl:Authorization;
+    acl:agent ${publisher};
+    acl:default ${container};
+    acl:mode acl:Control.
+  `
+  $rdf.parse(aclFileText, publisherStore, aclDoc.uri, 'text/turtle')
+  const publisherText = `${prefixes}
+  ${publisher} acl:trustedApp [  acl:origin ${origin};
+                             acl:mode acl:Read, acl:Write].
+  `
+  $rdf.parse(publisherText, publisherStore, publisher.uri, 'text/turtle')
+
+  aclLogic.getTrustedModesForOrigin(publisherStore, doc, container, aclDoc, origin, Promise.resolve.bind(Promise)).then(result => {
     t.deepEqual(result, [ACL('Read'), ACL('Write')], 'Should get a list of modes')
     t.end()
   })
