Skip to content

Commit c91b7bc

Browse files
bourgeoabourgeoa
committed
cleaning an DELETE
1 parent 6b6257f commit c91b7bc

File tree

1 file changed

+20
-13
lines changed

1 file changed

+20
-13
lines changed

lib/acl-checker.js

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -95,42 +95,47 @@ class ACLChecker {
9595
// FIXME: https://github.com/solid/acl-check/issues/23
9696
// console.error(e.message)
9797
}
98-
let accessDenied = aclCheck.accessDenied(aclGraph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes)
98+
function resourceAccessDenied (modes) {
99+
accessDenied = aclCheck.accessDenied(aclGraph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes)
100+
}
99101

100-
function accessDeniedForAccessTo (mode) {
101-
const accessDeniedAccessTo = aclCheck.accessDenied(aclGraph, directory, null, aclFile, agent, [ACL(mode)], agentOrigin, trustedOrigins, originTrustedModes)
102+
function accessDeniedForAccessTo (modes) {
103+
const accessDeniedAccessTo = aclCheck.accessDenied(aclGraph, directory, null, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes)
102104
const accessResult = !accessDenied && !accessDeniedAccessTo
103105
accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo
104106
// debugCache('accessDenied result ' + accessDenied)
105107
}
106-
function accessdeniedFromParent (modes) {
108+
async function accessdeniedFromParent (modes) {
107109
const parentAclDirectory = ACLChecker.getDirectory(acl.parentAcl)
108110
const parentDirectory = parentResource === parentAclDirectory ? null : rdf.sym(parentAclDirectory)
109-
const deniedParent = Promise.all(modes
110-
.map(mode => aclCheck.accessDenied(acl.parentGraph, parentResource, parentDirectory, rdf.sym(acl.parentAcl), agent, [ACL(mode)], agentOrigin, trustedOrigins, originTrustedModes)))
111-
const accessDeniedParent = deniedParent.reduce((memo, deniedParent) => memo && !deniedParent, true)
111+
// if (acl.parentAcl.endWith('/.acl')) parentDirectory = rdf.sym(parentAclDirectory)
112+
const accessDeniedParent = aclCheck.accessDenied(acl.parentGraph, parentResource, parentDirectory, rdf.sym(acl.parentAcl), agent, modes, agentOrigin, trustedOrigins, originTrustedModes)
112113
const accessResult = !accessDenied && !accessDeniedParent
113114
accessDenied = accessResult ? false : accessDenied || accessDeniedParent
114115
// debugCache('accessDenied result ' + accessDenied)
115116
}
117+
118+
let accessDenied
119+
resourceAccessDenied(modes)
116120
// For create and update HTTP methods
117121
if ((method === 'PUT' || method === 'PATCH' || method === 'COPY')) {
118122
// if resource and acl have same parent container,
119123
// and resource does not exist, then accessTo Append from parent is required
120124
if (directory && directory.value === dirname(aclFile.value) + '/' && !resourceExists) {
121-
accessDeniedForAccessTo('Append')
125+
accessDeniedForAccessTo([ACL('Append')])
122126
}
123127
}
124128

125129
// For delete HTTP method
126130
if ((method === 'DELETE')) {
127131
// if resource and acl have same parent container,
128132
// then accessTo Write from parent is required
129-
if (!directory && aclFile.value.endsWith('/.acl')) accessdeniedFromParent(['Read', 'Write']) // directory = rdf.sym(dirname(aclFile.value) + '/')
130-
if ((directory && directory.value === dirname(aclFile.value) + '/')) {
131-
accessDeniedForAccessTo('Write')
133+
if (directory && this.resource.endsWith('/')) resourceAccessDenied([ACL('Read'), ACL('Write')])
134+
else if (!directory && aclFile.value.endsWith('/.acl')) await accessdeniedFromParent([ACL('Read'), ACL('Write')]) // directory = rdf.sym(dirname(aclFile.value) + '/')
135+
else if ((directory && directory.value === dirname(aclFile.value) + '/')) {
136+
accessDeniedForAccessTo([ACL('Write')])
132137
} else {
133-
accessdeniedFromParent(['Write'])
138+
await accessdeniedFromParent([ACL('Read'), ACL('Write')])
134139
}
135140
}
136141

@@ -178,7 +183,8 @@ class ACLChecker {
178183
graph = await this.requests[acl]
179184
} catch (err) {
180185
if (err && (err.code === 'ENOENT' || err.status === 404)) {
181-
isContainer = true
186+
// only set isContainer before docAcl // alain
187+
if (!docAcl) isContainer = true
182188
continue
183189
}
184190
debug(err)
@@ -194,6 +200,7 @@ class ACLChecker {
194200
parentGraph = graph // alain
195201
returnParentAcl = true
196202
} */
203+
// parentAcl is only needed for DELETE // alain
197204
if (method !== 'DELETE') returnParentAcl = true
198205
} else {
199206
parentAcl = acl

0 commit comments

Comments
 (0)