feat: Use root ACL with relative URLs.

src/init/AclInitializer.ts

@@ -1,3 +1,4 @@
+import { promises as fsPromises } from 'fs';
 import type { AclManager } from '../authorization/AclManager';
 import { BasicRepresentation } from '../ldp/representation/BasicRepresentation';
 import type { ResourceIdentifier } from '../ldp/representation/ResourceIdentifier';
@@ -5,7 +6,7 @@ import { getLoggerFor } from '../logging/LogUtil';
 import type { ResourceStore } from '../storage/ResourceStore';
 import { containsResource } from '../storage/StoreUtil';
 import { TEXT_TURTLE } from '../util/ContentTypes';
-import { ensureTrailingSlash } from '../util/PathUtil';
+import { ensureTrailingSlash, joinFilePath } from '../util/PathUtil';
 import { Initializer } from './Initializer';
 
 /**
@@ -15,7 +16,7 @@ export class AclInitializer extends Initializer {
   protected readonly logger = getLoggerFor(this);
   private readonly store: ResourceStore;
   private readonly aclManager: AclManager;
-  private readonly baseUrl: string;
+  private readonly root: ResourceIdentifier;
 
   public constructor(
     baseUrl: string,
@@ -23,13 +24,13 @@ export class AclInitializer extends Initializer {
     aclManager: AclManager,
   ) {
     super();
-    this.baseUrl = ensureTrailingSlash(baseUrl);
     this.store = store;
     this.aclManager = aclManager;
+    this.root = { path: ensureTrailingSlash(baseUrl) };
   }
 
   public async handle(): Promise<void> {
-    const rootAcl = await this.aclManager.getAclDocument({ path: this.baseUrl });
+    const rootAcl = await this.aclManager.getAclDocument(this.root);
     if (!await containsResource(this.store, rootAcl)) {
       await this.setRootAclDocument(rootAcl);
     } else {
@@ -37,26 +38,11 @@ export class AclInitializer extends Initializer {
     }
   }
 
-  // Set up ACL so everything can still be done by default
-  // Note that this will need to be adapted to go through all the correct channels later on
-  //
   // Solid, §4.1: "The root container (pim:Storage) MUST have an ACL auxiliary resource directly associated to it.
   // The associated ACL document MUST include an authorization policy with acl:Control access privilege."
   // https://solid.github.io/specification/protocol#storage
   protected async setRootAclDocument(rootAcl: ResourceIdentifier): Promise<void> {
-    const acl = `@prefix   acl:  <http://www.w3.org/ns/auth/acl#>.
+    const acl = await fsPromises.readFile(joinFilePath(__dirname, '../../templates/root/.acl'), 'utf8');
-@prefix  foaf:  <http://xmlns.com/foaf/0.1/>.
-
-<#authorization>
-    a               acl:Authorization;
-    acl:agentClass  foaf:Agent;
-    acl:mode        acl:Read;
-    acl:mode        acl:Write;
-    acl:mode        acl:Append;
-    acl:mode        acl:Delete;
-    acl:mode        acl:Control;
-    acl:accessTo    <${this.baseUrl}>;
-    acl:default     <${this.baseUrl}>.`;
     this.logger.debug(`Installing root ACL document at ${rootAcl.path}`);
     await this.store.setRepresentation(rootAcl, new BasicRepresentation(acl, rootAcl, TEXT_TURTLE));
   }

templates/root/.acl

@@ -0,0 +1,13 @@
+@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+
+<#authorization>
+    a               acl:Authorization;
+    acl:agentClass  foaf:Agent;
+    acl:mode        acl:Read;
+    acl:mode        acl:Write;
+    acl:mode        acl:Append;
+    acl:mode        acl:Delete;
+    acl:mode        acl:Control;
+    acl:accessTo    <./>;
+    acl:default     <./>.