Create subjectId without base url

[Otto-AA]

Previously the subjectId in AclDoc was created using this.accessTo + '#solid-acl-parser-rule-', now it uses '#DefaultRead-'. This makes it automatically relative to the file in which it is stored and more readable.

The check that no similar rule exists was enhanced (If pod.example.org/foo.acl#solid-acl-parser-rule-0 exists it won't create #solid-acl-parser-rule-0 as this could resolve to the same subjectId. Instead it will use #solid-acl-parser-rule-1)

If possible it will use relative paths instead of absolute urls for accessTo, webIds, groups and defaults.

Fixes #2
Fixes #4
Fixes #5

[bourgeoa]

Here is what I get after using solid-acl-utils subjectid branch with your last commits.
I added the information in 3 different pass adding only one webId at each time.

@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

<#ReadWrite-0> a acl:Authorization;
    acl:agent <https://example.solid.community/profile/card#me>;
    acl:accessTo <./text4.txt>;
    acl:mode acl:Read, acl:Write.
<#ReadWriteAppend-0> a acl:Authorization;
    acl:agent <https://bourgeoa.solid.community/profile/card#me>;
    acl:accessTo <./text4.txt>;
    acl:mode acl:Read, acl:Write, acl:Append.
<#ReadWrite-1> a acl:Authorization;
    acl:agent <https://alain.bourgeoa.ga/profile/card#me>;
    acl:accessTo <./text4.txt>;
    acl:mode acl:Read, acl:Write.
<https://bourgeoa.bourgeoa.ga/public/solid-plume/test/ControlReadWriteDefault> acl:accessTo <https://bourgeoa.bourgeoa.ga/public/solid-plume/test/text4.txt>;
    acl:agent <https://bourgeoa.bourgeoa.ga/profile/card#me>;
    acl:agentClass foaf:Agent;
    acl:mode acl:Control, acl:Read, acl:Write.

• It displays correctly in mashlib and I access to the file.
• It makes absolute the original existing rules and do not convert them back to relative.
  Your created rules are and stay relatives when reused, as far as I can see
• The rules are not merged. Is there any reason to keep indexing numbers ?
  For me the rule name build should be unique at the acl file level - this implies to rebuild them each time, and not to keep the ones read - this makes merging possible.

Comments are the same for a folder .acl

[Otto-AA]

It makes absolute the original existing rules and do not convert them back to relative.

I don't know how to reproduce your second comment, for me the path stays relative. I've tried to parse the turtle, add a rule to the doc and parse it back 3 times like this:

npm run build # Make sure that I'm working with the updated version

const SolidAclParser = require('./dist/node/solid-acl-parser.bundle')
const { AclParser, Permissions } = SolidAclParser
const { READ, WRITE, APPEND, CONTROL } = Permissions

const fileUrl = 'https://otman.solid.community/private/'
const aclUrl = `${fileUrl}.acl`

const turtle = `
@prefix : <#>.
@prefix n0: <http://www.w3.org/ns/auth/acl#>.
@prefix priv: <./>.
@prefix c: </profile/card#>.

:ControlReadWrite
    a n0:Authorization;
    n0:accessTo priv:;
    n0:agent c:me;
    n0:default priv:;
    n0:mode n0:Control, n0:Read, n0:Write.`

const parser = new AclParser({ fileUrl, aclUrl })
let doc, output

const main = async () => {
    doc = await parser.turtleToAclDoc(turtle)
    doc.addRule([READ, WRITE], 'https://first.web.id/#me')
    output = await parser.aclDocToTurtle(doc)

    doc = await parser.turtleToAclDoc(output)
    doc.addRule([READ, WRITE, APPEND], 'https://second.web.id/#me')
    output = await parser.aclDocToTurtle(doc)

    doc = await parser.turtleToAclDoc(output)
    doc.addRule([READ, WRITE], 'https://third.web.id/#me')
    output = await parser.aclDocToTurtle(doc)
    console.log(output)
}

main()

Which outputs

@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

<#ControlReadWrite> a acl:Authorization;
    acl:agent </profile/card#me>;
    acl:accessTo <./>;
    acl:default <./>;
    acl:mode acl:Control, acl:Read, acl:Write.
<#ReadWrite-0> a acl:Authorization;
    acl:agent <https://first.web.id/#me>;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write.
<#ReadWriteAppend-0> a acl:Authorization;
    acl:agent <https://second.web.id/#me>;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write, acl:Append.
<#ReadWrite-1> a acl:Authorization;
    acl:agent <https://third.web.id/#me>;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write.

What other things would be necessary to get your results?

[Otto-AA]

The rules are not merged. Is there any reason to keep indexing numbers ?
For me the rule name build should be unique at the acl file level - this implies to rebuild them each time, and not to keep the ones read - this makes merging possible.

Two reasons why it currently is not implemeted:

1. Merging is a bit tricky. There are different ways this could be done and I haven't decided on one yet. And making a mistake here could have really bad results. Not merging seems much safer.
2. If people specified a subjectId they likely want to use it again later on. So manually specified subjectIds shouldn't be merged imo. This means that we need a clear distinction between manually chosen names and automatically chosen names.

In the future, it will try to merge rules which have an index at the end in the AclDoc.minimizeRules method. Currently it only deletes those without an effect.

[bourgeoa]

Two reasons why it currently is not implemeted:

1. Merging is a bit tricky. There are different ways this could be done and I haven't decided on one yet. And making a mistake here could have really bad results. Not merging seems much safer.

2. If people specified a subjectId they likely want to use it again later on. So manually specified subjectIds shouldn't be merged imo. This means that we need a clear distinction between manually chosen names and automatically chosen names.

You cannot expect point2 to be respected because Solid databrowser do not respect it. It rebuilds automatically the rules and merge them.

What other things would be necessary to get your results?

for the above and to check results I propose you to follow my steps :

• with Solid databrowser create an acl for a file
• use https://www.bourgeoa.ga/solid-acl-utils/examples/share/ to edit a file with an existing acl
• and access to the file.acl with Solid databrowser example https://bourgeoa.bourgeoa.ga/public/solid-plume/test/text4.txt.acl
• or you can use https://www.bourgeoa.ga/solid-ide-test-v1
  in options select the new option display links yes validate and reload (it is not automatic)
  .meta and acl files will be listed and displayable

If you don't want to risk breaking things in a real pod create a test pod at https://bourgeoa.ga with ottoaa as user (you cannot choose an other one). It is on docker and I have access to the files to unbreak or you can delete/create the pod if you gave an email address at creation

[Otto-AA]

I'm still missing something you did. Here are the steps I've tried. Could you take a look and say what I should do differently?

1. Create public.txt in mashlib
2. Write "Hello world" inside it with mashlib
3. Click on sharing -> Set specific sharing for this file
4. Make https://otman.inrupt.net/profile/card#me as a 2nd owner via mashlib

Current turtle

@prefix : <#>.
@prefix n0: <http://www.w3.org/ns/auth/acl#>.
@prefix c: <https://otman.inrupt.net/profile/card#>.
@prefix c0: </profile/card#>.
@prefix n1: <http://xmlns.com/foaf/0.1/>.

:ControlReadWrite
    a n0:Authorization;
    n0:accessTo <public.txt>;
    n0:agent c:me, c0:me;
    n0:mode n0:Control, n0:Read, n0:Write.
:Read
    a n0:Authorization;
    n0:accessTo <public.txt>;
    n0:agentClass n1:Agent;
    n0:mode n0:Read.

5. Open https://www.bourgeoa.ga/solid-acl-utils/examples/share/ (and give the apps access)
6. Give everyone Write access to https://ottoaa.bourgeoa.ga/public/public.txt via Solid Share

Final turtle

@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

<#ControlReadWrite> a acl:Authorization;
    acl:agent <https://otman.inrupt.net/profile/card#me>, </profile/card#me>;
    acl:accessTo <./public.txt>;
    acl:mode acl:Control, acl:Read, acl:Write.
<#Read> a acl:Authorization;
    acl:agentClass foaf:Agent;
    acl:accessTo <./public.txt>;
    acl:mode acl:Read.
<#Write-0> a acl:Authorization;
    acl:agentClass foaf:Agent;
    acl:accessTo <./public.txt>;
    acl:mode acl:Write.

[Otto-AA]

You cannot expect point2 to be respected because Solid do not respect it. It rebuilds automatically the rules and merge them.

I will take a look if the spec says something about it. But changing the subjectId is altering the meaning of the turtle, so I'm (currently) not on the same page with their decision. I will probably create an issue at mashlib/wac-spec asking for their thoughts on this.

[bourgeoa]

. I can reproduce your steps with the same results as you.
. I reproduced my steps with my own results.

The only difference is you added everybody and I added a webid

[bourgeoa]

I will take a look if the spec says something about it. But changing the subjectId is altering the meaning of the turtle, so I'm (currently) not on the same page with their decision. I will probably create an issue at mashlib/wac-spec asking for their thoughts on this.

I think that subject in not used in acl check, but only predicate and object. So the rational for turtle was human display by group of people with same permissions in decreasing order. This is a way to avoid duplicates.

I seem to have seen something in the code https://github.com/solid/solid-ui/blob/master/src/acl-control.js

[Otto-AA]

I was able to reproduce it for folders. The reason is that solid-ui doesn't always add a acl:Authorization statement which I use to identify authorizations. It's an inconsistency of them, so I've created an issue there (https://github.com/solid/solid-ui/issues/172). I am not sure if this acl:Authorization statement is necessary, so I've also asked for clarification in the wac-spec (solid/web-access-control-spec#78).

[Otto-AA]

I will merge it despite the acl:Authorization trouble, as this is a different issue and is not directly related to this PR.

[bourgeoa]

@Otto-AA
Very nice.
Everything OK , but only some cosmetic on this example for a folder case where subjectid do not have #

@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

<#ReadWrite-0> a acl:Authorization;
    acl:agent <https://exemple.solid.community/profile/card#me>;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write.
<https://bourgeoa.bourgeoa.ga/public/solid-plume/test/ControlReadWriteDefault> a acl:Authorization;
    acl:agent </profile/card#me>;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:default <./>;
    acl:mode acl:Control, acl:Read, acl:Write.
<#ReadWrite-1> a acl:Authorization;
    acl:agent <https://alain.bourgeoa.ga/profile/card#me>;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write.

[Otto-AA]

Do you know what the turtle looked like before the hashtag got missing? It's hard to debug with only the final result (I've tried, but couldn't reproduce it). If I know what turtle was parsed, what rules you've added, and what the outcome is it is much easier to reproduce and debug.

So if you made it online, can you take a look at the GET requests and send me the last one where it looks ok and what aclDoc modifications you've made? Ideally something like following, but not necessary:

My attempt to reproduce it

const SolidAclParser = require('./dist/node/solid-acl-parser.bundle')
const { AclParser, Permissions, Agents } = SolidAclParser
const { READ, WRITE, APPEND, CONTROL } = Permissions

const fileUrl = 'https://ottoaa.bourgeoa.ga/private/test/'
const aclUrl = `${fileUrl}.acl`
const turtle = `
@prefix : <#>.
@prefix n0: <http://www.w3.org/ns/auth/acl#>.
@prefix test: <./>.
@prefix c: </profile/card#>.

:owner
    n0:accessTo test:;
    n0:agent c:me;
    n0:default test:;
    n0:mode n0:Control, n0:Read, n0:Write.`


const main = async () => {
    const parser = new AclParser({ aclUrl, fileUrl })
    const doc = await parser.turtleToAclDoc(turtle)

    const agents = new Agents()
    agents.addWebId('https://example.solid.community/profile/card#me')
    agents.addPublic()
    doc.addRule([READ, WRITE], agents)

    doc.addRule([READ, WRITE], 'https://alain.bourgeoa.ga/profile/card#me')
    console.log(await parser.aclDocToTurtle(doc))
}

main()

Outputs

@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

<#owner> a acl:Authorization;
    acl:agent </profile/card#me>;
    acl:accessTo <./>;
    acl:default <./>;
    acl:mode acl:Control, acl:Read, acl:Write.
<#ReadWrite-0> a acl:Authorization;
    acl:agent <https://example.solid.community/profile/card#me>;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write.
<#ReadWrite-1> a acl:Authorization;
    acl:agent <https://alain.bourgeoa.ga/profile/card#me>;
    acl:accessTo <./>;
    acl:mode acl:Read, acl:Write.