Description
Environment
CSS v4.0.1, node v12.19.1, npm v6.14.8
Description
Save this as acl.ttl which gives any agent read-only access to the server root, and read-write access to any contained resources:
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<#access-to-read> a acl:Authorization;
acl:agentClass foaf:Agent;
acl:accessTo <http://localhost:3000/>;
acl:mode acl:Read.
<#default-read-write> a acl:Authorization;
acl:agentClass foaf:Agent;
acl:default <http://localhost:3000/>;
acl:mode acl:Read, acl:Write.
And upload it to a newly started CSS v4.0.1 instance using:
curl -v -X PUT -H 'Content-Type: text/turtle' -T acl.ttl http://localhost:3000/.acl
Now try these commands:
curl -v -X PUT -H 'Content-Type: text/plain' -d hello http://localhost:3000/test.txt
curl -v -X PUT -H 'Content-Type: text/plain' -d hello http://localhost:3000/nested/test.txt
The first will give a 401, the second a 201. And indeed, if you then run curl http://localhost:3000/ you will see that although the creation of /test.txt was blocked correctly, the creation of a /nested folder in the pod root was not prevented:
@prefix dc: <http://purl.org/dc/terms/>.
@prefix ldp: <http://www.w3.org/ns/ldp#>.
@prefix posix: <http://www.w3.org/ns/posix/stat#>.
@prefix xsd: <http://www.w3.org/2001/XMLSchema#>.
<> a <http://www.w3.org/ns/pim/space#Storage>, ldp:Container, ldp:BasicContainer, ldp:Resource;
dc:modified "2022-06-13T13:51:47.000Z"^^xsd:dateTime;
<http://www.w3.org/ns/auth/acl#accessControl> <.acl>;
ldp:contains <index.html>, <nested/>.
However, the spec says that creating that nested/ folder should have require Write or Append on /. Is WAC not enforced for the "mkdir -p" behaviour of creating nested folders?