Handling permissions

In Solid, permissions are handled through a standard called Web Access Control (or WAC).

Adding or removing WAC permissions

To add or remove permissions from a Pod, the app can use the PodPermissionsService.

await ctx.call('pod-permissions.add', {
  uri: 'http://localhost:3000/alice/data/eba0227a-3bbb-4582-b879,
  agentUri: 'http://localhost:3000/bob',
  agentPredicate: 'acl:agent',
  mode: 'acl:Read',
  actorUri: 'http://localhost:3000/alice'
});

To give a permission to all users, you should use acl:agentClass for the agentPredicate and http://xmlns.com/foaf/0.1/ for the agentUri.

Creating WAC groups

The PodWacGroupsService allows you to create or delete WAC groups, as well as add or remove members from these groups.

const groupUri = await ctx.call('pod-wac-groups.create', {
  groupSlug: 'my-group',
  actorUri: 'http://localhost:3000/alice'
});

await ctx.call('pod-wac-groups.addMember', {
  groupUri,
  memberUri: 'http://localhost:3000/bob',
  actorUri: 'http://localhost:3000/alice'
});

You can then give permissions to the whole group using pod-permissions.add,with acl:agentGroup for the agentPredicate and the URI of the group for the agentUri.

Note

Your application must have requested the apods:CreateAclGroup special right or these operations will fail.