Parent folder .acl is not consulted, even if local .acl does not specify permissions

[angelo-v]

Given a folder contains a .acl file specifying permissions to a file inside that folder, but does not say something about permissions to the folder itself:

<#owner>
    a acl:Authorization;
    acl:agent <https://angelo.veltens.org/profile/card#me>;
    acl:accessTo <./file.ttl>;
    acl:mode acl:Read, acl:Write, acl:Control.

The parent folder grants all access for the same agent as default (acl:default)

.
├── .acl # grants all access via `acl:default`
├── acltest
│   ├── .acl # contains the content seen above
│   └── file.ttl

Actual behaviour:

Both, the folder and the file.ttl are unreachable for the agent (403 Forbidden).

Expected behaviour:

Since the .acl does not specify access control for the folder, the parent folder .acl should be checked and access granted to the folder (granted by parent .acl) and to the file.ttl (granted by the folder's .acl).

[kjetilk]

Yes, this has been discussed in the specification, and it is actually the intended behaviour. Here is the spec issue, pointing to timbl's comment on this:
solid/specification#55 (comment)

[angelo-v]

Should'nt at least file.ttl be accessible, since permission is excplicitly granted? Do you know about any specification or NSS improvments, so that ACLs that do not mention the container itself are prevented?

I mean adding at least one acl:accessTo <./> seams to be a must have for a valid container ACL then?

[kjetilk]

It sounds like it could be enforced by a shape to not get into that kind of situation, but other than that, I'm not aware of that.

But please mention the problem in solid/specification#55 so we can look into it in that context.