Folder .acl permissions are not inherited #1279
Comments
|
They should never be inherited. photos inside /profile/ will only be affected by https://github.com/solid/node-solid-server/blob/master/default-templates/new-account/profile/.acl (where If you remove /profile/.acl then /.acl will apply instead. |
|
I've been seeing this bug in the SDK. Several pods, which used to serve up items in /profile/, now are showing 403 errors. I checked my own pod (https://jmartin.inrupt.net/profile/James-profile_1564148145000_.jpeg) and sure enough /profile/.acl doesn't exist anymore. I'm not sure why it's not there. When I try to use the data browser "set folder permissions" button, it threw errors in the console. I unfortunately don't have the error message handy. The reason for that is I refreshed and intended to try again, but after a refresh, the /profile/.acl file was there now, and I can set permissions on that folder once more. I'm not sure how I (and other pods, seemingly) got into a strange corrupted state. It appears that the root cause is my /profile/.acl file disappeared one day. |
|
Also seeing the same issues with newly created Pods on https://solid.community. One thing to note is if you add the WebID as Owner under "Access to things within this folder:" in sharing for /public folder, they can then access the Global Inbox and hence get the global notifications. |
|
Just wanted to chime in that based on the current version of NSS, there should be created a @kevin-howard-jd the problem you describe sounds really serious! A WebID getting access to /inbox based on them having permission granted to /public? That's really, really bad, if that's the case. |
|
Was this resolved now with the latest dev.inrupt.net test round? |
|
It was |
This only seems to be happening on https://inrupt.net
Cannot access profile photos
Users cannot access notifications on their own pods
The text was updated successfully, but these errors were encountered: