@fleetbase/solid-engine 0.0.5 → 0.0.7

package/addon/extension.js

@@ -5,8 +5,8 @@ export default {
         const menuService = universe.getService('menu');
 
         // Register menu item in header
-        // const iconOptions = { iconComponent: new ExtensionComponent('@fleetbase/solid-engine', 'solid-brand-icon'), iconComponentOptions: { width: 19, height: 19 } };
-        menuService.registerHeaderMenuItem('Solid', 'console.solid-protocol', { priority: 5 });
+        const iconOptions = { iconComponent: new ExtensionComponent('@fleetbase/solid-engine', 'solid-brand-icon'), iconComponentOptions: { width: 19, height: 19 } };
+        menuService.registerHeaderMenuItem('Solid', 'console.solid-protocol', { ...iconOptions, priority: 5 });
 
         // Register admin settings -- create a solid server menu panel with it's own setting options
         universe.registerAdminMenuPanel(

package/addon/templates/home.hbs

@@ -58,35 +58,6 @@
                     </div>
                 </ContentPanel>
 
-                <ContentPanel @title="Quick Actions" @open={{true}} @wrapperClass="bordered-classic">
-                    <div class="grid grid-cols-1 md:grid-cols-3 gap-4">
-                        <div class="text-center p-6 bg-gray-50 dark:bg-gray-700 rounded-lg">
-                            <FaIcon @icon="folder-tree" @size="2x" class="text-blue-600 dark:text-blue-400 mb-3" />
-                            <h3 class="text-lg font-semibold text-gray-900 dark:text-white mb-2">Browse Data</h3>
-                            <p class="text-gray-600 dark:text-gray-400 mb-4">Explore and manage your Fleetops data in Solid</p>
-                            <div class="flex items-center justify-center">
-                                <Button @text="Browse Data" @icon="database" @type="primary" class="w-full" @onClick={{perform this.navigateToPods}} />
-                            </div>
-                        </div>
-                        <div class="text-center p-6 bg-gray-50 dark:bg-gray-700 rounded-lg">
-                            <FaIcon @icon="user" @size="2x" class="text-green-600 dark:text-green-400 mb-3" />
-                            <h3 class="text-lg font-semibold text-gray-900 dark:text-white mb-2">Account Settings</h3>
-                            <p class="text-gray-600 dark:text-gray-400 mb-4">Manage your account and profile settings</p>
-                            <div class="flex items-center justify-center">
-                                <Button @text="Account" @icon="user" @type="secondary" class="w-full" @onClick={{perform this.navigateToAccount}} />
-                            </div>
-                        </div>
-                        <div class="text-center p-6 bg-gray-50 dark:bg-gray-700 rounded-lg">
-                            <FaIcon @icon="sync" @size="2x" class="text-purple-600 dark:text-purple-400 mb-3" />
-                            <h3 class="text-lg font-semibold text-gray-900 dark:text-white mb-2">Sync Data</h3>
-                            <p class="text-gray-600 dark:text-gray-400 mb-4">Sync your Fleetbase data to Solid storage</p>
-                            <div class="flex items-center justify-center">
-                                <Button @text="Coming Soon" @icon="sync" @disabled={{true}} />
-                            </div>
-                        </div>
-                    </div>
-                </ContentPanel>
-
                 <ContentPanel @title="Connection Status" @open={{true}} @wrapperClass="bordered-classic">
                     <div class="space-y-3">
                         <div class="flex items-center">

package/composer.json

@@ -1,6 +1,6 @@
 {
     "name": "fleetbase/solid-api",
-    "version": "0.0.5",
+    "version": "0.0.7",
     "description": "Solid Protocol Extension to Store and Share Data with Fleetbase",
     "keywords": [
         "fleetbase-extension",

package/extension.json

@@ -1,8 +1,10 @@
 {
     "name": "Solid",
-    "version": "0.0.5",
+    "version": "0.0.7",
     "description": "Solid Protocol Extension to Store and Share Data with Fleetbase",
     "repository": "https://github.com/fleetbase/solid",
     "license": "AGPL-3.0-or-later",
-    "author": "Fleetbase Pte Ltd <hello@fleetbase.io>"
+    "author": "Fleetbase Pte Ltd <hello@fleetbase.io>",
+    "engine": "package.json",
+    "api": "composer.json"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@fleetbase/solid-engine",
-    "version": "0.0.5",
+    "version": "0.0.7",
     "description": "Solid Protocol Extension to Store and Share Data with Fleetbase",
     "fleetbase": {
         "route": "solid-protocol"
@@ -45,11 +45,12 @@
     },
     "dependencies": {
         "@babel/core": "^7.23.2",
-        "@fleetbase/ember-core": "^0.3.9",
-        "@fleetbase/ember-ui": "^0.3.15",
-        "@fleetbase/fleetops-data": "^0.1.24",
+        "@fleetbase/ember-core": "^0.3.10",
+        "@fleetbase/ember-ui": "^0.3.17",
+        "@fleetbase/fleetops-data": "^0.1.25",
         "@fortawesome/ember-fontawesome": "^2.0.0",
         "@fortawesome/fontawesome-svg-core": "6.4.0",
+        "@fortawesome/free-brands-svg-icons": "6.4.0",
         "@fortawesome/free-solid-svg-icons": "6.4.0",
         "broccoli-funnel": "^3.0.8",
         "ember-auto-import": "^2.7.4",

package/server/src/Http/Controllers/DataController.php

@@ -138,6 +138,35 @@ class DataController extends BaseController
                 'parent_url' => $parentUrl,
             ]);
 
+            // Check if parent URL is writable before attempting folder creation
+            $aclService = app(\Fleetbase\Solid\Services\AclService::class);
+            
+            if (!$aclService->isWritable($identity, $parentUrl)) {
+                Log::warning('[FOLDER CREATE] Location not writable', [
+                    'parent_url' => $parentUrl,
+                    'webid' => $webId,
+                ]);
+
+                // Find writable locations
+                $writableLocations = $aclService->findWritableLocations($identity, $profile);
+                
+                if (!empty($writableLocations)) {
+                    $suggestion = array_values($writableLocations)[0];
+                    return response()->json([
+                        'success' => false,
+                        'error' => 'Cannot create folder at specified location. You do not have write permissions.',
+                        'suggestion' => "Try creating the folder at: {$suggestion}",
+                        'writable_locations' => $writableLocations,
+                    ], 403);
+                } else {
+                    return response()->json([
+                        'success' => false,
+                        'error' => 'No writable locations found in your pod.',
+                        'help' => 'You may need to configure ACL permissions. See: https://docs.solidproject.org/managing-permissions',
+                    ], 403);
+                }
+            }
+
             // Use POST with Slug header (Solid Protocol standard)
             $result = $this->podService->createFolder($identity, $parentUrl, $folderName);
 
@@ -237,6 +266,34 @@ class DataController extends BaseController
                 'resource_types' => $resourceTypes,
             ]);
 
+            // Check if pod URL is writable before importing
+            $aclService = app(\Fleetbase\Solid\Services\AclService::class);
+            
+            if (!$aclService->isWritable($identity, $podUrl)) {
+                Log::warning('[IMPORT RESOURCES] Pod root not writable', [
+                    'pod_url' => $podUrl,
+                    'webid' => $webId,
+                ]);
+
+                // Find writable locations
+                $writableLocations = $aclService->findWritableLocations($identity, $profile);
+                
+                if (!empty($writableLocations)) {
+                    return response()->json([
+                        'success' => false,
+                        'error' => 'Cannot import resources to pod root. You do not have write permissions.',
+                        'writable_locations' => $writableLocations,
+                        'help' => 'Resources can only be imported to writable locations.',
+                    ], 403);
+                } else {
+                    return response()->json([
+                        'success' => false,
+                        'error' => 'No writable locations found in your pod.',
+                        'help' => 'You may need to configure ACL permissions. See: https://docs.solidproject.org/managing-permissions',
+                    ], 403);
+                }
+            }
+
             $result = $this->resourceSyncService->importResources($identity, $podUrl, $resourceTypes);
 
             return response()->json([

package/server/src/Services/AclService.php

@@ -143,4 +143,263 @@ TURTLE;
         Log::info('[ACL NEEDS UPDATE]', ['pod_url' => $podUrl]);
         return $this->grantWritePermissions($identity, $podUrl, $webId);
     }
+
+    /**
+     * Ensure a folder has proper ACL permissions after creation.
+     *
+     * @param SolidIdentity $identity
+     * @param string $folderUrl The folder URL (must end with /)
+     * @param string $webId The WebID to grant permissions to
+     * @return bool
+     */
+    public function ensureFolderPermissions(SolidIdentity $identity, string $folderUrl, string $webId): bool
+    {
+        try {
+            // Ensure folder URL ends with /
+            $folderUrl = rtrim($folderUrl, '/') . '/';
+            $aclUrl = $folderUrl . '.acl';
+
+            Log::info('[ACL] Ensuring folder permissions', [
+                'folder_url' => $folderUrl,
+                'acl_url' => $aclUrl,
+                'webid' => $webId,
+            ]);
+
+            // Check if ACL already exists and has write permissions
+            if ($this->hasFolderWritePermissions($identity, $folderUrl, $webId)) {
+                Log::info('[ACL] Folder already has write permissions', ['folder_url' => $folderUrl]);
+                return true;
+            }
+
+            // Create ACL with full permissions for the owner
+            $aclContent = $this->generateFolderAcl($folderUrl, $webId);
+            
+            return $this->createFolderAcl($identity, $aclUrl, $aclContent);
+        } catch (\Throwable $e) {
+            Log::error('[ACL] Failed to ensure folder permissions', [
+                'folder_url' => $folderUrl,
+                'error' => $e->getMessage(),
+            ]);
+            return false;
+        }
+    }
+
+    /**
+     * Check if a folder has write permissions.
+     *
+     * @param SolidIdentity $identity
+     * @param string $folderUrl
+     * @param string $webId
+     * @return bool
+     */
+    protected function hasFolderWritePermissions(SolidIdentity $identity, string $folderUrl, string $webId): bool
+    {
+        try {
+            $response = $identity->request('head', $folderUrl);
+
+            if (!$response->successful()) {
+                return false;
+            }
+
+            // Check WAC-Allow header
+            $wacAllow = $response->header('WAC-Allow');
+            
+            if ($wacAllow) {
+                Log::debug('[ACL] WAC-Allow header', [
+                    'folder_url' => $folderUrl,
+                    'wac_allow' => $wacAllow,
+                ]);
+
+                // Parse WAC-Allow header: user="read write", public="read"
+                if (preg_match('/user="([^"]*)"/i', $wacAllow, $matches)) {
+                    $userModes = strtolower($matches[1]);
+                    return str_contains($userModes, 'write') || str_contains($userModes, 'append');
+                }
+            }
+
+            return false;
+        } catch (\Throwable $e) {
+            Log::debug('[ACL] Error checking folder permissions', [
+                'folder_url' => $folderUrl,
+                'error' => $e->getMessage(),
+            ]);
+            return false;
+        }
+    }
+
+    /**
+     * Create an ACL file for a folder.
+     *
+     * @param SolidIdentity $identity
+     * @param string $aclUrl
+     * @param string $aclContent
+     * @return bool
+     */
+    protected function createFolderAcl(SolidIdentity $identity, string $aclUrl, string $aclContent): bool
+    {
+        try {
+            $response = $identity->request('put', $aclUrl, $aclContent, [
+                'headers' => [
+                    'Content-Type' => 'text/turtle',
+                ],
+            ]);
+
+            if ($response->successful()) {
+                Log::info('[ACL] Folder ACL created successfully', [
+                    'acl_url' => $aclUrl,
+                    'status' => $response->status(),
+                ]);
+                return true;
+            }
+
+            Log::error('[ACL] Failed to create folder ACL', [
+                'acl_url' => $aclUrl,
+                'status' => $response->status(),
+                'body' => $response->body(),
+            ]);
+
+            return false;
+        } catch (\Throwable $e) {
+            Log::error('[ACL] Error creating folder ACL', [
+                'acl_url' => $aclUrl,
+                'error' => $e->getMessage(),
+            ]);
+            return false;
+        }
+    }
+
+    /**
+     * Generate ACL content for a folder with full owner permissions.
+     *
+     * @param string $folderUrl The folder URL
+     * @param string $webId The WebID to grant permissions to
+     * @return string
+     */
+    protected function generateFolderAcl(string $folderUrl, string $webId): string
+    {
+        return <<<TURTLE
+@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+
+<#owner>
+    a acl:Authorization;
+    acl:agent <{$webId}>;
+    acl:accessTo <./>;
+    acl:default <./>;
+    acl:mode acl:Read, acl:Write, acl:Control.
+TURTLE;
+    }
+
+    /**
+     * Check if a specific URL is writable (has write or append permissions).
+     *
+     * @param SolidIdentity $identity
+     * @param string $url
+     * @return bool
+     */
+    public function isWritable(SolidIdentity $identity, string $url): bool
+    {
+        try {
+            $response = $identity->request('head', $url);
+            
+            if (!$response->successful()) {
+                return false;
+            }
+
+            $wacAllow = $response->header('WAC-Allow');
+            
+            if ($wacAllow && preg_match('/user="([^"]*)"/i', $wacAllow, $matches)) {
+                $modes = strtolower($matches[1]);
+                $isWritable = str_contains($modes, 'write') || str_contains($modes, 'append');
+                
+                Log::debug('[ACL] Writable check', [
+                    'url' => $url,
+                    'wac_allow' => $wacAllow,
+                    'is_writable' => $isWritable,
+                ]);
+                
+                return $isWritable;
+            }
+
+            return false;
+        } catch (\Throwable $e) {
+            Log::debug('[ACL] Writable check failed', [
+                'url' => $url,
+                'error' => $e->getMessage(),
+            ]);
+            return false;
+        }
+    }
+
+    /**
+     * Find writable storage locations from user profile.
+     *
+     * @param SolidIdentity $identity
+     * @param array $profile
+     * @return array
+     */
+    public function findWritableLocations(SolidIdentity $identity, array $profile): array
+    {
+        $writableLocations = [];
+        $webId = $profile['webid'] ?? null;
+        
+        if (!$webId) {
+            return $writableLocations;
+        }
+
+        // Get pod URL from WebID
+        $podUrl = $this->podService->getPodUrlFromWebId($webId);
+        
+        // Check common storage locations
+        $commonLocations = [
+            'public' => rtrim($podUrl, '/') . '/public/',
+            'private' => rtrim($podUrl, '/') . '/private/',
+            'inbox' => rtrim($podUrl, '/') . '/inbox/',
+        ];
+
+        foreach ($commonLocations as $name => $url) {
+            if ($this->isWritable($identity, $url)) {
+                $writableLocations[$name] = $url;
+            }
+        }
+
+        // Check storage locations from profile
+        foreach ($profile['storage_locations'] ?? [] as $storage) {
+            $storageUrl = $this->resolveStorageUrl($storage, $webId, $podUrl);
+            if ($storageUrl && $this->isWritable($identity, $storageUrl)) {
+                $writableLocations['storage_' . count($writableLocations)] = $storageUrl;
+            }
+        }
+
+        Log::info('[ACL] Found writable locations', [
+            'count' => count($writableLocations),
+            'locations' => $writableLocations,
+        ]);
+
+        return $writableLocations;
+    }
+
+    /**
+     * Resolve a storage URL from profile data.
+     *
+     * @param string $storage
+     * @param string $webId
+     * @param string $podUrl
+     * @return string|null
+     */
+    protected function resolveStorageUrl(string $storage, string $webId, string $podUrl): ?string
+    {
+        // Handle relative URLs
+        if ($storage === '../' || $storage === './') {
+            return $podUrl;
+        }
+
+        // Handle absolute URLs
+        if (str_starts_with($storage, 'http://') || str_starts_with($storage, 'https://')) {
+            return $storage;
+        }
+
+        // Handle relative paths
+        $webIdBase = dirname($webId);
+        return rtrim($webIdBase, '/') . '/' . ltrim($storage, '/');
+    }
 }

package/server/src/Services/PodService.php

@@ -712,20 +712,58 @@ class PodService
     {
         $items = [];
 
-        // Parse contained resources
+        // Parse contained resources with ldp:contains
         if (preg_match_all('/ldp:contains\s+<([^>]+)>/', $content, $matches)) {
             foreach ($matches[1] as $resourceUrl) {
-                $items[] = [
+                $item = [
                     'url'  => $resourceUrl,
                     'name' => $this->extractPodName($resourceUrl),
                     'type' => substr($resourceUrl, -1) === '/' ? 'container' : 'resource',
                 ];
+                
+                // Try to extract additional metadata for this resource
+                $item = array_merge($item, $this->extractResourceMetadata($content, $resourceUrl));
+                
+                $items[] = $item;
             }
         }
 
         return $items;
     }
 
+    /**
+     * Extract metadata for a specific resource from Turtle content.
+     */
+    private function extractResourceMetadata(string $content, string $resourceUrl): array
+    {
+        $metadata = [];
+        
+        // Escape special regex characters in URL
+        $escapedUrl = preg_quote($resourceUrl, '/');
+        
+        // Extract resource type (e.g., ldp:BasicContainer, foaf:Document)
+        if (preg_match('/<' . $escapedUrl . '>\s+a\s+([^;\s]+)/', $content, $matches)) {
+            $metadata['rdf_type'] = trim($matches[1]);
+        }
+        
+        // Extract dc:title
+        if (preg_match('/<' . $escapedUrl . '>.*?dc:title\s+"([^"]+)"/', $content, $matches)) {
+            $metadata['title'] = $matches[1];
+        }
+        
+        // Extract dc:modified or posix:mtime
+        if (preg_match('/<' . $escapedUrl . '>.*?(?:dc:modified|posix:mtime)\s+(\d+)/', $content, $matches)) {
+            $metadata['modified'] = (int)$matches[1];
+        }
+        
+        // Extract posix:size
+        if (preg_match('/<' . $escapedUrl . '>.*?posix:size\s+(\d+)/', $content, $matches)) {
+            $metadata['size'] = (int)$matches[1];
+        }
+        
+        return $metadata;
+    }
+
     /**
      * Generate pod metadata in Turtle format.
      */
@@ -804,6 +842,15 @@ class PodService
                     'folder_url' => $createdUrl,
                     'status' => $response->status(),
                 ]);
+
+                // Ensure the folder has proper ACL permissions
+                $aclService = app(AclService::class);
+                $webId = $identity->webid;
+                
+                if ($webId) {
+                    $aclService->ensureFolderPermissions($identity, $createdUrl, $webId);
+                }
+
                 return true;
             }
 

package/server/src/Services/ResourceSyncService.php

@@ -299,6 +299,14 @@ class ResourceSyncService
                 'url' => $containerUrl,
                 'status' => $response->status(),
             ]);
+
+            // Ensure the container has proper ACL permissions
+            $aclService = app(AclService::class);
+            $webId = $identity->webid;
+            
+            if ($webId) {
+                $aclService->ensureFolderPermissions($identity, $containerUrl, $webId);
+            }
         } catch (\Throwable $e) {
             // Container might already exist, that's okay
             Log::debug('[CONTAINER CREATION SKIPPED]', [

package/ACL_SOLUTION.md

@@ -1,72 +0,0 @@
-# THE REAL ROOT CAUSE - ACL Permissions
-
-## Summary
-
-The 401 errors are NOT due to authentication or token issues. **The root ACL of each pod does not grant write permissions.**
-
-## Key Facts
-
-1. **CSS default root ACL grants only `acl:Read`** to the authenticated user
-2. **Without `acl:Write` or `acl:Append` in the root ACL**, all write operations fail
-3. **WAC-Allow header shows `user="read"`** - confirming no write permissions
-4. **CSS has no built-in UI** for managing ACLs across pods
-5. **Must update ACL programmatically** before first write operation
-
-## The Solution
-
-Before creating any folders or resources, **update the pod's root ACL** to grant write permissions.
-
-### Workflow
-
-1. User logs in via OIDC (get access token + DPoP key)
-2. Determine pod root URL (e.g., `http://solid:3000/test/`)
-3. **Check if ACL grants write access** by inspecting WAC-Allow header
-4. **If no write access, update the root ACL** at `<podRoot>/.acl`
-5. After ACL update, create containers/resources
-
-### ACL Document Format
-
-```turtle
-@prefix acl: <http://www.w3.org/ns/auth/acl#>.
-
-# Full rights for the pod owner (required)
-<#owner>
-    a acl:Authorization;
-    acl:agent <https://solid.example/user#me>;
-    acl:accessTo <https://solid.example/userpod/>;
-    acl:default <https://solid.example/userpod/>;
-    acl:mode acl:Read, acl:Write, acl:Control.
-
-# Append and read rights for the Fleetbase integration
-<#fleetbase>
-    a acl:Authorization;
-    acl:agent <https://fleetbase.com/agent#me>;
-    acl:accessTo <https://solid.example/userpod/>;
-    acl:default <https://solid.example/userpod/>;
-    acl:mode acl:Append, acl:Read.
-```
-
-### Implementation Steps
-
-1. **GET** `<podRoot>` to check WAC-Allow header
-2. If lacks `append`/`write`, prepare ACL Turtle document
-3. **PUT** `<podRoot>/.acl` with DPoP authentication
-4. After successful ACL update, proceed with folder creation
-
-## Why This Matters
-
-- **acl:agent** identifies who gets the permissions (use WebID)
-- **acl:accessTo** applies to the pod root
-- **acl:default** inherits to all descendants
-- **acl:Append** allows creating resources
-- **acl:Write** allows updating existing ones
-
-## For Fleetbase Integration
-
-The integration should:
-1. Check ACL permissions on first access
-2. Prompt user or automatically update ACL
-3. Use `acl:Append` mode (safer than full Write)
-4. Store ACL update status to avoid repeated checks
-
-This is **not a bug in our code** - it's the expected CSS behavior. Every pod needs explicit ACL configuration for write access.