feat: Update configs based on all permission changes

2024-10-03 14:55:10 +00:00 · 2022-06-29 11:01:53 +02:00 · 2022-06-29 11:01:53 +02:00 · d5bcec704c
commit d5bcec704c
parent fd83f4b013
4 changed files with 49 additions and 29 deletions
--- a/config/ldp/authorization/readers/acl.json
+++ b/config/ldp/authorization/readers/acl.json
@ -7,17 +7,27 @@
  ],
  "@graph": [
    {
+      "comment": "Adds parent container checks needed for create/delete permissions.",
+      "@id": "urn:solid-server:default:WrappedWebAclReader",
+      "@type": "ParentContainerReader",
+      "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
+      "reader": { "@id": "urn:solid-server:default:WebAclAuxiliaryReader" }
+    },
+    {
+      "comment": "Reinterprets Control permissions as Read/Write on the ACL document.",
+      "@id": "urn:solid-server:default:WebAclAuxiliaryReader",
+      "@type": "WebAclAuxiliaryReader",
+      "aclStrategy": { "@id": "urn:solid-server:default:AclStrategy" },
+      "reader": { "@id": "urn:solid-server:default:WebAclReader" }
+    },
+    {
+      "comment": "Reads out permissions from an ACL document for subject resources.",
      "@id": "urn:solid-server:default:WebAclReader",
      "@type": "WebAclReader",
-      "aclStrategy": {
-        "@id": "urn:solid-server:default:AclStrategy"
-      },
-      "aclStore": {
-        "@id": "urn:solid-server:default:ResourceStore"
-      },
-      "identifierStrategy": {
-        "@id": "urn:solid-server:default:IdentifierStrategy"
-      },
+      "aclStrategy": { "@id": "urn:solid-server:default:AclStrategy" },
+      "resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" },
+      "aclStore": { "@id": "urn:solid-server:default:ResourceStore" },
+      "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
      "accessChecker": {
        "@type": "BooleanHandler",
        "handlers": [
--- a/config/ldp/authorization/readers/ownership.json
+++ b/config/ldp/authorization/readers/ownership.json
@ -6,7 +6,8 @@
      "@id": "urn:solid-server:default:OwnerPermissionReader",
      "@type": "OwnerPermissionReader",
      "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
-      "aclStrategy": { "@id": "urn:solid-server:default:AclStrategy" }
+      "aclStrategy": { "@id": "urn:solid-server:default:AclStrategy" },
+      "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
    }
  ]
 }
--- a/config/ldp/authorization/webacl.json
+++ b/config/ldp/authorization/webacl.json
@ -6,25 +6,26 @@
  ],
  "@graph": [
    {
-      "comment": "Uses Web Access Control for authorization.",
+      "comment": "Requests permissions on subject resources for auxiliary resources.",
      "@id": "urn:solid-server:default:PermissionReader",
-      "@type": "UnionPermissionReader",
-      "readers": [
-        {
-          "comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
-          "@id": "urn:solid-server:default:PathBasedReader",
-          "@type": "PathBasedReader",
-          "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
-        },
-        { "@id": "urn:solid-server:default:OwnerPermissionReader" },
-        {
-          "comment": "This PermissionReader makes sure that for auxiliary resources, the main reader gets called with the associated identifier.",
-          "@type": "AuxiliaryReader",
-          "resourceReader": { "@id": "urn:solid-server:default:WebAclReader" },
-          "auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" }
-        },
-        { "@id": "urn:solid-server:default:WebAclReader" }
-      ]
+      "@type": "AuxiliaryReader",
+      "auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
+      "reader": {
+        "@type": "UnionPermissionReader",
+        "readers": [
+          {
+            "comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
+            "@id": "urn:solid-server:default:PathBasedReader",
+            "@type": "PathBasedReader",
+            "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
+          },
+          { "@id": "urn:solid-server:default:OwnerPermissionReader" },
+          {
+            "comment": "Uses Web Access Control for authorization.",
+            "@id": "urn:solid-server:default:WrappedWebAclReader"
+          }
+        ]
+      }
    },
    {
      "comment": "In case of WebACL authorization the ACL resources determine authorization.",
--- a/config/ldp/modes/default.json
+++ b/config/ldp/modes/default.json
@ -2,8 +2,16 @@
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
  "@graph": [
    {
-      "comment": "Determines required modes based on HTTP methods.",
+      "comment": "Checks if an operation on a resource requires permissions on intermediate resources (such as newly created parent containers).",
      "@id": "urn:solid-server:default:ModesExtractor",
+      "@type": "IntermediateCreateExtractor",
+      "resourceSet": { "@id": "urn:solid-server:default:CachedResourceSet" },
+      "strategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
+      "source": { "@id": "urn:solid-server:default:HttpModesExtractor" }
+    },
+    {
+      "comment": "Determines required modes based on HTTP methods.",
+      "@id": "urn:solid-server:default:HttpModesExtractor",
      "@type": "WaterfallHandler",
      "handlers": [
        {