diff --git a/src/init/AclInitializer.ts b/src/init/AclInitializer.ts index fe8632f5f..4415d8f70 100644 --- a/src/init/AclInitializer.ts +++ b/src/init/AclInitializer.ts @@ -1,3 +1,4 @@ +import { promises as fsPromises } from 'fs'; import type { AclManager } from '../authorization/AclManager'; import { BasicRepresentation } from '../ldp/representation/BasicRepresentation'; import type { ResourceIdentifier } from '../ldp/representation/ResourceIdentifier'; @@ -5,7 +6,7 @@ import { getLoggerFor } from '../logging/LogUtil'; import type { ResourceStore } from '../storage/ResourceStore'; import { containsResource } from '../storage/StoreUtil'; import { TEXT_TURTLE } from '../util/ContentTypes'; -import { ensureTrailingSlash } from '../util/PathUtil'; +import { ensureTrailingSlash, joinFilePath } from '../util/PathUtil'; import { Initializer } from './Initializer'; /** @@ -15,7 +16,7 @@ export class AclInitializer extends Initializer { protected readonly logger = getLoggerFor(this); private readonly store: ResourceStore; private readonly aclManager: AclManager; - private readonly baseUrl: string; + private readonly root: ResourceIdentifier; public constructor( baseUrl: string, @@ -23,13 +24,13 @@ export class AclInitializer extends Initializer { aclManager: AclManager, ) { super(); - this.baseUrl = ensureTrailingSlash(baseUrl); this.store = store; this.aclManager = aclManager; + this.root = { path: ensureTrailingSlash(baseUrl) }; } public async handle(): Promise { - const rootAcl = await this.aclManager.getAclDocument({ path: this.baseUrl }); + const rootAcl = await this.aclManager.getAclDocument(this.root); if (!await containsResource(this.store, rootAcl)) { await this.setRootAclDocument(rootAcl); } else { @@ -37,26 +38,11 @@ export class AclInitializer extends Initializer { } } - // Set up ACL so everything can still be done by default - // Note that this will need to be adapted to go through all the correct channels later on - // // Solid, ยง4.1: "The root container (pim:Storage) MUST have an ACL auxiliary resource directly associated to it. // The associated ACL document MUST include an authorization policy with acl:Control access privilege." // https://solid.github.io/specification/protocol#storage protected async setRootAclDocument(rootAcl: ResourceIdentifier): Promise { - const acl = `@prefix acl: . -@prefix foaf: . - -<#authorization> - a acl:Authorization; - acl:agentClass foaf:Agent; - acl:mode acl:Read; - acl:mode acl:Write; - acl:mode acl:Append; - acl:mode acl:Delete; - acl:mode acl:Control; - acl:accessTo <${this.baseUrl}>; - acl:default <${this.baseUrl}>.`; + const acl = await fsPromises.readFile(joinFilePath(__dirname, '../../templates/root/.acl'), 'utf8'); this.logger.debug(`Installing root ACL document at ${rootAcl.path}`); await this.store.setRepresentation(rootAcl, new BasicRepresentation(acl, rootAcl, TEXT_TURTLE)); } diff --git a/templates/root/.acl b/templates/root/.acl new file mode 100644 index 000000000..107adcc82 --- /dev/null +++ b/templates/root/.acl @@ -0,0 +1,13 @@ +@prefix acl: . +@prefix foaf: . + +<#authorization> + a acl:Authorization; + acl:agentClass foaf:Agent; + acl:mode acl:Read; + acl:mode acl:Write; + acl:mode acl:Append; + acl:mode acl:Delete; + acl:mode acl:Control; + acl:accessTo <./>; + acl:default <./>.