Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
CommunitySolidServer/test/integration/PermissionTable.test.ts
Wout Slabbinck ca62511d12
feat: Edit metadata resources (#1188) 
* feat: only allow metadata to be edited with PATCH request & only allow metadata files to be edited when a resource is available

* fix: remove unnecesary log at POST

* feat: PUT resets metadata contents + not possible to add metadata with PUT to container

* feat: add metadataStrategy (auxiliaryStrategy) + use that strategy in operationhandlers

* feat: PUT request on existing LDPC is not allowed as it would be possible to edit (read reset) metadata

* test: add unit tests to operationhandlers to handle metadata editing

* test: add unit tests to representationPatchHandler to handle metadata editing

* fix: update dependency of meta.json to version 3.0.0

* fix: lint and dependency still v2

* fix: replaced file references to resource references + moved Patch check to new patchhandler which is more generic

* fix: moved checking metadata resources checking from DELETE and POST handler down to DABS

* fix: remove PATCH message about metadata extension

* fix: move PATCH message about metadata extension

* WIP: adding writeMetadata + getMetadata in DABS and add writeMetadata to DataAccessors (part 1)

* WIP: implement writeMetadata in memorybackend + change resourceExists

* WIP: implement writeMetadata in SparqlDataAccessor.ts

* test: fix test interfaces

* test: InMemoryDataAccessor.ts resulted into changing identifier for writeMetadata in DataAccessor.ts (now taking subject identifier instead of metadata resource identifier)

* test: accessor tests implemented for metadata

* test: add RdfImmutableCheckPatcher.test.ts

* test: add tests in DataAccessorBasedStore.test.ts

* test: fix template config for DynamicPods test

* test: add integration tests for metadata

* fix: change metaStrategy to metadataStrategy

* refactor: comments updated to new location CSS on github + some alphabetical edits

* refactor: remove getMetadata function in DABS as it is only used once

* refactor: add DataAccessorBasedStoreArgs to DataAccessorBasedStore.ts

* docs: modify documentation for writeMetadata function in DataAccessor.ts

* feat: ldp:contains is also part of the metadata resource of a container

* refactor: change function name and move check to DataAccessorBasedStore

* fix: fix tests for DABS and PutOperationHandler

* feat: avoid cloneRepresentation by introducing RdfPatcher, RdfStorePatcher and modifying ImmutableMetadataPatcher, N3Patcher, patching.json and SparqlUpdatePatcher

* test: fix patcher tests

* feat: create sparqlInsertMetadata in SparqlDataAccessor.ts

* fix: move check during put on container if it exists already back to PutOperationHandler.ts after discussion in PR

* test: update tests PutOperationHandler.ts and DataAccessorBasedStore.ts regarding previous commit

* test: add converter to DABS and replace rejection on data during container creation to warning

* test: implemented RdfPatcher test

* feat: remove ContainerPatcher

* fix: fix lint

* fix: fix integration tests

* refactor: fix minor issues mentioned in the PR

* WIP: problem with removeResponseMetadata

* refactor: remove responseMetadata in QuadToRdfConverter.ts

* feat: handle ResponeMetadata when writing to the store via a patch

* refactor: refactor based on comments in PR

* feat: make ImmutableMetadataPatcher.ts instantiation more clear

* test: achieve 100% coverage again

* fix: fix lint

* refactor: return to explicit arguments for the DABS

* fix: return to explicit arguments for the DABS (missed one)

* feat: optimise immutable checker

* fix: fix, enhance docs + optimise config files

* fix: DABS + QuadToRdfConverter feedback implemented

* fix: patching feedback implemented

* test: update operationhandler tests

* test: update integration tests after feedback

* test: update DABS tests after feedback

* test: update ImmutableMetadataPatcher.test.ts after feedback

* test: update patch tests after feedback

* docs: add documentation about editing metadata

* fix: config: intendation + name change + extra filters | filter pattern

* docs: tsdoc added to RdfStorePatcher.ts

* fix: DABS split implemented for getRepresentation + comment refactoring

* docs: further documentation on removing response data on serialization

* fix: DABS getRepresentation method

* docs: apply feedback from Joachim on the documentation of metadata-editing.md

* fix: indentation fix + fix metadata-editing.md documentation after feedback from Joachim

* docs: small fix in metadata-editing.md documentation after feedback from Joachim

* fix: fix metadata-editing.md documentation after feedback from Joachim

* fix: fix tests meta-editing after feedback Joachim

* feat: first attempt at RELEASE_NOTES.md

* docs: update release notes based on feedback

* docs: fix newline

* fix: patching config changes after feedback

* docs: metadata editing documentation changes after feedback

* docs: metadata editing documentation changes after feedback

* docs: metadata editing documentation changes after feedback

* feat: optimisation on ImmutableMetadataPatcher.ts algorithm

* feat: remove converter from DABS and add conversion for metadata resources in the RCS

* fix: Fix documentation RepresentationPatchHandler.ts + fix response graph not being stored due to convertingstore

* feat: make RepresentationPatcher generic

* test: generic RepresentationPatcher tests

* test: 100% coverage for patchers again

* feat: containers can be created with POST with no content-type

* feat: Immutable checks always with subject identifier

* feat: create AuxiliaryLinkMetadataWriter for adding description resources Link Header

* test: add tests for AuxiliaryLinkMetadataWriter and update them for ImmutableMetadataPatcher

* feat: remove metadataGenerator from acl.json and fix tests accordingly

* WIP: preserve metadata on PUT

* feat: preserve metadata on PUT

* fix: keep metadata on PATCHes

* test: add unit tests for preserving metadata on PUT

* fix: remove inConverter from sparql endpoint as that is already the default in the (converting.json)

* fix: add metadatastrategy to RepresentationConvertingStore in regex.json

* test: add integration tests for preserving metadata on PUT

* docs: update release notes and adding documentation about preserving metadata on PUT

* WIP: Template create setRepresentation

* fix: Move container exists and not allowed check to setRepresentation

* test: fix lint

* fix: update configs and documentation

* refactor: update and add documentation + small refactoring

* refactor: update and add documentation + small refactoring + fix tests

* fix: Dynamic pod config + tests

* fix: TemplatedResourcesGenerator does not create containers when they already exist

* fix: metadata preservation now deals with complex content types

* docs: explain the case when there is no content-type

* fix: minor comments
2022-08-04 15:24:36 +02:00

236 lines
12 KiB
TypeScript
Raw Blame History

import fetch from 'cross-fetch';
import { v4 } from 'uuid';
import type { AclPermission } from '../../src/authorization/permissions/AclPermission';
import { AccessMode as AM } from '../../src/authorization/permissions/Permissions';
import { BasicRepresentation } from '../../src/http/representation/BasicRepresentation';
import type { App } from '../../src/init/App';
import type { ResourceStore } from '../../src/storage/ResourceStore';
import { TEXT_TURTLE } from '../../src/util/ContentTypes';
import { ConflictHttpError } from '../../src/util/errors/ConflictHttpError';
import { ensureTrailingSlash, joinUrl } from '../../src/util/PathUtil';
import { AclHelper } from '../util/AclHelper';
import { getPort } from '../util/Util';
import {
getDefaultVariables,
getPresetConfigPath,
getTestConfigPath,
getTestFolder,
instantiateFromConfig, removeFolder,
} from './Config';
const DEFAULT_BODY = `@prefix solid: <http://www.w3.org/ns/solid/terms#>.
@prefix ex: <http://www.example.org/terms#>.
ex:custom ex:givenName "Claudia".`;
const INSERT = `@prefix solid: <http://www.w3.org/ns/solid/terms#>.
@prefix ex: <http://www.example.org/terms#>.
_:patch a solid:InsertDeletePatch;
solid:inserts { ex:custom ex:givenName "Alex". }.`;
const DELETE = `@prefix solid: <http://www.w3.org/ns/solid/terms#>.
@prefix ex: <http://www.example.org/terms#>.
_:rename a solid:InsertDeletePatch;
solid:deletes { ex:custom ex:givenName "Claudia". }.`;
const N3 = 'text/n3';
const TXT = 'text/plain';
const allModes = [ AM.read, AM.append, AM.create, AM.write, AM.delete ];
// Based on https://github.com/solid/specification/issues/14#issuecomment-683480525
// Columns: method, target, C/ permissions, C/R permissions, body, content-type, target exists, target does not exist
// `undefined` implies C/R inherits the permissions of C/
// For PUT/PATCH/DELETE we return 205 instead of 200/204
/* eslint-disable no-multi-spaces */
const table: [string, string, AM[], AM[] | undefined, string, string, number, number][] = [
// No authorization headers are sent in an OPTIONS request making it impossible to grant permission.
// See https://github.com/CommunitySolidServer/CommunitySolidServer/issues/1246#issuecomment-1087325235
// From https://fetch.spec.whatwg.org/#cors-preflight-fetch it follows
// that a preflight check should always return an OK response.
[ 'OPTIONS', 'C/R', [], undefined, '', '', 204, 204 ],
[ 'OPTIONS', 'C/R', [], [ AM.read ], '', '', 204, 204 ],
[ 'OPTIONS', 'C/R', [ AM.read ], undefined, '', '', 204, 204 ],
[ 'HEAD', 'C/R', [], undefined, '', '', 401, 401 ],
[ 'HEAD', 'C/R', [], [ AM.read ], '', '', 200, 404 ],
[ 'HEAD', 'C/R', [ AM.read ], undefined, '', '', 200, 404 ],
[ 'GET', 'C/R', [], undefined, '', '', 401, 401 ],
[ 'GET', 'C/R', [], [ AM.read ], '', '', 200, 404 ],
[ 'GET', 'C/R', [ AM.read ], undefined, '', '', 200, 404 ],
// Agreed upon deviation from the original table; more conservative interpretation allowed.
// Original returns 404 in the case of C/R not existing.
[ 'GET', 'C/R', [ AM.read ], [ AM.write ], '', '', 401, 401 ],
[ 'POST', 'C/', [], undefined, '', TXT, 401, 401 ],
[ 'POST', 'C/', [], [ AM.read ], '', TXT, 401, 401 ],
[ 'POST', 'C/', [ AM.append ], undefined, '', TXT, 201, 201 ],
[ 'POST', 'C/', [ AM.append ], [ AM.read ], '', TXT, 201, 201 ],
[ 'POST', 'C/', [ AM.read, AM.append ], undefined, '', TXT, 201, 201 ],
[ 'POST', 'C/', [ AM.read, AM.append ], [ AM.read ], '', TXT, 201, 201 ],
[ 'PUT', 'C/', [], undefined, '', N3, 401, 401 ],
[ 'PUT', 'C/', [ AM.read ], undefined, '', N3, 401, 401 ],
// We return a 409 when targeting an existing container as we only allow changes targeting the metadata directly
[ 'PUT', 'C/', [ AM.write ], undefined, '', '', 409, 201 ],
[ 'PUT', 'C/R', [], undefined, '', TXT, 401, 401 ],
[ 'PUT', 'C/R', [], [ AM.read ], '', TXT, 401, 401 ],
[ 'PUT', 'C/R', [], [ AM.append ], '', TXT, 401, 401 ],
[ 'PUT', 'C/R', [], [ AM.write ], '', TXT, 205, 401 ],
[ 'PUT', 'C/R', [ AM.read ], undefined, '', TXT, 401, 401 ],
[ 'PUT', 'C/R', [ AM.append ], undefined, '', TXT, 401, 401 ],
[ 'PUT', 'C/R', [ AM.write ], undefined, '', TXT, 205, 201 ],
[ 'PUT', 'C/R', [ AM.append ], [ AM.write ], '', TXT, 205, 201 ],
[ 'PATCH', 'C/R', [], undefined, DELETE, N3, 401, 401 ],
[ 'PATCH', 'C/R', [], [ AM.read ], DELETE, N3, 401, 404 ],
[ 'PATCH', 'C/R', [], [ AM.append ], INSERT, N3, 205, 401 ],
[ 'PATCH', 'C/R', [], [ AM.append ], DELETE, N3, 401, 401 ],
[ 'PATCH', 'C/R', [], [ AM.write ], INSERT, N3, 205, 401 ],
[ 'PATCH', 'C/R', [], [ AM.write ], DELETE, N3, 401, 401 ],
[ 'PATCH', 'C/R', [ AM.append ], [ AM.write ], INSERT, N3, 205, 201 ],
[ 'PATCH', 'C/R', [ AM.append ], [ AM.write ], DELETE, N3, 401, 401 ],
// We currently return 409 instead of 404 in case a PATCH has no inserts and C/R does not exist.
// This is an agreed upon deviation from the original table
[ 'PATCH', 'C/R', [], [ AM.read, AM.write ], DELETE, N3, 205, 409 ],
[ 'DELETE', 'C/R', [], undefined, '', '', 401, 401 ],
[ 'DELETE', 'C/R', [], [ AM.read ], '', '', 401, 404 ],
[ 'DELETE', 'C/R', [], [ AM.append ], '', '', 401, 401 ],
[ 'DELETE', 'C/R', [], [ AM.write ], '', '', 401, 401 ],
[ 'DELETE', 'C/R', [ AM.read ], undefined, '', '', 401, 404 ],
[ 'DELETE', 'C/R', [ AM.append ], undefined, '', '', 401, 401 ],
[ 'DELETE', 'C/R', [ AM.append ], [ AM.read ], '', '', 401, 404 ],
// We throw a 404 instead of 401 since we don't yet check if the parent container has read permissions
// [ 'DELETE', 'C/R', [ AM.write ], undefined, '', '', 205, 401 ],
[ 'DELETE', 'C/R', [ AM.write ], [ AM.read ], '', '', 401, 404 ],
[ 'DELETE', 'C/R', [ AM.write ], [ AM.append ], '', '', 401, 401 ],
[ 'DELETE', 'C/', [], undefined, '', '', 401, 401 ],
[ 'DELETE', 'C/', [ AM.read ], undefined, '', '', 401, 404 ],
[ 'DELETE', 'C/', [ AM.append ], undefined, '', '', 401, 401 ],
[ 'DELETE', 'C/', [ AM.write ], undefined, '', '', 401, 401 ],
[ 'DELETE', 'C/', [ AM.read, AM.write ], undefined, '', '', 205, 404 ],
];
/* eslint-enable no-multi-spaces */
function toPermission(modes: AM[]): AclPermission {
return Object.fromEntries(modes.map((mode): [AM, boolean] => [ mode, true ]));
}
const port = getPort('PermissionTable');
const baseUrl = `http://localhost:${port}/`;
const rootFilePath = getTestFolder('permissionTable');
const stores: [string, any][] = [
[ 'in-memory storage', {
storeConfig: 'storage/backend/memory.json',
teardown: jest.fn(),
}],
[ 'on-disk storage', {
storeConfig: 'storage/backend/file.json',
teardown: async(): Promise<void> => removeFolder(rootFilePath),
}],
];
describe.each(stores)('A request on a server with %s', (name, { storeConfig, teardown }): void => {
let app: App;
let store: ResourceStore;
let aclHelper: AclHelper;
beforeAll(async(): Promise<void> => {
const variables = {
...getDefaultVariables(port, baseUrl),
'urn:solid-server:default:variable:rootFilePath': rootFilePath,
};
// Create and start the server
const instances = await instantiateFromConfig(
'urn:solid-server:test:Instances',
[
getPresetConfigPath(storeConfig),
getTestConfigPath('ldp-with-auth.json'),
],
variables,
) as Record<string, any>;
({ app, store } = instances);
await app.start();
// Create test helper for manipulating acl
aclHelper = new AclHelper(store);
// Set the root acl file to allow everything
await aclHelper.setSimpleAcl(baseUrl, {
permissions: { read: true, write: true, append: true, control: true },
agentClass: 'agent',
accessTo: true,
default: true,
});
});
afterAll(async(): Promise<void> => {
await teardown();
await app.stop();
});
describe.each(table)('%s %s with permissions C/: %s and C/R: %s.', (...entry): void => {
const [ method, target, cPerm, crPermTemp, body, contentType, existsCode, notExistsCode ] = entry;
const crPerm = crPermTemp ?? cPerm;
const id = v4();
const root = ensureTrailingSlash(joinUrl(baseUrl, id));
const container = ensureTrailingSlash(joinUrl(root, 'container/'));
const resource = joinUrl(container, 'resource');
const targetingContainer = target !== 'C/R';
const targetUrl = targetingContainer ? container : resource;
let init: RequestInit;
beforeEach(async(): Promise<void> => {
// POST is special as the request targets the container but we care about the generated resource
const parent = targetingContainer && method !== 'POST' ? root : container;
// Create C/ and set up permissions
try {
await store.setRepresentation({ path: parent }, new BasicRepresentation([], TEXT_TURTLE));
} catch (error: unknown) {
if (!ConflictHttpError.isInstance(error)) {
throw error;
}
}
await aclHelper.setSimpleAcl(parent, [
// In case we are targeting C/ we assume everything is allowed by the parent
{ permissions: toPermission(parent === root ? allModes : cPerm), agentClass: 'agent', accessTo: true },
{ permissions: toPermission(parent === root ? cPerm : crPerm), agentClass: 'agent', default: true },
]);
// Set up fetch parameters
init = { method };
if (contentType && contentType.length > 0) {
init.body = body;
init.headers = { 'content-type': contentType };
}
});
it('target does not exist.', async(): Promise<void> => {
const response = await fetch(targetUrl, init);
expect(response.status).toBe(notExistsCode);
});
it('target exists.', async(): Promise<void> => {
try {
await store.setRepresentation({ path: targetUrl }, new BasicRepresentation(DEFAULT_BODY, TEXT_TURTLE));
} catch (error: unknown) {
if (!ConflictHttpError.isInstance(error)) {
throw error;
}
}
const response = await fetch(targetUrl, init);
expect(response.status).toBe(existsCode);
});
});
});
Reference in New Issue View Git Blame Copy Permalink