From 766e6318bab2e1d756a7eb2d865f3f3680bfc869 Mon Sep 17 00:00:00 2001
From: Joachim Van Herwegen <joachimvh@gmail.com>
Date: Mon, 25 Jan 2021 11:31:48 +0100
Subject: [PATCH] feat: Add control permission to PermissionSet

This is in preparation of generalizing permissions
of auxiliary resources.
---
 src/ldp/permissions/MethodPermissionsExtractor.ts         | 3 ++-
 src/ldp/permissions/PermissionSet.ts                      | 3 ++-
 src/ldp/permissions/SparqlPatchPermissionsExtractor.ts    | 3 ++-
 test/integration/LdpHandlerWithAuth.test.ts               | 8 ++++----
 test/integration/ServerWithAuth.test.ts                   | 6 +++---
 test/unit/authorization/WebAclAuthorizer.test.ts          | 2 ++
 .../ldp/permissions/MethodPermissionsExtractor.test.ts    | 5 +++++
 .../permissions/SparqlPatchPermissionsExtractor.test.ts   | 4 ++++
 8 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/src/ldp/permissions/MethodPermissionsExtractor.ts b/src/ldp/permissions/MethodPermissionsExtractor.ts
index 7fad3d8c0..d4a0f5cce 100644
--- a/src/ldp/permissions/MethodPermissionsExtractor.ts
+++ b/src/ldp/permissions/MethodPermissionsExtractor.ts
@@ -23,6 +23,7 @@ export class MethodPermissionsExtractor extends PermissionsExtractor {
     const read = READ_METHODS.has(method);
     const write = WRITE_METHODS.has(method);
     const append = write || APPEND_METHODS.has(method);
-    return { read, write, append };
+    const control = false;
+    return { read, write, append, control };
   }
 }
diff --git a/src/ldp/permissions/PermissionSet.ts b/src/ldp/permissions/PermissionSet.ts
index b3da3fe6a..fcd8db0e2 100644
--- a/src/ldp/permissions/PermissionSet.ts
+++ b/src/ldp/permissions/PermissionSet.ts
@@ -1,8 +1,9 @@
 /**
- * A data interface indicating which permissions are allowed (based on the context).
+ * A data interface indicating which permissions are required (based on the context).
  */
 export interface PermissionSet {
   read: boolean;
   append: boolean;
   write: boolean;
+  control: boolean;
 }
diff --git a/src/ldp/permissions/SparqlPatchPermissionsExtractor.ts b/src/ldp/permissions/SparqlPatchPermissionsExtractor.ts
index 820f58413..695978d1b 100644
--- a/src/ldp/permissions/SparqlPatchPermissionsExtractor.ts
+++ b/src/ldp/permissions/SparqlPatchPermissionsExtractor.ts
@@ -35,7 +35,8 @@ export class SparqlPatchPermissionsExtractor extends PermissionsExtractor {
     const read = false;
     const write = this.needsWrite(update);
     const append = write || this.needsAppend(update);
-    return { read, write, append };
+    const control = false;
+    return { read, write, append, control };
   }
 
   private isSparql(data: Representation): data is SparqlUpdatePatch {
diff --git a/test/integration/LdpHandlerWithAuth.test.ts b/test/integration/LdpHandlerWithAuth.test.ts
index 7ece95aa9..563eb42c3 100644
--- a/test/integration/LdpHandlerWithAuth.test.ts
+++ b/test/integration/LdpHandlerWithAuth.test.ts
@@ -62,7 +62,7 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
   it('can add a file to the store, read it and delete it if allowed.', async():
   Promise<void> => {
     // Set acl
-    await aclHelper.setSimpleAcl({ read: true, write: true, append: true }, 'agent');
+    await aclHelper.setSimpleAcl({ read: true, write: true, append: true, control: false }, 'agent');
 
     // Create file
     let response = await resourceHelper.createResource(
@@ -85,7 +85,7 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
   it('can not add a file to the store if not allowed.', async():
   Promise<void> => {
     // Set acl
-    await aclHelper.setSimpleAcl({ read: true, write: true, append: true }, 'authenticated');
+    await aclHelper.setSimpleAcl({ read: true, write: true, append: true, control: false }, 'authenticated');
 
     // Try to create file
     const response = await resourceHelper.createResource(
@@ -97,7 +97,7 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
   it('can not add/delete, but only read files if allowed.', async():
   Promise<void> => {
     // Set acl
-    await aclHelper.setSimpleAcl({ read: true, write: false, append: false }, 'agent');
+    await aclHelper.setSimpleAcl({ read: true, write: false, append: false, control: false }, 'agent');
 
     // Try to create file
     let response = await resourceHelper.createResource(
@@ -118,7 +118,7 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
 
   it('can add files but not write to them if append is allowed.', async(): Promise<void> => {
     // Set acl
-    await aclHelper.setSimpleAcl({ read: true, write: false, append: true }, 'agent');
+    await aclHelper.setSimpleAcl({ read: true, write: false, append: true, control: false }, 'agent');
 
     // Add a file
     let response = await resourceHelper.createResource(
diff --git a/test/integration/ServerWithAuth.test.ts b/test/integration/ServerWithAuth.test.ts
index 145d995a9..8d656f3b0 100644
--- a/test/integration/ServerWithAuth.test.ts
+++ b/test/integration/ServerWithAuth.test.ts
@@ -36,7 +36,7 @@ describe('A server with authorization', (): void => {
   });
 
   it('can create new entries.', async(): Promise<void> => {
-    await aclHelper.setSimpleAcl({ read: true, write: true, append: true }, 'agent');
+    await aclHelper.setSimpleAcl({ read: true, write: true, append: true, control: false }, 'agent');
 
     // POST
     let requestUrl = new URL('http://test.com/');
@@ -62,7 +62,7 @@ describe('A server with authorization', (): void => {
   });
 
   it('cannot create new entries if not allowed.', async(): Promise<void> => {
-    await aclHelper.setSimpleAcl({ read: true, write: true, append: true }, 'authenticated');
+    await aclHelper.setSimpleAcl({ read: true, write: true, append: true, control: false }, 'authenticated');
 
     // POST
     let requestUrl = new URL('http://test.com/');
@@ -89,7 +89,7 @@ describe('A server with authorization', (): void => {
 
   // https://github.com/solid/community-server/issues/498
   it('accepts a GET with Content-Length: 0.', async(): Promise<void> => {
-    await aclHelper.setSimpleAcl({ read: true, write: true, append: true }, 'agent');
+    await aclHelper.setSimpleAcl({ read: true, write: true, append: true, control: false }, 'agent');
 
     // PUT
     let requestUrl = new URL('http://test.com/foo/bar');
diff --git a/test/unit/authorization/WebAclAuthorizer.test.ts b/test/unit/authorization/WebAclAuthorizer.test.ts
index f49fd805c..912c4be25 100644
--- a/test/unit/authorization/WebAclAuthorizer.test.ts
+++ b/test/unit/authorization/WebAclAuthorizer.test.ts
@@ -36,6 +36,7 @@ describe('A WebAclAuthorizer', (): void => {
       read: true,
       append: false,
       write: true,
+      control: false,
     };
     credentials = {};
     identifier = { path: 'http://test.com/foo' };
@@ -169,6 +170,7 @@ describe('A WebAclAuthorizer', (): void => {
       read: false,
       write: false,
       append: true,
+      control: false,
     };
     store.getRepresentation = async(): Promise<Representation> => ({ data: streamifyArray([
       quad(nn('auth'), nn(`${acl}agent`), nn(credentials.webId!)),
diff --git a/test/unit/ldp/permissions/MethodPermissionsExtractor.test.ts b/test/unit/ldp/permissions/MethodPermissionsExtractor.test.ts
index 0aa455218..f339f9ab6 100644
--- a/test/unit/ldp/permissions/MethodPermissionsExtractor.test.ts
+++ b/test/unit/ldp/permissions/MethodPermissionsExtractor.test.ts
@@ -19,6 +19,7 @@ describe('A MethodPermissionsExtractor', (): void => {
       read: true,
       append: false,
       write: false,
+      control: false,
     });
   });
 
@@ -27,6 +28,7 @@ describe('A MethodPermissionsExtractor', (): void => {
       read: true,
       append: false,
       write: false,
+      control: false,
     });
   });
 
@@ -35,6 +37,7 @@ describe('A MethodPermissionsExtractor', (): void => {
       read: false,
       append: true,
       write: false,
+      control: false,
     });
   });
 
@@ -43,6 +46,7 @@ describe('A MethodPermissionsExtractor', (): void => {
       read: false,
       append: true,
       write: true,
+      control: false,
     });
   });
 
@@ -51,6 +55,7 @@ describe('A MethodPermissionsExtractor', (): void => {
       read: false,
       append: true,
       write: true,
+      control: false,
     });
   });
 });
diff --git a/test/unit/ldp/permissions/SparqlPatchPermissionsExtractor.test.ts b/test/unit/ldp/permissions/SparqlPatchPermissionsExtractor.test.ts
index 0d983fac9..2605b0e13 100644
--- a/test/unit/ldp/permissions/SparqlPatchPermissionsExtractor.test.ts
+++ b/test/unit/ldp/permissions/SparqlPatchPermissionsExtractor.test.ts
@@ -43,6 +43,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
       read: false,
       append: true,
       write: false,
+      control: false,
     });
   });
 
@@ -57,6 +58,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
       read: false,
       append: true,
       write: true,
+      control: false,
     });
   });
 
@@ -71,6 +73,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
       read: false,
       append: true,
       write: false,
+      control: false,
     });
   });
 
@@ -88,6 +91,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
       read: false,
       append: true,
       write: true,
+      control: false,
     });
   });
 });