Fix bug issue 36 and add test for that condition

timbl · timbl · commit 42010f65075b · 2021-01-31T21:50:32.000Z
diff --git a/src/acl-check.js b/src/acl-check.js
@@ -188,7 +188,8 @@ function modesAllowed (kb, doc, directory, aclDoc, agent, origin, trustedOrigins
       modeURIorReasons.add(agentAndAppStatus)
     } else {
       let modes = kb.each(auth, ACL('mode'), null, aclDoc)
-      if (originTrustedModes && originTrustedModes.length > 0) {
+      // If there IS an origin, check that those modes are allowed to it too
+      if (origin && originTrustedModes && originTrustedModes.length > 0) {
         modes = modes.filter(mode => nodesIncludeNode(originTrustedModes, mode))
       }
       modes.forEach(mode => {
diff --git a/test/unit/access-denied-test.js b/test/unit/access-denied-test.js
@@ -427,5 +427,10 @@ test('aclCheck accessDenied() test - with use of originTrustedModes', t => {
   const controlModeResult = aclLogic.accessDenied(aclStore, resource, directory, aclDoc, agent, controlModeRequired, origin, trustedOrigins, originTrustedModes)
   t.ok(controlModeResult, 'All Required Access Modes Not Granted', 'Correct reason')
 
+  // See https://github.com/solid/acl-check/issues/36
+  const controlModeRequired2 = [ACL('Control')]
+  const controlModeResult2 = aclLogic.accessDenied(aclStore, resource, directory, aclDoc, agent, controlModeRequired2, null, trustedOrigins, originTrustedModes)
+  t.ok(!controlModeResult2, 'Should get access irrespective of origin modes modes when No origin', 'Correct reason 2')
+
   t.end()
 })
