Uploaded image for project: 'Fedora Repository Project'
  1. Fedora Repository Project
  2. FCREPO-2899

Must disallow PATCH of Indirect Containers updating SMTs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Fedora 5.0.0
    • Component/s: None
    • Labels:
      None
    • Roadmap Theme:
      Services: CRUD
    • Epic Link:
    • Sprint:
      Fedora 2018 API Alignment 3

      Description

      Currently, Indirect Containers can be configured to update the SMTs of other resources...this should be prevented.

      For example (and the following example can be reproduced with most, if not all, SMTs):

      1. Create a resource
        > curl -i -u fedoraAdmin:fedoraAdmin -XPUT http://localhost:8080/rest/resource
      1. Create an Indirect Container:
        > curl -i -u fedoraAdmin:fedoraAdmin -XPUT http://localhost:8080/rest/i -H "Link: <http://www.w3.org/ns/ldp#IndirectContainer>;rel=\"type\""
      1. Add Indirect Container triples to the new container:
        > curl -i -u fedoraAdmin:fedoraAdmin -XPATCH http://localhost:8080/rest/i -H "Content-Type: application/sparql-update" --data-binary @danger.su
        ...where danger.su is:
        ```
        INSERT { <> <http://www.w3.org/ns/ldp#membershipResource> </rest/resource> ; <http://www.w3.org/ns/ldp#hasMemberRelation> <http://fedora.info/definitions/v4/repository#createdBy> ; <http://www.w3.org/ns/ldp#insertedContentRelation> <http://www.openarchives.org/ore/terms/proxyFor> }

        WHERE {}
        ```
        The above PATCH should fail because "ldp:hasMemberRelation" is set to an SMT ("fedora:createdBy" in this case)

      1. Add a child to the Indirect Container
        > curl -i -u fedoraAdmin:fedoraAdmin -XPUT -H"Content-Type: text/turtle" --data-binary @proxy.ttl localhost:8080/rest/i/child
        ...where proxy.ttl is:
        ```
        <> <http://www.openarchives.org/ore/terms/proxyFor> "Andrew Woods" .
        ```

      In the current broken state, you will see that a new `fedora:createdBy` triple has been added to /rest/resource (BAD)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mohideen Mohamed Mohideen Abdul Rasheed
              Reporter:
              awoods Andrew Woods
              Reviewer:
              Ben Pennell
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: