feat: Always grant control permissions to pod owners

2024-10-03 14:55:10 +00:00 · 2021-08-31 16:36:42 +02:00
parent 6c4ccb334d
commit 8f5d61911d
10 changed files with 224 additions and 6 deletions
--- a/test/integration/Identity.test.ts
+++ b/test/integration/Identity.test.ts
@@ -328,6 +328,43 @@ describe('A Solid server with IDP', (): void => {
      res = await state.session.fetch(newWebId, patchOptions);
      expect(res.status).toBe(205);
    });
+
+    it('always has control over data in the pod.', async(): Promise<void> => {
+      const podBaseUrl = `${baseUrl}${podName}/`;
+      const brokenAcl = '<#authorization> a <http://www.w3.org/ns/auth/acl#Authorization> .';
+
+      // Make the acl file unusable
+      let res = await state.session.fetch(`${podBaseUrl}.acl`, {
+        method: 'PUT',
+        headers: { 'content-type': 'text/turtle' },
+        body: brokenAcl,
+      });
+      expect(res.status).toBe(205);
+
+      // The owner is locked out of their own pod due to a faulty acl file
+      res = await state.session.fetch(podBaseUrl);
+      expect(res.status).toBe(403);
+
+      const fixedAcl = `@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+
+<#authorization>
+    a               acl:Authorization;
+    acl:agentClass  foaf:Agent;
+    acl:mode        acl:Read;
+    acl:accessTo    <./>.`;
+      // Owner can still update the acl
+      res = await state.session.fetch(`${podBaseUrl}.acl`, {
+        method: 'PUT',
+        headers: { 'content-type': 'text/turtle' },
+        body: fixedAcl,
+      });
+      expect(res.status).toBe(205);
+
+      // Access is possible again
+      res = await state.session.fetch(podBaseUrl);
+      expect(res.status).toBe(200);
+    });
  });

  describe('setup', (): void => {
--- a/test/integration/config/ldp-with-auth.json
+++ b/test/integration/config/ldp-with-auth.json
@@ -8,6 +8,7 @@
    "files-scs:config/http/middleware/no-websockets.json",
    "files-scs:config/http/server-factory/no-websockets.json",
    "files-scs:config/http/static/default.json",
+    "files-scs:config/identity/handler/default.json",
    "files-scs:config/ldp/authentication/debug-auth-header.json",
    "files-scs:config/ldp/authorization/webacl.json",
    "files-scs:config/ldp/handler/default.json",