@@ -165,14 +165,18 @@ function globHandler (req, res, next) {
165165 debugGlob ( 'error ' + err )
166166 return resolve ( )
167167 }
168- aclAllow ( match , req , res , function ( allowed ) {
169- if ( ! match . endsWith ( '.ttl' ) || ! allowed ) {
170- return resolve ( )
171- }
172- try {
173- $rdf . parse ( fileData , globGraph , baseUri , 'text/turtle' )
174- } catch ( parseErr ) {
175- debugGlob ( `error parsing ${ match } ${ parseErr } )
168+ // Files should have the .ttl extension or be extensionless (also Turtle)
169+ if ( ! / \. t t l $ | \/ [ ^ . ] + $ / . test ( match ) ) {
170+ return resolve ( )
171+ }
172+ // The agent should have Read access to the file
173+ hasReadPermissions ( match , req , res , function ( allowed ) {
174+ if ( allowed ) {
175+ try {
176+ $rdf . parse ( fileData , globGraph , baseUri , 'text/turtle' )
177+ } catch ( parseErr ) {
178+ debugGlob ( `error parsing ${ match } ${ parseErr } )
179+ }
176180 }
177181 return resolve ( )
178182 } )
@@ -190,17 +194,16 @@ function globHandler (req, res, next) {
190194 } )
191195}
192196
193- function aclAllow ( match , req , res , callback ) {
197+ // TODO: get rid of this ugly hack that uses the Allow handler to check read permissions
198+ function hasReadPermissions ( file , req , res , callback ) {
194199 const ldp = req . app . locals . ldp
195200
196201 if ( ! ldp . webid ) {
197202 return callback ( true )
198203 }
199204
200205 const root = ldp . multiuser ? ldp . root + req . hostname + '/' : ldp . root
201- const relativePath = '/' + _path . relative ( root , match )
206+ const relativePath = '/' + _path . relative ( root , file )
202207 res . locals . path = relativePath
203- allow ( 'Read' , req , res , function ( err ) {
204- callback ( err )
205- } )
208+ allow ( 'Read' ) ( req , res , err => callback ( ! err ) )
206209}
0 commit comments