PATCH/PUT Append to create a new resource #56
Conversation
test/surface/create.test.ts
Outdated
| @@ -350,7 +350,7 @@ describe('Create', () => { | |||
| "<#patch> a solid:InsertDeletePatch;\n" + | |||
| " solid:inserts { <#hello> <#linked> <#world> .}.\n", | |||
| }); | |||
| expect(result.status).toEqual(403); | |||
| expect(result.status).toEqual(200); | |||
There was a problem hiding this comment.
Other OK responses should be allowed too.
test/surface/create.test.ts
Outdated
| @@ -589,10 +589,10 @@ describe('Create', () => { | |||
| "<#patch> a solid:InsertDeletePatch;\n" + | |||
| " solid:inserts { <#hello> <#linked> <#world> .}.\n", | |||
| }); | |||
| expect(result.status).toEqual(403); | |||
| expect(result.status).toEqual(200); | |||
There was a problem hiding this comment.
Not sure if I agree. This test is about required permissions on c/, right?
| @@ -313,7 +313,7 @@ describe('Create', () => { | |||
| testAllowed('Write', 'Write'); | |||
| testAllowed('Append', 'Write'); | |||
|
|
|||
| it(`is disallowed without Write on c/r`, async () => { | |||
| it(`is allowed with Append on c/r`, async () => { | |||
There was a problem hiding this comment.
The name to the test artifact below should be changed to match the test purpose to avoid future confusion:
const testing = `disallowed-default`;
There was a problem hiding this comment.
OK I commit my changes to testing
| @@ -627,7 +627,7 @@ describe('Create', () => { | |||
| "<#patch> a solid:InsertDeletePatch;\n" + | |||
| " solid:inserts { <#hello> <#linked> <#world> .}.\n", | |||
| }); | |||
| expect(result.status).toEqual(403); | |||
| expect(result.status).toEqual(200); | |||
There was a problem hiding this comment.
Not sure if I agree. This test is about required permissions on c/, right?
There was a problem hiding this comment.
@michielbdejong I should have added this link as a clarification on WAC Append solid/web-access-control-spec#122
|
What does "NSS has moved to approve" mean? "PATCH Append is enough on non existing files" -- That alone is not correct. What's intended by the spec is: Create requires Append (or Write) on C/ and Write on C/R. Is the PR here based on NSS's opinion/preference of how a behaviour should be and therefore the tests? Why should NSS's approach/change change the tests here? Are these tests only intended for NSS? How are other implementations behaving? What is the current interpretation of the spec by NSS and tests, and what is the proposed change here? |
It is the reverse. NSS follows the tests.
Write on c/r. Well it depends on PATCH action :
|
|
Title of the issue is "PATCH Append on new file". Should that be changed? I just want to be clear on what's intended to change in this PR exactly. Can indicate one or more of the following that's being done in this PR:
And for each selected, can you please indicate what is exactly being corrected/changed in this PR? That would help me understand 1) what's interpreted of the spec is correct, and 2) verify/review the tests. |
|
Ah yes, I agree with @csarven the phrase "Append on new file" is confusing - maybe you mean "PATCH to create" or "Append to an empty file"? |
This updates the text to match what we decided in solid#105 (comment). At the time we decided not to update the spec text, but now that the spec text is more detailed, the current statement is not correctly conveying that access to both the containing folder and the non-existing resource URL is required. See the confusion that was created by this in solid-contrib/web-access-control-tests#56 which was an (I think incorrect) reaction to solid#122.
|
Agree with @csarven that "create requires Append (or Write) on C/ and Write on C/R" (as long as we're talking about PUT and PATCH; POST is of course a separate story). I created a PR to attempt to further clarify the spec text: solid/web-access-control-spec#128 AFAIK, what I wrote in that PR is a) what we want and b) what the current tests test for, but happy to be corrected on either or both. |
The purpose of this PR is only updating tests related to creating a new resource with PATCH with inserts only. |
PR title changed |
|
|
I'm not too familiar reading the syntax that's in this PR or these .ts files, so I'll use plain language with an example re:
Given:
If Agent has Write or Append on And on a related Note ( https://solid.github.io/web-access-control-spec/#container-permissions ):
|
) * Further clarify requirements for PUT-to-create and PATCH-to-create This updates the text to match what we decided in #105 (comment). At the time we decided not to update the spec text, but now that the spec text is more detailed, the current statement is not correctly conveying that access to both the containing folder and the non-existing resource URL is required. See the confusion that was created by this in solid-contrib/web-access-control-tests#56 which was an (I think incorrect) reaction to #122. * Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr <[email protected]> --------- Co-authored-by: Sarven Capadisli <[email protected]> Co-authored-by: Ted Thibodeau Jr <[email protected]>
There was a problem hiding this comment.
I haven't got my head around what the final state of the discussion is for these tests and clarifications in the spec. If the spec hasn't changed, then is the implication that these tests were incorrect, yet passing on both NSS and CSS? That confuses me as the spec-tests showed CSS passing but NSS having some failures in this area
test/surface/create.test.ts
Outdated
| @@ -350,7 +350,7 @@ describe('Create', () => { | |||
| "<#patch> a solid:InsertDeletePatch;\n" + | |||
| " solid:inserts { <#hello> <#linked> <#world> .}.\n", | |||
| }); | |||
| expect(result.status).toEqual(403); | |||
| expect(result.status).toEqual(200); | |||
There was a problem hiding this comment.
Other OK responses should be allowed too.
| @@ -313,7 +313,7 @@ describe('Create', () => { | |||
| testAllowed('Write', 'Write'); | |||
| testAllowed('Append', 'Write'); | |||
|
|
|||
| it(`is disallowed without Write on c/r`, async () => { | |||
| it(`is allowed with Append on c/r`, async () => { | |||
There was a problem hiding this comment.
The name to the test artifact below should be changed to match the test purpose to avoid future confusion:
const testing = `disallowed-default`;
bourgeoa
changed the title
bourgeoa
changed the title
I agree that NSS was failing in this area and CSS is correct. I tested this manually on CSS test-servers. |
Shall I change all of them to I have modified the NSS CI to be able to use a test branch, and also added some tests in NSS Could you review |
|
If new resources are being created and no response body is being sent, the status code needs to be 201. See nodeSolidServer/node-solid-server#1786 |
When a new resource is created as a result of PATCH, allow 201 as a valid status code.
Allow server to send 201 on PATCH create
NSS has moved to approve that PATCH Append is enough on non existing files
see #55 and nodeSolidServer/node-solid-server#1745
See solid/web-access-control-spec#122