Failing tests for case when acl file covers a whole tree

kjetilk · rubensworks · commit 9bb47e235e43 · 2018-11-27T11:19:53.000+01:00
diff --git a/test/integration/acl-oidc-test.js b/test/integration/acl-oidc-test.js
@@ -424,6 +424,39 @@ describe('ACL with WebID+OIDC over HTTP', function () {
         done()
       })
     })
+    it('user1 should be able to access deep test directory ACL', function (done) {
+      var options = createOptions('/read-acl/deeper-tree/.acl', 'user1')
+      request.head(options, function (error, response, body) {
+        assert.equal(error, null)
+        assert.equal(response.statusCode, 200)
+        done()
+      })
+    })
+    it('user1 should not be able to access deep test dir', function (done) {
+      var options = createOptions('/read-acl/deeper-tree/', 'user1')
+      request.head(options, function (error, response, body) {
+        assert.equal(error, null)
+        assert.equal(response.statusCode, 403)
+        assert.equal(response.statusMessage, 'User Unauthorized')
+        done()
+      })
+    })
+    it('user1 should able to access even deeper test directory', function (done) {
+      var options = createOptions('/read-acl/deeper-tree/acls-only-on-top/', 'user1')
+      request.head(options, function (error, response, body) {
+        assert.equal(error, null)
+        assert.equal(response.statusCode, 200)
+        done()
+      })
+    })
+    it('user1 should able to access even deeper test file', function (done) {
+      var options = createOptions('/read-acl/deeper-tree/acls-only-on-top/example.ttl', 'user1')
+      request.head(options, function (error, response, body) {
+        assert.equal(error, null)
+        assert.equal(response.statusCode, 200)
+        done()
+      })
+    })
   })
 
   describe('Append-only', function () {
diff --git a/test/resources/accounts-acl/tim.localhost/read-acl/deeper-tree/.acl b/test/resources/accounts-acl/tim.localhost/read-acl/deeper-tree/.acl
@@ -0,0 +1,18 @@
+@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+
+<#ThisControl> a acl:Authorization ;
+    acl:accessTo <./> ;
+    acl:agent <https://tim.localhost:7777/profile/card#me> ;
+    acl:mode acl:Control .
+
+<#DirRead> a acl:Authorization ;
+    acl:accessTo <./acls-only-on-top/> ;
+    acl:agent <https://tim.localhost:7777/profile/card#me> ;
+    acl:mode acl:Read .
+
+<#FileRead> a acl:Authorization ;
+    acl:accessTo <./acls-only-on-top/example.ttl> ;
+    acl:agent <https://tim.localhost:7777/profile/card#me> ;
+    acl:mode acl:Read .
+
+
diff --git a/test/resources/accounts-acl/tim.localhost/read-acl/deeper-tree/acls-only-on-top/example.ttl b/test/resources/accounts-acl/tim.localhost/read-acl/deeper-tree/acls-only-on-top/example.ttl
@@ -0,0 +1 @@
+<> a <http://example.invalid/Dahut> .
