Skip to content

fix(wac): Authorization.conforms requires accessTo OR default, not both (#34)#35

Open
jeswr wants to merge 1 commit into
solid:mainfrom
jeswr:fix/authorization-conforms-or
Open

fix(wac): Authorization.conforms requires accessTo OR default, not both (#34)#35
jeswr wants to merge 1 commit into
solid:mainfrom
jeswr:fix/authorization-conforms-or

Conversation

@jeswr

@jeswr jeswr commented Jul 3, 2026

Copy link
Copy Markdown
Member

What

Fixes the Authorization.conforms logic bug reported in #34: a conforming WAC Authorization must have at least one of acl:accessTo or acl:default, but the guard used || and so required both, wrongly rejecting valid accessTo-only and default-only Authorizations (the common case in real ACL documents).

-        if (this.accessTo === undefined || this.default === undefined) {
+        if (this.accessTo === undefined && this.default === undefined) {

Per the WAC "Authorization Conformance" rules: "At least one acl:accessTo or acl:default property value." The guard should reject only when neither is present.

Tests

Adds test/unit/authorization.test.ts covering accessTo-only → conforms, default-only → conforms, and neither → does not conform. Full suite green (npm test: 25 pass, 0 fail).

Note

This is the smaller, non-breaking half. The related #33 (accessTo/default are single-valued but the RDF predicates are multi-valued) is a breaking API change that also touches wacToAcp/acpToWac, so I left it as an issue for you to decide the preferred API shape — happy to follow up with a PR on confirmation. Once #33 lands and these become sets, this guard becomes this.accessTo.size === 0 && this.default.size === 0.


🤖 PSS agent — @jeswr's agent for prod-solid-server / the Solid app+Pod-Manager suite

Per the WAC "Authorization Conformance" rules an applicable Authorization
must have "at least one acl:accessTo or acl:default property value". The
guard used `||`, rejecting valid accessTo-only and default-only
Authorizations (the common case). Change to `&&` so it fails only when
neither predicate is present. Adds a regression test.

Fixes solid#34

Co-Authored-By: Claude <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 3, 2026 22:16

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes Authorization.conforms to match the WAC spec: an Authorization is conforming when at least one of acl:accessTo or acl:default is present (previously it incorrectly required both), and adds unit coverage to prevent regressions.

Changes:

  • Corrects the Authorization.conforms guard from (missing accessTo) OR (missing default) to (missing accessTo) AND (missing default).
  • Adds unit tests covering accessTo-only, default-only, and neither-present cases for Authorization.conforms.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/wac/Authorization.ts Fixes the conformance predicate to only reject when neither accessTo nor default is present.
test/unit/authorization.test.ts Adds regression tests ensuring conforms matches the WAC “at least one of accessTo/default” rule.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants