Further clarify requirements for PUT-to-create and PATCH-to-create (#128)

michielbdejong · csarven · TallTed · web-flow · commit e15af380748d · 2023-12-15T13:01:36.000+02:00
* Further clarify requirements for PUT-to-create and PATCH-to-create This updates the text to match what we decided in #105 (comment). At the time we decided not to update the spec text, but now that the spec text is more detailed, the current statement is not correctly conveying that access to both the containing folder and the non-existing resource URL is required. See the confusion that was created by this in solid-contrib/web-access-control-tests#56 which was an (I think incorrect) reaction to #122. * Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com> --------- Co-authored-by: Sarven Capadisli <info@csarven.ca> Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
diff --git a/index.html b/index.html
@@ -805,10 +805,10 @@ <h5 property="schema:name"><span>Note</span>: HTTP Method and Access Mode Mappin
                             <dd>The HTTP <code>POST</code> can be used to create a new resource in a container or add information to existing resources (but not remove resources or its contents) with either <code>acl:Append</code> or <code>acl:Write</code>.</dd>
 
                             <dt id="http-put"><code>PUT</code></dt>
-                            <dd>As the HTTP <code>PUT</code> method requests to create or replace the resource state, the <code>acl:Write</code> access mode is required to replace an existing resource, but to create a new resource, access to the container can be either <code>acl:Append</code> or <code>acl:Write</code>.</dd>
+                            <dd>The HTTP <code>PUT</code> method requests to create or replace the resource state. <i>Creating</i> a new resource requires <code>acl:Append</code> and/or <code>acl:Write</code> access to the container as well as <code>acl:Write</code> access to the (new) resource. <i>Replacing</i> an existing resource requires only <code>acl:Write</code> access to the resource itself.</dd>
 
                             <dt id="http-patch"><code>PATCH</code></dt>
-                            <dd>As the processing of HTTP <code>PATCH</code> method requests depends on the request semantics and content, <code>acl:Append</code> can allow requests using SPARQL 1.1 Update’s [<cite><a class="bibref" href="#bib-sparql11-update">SPARQL11-UPDATE</a></cite>] <code>INSERT DATA</code> operation but not <code>DELETE DATA</code>, whereas <code>acl:Write</code> would allow both operations.</dd>
+                            <dd>As the processing of HTTP <code>PATCH</code> method request depends on the request semantics and content, <code>acl:Append</code> can allow requests to <em>insert</em> but not <em>delete<em> operations, whereas <code>acl:Write</code> would allow both operations. To create a new resource, <code>acl:Append</code> or <code>acl:Write</code> access mode to the container is additionally required.</dd>
 
                             <dt id="http-delete"><code>DELETE</code></dt>
                             <dd>As the HTTP <code>DELETE</code> method requests to remove a resource, the <code>acl:Write</code> access mode would be required.</dd>
