@inrupt/solid-client / universalAccess
Module: universalAccess#
Experimental API
This API is still experimental, and subject to change. It builds on top of both ACP and WAC, aiming at being adaptable to any Access Control system that may be implemented in Solid. That is why it is purely Resource-centric: the library discovers metadata associated with the Resource itself, and calls the appropriate underlying API to deal with the Access Control in place for the target Resource.
As it is still under development, the following export is only intended for experimentation by early adopters, and is not recommended for production applications.
For more information see: Tutorial: Managing Access
This module can be imported as an object from the main package, which results in tree-shaking not being supported (so all the exported APIs will likely end up in your bundle). This import style is used for environments such as nextjs or create-react-app.
import { universalAccess } from "@inrupt/solid-client";
Alternatively, if your environment supports export maps, then you can import directly:
import * as universalAccess from "@inrupt/solid-client/universal";
If you’re using Typescript, and receive errors about type definitions not being found, please see this documentation
Functions#
getAclServerResourceInfo#
▸ getAclServerResourceInfo(resource, options?): Promise<WithServerResourceInfo | null>
Retrieve the Server Resource Info of Resource expressing access control over
another resource it is linked to. It applies in both ACP and WAC contexts:
the Access Control Resource is discovered consistently using a Link header
with rel=acl.
Parameters#
Name |
Type |
Description |
|---|---|---|
|
The Resource for which ACL we want to retrieve the Server Resource Info. |
|
|
|
Returns#
Promise<WithServerResourceInfo | null>
The Server Resource Info if available, null otherwise.
Since
1.19.0
Defined in#
getAgentAccess#
▸ getAgentAccess(resourceUrl, webId, options?): Promise<AccessModes | null>
Get an overview of what access is defined for a given Agent.
This function works with Solid Pods that implement either the Web Access Control spec or the Access Control Policies proposal, with some caveats:
If access to the given Resource has been set using anything other than the functions in this module, it is possible that it has been set in a way that prevents this function from reliably reading access.
It will only return access specified explicitly for the given Agent within the ACL linked to the resource. If additional restrictions or external resources are used, those will not be reflected in the return value of this function.
It will only return access specified explicitly for the given Resource. In other words, if the Resource is a Container, the returned Access may not apply to contained Resources.
If the current user does not have permission to view access for the given Resource, this function will resolve to
null.
Parameters#
Name |
Type |
Description |
|---|---|---|
|
|
URL of the Resource you want to read the access for. |
|
|
WebID of the Agent you want to get the access for. |
|
|
Default Options such as a fetch function. |
Returns#
Promise<AccessModes | null>
Since
1.19.0
Defined in#
getAgentAccessAll#
▸ getAgentAccessAll(resourceUrl, options?): Promise<Record<string, AccessModes> | null>
Get an overview of what access is defined for agents.
This function works with Solid Pods that implement either the Web Access Control spec or the Access Control Policies proposal, with some caveats:
If access to the given Resource has been set using anything other than the functions in this module, it is possible that it has been set in a way that prevents this function from reliably reading access.
It will only return access specified explicitly for the given Agent within the ACL linked to the resource. If additional restrictions or external resources are used, those will not be reflected in the return value of this function.
It will only return access specified explicitly for the given Resource. In other words, if the Resource is a Container, the returned Access may not apply to contained Resources.
If the current user does not have permission to view access for the given Resource, this function will resolve to
null.
Parameters#
Name |
Type |
Description |
|---|---|---|
|
|
URL of the Resource you want to read the access for. |
|
|
Default Options such as a fetch function. |
Returns#
Promise<Record<string, AccessModes> | null>
Since
1.21.0
Defined in#
getPublicAccess#
▸ getPublicAccess(resourceUrl, options?): Promise<AccessModes | null>
Get an overview of what access is defined for the Public.
This function works with Solid Pods that implement either the Web Access Control spec or the Access Control Policies proposal, with some caveats:
If access to the given Resource has been set using anything other than the functions in this module, it is possible that it has been set in a way that prevents this function from reliably reading access.
It will only return access specified explicitly for the given Agent within the ACL linked to the resource. If additional restrictions or external resources are used, those will not be reflected in the return value of this function.
It will only return access specified explicitly for the given Resource. In other words, if the Resource is a Container, the returned Access may not apply to contained Resources.
If the current user does not have permission to view access for the given Resource, this function will resolve to
null.
Parameters#
Name |
Type |
Description |
|---|---|---|
|
|
URL of the Resource you want to read the access for. |
|
|
Default Options such as a fetch function. |
Returns#
Promise<AccessModes | null>
Since
1.19.0
Defined in#
setAgentAccess#
▸ setAgentAccess(resourceUrl, webId, access, options?): Promise<AccessModes | null>
Set access to a resource for a given Agent.
This function works with Solid Pods that implement either the Web Access Control spec or the Access Control Policies proposal, with some caveats:
If access to the given Resource has been set using anything other than the functions in this module, it is possible that it has been set in a way that prevents this function from reliably setting access.
It will only set access explicitly for the given Agent. In other words, additional restrictions could be present that further restrict or loosen what access the given Agent has in particular circumstances.
The provided access will only apply to the given Resource. In other words, if the Resource is a Container, the configured Access will not apply to contained Resources.
If the current user does not have permission to view or change access for the given Resource, this function will resolve to
null.
Additionally, two caveats apply to users with a Pod server that uses WAC:
If the Resource did not have an ACL yet, a new one will be initialised. This means that changes to the ACL of a parent Container can no longer affect access people have to this Resource, although existing access will be preserved.
Setting different values for
controlReadandcontrolWriteis not supported, and will throw an error. If you expect (some of) your users to have Pods implementing WAC, be sure to pass the same value for both.
Parameters#
Name |
Type |
Description |
|---|---|---|
|
|
URL of the Resource you want to set access for. |
|
|
WebID of the Agent you want to set access for. |
|
|
The Access Modes to add (true) or remove (false). |
|
|
Default Options such as a fetch function. |
Returns#
Promise<AccessModes | null>
Since
1.19.0
Defined in#
setPublicAccess#
▸ setPublicAccess(resourceUrl, access, options?): Promise<AccessModes | null>
Set access to a resource for the public.
This function works with Solid Pods that implement either the Web Access Control spec or the Access Control Policies proposal, with some caveats:
If access to the given Resource has been set using anything other than the functions in this module, it is possible that it has been set in a way that prevents this function from reliably setting access.
It will only set access explicitly for the given Agent. In other words, additional restrictions could be present that further restrict or loosen what access the given Agent has in particular circumstances.
The provided access will only apply to the given Resource. In other words, if the Resource is a Container, the configured Access will not apply to contained Resources.
If the current user does not have permission to view or change access for the given Resource, this function will resolve to
null.
Additionally, two caveats apply to users with a Pod server that uses WAC:
If the Resource did not have an ACL yet, a new one will be initialised. This means that changes to the ACL of a parent Container can no longer affect access people have to this Resource, although existing access will be preserved.
Setting different values for
controlReadandcontrolWriteis not supported, and will throw an error. If you expect (some of) your users to have Pods implementing WAC, be sure to pass the same value for both.
Parameters#
Name |
Type |
Description |
|---|---|---|
|
|
URL of the Resource you want to set access for. |
|
|
The Access Modes to add (true) or remove (false). |
|
|
Default Options such as a fetch function. |
Returns#
Promise<AccessModes | null>
Since
1.19.0