fix: Do not overwrite existing root ACL.

Fixes https://github.com/solid/community-server/issues/382

src/init/Setup.ts

@@ -1,10 +1,12 @@
 import type { AclManager } from '../authorization/AclManager';
 import { RepresentationMetadata } from '../ldp/representation/RepresentationMetadata';
+import type { ResourceIdentifier } from '../ldp/representation/ResourceIdentifier';
 import type { LoggerFactory } from '../logging/LoggerFactory';
 import { getLoggerFor, setGlobalLoggerFactory } from '../logging/LogUtil';
-import type { ExpressHttpServerFactory } from '../server/ExpressHttpServerFactory';
+import type { HttpServerFactory } from '../server/HttpServerFactory';
 import type { ResourceStore } from '../storage/ResourceStore';
 import { TEXT_TURTLE } from '../util/ContentTypes';
+import { NotFoundHttpError } from '../util/errors/NotFoundHttpError';
 import { guardedStreamFrom } from '../util/StreamUtil';
 import { CONTENT_TYPE } from '../util/UriConstants';
 
@@ -13,7 +15,7 @@ import { CONTENT_TYPE } from '../util/UriConstants';
  */
 export class Setup {
   protected readonly logger = getLoggerFor(this);
-  private readonly serverFactory: ExpressHttpServerFactory;
+  private readonly serverFactory: HttpServerFactory;
   private readonly store: ResourceStore;
   private readonly aclManager: AclManager;
   private readonly loggerFactory: LoggerFactory;
@@ -21,7 +23,7 @@ export class Setup {
   private readonly port: number;
 
   public constructor(
-    serverFactory: ExpressHttpServerFactory,
+    serverFactory: HttpServerFactory,
     store: ResourceStore,
     aclManager: AclManager,
     loggerFactory: LoggerFactory,
@@ -40,13 +42,35 @@ export class Setup {
    * Set up a server.
    */
   public async setup(): Promise<string> {
-    // Configure the logger factory so that others can statically call it.
     setGlobalLoggerFactory(this.loggerFactory);
 
-    // Set up acl so everything can still be done by default
+    const rootAcl = await this.aclManager.getAclDocument({ path: this.base });
-    // Note that this will need to be adapted to go through all the correct channels later on
+    if (!await this.hasRootAclDocument(rootAcl)) {
-    const aclSetup = async(): Promise<void> => {
+      await this.setRootAclDocument(rootAcl);
-      const acl = `@prefix   acl:  <http://www.w3.org/ns/auth/acl#>.
+    }
+
+    this.serverFactory.startServer(this.port);
+    return this.base;
+  }
+
+  protected async hasRootAclDocument(rootAcl: ResourceIdentifier): Promise<boolean> {
+    try {
+      const result = await this.store.getRepresentation(rootAcl, {});
+      this.logger.debug(`Existing root ACL document found at ${rootAcl.path}`);
+      result.data.destroy();
+      return true;
+    } catch (error: unknown) {
+      if (error instanceof NotFoundHttpError) {
+        return false;
+      }
+      throw error;
+    }
+  }
+
+  // Set up ACL so everything can still be done by default
+  // Note that this will need to be adapted to go through all the correct channels later on
+  protected async setRootAclDocument(rootAcl: ResourceIdentifier): Promise<void> {
+    const acl = `@prefix   acl:  <http://www.w3.org/ns/auth/acl#>.
 @prefix  foaf:  <http://xmlns.com/foaf/0.1/>.
 
 <#authorization>
@@ -59,22 +83,15 @@ export class Setup {
     acl:mode        acl:Control;
     acl:accessTo    <${this.base}>;
     acl:default     <${this.base}>.`;
-      const baseAclId = await this.aclManager.getAclDocument({ path: this.base });
+    const metadata = new RepresentationMetadata(rootAcl.path, { [CONTENT_TYPE]: TEXT_TURTLE });
-      const metadata = new RepresentationMetadata(baseAclId.path, { [CONTENT_TYPE]: TEXT_TURTLE });
+    this.logger.debug(`Installing root ACL document at ${rootAcl.path}`);
-      await this.store.setRepresentation(
+    await this.store.setRepresentation(
-        baseAclId,
+      rootAcl,
-        {
+      {
-          binary: true,
+        binary: true,
-          data: guardedStreamFrom([ acl ]),
+        data: guardedStreamFrom([ acl ]),
-          metadata,
+        metadata,
-        },
+      },
-      );
+    );
-    };
-    this.logger.debug('Setup default ACL settings');
-    await aclSetup();
-
-    this.serverFactory.startServer(this.port);
-
-    return this.base;
   }
 }

test/unit/init/Setup.test.ts

@@ -2,33 +2,61 @@ import type { AclManager } from '../../../src/authorization/AclManager';
 import { Setup } from '../../../src/init/Setup';
 import type { ResourceIdentifier } from '../../../src/ldp/representation/ResourceIdentifier';
 import { VoidLoggerFactory } from '../../../src/logging/VoidLoggerFactory';
+import type { HttpServerFactory } from '../../../src/server/HttpServerFactory';
+import type { ResourceStore } from '../../../src/storage/ResourceStore';
+import { NotFoundHttpError } from '../../../src/util/errors/NotFoundHttpError';
 
 describe('Setup', (): void => {
-  let serverFactory: any;
+  const serverFactory: jest.Mocked<HttpServerFactory> = {
-  let store: any;
+    startServer: jest.fn(),
-  let aclManager: AclManager;
+  };
+  const store: jest.Mocked<ResourceStore> = {
+    getRepresentation: jest.fn().mockRejectedValue(new NotFoundHttpError()),
+    setRepresentation: jest.fn(),
+  } as any;
+  const aclManager: jest.Mocked<AclManager> = {
+    getAclDocument: jest.fn(async(): Promise<ResourceIdentifier> => ({ path: 'http://test.com/.acl' })),
+  } as any;
+
   let setup: Setup;
   beforeEach(async(): Promise<void> => {
-    store = {
-      setRepresentation: jest.fn(async(): Promise<void> => undefined),
-    };
-    aclManager = {
-      getAclDocument: jest.fn(async(): Promise<ResourceIdentifier> => ({ path: 'http://test.com/.acl' })),
-    } as any;
-    serverFactory = {
-      startServer: jest.fn(),
-    };
     setup = new Setup(serverFactory, store, aclManager, new VoidLoggerFactory(), 'http://localhost:3000/', 3000);
   });
 
+  afterEach((): void => {
+    jest.clearAllMocks();
+  });
+
   it('starts an HTTP server.', async(): Promise<void> => {
     await setup.setup();
+
     expect(serverFactory.startServer).toHaveBeenCalledWith(3000);
   });
 
   it('invokes ACL initialization.', async(): Promise<void> => {
     await setup.setup();
+
     expect(aclManager.getAclDocument).toHaveBeenCalledWith({ path: 'http://localhost:3000/' });
+    expect(store.getRepresentation).toHaveBeenCalledTimes(1);
+    expect(store.getRepresentation).toHaveBeenCalledWith({ path: 'http://test.com/.acl' }, {});
     expect(store.setRepresentation).toHaveBeenCalledTimes(1);
   });
+
+  it('does not invoke ACL initialization when a root ACL already exists.', async(): Promise<void> => {
+    store.getRepresentation.mockReturnValueOnce(Promise.resolve({
+      data: { destroy: jest.fn() },
+    } as any));
+
+    await setup.setup();
+
+    expect(aclManager.getAclDocument).toHaveBeenCalledWith({ path: 'http://localhost:3000/' });
+    expect(store.getRepresentation).toHaveBeenCalledTimes(1);
+    expect(store.getRepresentation).toHaveBeenCalledWith({ path: 'http://test.com/.acl' }, {});
+    expect(store.setRepresentation).toHaveBeenCalledTimes(0);
+  });
+
+  it('errors when the root ACL check errors.', async(): Promise<void> => {
+    store.getRepresentation.mockRejectedValueOnce(new Error('Fatal'));
+    await expect(setup.setup()).rejects.toThrow('Fatal');
+  });
 });