solid-pod-rs 0.4.0-alpha.4

Rust-native Solid Pod server library — LDP, WAC, WebID, Solid-OIDC, Solid Notifications, NIP-98. Framework-agnostic.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

//! WAC smoke tests.

use solid_pod_rs::wac::{evaluate_access, AccessMode, AclDocument};

fn doc_from(json: &str) -> AclDocument {
    serde_json::from_str(json).expect("parse ACL JSON-LD")
}

#[test]
fn specific_agent_read_grants_that_agent() {
    let doc = doc_from(
        r##"{
            "@context": {"acl": "http://www.w3.org/ns/auth/acl#"},
            "@graph": [{
                "@id": "#alice",
                "acl:agent": {"@id": "did:nostr:alice"},
                "acl:accessTo": {"@id": "/private/note"},
                "acl:mode": {"@id": "acl:Read"}
            }]
        }"##,
    );
    assert!(evaluate_access(
        Some(&doc),
        Some("did:nostr:alice"),
        "/private/note",
        AccessMode::Read,
        None,));
}

#[test]
fn agent_without_grant_is_denied() {
    let doc = doc_from(
        r#"{
            "@graph": [{
                "acl:agent": {"@id": "did:nostr:alice"},
                "acl:accessTo": {"@id": "/private/note"},
                "acl:mode": {"@id": "acl:Read"}
            }]
        }"#,
    );
    assert!(!evaluate_access(
        Some(&doc),
        Some("did:nostr:mallory"),
        "/private/note",
        AccessMode::Read,
        None,));
}

#[test]
fn public_foaf_agent_read_allows_anonymous() {
    let doc = doc_from(
        r#"{
            "@graph": [{
                "acl:agentClass": {"@id": "foaf:Agent"},
                "acl:accessTo": {"@id": "/public/index"},
                "acl:mode": {"@id": "acl:Read"}
            }]
        }"#,
    );
    assert!(evaluate_access(
        Some(&doc),
        None,
        "/public/index",
        AccessMode::Read,
        None,));
}

#[test]
fn container_default_inherits_to_children() {
    let doc = doc_from(
        r#"{
            "@graph": [{
                "acl:agentClass": {"@id": "foaf:Agent"},
                "acl:default": {"@id": "/public"},
                "acl:mode": {"@id": "acl:Read"}
            }]
        }"#,
    );
    assert!(evaluate_access(
        Some(&doc),
        None,
        "/public/file.txt",
        AccessMode::Read,
        None,));
    assert!(evaluate_access(
        Some(&doc),
        None,
        "/public/nested/deep.txt",
        AccessMode::Read,
        None,));
}

#[test]
fn write_implies_append() {
    let doc = doc_from(
        r#"{
            "@graph": [{
                "acl:agent": {"@id": "did:nostr:owner"},
                "acl:accessTo": {"@id": "/inbox/"},
                "acl:mode": {"@id": "acl:Write"}
            }]
        }"#,
    );
    assert!(evaluate_access(
        Some(&doc),
        Some("did:nostr:owner"),
        "/inbox/",
        AccessMode::Append,
        None,));
}

#[test]
fn no_acl_denies_by_default() {
    assert!(!evaluate_access(None, None, "/whatever", AccessMode::Read, None));
    assert!(!evaluate_access(
        None,
        Some("did:nostr:anyone"),
        "/whatever",
        AccessMode::Write,
        None,));
}