Request access modal form

http-tests/admin/POST-request-access.sh

@@ -13,27 +13,20 @@ curl -w "%{http_code}\n" -o /dev/null -k -s \
   --data-urlencode "rdf=" \
   --data-urlencode "sb=request" \
   --data-urlencode "pu=http://www.w3.org/1999/02/22-rdf-syntax-ns#type" \
-  --data-urlencode "ou=https://w3id.org/atomgraph/linkeddatahub/admin/acl#AuthorizationRequest" \
-  --data-urlencode "pu=https://w3id.org/atomgraph/linkeddatahub/admin/acl#requestAccessTo" \
+  --data-urlencode "ou=http://www.w3.org/ns/auth/acl#Authorization" \
+  --data-urlencode "pu=http://www.w3.org/ns/auth/acl#accessTo" \
   --data-urlencode "ou=${END_USER_BASE_URL}sparql" \
-  --data-urlencode "pu=https://w3id.org/atomgraph/linkeddatahub/admin/acl#requestAccessToClass" \
+  --data-urlencode "pu=http://www.w3.org/ns/auth/acl#accessToClass" \
   --data-urlencode "ou=https://w3id.org/atomgraph/linkeddatahub/default#Root" \
   --data-urlencode "ou=https://www.w3.org/ns/ldt/document-hierarchy#Container" \
   --data-urlencode "ou=https://www.w3.org/ns/ldt/document-hierarchy#Item" \
   --data-urlencode "ou=http://www.semanticdesktop.org/ontologies/2007/03/22/nfo#FileDataObject" \
-  --data-urlencode "pu=https://w3id.org/atomgraph/linkeddatahub/admin/acl#requestMode" \
+  --data-urlencode "pu=http://www.w3.org/ns/auth/acl#mode" \
   --data-urlencode "ou=http://www.w3.org/ns/auth/acl#Read" \
   --data-urlencode "ou=http://www.w3.org/ns/auth/acl#Write" \
   --data-urlencode "pu=http://www.w3.org/2000/01/rdf-schema#label" \
   --data-urlencode "ol=Access request by Test Agent" \
-  --data-urlencode "pu=https://w3id.org/atomgraph/linkeddatahub/admin/acl#requestAgent" \
+  --data-urlencode "pu=http://www.w3.org/ns/auth/acl#agent" \
   --data-urlencode "ou=${AGENT_URI}" \
-  --data-urlencode "sb=request-item" \
-  --data-urlencode "pu=http://www.w3.org/1999/02/22-rdf-syntax-ns#type" \
-  --data-urlencode "ou=https://www.w3.org/ns/ldt/document-hierarchy#Item" \
-  --data-urlencode "pu=http://rdfs.org/sioc/ns#has_container" \
-  --data-urlencode "ou=${ADMIN_BASE_URL}acl/authorization-requests/" \
-  --data-urlencode "pu=http://xmlns.com/foaf/0.1/primaryTopic" \
-  --data-urlencode "ob=request" \
-  "${ADMIN_BASE_URL}request%20access" \
-| grep -q "$STATUS_CREATED"
+  "${ADMIN_BASE_URL}access/request" \
+| grep -q "$STATUS_OK"

http-tests/admin/GET-request-access-html.sh → http-tests/document-hierarchy/DELETE-403.sh

@@ -5,13 +5,13 @@ initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPO
 initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
 purge_cache "$END_USER_VARNISH_SERVICE"
 purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
 
-# test the "Request access" HTML form
+# check that write access without authorization is forbidden
 
-curl -k -w "%{http_code}\n" -o /dev/null -f -s \
-  -G \
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -X DELETE \
   -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
-  -H 'Accept: text/html' \
-  --data-urlencode "access-to=${END_USER_BASE_URL}" \
-  "${ADMIN_BASE_URL}request%20access" \
-| grep -q "$STATUS_OK"
+  -H "Accept: application/n-triples" \
+    "$END_USER_BASE_URL" \
+| grep -q "$STATUS_FORBIDDEN"

http-tests/document-hierarchy/DELETE-404.sh → http-tests/document-hierarchy/DELETE-non-existing-403.sh

@@ -15,11 +15,11 @@ add-agent-to-group.sh \
   --agent "$AGENT_URI" \
   "${ADMIN_BASE_URL}acl/groups/writers/"
 
-# check that access to graph with parent is allowed, but the graph is not found
+# check that access to non-existing graph is forbidden
 
 curl -k -w "%{http_code}\n" -o /dev/null -s -G \
   -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
   -X DELETE \
   -H "Accept: application/n-triples" \
   "${END_USER_BASE_URL}non-existing/" \
-| grep -q "$STATUS_NOT_FOUND"
+| grep -q "$STATUS_FORBIDDEN"

http-tests/document-hierarchy/DELETE.sh

@@ -45,4 +45,4 @@ curl -k -w "%{http_code}\n" -o /dev/null -s -G \
   -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
   -H "Accept: application/n-triples" \
   "$container" \
-| grep -q "$STATUS_NOT_FOUND"
+| grep -q "$STATUS_FORBIDDEN"

http-tests/document-hierarchy/GET-403.sh

@@ -7,9 +7,9 @@ purge_cache "$END_USER_VARNISH_SERVICE"
 purge_cache "$ADMIN_VARNISH_SERVICE"
 purge_cache "$FRONTEND_VARNISH_SERVICE"
 
-# check that non-existing graph is forbidden
+# check that read access without authorization is forbidden
 
 curl -k -w "%{http_code}\n" -o /dev/null -s -G \
   -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
-  "${END_USER_BASE_URL}non-existing/" \
+  "$END_USER_BASE_URL" \
 | grep -q "$STATUS_FORBIDDEN"

http-tests/document-hierarchy/GET-404.sh → http-tests/document-hierarchy/GET-non-existing-403.sh

@@ -21,4 +21,4 @@ curl -k -w "%{http_code}\n" -o /dev/null -s -G \
   -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
   -H "Accept: application/n-triples" \
   "${END_USER_BASE_URL}non-existing/" \
-| grep -q "$STATUS_NOT_FOUND"
+| grep -q "$STATUS_FORBIDDEN"

http-tests/document-hierarchy/GET.sh

@@ -15,7 +15,7 @@ add-agent-to-group.sh \
   --agent "$AGENT_URI" \
   "${ADMIN_BASE_URL}acl/groups/readers/"
 
-# GET the graph (use Chrome's default Accept value)
+# GET the graph
 
 curl -k -w "%{http_code}\n" -o /dev/null -f -s -G \
   -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \

http-tests/document-hierarchy/PATCH-403.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# check that write access without authorization is forbidden
+
+update=$(cat <<EOF
+PREFIX  rdf:  <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
+
+INSERT
+{
+  <${END_USER_BASE_URL}> rdf:_2 <${END_USER_BASE_URL}#whateverest>
+}
+WHERE
+{}
+EOF
+)
+
+curl -k -w "%{http_code}\n" -o /dev/null -s \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -X PATCH \
+  -H "Content-Type: application/sparql-update" \
+  "$END_USER_BASE_URL" \
+   --data-binary "$update" \
+| grep -q "$STATUS_FORBIDDEN"

http-tests/document-hierarchy/PATCH-404.sh → http-tests/document-hierarchy/PATCH-non-existing-403.sh

@@ -15,7 +15,7 @@ add-agent-to-group.sh \
   --agent "$AGENT_URI" \
   "${ADMIN_BASE_URL}acl/groups/writers/"
 
-# check that access to graph with parent is allowed, but the graph is not found
+# check that write access to non-existing graph is forbidden
 
 update=$(cat <<EOF
 PREFIX  rdf:  <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
@@ -37,4 +37,4 @@ curl -k -w "%{http_code}\n" -o /dev/null -s \
   "${END_USER_BASE_URL}non-existing/" \
    --data-binary "$update"
 ) \
-| grep -q "$STATUS_NOT_FOUND"
+| grep -q "$STATUS_FORBIDDEN"

http-tests/document-hierarchy/POST-403.sh

@@ -7,7 +7,7 @@ purge_cache "$END_USER_VARNISH_SERVICE"
 purge_cache "$ADMIN_VARNISH_SERVICE"
 purge_cache "$FRONTEND_VARNISH_SERVICE"
 
-# check that non-existing graph is forbidden
+# check that append access without authorization is forbidden
 
 (
 curl -k -w "%{http_code}\n" -o /dev/null -s \

http-tests/document-hierarchy/POST-404.sh → http-tests/document-hierarchy/POST-non-existing-403.sh

@@ -15,7 +15,7 @@ add-agent-to-group.sh \
   --agent "$AGENT_URI" \
   "${ADMIN_BASE_URL}acl/groups/writers/"
 
-# check that access to graph with parent is allowed, but the graph is not found
+# check that access to non-existing graph is forbidden
 
 (
 curl -k -w "%{http_code}\n" -o /dev/null -s \
@@ -27,4 +27,4 @@ curl -k -w "%{http_code}\n" -o /dev/null -s \
 <http://s> <http://p> <http://o> .
 EOF
 ) \
-| grep -q "$STATUS_NOT_FOUND"
+| grep -q "$STATUS_FORBIDDEN"