Restore the juggling of webids to that Group ACLs work again
Closed this issue · 8 comments
The way groups are stored has to be a compromise between the way to naturally one store them in an AddressBook's vcard:Group (using an internal URI in the local vcard) and the needs of the ACL system, where the public webId of the person must be used directly in the group shape, as that is the only place it looks.
This means that when a we have bother the local card ID for the person and their WebId, we must store it like this.
<#thisGroup> vcard:member <theWebId> .
<theWebId> owl:sameAs <../Person/83924759/index.ttl#this> .
or
<#thisGroup> vcard:member <theWebId> .
<../Person/83924759/index.ttl#this> owl:sameAs <theWebId> .
This means the ACL system works without modification, but the contacts management has to be smarter.
This functionality existed recently (as group ACLs worked) but has broken in the splitting out of the logic into a separate file.
Note owl:sameAs is self-inverse, and so it is unreasonable to require it to be one way around or the other way round, they mean the same thing.
Can it be simplified ?. To just add the owl:sameAs triple so has to have :
<#thisGroup> vcard:hasMember <../Person/83924759/index.ttl#this> .
<../Person/83924759/index.ttl#this> owl:sameAs <theWebId> .
On NSS this does allow the contact Group to be used as an acl Group (tried locally).
This seem to solve the issue, but with a strange n:this tabont:uri c:me.
Delete wooks also.
export async function addWebIDToContacts (person, webid, context) {
if (!webid.startsWith('https:')) { /// @@ well we will have other protcols like DID
throw new Error('Does not look like a webid, must start with https:')
}
console.log(`Adding to ${person} a ${WEBID_NOUN}: ${webid}.`)
const kb = context.kb
const vcardURLThing = kb.bnode()
// alain add webID to Groups
const groups = kb.each(null, ns.vcard('hasMember'), person)
let groupWebids = []
for (const i in groups) groupWebids = groupWebids.concat($rdf.st(kb.sym(webid), ns.owl('sameAs'), person, kb.sym(groups[i]).doc()))
console.log('Alain Adding ' + groupWebids)
const insertables = [
$rdf.st(person, ns.vcard('url'), vcardURLThing, person.doc()),
$rdf.st(vcardURLThing, ns.rdf('type'), ns.vcard('WebID'), person.doc()),
$rdf.st(vcardURLThing, ns.vcard('value'), webid, person.doc()),
]
await kb.updater.update([], insertables)
await kb.updater.update([], [...groupWebids])
}
@prefix : <#>.
@prefix tabont: <http://www.w3.org/2007/ont/link#>.
@prefix owl: <http://www.w3.org/2002/07/owl#>.
@prefix vcard: <http://www.w3.org/2006/vcard/ns#>.
@prefix ind: <../index.ttl#>.
@prefix in: <../Person/46c651f3-f091-4298-b033-2eb5c233d6e8/index.ttl#>.
@prefix inde: <../Person/17bc23c3-32ff-4cf7-ab32-21653c67927f/index.ttl#>.
@prefix c: <https://bourgeoa.bourgeoa.ga:8560/profile/card#>.
:this a vcard:Group; vcard:fn "Group"; vcard:hasMember inde:this, in:this.
ind:this vcard:includesGroup :this.
inde:this vcard:fn "bourgeoa-solidcommunity.net".
in:this vcard:fn "bourgeoa-8560"; tabont:uri c:me.
c:me owl:sameAs in:this.
As can be seen below owl:sameAs is not added multiple times, it should be inde:this owl:sameAs c1:me, c0:me
The issue dates back 2017 linkeddata/rdflib.js#185.
@prefix : <#>.
@prefix tabont: <http://www.w3.org/2007/ont/link#>.
@prefix owl: <http://www.w3.org/2002/07/owl#>.
@prefix vcard: <http://www.w3.org/2006/vcard/ns#>.
@prefix ind: <../index.ttl#>.
@prefix in: <../Person/46c651f3-f091-4298-b033-2eb5c233d6e8/index.ttl#>.
@prefix inde: <../Person/17bc23c3-32ff-4cf7-ab32-21653c67927f/index.ttl#>.
@prefix c: <https://bourgeoa.bourgeoa.ga:8560/profile/card#>.
@prefix c0: <https://bourgeoa.solidcommunity.net/profile/card#>.
@prefix c1: <https://bourgeoa.solidcommunity.net:8443/profile/card#>.
:this a vcard:Group; vcard:fn "Group"; vcard:hasMember inde:this, in:this.
ind:this vcard:includesGroup :this.
inde:this
owl:sameAs c0:me;
vcard:fn "bourgeoa-solidcommunity.net";
tabont:uri c1:me, c0:me.
in:this owl:sameAs c:me; vcard:fn "bourgeoa-8560"; tabont:uri c:me.
@timbl
A person can have many webIDs.
The question of 2 contacts sharing a same webID is depending on the meaning of Person.
- Can for example a man and a wife share a same webId : yes for family account (so that each one is allowed to delete the pod), they can each also have other webIDs relating to their own activities. Is it advisable I suppose not, but makes life easier.
- contacts may also be seen as a sub-group
As sameAs cannot be more than once, it cannot be used.
- webID's can be added to person's groups vcard:hasMember and displaying group members need to filter vcard:hasMember to check that the item is a person of that group and not a webId.
- If we refuse that we must check that a webID is only added once in all contacts.
- if a webId can appear in multiple person cards, removing a webID from a person's groups vcard:hasMember need to check that no other person in that group uses that webID.
The tabont: thing looks like then result of smush processing .. historically the mashlib, in its role of making mashups of data form multiple sources would replaces all occurrences of multiple URIs for the same thing with just one of them ... and then IIRC use something like tabont:ui to track the orignal ones so they were not completely lost. We need to make sure those features are disabled. Its the replaceWith function in rdflib Store .
The tabont:uri is because we have not fixed linkeddata/rdflib.js#458... not wise to play with sameAs at all until that is fixed, or the sameAs will be processed internally by the store, leading to a tabont:uri
(I think solid-ui used to originally set the features of the store to [] but I bey that has been lost in the move to solid-logic just guessing.)
As regards simplification, the version which has two 'member' arcs leads to confusion as to how many members in the group