Duplicate rules are added when using set(Agent|Public)(Default|Resource)Access

[jaxoncreed]

Search terms you've used

Duplicate rules

Bug description

Instead of removing the agent then adding it back with new rules, the following code will cause multiple instances of the same rule to populate when run multiple times.

To Reproduce

Run the following code:

  const isContainer = true;
  const uri = "https://solidweb.me/jackson/demo-react/";
  const newAccessRules = {
          public: {
            read: true,
            write: false,
            append: false,
            control: false,
          },
          agent: {
            "https://solidweb.me/jackson/profile/card#me": {
              read: true,
              write: true,
              append: true,
              control: true,
            },
          },
        };

  // Code Copied from https://docs.inrupt.com/developer-tools/javascript/client-libraries/tutorial/manage-wac/
  // Fetch the SolidDataset and its associated ACLs, if available:
  const myDatasetWithAcl = await getSolidDatasetWithAcl(uri, { fetch });

  // Obtain the SolidDataset's own ACL, if available,
  // or initialise a new one, if possible:
  let resourceAcl;
  if (!hasResourceAcl(myDatasetWithAcl)) {
    if (!hasAccessibleAcl(myDatasetWithAcl)) {
      return new AccessRuleFetchError(
        uri,
        "The current user does not have permission to change access rights to this Resource.",
      );
    }
    if (!hasFallbackAcl(myDatasetWithAcl)) {
      return new AccessRuleFetchError(
        "The current user does not have permission to see who currently has access to this Resource.",
      );
    }
    resourceAcl = createAclFromFallbackAcl(myDatasetWithAcl);
  } else {
    resourceAcl = getResourceAcl(myDatasetWithAcl);
  }

  // Give someone Control access to the given Resource:

  let updatedAcl: AclDataset & WithChangeLog = resourceAcl;
  if (newAccessRules.public) {
    if (isContainer) {
      updatedAcl = setPublicDefaultAccess(updatedAcl, newAccessRules.public);
    } else {
      updatedAcl = setPublicResourceAccess(updatedAcl, newAccessRules.public);
    }
  }
  if (newAccessRules.agent) {
    const setAgentAccess = isContainer
      ? setAgentDefaultAccess
      : setAgentResourceAccess;
    Object.entries(newAccessRules.agent).forEach(([webId, rules]) => {
      updatedAcl = setAgentAccess(updatedAcl, webId, rules);
    });
  }

  // Now save the ACL:
  await saveAclFor(myDatasetWithAcl, updatedAcl, { fetch });

Minimal reproduction

Expected result

Only one instance of each access rule is included.

Actual result

After running this function 4 times, this is the resulting acl:

<https://solidweb.me/jackson/.acl#owner> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#agent> <mailto:jaxoncreed@gmail.com>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control>;
    <http://www.w3.org/ns/auth/acl#accessTo> <https://solidweb.me/jackson/demo-react/>;
    <http://www.w3.org/ns/auth/acl#default> <https://solidweb.me/jackson/demo-react/>.
<#98f59743-d72d-49d7-aa45-68111676929e> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#agent> <https://solidweb.me/jackson/profile/card#me>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control>;
    <http://www.w3.org/ns/auth/acl#accessTo> <https://solidweb.me/jackson/demo-react/>.
<#aa90c26b-30c2-4559-bb8d-347d68a3a22b> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#agent> <https://solidweb.me/jackson/profile/card#me>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control>;
    <http://www.w3.org/ns/auth/acl#accessTo> <https://solidweb.me/jackson/demo-react/>.
<#b731b11e-c069-43f7-b41a-ae492097bc05> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>;
    <http://www.w3.org/ns/auth/acl#default> <https://solidweb.me/jackson/demo-react/>;
    <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Agent>.
<#2bc368f1-a1c4-483f-850a-93c941602c08> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#agent> <https://solidweb.me/jackson/profile/card#me>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control>;
    <http://www.w3.org/ns/auth/acl#default> <https://solidweb.me/jackson/demo-react/>.
<#771bb967-65b5-4527-94a7-42f8f13d03b9> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#agent> <https://solidweb.me/jackson/profile/card#me>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control>;
    <http://www.w3.org/ns/auth/acl#accessTo> <https://solidweb.me/jackson/demo-react/>.
<#1a8dc12c-0dc1-4f19-a0dc-fad334dccdd9> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#agent> <https://solidweb.me/jackson/profile/card#me>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control>;
    <http://www.w3.org/ns/auth/acl#accessTo> <https://solidweb.me/jackson/demo-react/>.
<#1bfe2b50-69a0-4c69-8cfd-ad8afb17f5be> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>;
    <http://www.w3.org/ns/auth/acl#default> <https://solidweb.me/jackson/demo-react/>;
    <http://www.w3.org/ns/auth/acl#agentClass> <http://xmlns.com/foaf/0.1/Agent>.
<#f82683ba-04c6-41d0-ab34-42eaff030145> a <http://www.w3.org/ns/auth/acl#Authorization>;
    <http://www.w3.org/ns/auth/acl#agent> <https://solidweb.me/jackson/profile/card#me>;
    <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Write>, <http://www.w3.org/ns/auth/acl#Control>;
    <http://www.w3.org/ns/auth/acl#default> <https://solidweb.me/jackson/demo-react/>.

Environment

$ npx envinfo --system --npmPackages --binaries --npmGlobalPackages --browsers

System:
    OS: macOS 12.0.1
    CPU: (10) arm64 Apple M1 Max
    Memory: 987.38 MB / 64.00 GB
    Shell: 5.8 - /bin/zsh
  Binaries:
    Node: 16.20.2 - ~/.nvm/versions/node/v16.20.2/bin/node
    npm: 8.19.4 - ~/.nvm/versions/node/v16.20.2/bin/npm
  Browsers:
    Chrome: 117.0.5938.88
    Firefox: 117.0.1
    Firefox Developer Edition: 118.0
    Safari: 15.1
  npmPackages:
    @types/jest: ^29.0.3 => 29.5.4 
    ts-jest: ^29.0.2 => 29.1.1 
  npmGlobalPackages:
    corepack: 0.17.0
    npm: 8.19.4

Additional information

[zg009]

Hey, I can't point out the specific issue but I have noticed that the Inrupt ACL libraries do not always interop properly with the Community Solid Server instances, and I've had to write my own functions when working on one server compared to another. IF you'd like I can try and dig up one instance I've encountered.

[NSeydoux]

Hi @jaxoncreed , thanks for reporting this, we'll have a look!

[NSeydoux]

Hi! I'm sorry this issue is remaining unaddressed. Our team currently doesn't have enough capability to address this, especially given that the duplicate rules still result in a correct access graph. We don't have a plan to fix this in the foreseeable future, but I'll leave the issue open so that it can be picked up by a community developer if they wish.