Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Only require append permissions on POST requests

Browse Source
This commit is contained in:
Joachim Van Herwegen
2021-01-27 10:20:44 +01:00
parent 13409bd91e
commit 93e53b3d24
3 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
test/integration/LdpHandlerWithAuth.test.ts
View File

@@ -117,4 +117,24 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, se
response = await resourceHelper.deleteResource('http://test.com/permanent.txt', true);
expect(response.statusCode).toBe(401);
});
it('can add files but not write to them if append is allowed.', async(): Promise<void> => {
// Set acl
await aclHelper.setSimpleAcl({ read: true, write: false, append: true }, 'agent');
// Add a file
let response = await resourceHelper.createResource(
'../assets/testfile2.txt', 'testfile2.txt', 'text/plain', true,
);
expect(response.statusCode).toBe(201);
const id = response._getHeaders().location;
response = await resourceHelper.performRequestWithBody(
new URL(id),
'PUT',
{ 'content-type': 'text/plain', 'transfer-encoding': 'chunked' },
Buffer.from('data'),
);
expect(response.statusCode).toBe(401);
});
});