solid-ui icon indicating copy to clipboard operation
solid-ui copied to clipboard

Published 20 hours ago verified publisher icon SolidOS

Malformed acl rule in acl doc when modifying permissions

Open bourgeoa opened this issue 5 years ago • 4 comments

on /public I modified permissions for everybody from Viewers to Editors (Read to ReadWrite) and the acl doc was changed to :

@prefix : <#>.
@prefix n0: <http://www.w3.org/ns/auth/acl#>.
@prefix pub: <./>.
@prefix c: </profile/card#>.
@prefix n1: <http://xmlns.com/foaf/0.1/>.

:ControlReadWrite
    a n0:Authorization;
    n0:accessTo pub:;
    n0:agent c:me;
    n0:default pub:;
    n0:mode n0:Control, n0:Read, n0:Write.
:Read a n0:Authorization; n0:accessTo pub:; n0:default pub:; n0:mode n0:Read.

:ReadWrite
    a n0:Authorization;
    n0:accessTo pub:;
    n0:agentClass n1:Agent;
    n0:default pub:;
    n0:mode n0:Read, n0:Write.

As can be seen subject Read has not disapeared and is a malformed acl rule because it does not include any agent

The consequence is not in operation with the actual NSS but it should fail on a validity checker.

bourgeoa avatar Jul 08 '20 09:07 bourgeoa

I'll have a look!

michielbdejong avatar Jul 08 '20 09:07 michielbdejong

+1 https://gitlab.com/solid.community/support/-/issues/23

scenaristeur avatar Aug 02 '20 17:08 scenaristeur

Is that a malformed rule? Mathematically it is fine, in the Authorization doesn't give any access to anything. I guess it is cleaner to clean up empty ones, but an Auth can certainly have no agents as it might have a group, a class, etc, or any combination.

timbl avatar Aug 06 '20 20:08 timbl

I used agents as a generic for agents, group, class ... anything that is authorized. I agree it is not blocking.

The real unsolved bug is when using mashlib you only have acl:Read, you cannot edit the auxiliary acl Resource and not even delete the Resource itself.

bourgeoa avatar Aug 07 '20 13:08 bourgeoa