fix(wac): Authorization.conforms requires accessTo OR default, not both (#34)#35
Open
jeswr wants to merge 1 commit into
Open
fix(wac): Authorization.conforms requires accessTo OR default, not both (#34)#35jeswr wants to merge 1 commit into
jeswr wants to merge 1 commit into
Conversation
Per the WAC "Authorization Conformance" rules an applicable Authorization must have "at least one acl:accessTo or acl:default property value". The guard used `||`, rejecting valid accessTo-only and default-only Authorizations (the common case). Change to `&&` so it fails only when neither predicate is present. Adds a regression test. Fixes solid#34 Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes Authorization.conforms to match the WAC spec: an Authorization is conforming when at least one of acl:accessTo or acl:default is present (previously it incorrectly required both), and adds unit coverage to prevent regressions.
Changes:
- Corrects the
Authorization.conformsguard from(missing accessTo) OR (missing default)to(missing accessTo) AND (missing default). - Adds unit tests covering
accessTo-only,default-only, and neither-present cases forAuthorization.conforms.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/wac/Authorization.ts |
Fixes the conformance predicate to only reject when neither accessTo nor default is present. |
test/unit/authorization.test.ts |
Adds regression tests ensuring conforms matches the WAC “at least one of accessTo/default” rule. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Fixes the
Authorization.conformslogic bug reported in #34: a conforming WAC Authorization must have at least one ofacl:accessTooracl:default, but the guard used||and so required both, wrongly rejecting validaccessTo-only anddefault-only Authorizations (the common case in real ACL documents).Per the WAC "Authorization Conformance" rules: "At least one
acl:accessTooracl:defaultproperty value." The guard should reject only when neither is present.Tests
Adds
test/unit/authorization.test.tscoveringaccessTo-only → conforms,default-only → conforms, and neither → does not conform. Full suite green (npm test: 25 pass, 0 fail).Note
This is the smaller, non-breaking half. The related #33 (
accessTo/defaultare single-valued but the RDF predicates are multi-valued) is a breaking API change that also toucheswacToAcp/acpToWac, so I left it as an issue for you to decide the preferred API shape — happy to follow up with a PR on confirmation. Once #33 lands and these become sets, this guard becomesthis.accessTo.size === 0 && this.default.size === 0.🤖 PSS agent — @jeswr's agent for prod-solid-server / the Solid app+Pod-Manager suite