Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PATCH/PUT Append to create a new resource #56

Open
wants to merge 10 commits into
base: main
Choose a base branch
from

Conversation

bourgeoa
Copy link
Member

@bourgeoa bourgeoa commented Nov 30, 2023

NSS has moved to approve that PATCH Append is enough on non existing files
see #55 and nodeSolidServer/node-solid-server#1745

See solid/web-access-control-spec#122

@bourgeoa bourgeoa linked an issue Nov 30, 2023 that may be closed by this pull request
@@ -350,7 +350,7 @@ describe('Create', () => {
"<#patch> a solid:InsertDeletePatch;\n" +
" solid:inserts { <#hello> <#linked> <#world> .}.\n",
});
expect(result.status).toEqual(403);
expect(result.status).toEqual(200);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other OK responses should be allowed too.

@@ -589,10 +589,10 @@ describe('Create', () => {
"<#patch> a solid:InsertDeletePatch;\n" +
" solid:inserts { <#hello> <#linked> <#world> .}.\n",
});
expect(result.status).toEqual(403);
expect(result.status).toEqual(200);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if I agree. This test is about required permissions on c/, right?

@@ -313,7 +313,7 @@ describe('Create', () => {
testAllowed('Write', 'Write');
testAllowed('Append', 'Write');

it(`is disallowed without Write on c/r`, async () => {
it(`is allowed with Append on c/r`, async () => {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree

Copy link
Contributor

@edwardsph edwardsph Dec 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name to the test artifact below should be changed to match the test purpose to avoid future confusion:

const testing = `disallowed-default`;

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK I commit my changes to testing

@@ -627,7 +627,7 @@ describe('Create', () => {
"<#patch> a solid:InsertDeletePatch;\n" +
" solid:inserts { <#hello> <#linked> <#world> .}.\n",
});
expect(result.status).toEqual(403);
expect(result.status).toEqual(200);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if I agree. This test is about required permissions on c/, right?

Copy link
Member Author

@bourgeoa bourgeoa Dec 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michielbdejong I should have added this link as a clarification on WAC Append solid/web-access-control-spec#122

@csarven
Copy link
Contributor

csarven commented Dec 4, 2023

What does "NSS has moved to approve" mean?

"PATCH Append is enough on non existing files" -- That alone is not correct. What's intended by the spec is:

Create requires Append (or Write) on C/ and Write on C/R.

Is the PR here based on NSS's opinion/preference of how a behaviour should be and therefore the tests? Why should NSS's approach/change change the tests here? Are these tests only intended for NSS? How are other implementations behaving?

What is the current interpretation of the spec by NSS and tests, and what is the proposed change here?

@bourgeoa
Copy link
Member Author

bourgeoa commented Dec 4, 2023

Is the PR here based on NSS's opinion/preference of how a behaviour should be and therefore the tests? Why should NSS's approach/change change the tests here? Are these tests only intended for NSS? How are other implementations behaving?

It is the reverse. NSS follows the tests.
Tests now should change. They were wrong.
NSS in his CI uses the test-suite.

Create requires Append (or Write) on C/ and Write on C/R

Write on c/r. Well it depends on PATCH action :

  • Append for inserts only
  • Read/write for ?
  • Write for delete

@csarven
Copy link
Contributor

csarven commented Dec 4, 2023

Title of the issue is "PATCH Append on new file". Should that be changed?

I just want to be clear on what's intended to change in this PR exactly. Can indicate one or more of the following that's being done in this PR:

  • Creating a new resource with PATCH (inserts)
  • Adding information to a resource with PATCH (inserts)
  • Deleting information from a resource with PATCH (deletes)

And for each selected, can you please indicate what is exactly being corrected/changed in this PR? That would help me understand 1) what's interpreted of the spec is correct, and 2) verify/review the tests.

@michielbdejong
Copy link
Collaborator

Ah yes, I agree with @csarven the phrase "Append on new file" is confusing - maybe you mean "PATCH to create" or "Append to an empty file"?

michielbdejong added a commit to michielbdejong/web-access-control-spec that referenced this pull request Dec 6, 2023
This updates the text to match what we decided in solid#105 (comment). At the time we decided not to update the spec text, but now that the spec text is more detailed, the current statement is not correctly conveying that access to both the containing folder and the non-existing resource URL is required.

See the confusion that was created by this in solid-contrib/web-access-control-tests#56 which was an (I think incorrect) reaction to solid#122.
@michielbdejong
Copy link
Collaborator

Agree with @csarven that "create requires Append (or Write) on C/ and Write on C/R" (as long as we're talking about PUT and PATCH; POST is of course a separate story).

I created a PR to attempt to further clarify the spec text: solid/web-access-control-spec#128

AFAIK, what I wrote in that PR is a) what we want and b) what the current tests test for, but happy to be corrected on either or both.

@bourgeoa
Copy link
Member Author

bourgeoa commented Dec 6, 2023

[x] Creating a new resource with PATCH (inserts)

The purpose of this PR is only updating tests related to creating a new resource with PATCH with inserts only.

@bourgeoa bourgeoa changed the title PATCH Append on new file PATCH Append to create a new file Dec 11, 2023
@bourgeoa
Copy link
Member Author

Ah yes, I agree with @csarven the phrase "Append on new file" is confusing - maybe you mean "PATCH to create" or "Append to an empty file"?

PR title changed

@bourgeoa
Copy link
Member Author

@michielbdejong

  • shall I replace in the 3 tests concerned the it by itIs("APPEND-CREATE") or any other word you should prefer ?
    and edit the env.js
  • What ranch number do you want to use ?

@csarven
Copy link
Contributor

csarven commented Dec 11, 2023

I'm not too familiar reading the syntax that's in this PR or these .ts files, so I'll use plain language with an example re:

The purpose of this PR is only updating tests related to creating a new resource with PATCH with inserts only.

Given:

PATCH C/R:

If Agent has Write or Append on C/ and Write on C/R, then 2xx (typically 201, and 200 is common too). Otherwise, 403.

And on a related Note ( https://solid.github.io/web-access-control-spec/#container-permissions ):

When a server supports the creation of intermediate containers in the process of creating a resource, the server applies the same requirements for the create operation for each container.

csarven added a commit to solid/web-access-control-spec that referenced this pull request Dec 15, 2023
)

* Further clarify requirements for PUT-to-create and PATCH-to-create

This updates the text to match what we decided in #105 (comment). At the time we decided not to update the spec text, but now that the spec text is more detailed, the current statement is not correctly conveying that access to both the containing folder and the non-existing resource URL is required.

See the confusion that was created by this in solid-contrib/web-access-control-tests#56 which was an (I think incorrect) reaction to #122.

* Apply suggestions from code review

Co-authored-by: Ted Thibodeau Jr <[email protected]>

---------

Co-authored-by: Sarven Capadisli <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Copy link
Contributor

@edwardsph edwardsph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't got my head around what the final state of the discussion is for these tests and clarifications in the spec. If the spec hasn't changed, then is the implication that these tests were incorrect, yet passing on both NSS and CSS? That confuses me as the spec-tests showed CSS passing but NSS having some failures in this area

@@ -350,7 +350,7 @@ describe('Create', () => {
"<#patch> a solid:InsertDeletePatch;\n" +
" solid:inserts { <#hello> <#linked> <#world> .}.\n",
});
expect(result.status).toEqual(403);
expect(result.status).toEqual(200);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other OK responses should be allowed too.

@@ -313,7 +313,7 @@ describe('Create', () => {
testAllowed('Write', 'Write');
testAllowed('Append', 'Write');

it(`is disallowed without Write on c/r`, async () => {
it(`is allowed with Append on c/r`, async () => {
Copy link
Contributor

@edwardsph edwardsph Dec 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name to the test artifact below should be changed to match the test purpose to avoid future confusion:

const testing = `disallowed-default`;

@bourgeoa bourgeoa changed the title PATCH Append to create a new file PATCHPUT Append to create a new resource Dec 19, 2023
@bourgeoa bourgeoa changed the title PATCHPUT Append to create a new resource PATCH/PUT Append to create a new resource Dec 19, 2023
@bourgeoa
Copy link
Member Author

I haven't got my head around what the final state of the discussion is for these tests and clarifications in the spec. If the spec hasn't changed, then is the implication that these tests were incorrect, yet passing on both NSS and CSS? That confuses me as the spec-tests showed CSS passing but NSS having some failures in this area

I agree that NSS was failing in this area and CSS is correct. I tested this manually on CSS test-servers.

@bourgeoa
Copy link
Member Author

bourgeoa commented Dec 19, 2023

@edwardsph @michielbdejong

Other OK responses should be allowed too.

Shall I change all of them to 2xx ?

I have modified the NSS CI to be able to use a test branch, and also added some tests in NSS
This allowed to test these changes on NSS. All tests are passing and CI are OK
I have published a [email protected] with Append PATCH which was a blocker for chat with Append only and message signature on [email protected]

Could you review Append PUT nodeSolidServer/node-solid-server#1746 ?

@CxRes
Copy link

CxRes commented Jun 12, 2024

If new resources are being created and no response body is being sent, the status code needs to be 201. See nodeSolidServer/node-solid-server#1786

When a new resource is created as a result of PATCH, allow 201 as a valid status code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

PATCH/PUT Append for new file
5 participants