JCL-361: Make it easier to modify Access Control resources

acoburn · acoburn · commit 70293ca106e8 · 2023-05-31T07:46:40.000-04:00
diff --git a/access-grant/pom.xml b/access-grant/pom.xml
@@ -24,6 +24,11 @@
       <artifactId>inrupt-client-api</artifactId>
       <version>${project.version}</version>
     </dependency>
+    <dependency>
+      <groupId>com.inrupt.client</groupId>
+      <artifactId>inrupt-client-vocabulary</artifactId>
+      <version>${project.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantUtils.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantUtils.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2023 Inrupt Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
+ * Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+package com.inrupt.client.accessgrant;
+
+import com.inrupt.client.spi.RDFFactory;
+import com.inrupt.client.util.URIBuilder;
+import com.inrupt.client.vocabulary.ACP;
+
+import java.net.URI;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+
+import org.apache.commons.rdf.api.IRI;
+import org.apache.commons.rdf.api.RDF;
+import org.apache.commons.rdf.api.Triple;
+
+/**
+ * Utility methods for use with the Access Grant module.
+ **/
+public final class AccessGrantUtils {
+
+    private static final RDF rdf = RDFFactory.getInstance();
+    private static final IRI SOLID_ACCESS_GRANT = rdf.createIRI("http://www.w3.org/ns/solid/vc#SolidAccessGrant");
+
+    private static IRI asIRI(final URI uri) {
+        return rdf.createIRI(uri.toString());
+    }
+
+    public static Set<Triple> accessControlPolicyTriples(final URI acl, final URI... modes) {
+        final Set<Triple> triples = new HashSet<>();
+
+        // Matcher
+        final IRI matcher = asIRI(URIBuilder.newBuilder(acl).fragment(UUID.randomUUID().toString()).build());
+        triples.add(rdf.createTriple(matcher, asIRI(ACP.vc), SOLID_ACCESS_GRANT));
+
+        // Policy
+        final IRI policy = asIRI(URIBuilder.newBuilder(acl).fragment(UUID.randomUUID().toString()).build());
+        triples.add(rdf.createTriple(policy, asIRI(ACP.allOf), matcher));
+        for (final URI mode : modes ) {
+            triples.add(rdf.createTriple(policy, asIRI(ACP.allow), asIRI(mode)));
+        }
+
+        // Access Control
+        final IRI accessControl = asIRI(URIBuilder.newBuilder(acl).fragment(UUID.randomUUID().toString()).build());
+        triples.add(rdf.createTriple(accessControl, asIRI(ACP.apply), policy));
+
+        triples.add(rdf.createTriple(asIRI(acl), asIRI(ACP.accessControl), accessControl));
+        triples.add(rdf.createTriple(asIRI(acl), asIRI(ACP.memberAccessControl), accessControl));
+        return triples;
+    }
+
+    private AccessGrantUtils() {
+        // Prevent instantiation
+    }
+}
diff --git a/integration/base/src/main/java/com/inrupt/client/integration/base/AccessGrantScenarios.java b/integration/base/src/main/java/com/inrupt/client/integration/base/AccessGrantScenarios.java
@@ -25,12 +25,12 @@
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
-import com.inrupt.client.Headers;
 import com.inrupt.client.Request;
 import com.inrupt.client.Response;
 import com.inrupt.client.accessgrant.AccessGrant;
 import com.inrupt.client.accessgrant.AccessGrantClient;
 import com.inrupt.client.accessgrant.AccessGrantSession;
+import com.inrupt.client.accessgrant.AccessGrantUtils;
 import com.inrupt.client.accessgrant.AccessRequest;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.Session;
@@ -40,7 +40,6 @@
 import com.inrupt.client.spi.RDFFactory;
 import com.inrupt.client.util.URIBuilder;
 import com.inrupt.client.vocabulary.ACL;
-import com.inrupt.client.vocabulary.ACP;
 import com.inrupt.client.webid.WebIdProfile;
 
 import java.io.ByteArrayInputStream;
@@ -620,60 +619,15 @@ void accessGrantCreateNonRdfTest(final Session session) throws IOException {
 
     private static void prepareACPofResource(final SolidSyncClient authClient, final URI resourceURI) {
 
-        final IRI acpAllOf = rdf.createIRI(ACP.allOf.toString());
-        final IRI acpVc = rdf.createIRI(ACP.vc.toString());
-        final IRI acpAllow = rdf.createIRI(ACP.allow.toString());
-        final IRI acpApply = rdf.createIRI(ACP.apply.toString());
-        final IRI acpAccessControl = rdf.createIRI(ACP.accessControl.toString());
-        final IRI aclRead = rdf.createIRI(ACL.Read.toString());
-        final IRI aclWrite = rdf.createIRI(ACL.Write.toString());
-
         // find the acl Link in the header of the resource
-        final Request req = Request.newBuilder(resourceURI)
-                .HEAD()
-                .build();
-        final Response<Void> res = authClient.send(req, Response.BodyHandlers.discarding());
-        final Headers.Link acrLink = res.headers().allValues("Link").stream()
-            .flatMap(l -> Headers.Link.parse(l).stream())
-            .filter(link -> link.getParameter("rel").contains("acl"))
-            .findAny()
-            .orElse(null);
-
-        // add the triples needed for access grant
-        if (acrLink != null) {
-            final URI resourceACRurl = acrLink.getUri();
-            final IRI resourceACRiri = rdf.createIRI(resourceACRurl.toString());
-
-            //read the existing triples and add them to the dataset
-            try (final SolidRDFSource resource = authClient.read(resourceACRurl, SolidRDFSource.class)) {
-
-                //creating a new matcher
-                final URI newMatcherURI = URIBuilder.newBuilder(resourceACRurl).fragment("newMatcher").build();
-                final IRI newMatcher = rdf.createIRI(newMatcherURI.toString());
-                final IRI solidAccessGrant = rdf.createIRI("http://www.w3.org/ns/solid/vc#SolidAccessGrant");
-
-                resource.add(rdf.createQuad(resourceACRiri, newMatcher, acpVc, solidAccessGrant));
-
-                //create a new policy
-                final URI newPolicyURI = URIBuilder.newBuilder(resourceACRurl).fragment("newPolicy").build();
-                final IRI newPolicy = rdf.createIRI(newPolicyURI.toString());
-
-                resource.add(rdf.createQuad(resourceACRiri, newPolicy, acpAllOf, newMatcher));
-                resource.add(rdf.createQuad(resourceACRiri, newPolicy, acpAllow, aclRead));
-                resource.add(rdf.createQuad(resourceACRiri, newPolicy, acpAllow, aclWrite));
-
-                //creating a new access control
-                final URI newAccessControlURI =
-                    URIBuilder.newBuilder(resourceACRurl).fragment("newAccessControl").build();
-                final IRI newAccessControl = rdf.createIRI(newAccessControlURI.toString());
-
-                resource.add(rdf.createQuad(resourceACRiri, newAccessControl, acpApply, newPolicy));
-
-                //adding the new access control to the ACP
-                resource.add(rdf.createQuad(resourceACRiri, resourceACRiri, acpAccessControl, newAccessControl));
-
-                authClient.update(resource);
-            }
+        try (final SolidRDFSource resource = authClient.read(resourceURI, SolidRDFSource.class)) {
+            resource.getMetadata().getAcl().ifPresent(acl -> {
+                try (final SolidRDFSource acr = authClient.read(acl, SolidRDFSource.class)) {
+                    AccessGrantUtils.accessControlPolicyTriples(acl, ACL.Read, ACL.Write)
+                        .forEach(acr.getGraph()::add);
+                    authClient.update(acr);
+                }
+            });
         }
     }
 
