Move resource parameter to constructor.

RubenVerborgh · RubenVerborgh · commit 9a6bdf337c74 · 2017-08-18T11:06:38.000-04:00
diff --git a/lib/acl-checker.js b/lib/acl-checker.js
@@ -9,33 +9,34 @@ const HTTPError = require('./http-error')
 const DEFAULT_ACL_SUFFIX = '.acl'
 
 class ACLChecker {
-  constructor (options = {}) {
+  constructor (resource, options = {}) {
+    this.resource = resource
     this.debug = options.debug || console.log.bind(console)
     this.fetch = options.fetch
     this.strictOrigin = options.strictOrigin
     this.suffix = options.suffix || DEFAULT_ACL_SUFFIX
   }
 
-  can (user, mode, resource, options = {}) {
+  can (user, mode, options = {}) {
     const debug = this.debug
-    debug('Can ' + (user || 'an agent') + ' ' + mode + ' ' + resource + '?')
+    this.debug(`Can ${user || 'an agent'} ${mode} ${this.resource}?`)
     // If this is an ACL, Control mode must be present for any operations
-    if (this.isAcl(resource)) {
+    if (this.isAcl(this.resource)) {
       mode = 'Control'
     }
 
     // Check the permissions within the nearest ACL
-    return this.getNearestACL(resource)
+    return this.getNearestACL(this.resource)
     .then(nearestAcl => {
-      const acls = this.getPermissionSet(nearestAcl, resource, options)
-      return this.checkAccess(acls, user, mode, resource)
+      const acls = this.getPermissionSet(nearestAcl, options)
+      return this.checkAccess(acls, user, mode, this.resource)
     })
     .then(() => { debug('ACL policy found') })
     .catch(err => {
       debug(`Error: ${err.message}`)
       if (!user) {
         debug('Authentication required')
-        throw new HTTPError(401, `Access to ${resource} requires authorization`)
+        throw new HTTPError(401, `Access to ${this.resource} requires authorization`)
       } else {
         debug(`${mode} access denied for ${user}`)
         throw new HTTPError(403, `Access denied for ${user}`)
@@ -44,10 +45,10 @@ class ACLChecker {
   }
 
   // Gets the ACL that applies to the resource
-  getNearestACL (uri) {
+  getNearestACL () {
     let isContainer = false
     let nearestACL = Promise.reject()
-    for (const acl of this.getPossibleACLs(uri, this.suffix)) {
+    for (const acl of this.getPossibleACLs()) {
       nearestACL = nearestACL.catch(() => new Promise((resolve, reject) => {
         this.debug(`Check if ACL exists: ${acl}`)
         this.fetch(acl, (err, graph) => {
@@ -65,7 +66,9 @@ class ACLChecker {
   }
 
   // Get all possible ACL paths that apply to the resource
-  getPossibleACLs (uri, suffix) {
+  getPossibleACLs () {
+    var uri = this.resource
+    var suffix = this.suffix
     var first = uri.endsWith(suffix) ? uri : uri + suffix
     var urls = [first]
     var parsedUri = url.parse(uri)
@@ -89,8 +92,8 @@ class ACLChecker {
   }
 
   // Tests whether the permissions allow a given operation
-  checkAccess (permissionSet, user, mode, resource) {
-    return permissionSet.checkAccess(resource, user, mode)
+  checkAccess (permissionSet, user, mode) {
+    return permissionSet.checkAccess(this.resource, user, mode)
     .then(hasAccess => {
       if (hasAccess) {
         this.debug(`${mode} access permitted to ${user}`)
@@ -108,7 +111,7 @@ class ACLChecker {
   }
 
   // Gets the permission set for the given resource
-  getPermissionSet ({ acl, graph, isContainer }, resource, options = {}) {
+  getPermissionSet ({ acl, graph, isContainer }, options = {}) {
     const debug = this.debug
     if (!graph || graph.length === 0) {
       debug('ACL ' + acl + ' is empty')
@@ -124,7 +127,7 @@ class ACLChecker {
       isAcl: uri => this.isAcl(uri),
       aclUrlFor: uri => this.aclUrlFor(uri)
     }
-    return new PermissionSet(resource, acl, isContainer, aclOptions)
+    return new PermissionSet(this.resource, acl, isContainer, aclOptions)
   }
 
   aclUrlFor (uri) {
diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js
@@ -13,15 +13,6 @@ function allow (mode) {
     if (!ldp.webid) {
       return next()
     }
-    var baseUri = utils.uriBase(req)
-
-    var acl = new ACL({
-      debug: debug,
-      fetch: fetchDocument(req.hostname, ldp, baseUri),
-      suffix: ldp.suffixAcl,
-      strictOrigin: ldp.strictOrigin
-    })
-    req.acl = acl
 
     var reqPath = res && res.locals && res.locals.path
       ? res.locals.path
@@ -37,8 +28,17 @@ function allow (mode) {
         origin: req.get('origin'),
         host: req.protocol + '://' + req.get('host')
       }
-      acl.can(req.session.userId, mode, baseUri + reqPath, options)
-      .then(next, next)
+
+      var baseUri = utils.uriBase(req)
+      var acl = new ACL(baseUri + reqPath, {
+        debug: debug,
+        fetch: fetchDocument(req.hostname, ldp, baseUri),
+        suffix: ldp.suffixAcl,
+        strictOrigin: ldp.strictOrigin
+      })
+      req.acl = acl
+
+      acl.can(req.session.userId, mode, options).then(next, next)
     })
   }
 }
diff --git a/test/unit/acl-checker-test.js b/test/unit/acl-checker-test.js
@@ -28,9 +28,9 @@ describe('ACLChecker unit test', () => {
     })
     let graph = {}
     let user, mode, resource, aclUrl
-    let acl = new ACLChecker({ debug })
-    let acls = acl.getPermissionSet({ graph, acl: aclUrl }, resource)
-    return expect(acl.checkAccess(acls, user, mode, resource))
+    let acl = new ACLChecker(resource, { debug })
+    let acls = acl.getPermissionSet({ graph, acl: aclUrl })
+    return expect(acl.checkAccess(acls, user, mode))
     .to.eventually.be.true
   })
   it('should callback with error on grant failure', () => {
@@ -39,9 +39,9 @@ describe('ACLChecker unit test', () => {
     })
     let graph = {}
     let user, mode, resource, aclUrl
-    let acl = new ACLChecker({ debug })
-    let acls = acl.getPermissionSet({ graph, acl: aclUrl }, resource)
-    return expect(acl.checkAccess(acls, user, mode, resource))
+    let acl = new ACLChecker(resource, { debug })
+    let acls = acl.getPermissionSet({ graph, acl: aclUrl })
+    return expect(acl.checkAccess(acls, user, mode))
     .to.be.rejectedWith('ACL file found but no matching policy found')
   })
   it('should callback with error on grant error', () => {
@@ -50,9 +50,9 @@ describe('ACLChecker unit test', () => {
     })
     let graph = {}
     let user, mode, resource, aclUrl
-    let acl = new ACLChecker({ debug })
-    let acls = acl.getPermissionSet({ graph, acl: aclUrl }, resource)
-    return expect(acl.checkAccess(acls, user, mode, resource))
+    let acl = new ACLChecker(resource, { debug })
+    let acls = acl.getPermissionSet({ graph, acl: aclUrl })
+    return expect(acl.checkAccess(acls, user, mode))
     .to.be.rejectedWith('Error thrown during checkAccess()')
   })
 })
