nodeSolidServer · bourgeoa · Dec 27, 2021 · Nov 23, 2021 · Dec 26, 2021 · Dec 27, 2021
diff --git a/lib/acl-checker.js b/lib/acl-checker.js
@@ -87,15 +87,27 @@ class ACLChecker {
     }
     let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes)
 
+    function accessDeniedForAccessTo (mode) {
+      const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL(mode)], agentOrigin, trustedOrigins, originTrustedModes)
+      const accessResult = !accessDenied && !accessDeniedAccessTo
+      accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo
+      // debugCache('accessDenied result ' + accessDenied)
+    }
     // For create and update HTTP methods
     if ((method === 'PUT' || method === 'PATCH' || method === 'COPY') && directory) {
       // if resource and acl have same parent container,
       // and resource does not exist, then accessTo Append from parent is required
       if (directory.value === dirname(aclFile.value) + '/' && !resourceExists) {
-        const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes)
-        const accessResult = !accessDenied && !accessDeniedAccessTo
-        accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo
-        // debugCache('accessDenied result ' + accessDenied)
+        accessDeniedForAccessTo('Append')
+      }
+    }
+
+    // For delete HTTP method
+    if ((method === 'DELETE') && directory) {
+      // if resource and acl have same parent container,
+      // then accessTo Write from parent is required
+      if (directory.value === dirname(aclFile.value) + '/') {
+        accessDeniedForAccessTo('Write')
       }
     }
     if (accessDenied && user) {

diff --git a/test/surface/run-solid-test-suite.sh b/test/surface/run-solid-test-suite.sh
@@ -49,7 +49,7 @@ waitForNss server
 runTests webid-provider-tests v2.0.3
 runTests solid-crud-tests nss-skips
 waitForNss thirdparty
-runTests web-access-control-tests v5.1.0
+runTests web-access-control-tests v6.0.0
 teardown
 
 # To debug, e.g. running web-access-control-tests jest interactively,