Merge pull request #1728 from nodeSolidServer/multipleOwners

isOwner there may be multiple owners

lib/handlers/allow.js

@@ -72,9 +72,10 @@ function allow (mode) {
       }
     }
 
-    // check user is owner. Find owner from /.meta
-    if (resourceUrl.endsWith('.acl') && userId === await ldp.getOwner(req.hostname)) return next()
-
+    // check if user is owner. Check isOwner from /.meta
+    try {
+      if (resourceUrl.endsWith('.acl') && (await ldp.isOwner(userId, req.hostname))) return next()
+    } catch (err) {}
     const error = req.authError || await req.acl.getError(userId, mode)
     debug(`${mode} access denied to ${userId || '(none)'}: ${error.status} - ${error.message}`)
     next(error)

lib/handlers/patch.js

@@ -162,7 +162,7 @@ async function checkPermission (request, patchObject, resourceExists) {
   if (!allAllowed) {
     // check owner with Control
     const ldp = request.app.locals.ldp
-    if (request.path.endsWith('.acl') && userId === await ldp.getOwner(request.hostname)) return Promise.resolve(patchObject)
+    if (request.path.endsWith('.acl') && await ldp.isOwner(userId, request.hostname)) return Promise.resolve(patchObject)
 
     const errors = await Promise.all(modes.map(mode => acl.getError(userId, mode)))
     const error = errors.filter(error => !!error)

lib/header.js

@@ -128,7 +128,7 @@ async function addPermissions (req, res, next) {
     getPermissionsFor(acl, null, req),
     getPermissionsFor(acl, session.userId, req)
   ])
-  if (resource.endsWith('.acl') && userPerms === '' && session.userId === await ldp.getOwner(req.hostname)) userPerms = 'control'
+  if (resource.endsWith('.acl') && userPerms === '' && await ldp.isOwner(session.userId, req.hostname)) userPerms = 'control'
   debug.ACL(`Permissions on ${resource} for ${session.userId || '(none)'}: ${userPerms}`)
   debug.ACL(`Permissions on ${resource} for public: ${publicPerms}`)
   res.set('WAC-Allow', `user="${userPerms}",public="${publicPerms}"`)

lib/ldp.js

@@ -454,16 +454,16 @@ class LDP {
   // this is a hack to replace solid:owner, using solid:account in /.meta to avoid NSS migration
   // this /.meta has no functionality in actual NSS
   // comment https://github.com/solid/node-solid-server/pull/1604#discussion_r652903546
-  async getOwner (hostname) {
+  async isOwner (webId, hostname) {
     // const ldp = req.app.locals.ldp
     const rootUrl = this.resourceMapper.resolveUrl(hostname)
     let graph
     try {
       // TODO check for permission ?? Owner is a MUST
       graph = await this.getGraph(rootUrl + '/.meta')
       const SOLID = $rdf.Namespace('http://www.w3.org/ns/solid/terms#')
-      const owner = await graph.any(null, SOLID('account'), $rdf.sym(rootUrl + '/'))
-      return owner.uri
+      const owner = await graph.statementsMatching($rdf.sym(webId), SOLID('account'), $rdf.sym(rootUrl + '/'))
+      return owner.length
     } catch (error) {
       throw new Error(`Failed to get owner from ${rootUrl}/.meta, got ` + error)
     }

test/integration/ldp-test.js

@@ -89,12 +89,19 @@ describe('LDP', function () {
     })
   })
 
-  describe('getOwner', () => {
-    it('should return acl:owner', () => {
-      const owner1 = 'https://tim.localhost:7777/profile/card#me'
-      return ldp.getOwner('/resources/')
-        .then(owner => {
-          assert.equal(owner, owner1)
+  describe('isOwner', () => {
+    it('should return acl:owner true', () => {
+      const owner = 'https://tim.localhost:7777/profile/card#me'
+      return ldp.isOwner(owner, '/resources/')
+        .then(isOwner => {
+          assert.equal(isOwner, true)
+        })
+    })
+    it('should return acl:owner false', () => {
+      const owner = 'https://tim.localhost:7777/profile/card'
+      return ldp.isOwner(owner, '/resources/')
+        .then(isOwner => {
+          assert.equal(isOwner, false)
         })
     })
   })