Conflict between authorization resources and derived resources with URI parameters

[joachimvh]

Issue is present in v1.0.2.

Using the example resources, accessing /template/ is impossible. The reason is that the server first tries to read /template/.acl to see the read permissions. It should notice it does not exist, and then read the permissions from /.acl. The problem is that /template/.acl matches the template URL /template/{var} and tries to fill in .acl into the SPARQL query, causing issues.

Just having an existing ACL at /template/.acl will not solve the issue, as the server will still try to generate the derived contents for it as it matches the template.

The simplest solution would be to not have template URLs that match all the contents of a container.

[joachimvh]

The simplest solution would be to not have template URLs that match all the contents of a container.

...and not have a trailing template matcher, as /template/pred-{var} still tries to match when looking up the ACL of, for example /template/pred-foaf:knows.acl.

This used to work at some point though so I will have to check what I broke.

[joachimvh]

This used to work at some point though so I will have to check what I broke.

Turns out this used to work accidentally because of a bug where the hasResource call never checked if the target was a derived resource. This issue started occurring after fixing that bug.