Append patch new document

.github/workflows/ci.yml

@@ -17,7 +17,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [14.x, 16.x]
+        node-version: [16.x, 18.x]
         os: [ubuntu-latest]
 
     steps:

lib/handlers/patch.js

@@ -143,8 +143,6 @@ async function checkPermission (request, patchObject, resourceExists) {
   // Now that we know the details of the patch,
   // we might need to perform additional checks.
   let modes = []
-  // acl:default Write is required for create
-  if (!resourceExists) modes = ['Write']
   const { acl, session: { userId } } = request
   // Read access is required for DELETE and WHERE.
   // If we would allows users without read access,

package.json

@@ -89,7 +89,7 @@
     "ip-range-check": "0.2.0",
     "is-ip": "^3.1.0",
     "li": "^1.3.0",
-    "mashlib": "^1.8.8",
+    "mashlib": "^1.8.9",
     "mime-types": "^2.1.35",
     "negotiator": "^0.6.3",
     "node-fetch": "^2.6.9",

test/integration/acl-oidc-test.js

@@ -551,7 +551,7 @@ describe('ACL with WebID+OIDC over HTTP', function () {
         done()
       })
     })
-    it.skip('user1 should be able to PATCH a resource', function (done) {
+    it('user1 should be able to PATCH (which CREATEs) a nonexistent resource', function (done) {
       const options = createOptions('/append-inherited/test.ttl', 'user1')
       options.body = 'INSERT DATA { :test  :hello 456 .}'
       options.headers['content-type'] = 'application/sparql-update'
@@ -589,6 +589,16 @@ describe('ACL with WebID+OIDC over HTTP', function () {
         done()
       })
     })
+    it('user2 should be able to PATCH INSERT to (which CREATEs) a nonexistent resource', function (done) {
+      const options = createOptions('/append-inherited/new.ttl', 'user2')
+      options.body = 'INSERT DATA { :test  :hello 789 .}'
+      options.headers['content-type'] = 'application/sparql-update'
+      request.patch(options, function (error, response, body) {
+        assert.equal(error, null)
+        assert.equal(response.statusCode, 200)
+        done()
+      })
+    })
     it('user2 should not be able to access test file\'s ACL file', function (done) {
       const options = createOptions('/append-acl/abc.ttl.acl', 'user2', 'text/turtle')
       request.head(options, function (error, response, body) {
@@ -648,6 +658,7 @@ describe('ACL with WebID+OIDC over HTTP', function () {
     })
     after(function () {
       rm('/accounts-acl/tim.localhost/append-inherited/test.ttl')
+      rm('/accounts-acl/tim.localhost/append-inherited/new.ttl')
     })
   })
 

test/resources/accounts-acl/tim.localhost/append-inherited/.acl

@@ -11,3 +11,9 @@
 
     acl:default <./>.
 
+<#AppendOnly>
+    a <http://www.w3.org/ns/auth/acl#Authorization>;
+    <http://www.w3.org/ns/auth/acl#accessTo> <./>;
+    acl:default <./>;
+    <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Agent>;
+    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Append> .

test/surface/run-solid-test-suite.sh

@@ -41,14 +41,26 @@ function runTests {
     --env-file test/surface/$1-env.list solidtestsuite/$1:$2
 }
 
+function runTestsFromGit {
+  docker build https://github.com/solid-contrib/$1.git#$2 -t $1
+
+  echo "Running web-access-control-tests against server with cookie $COOKIE_server"
+  docker run --rm --network=testnet \
+    --env COOKIE="$COOKIE_server" \
+    --env COOKIE_ALICE="$COOKIE_server" \
+    --env COOKIE_BOB="$COOKIE_thirdparty" \
+    --env-file test/surface/$1-env.list $1
+}
+
 # ...
 teardown || true
 setup $1
 waitForNss server
 runTests webid-provider-tests v2.0.3
 runTests solid-crud-tests v6.0.0
 waitForNss thirdparty
-runTests web-access-control-tests v7.1.0
+# runTests web-access-control-tests v7.1.0
+runTestsFromGit web-access-control-tests patchAppendNewDocument
 teardown
 
 # To debug, e.g. running web-access-control-tests jest interactively,

test/utils.js

@@ -55,7 +55,7 @@ exports.checkDnsSettings = function () {
   return Promise.all(TEST_HOSTS.map(hostname => {
     return new Promise((resolve, reject) => {
       dns.lookup(hostname, (error, ip) => {
-        if (error || ip !== '127.0.0.1') {
+        if (error || (ip !== '127.0.0.1' && ip !== '::1')) {
           reject(error)
         } else {
           resolve(true)