Test fix

namedgraph · namedgraph · commit feb105167a2d · 2026-02-17T21:54:42.000+01:00
diff --git a/http-tests/document-hierarchy/PUT-no-slash-308.sh b/http-tests/document-hierarchy/PUT-no-slash-308.sh
@@ -15,16 +15,6 @@ add-agent-to-group.sh \
   --agent "$AGENT_URI" \
   "${ADMIN_BASE_URL}acl/groups/writers/"
 
-# create test container
-
-container=$(create-container.sh \
-  -f "$AGENT_CERT_FILE" \
-  -p "$AGENT_CERT_PWD" \
-  -b "$END_USER_BASE_URL" \
-  --title "Test Container" \
-  --slug "test-container" \
-  --parent "$END_USER_BASE_URL")
-
 # add an explicit read/write authorization for the parent since the child document will inherit it
 
 create-authorization.sh \
@@ -33,13 +23,13 @@ create-authorization.sh \
   -p "$OWNER_CERT_PWD" \
   --label "Write base" \
   --agent "$AGENT_URI" \
-  --to "$container" \
+  --to "$END_USER_BASE_URL" \
   --read \
   --write
 
 # check URI without trailing slash gets redirected
 
-invalid_item="${container}no-slash"
+invalid_item="${END_USER_BASE_URL}no-slash"
 
 (
 curl -k -w "%{http_code}\n" -o /dev/null -s \
diff --git a/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java b/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java
@@ -167,49 +167,51 @@ public Model authorize(ContainerRequestContext request, Resource agent, Resource
             createOwnerAuthorization(authorizations, accessTo, agent);
         }
 
-        // special case for PUT requests to non-existing document: allow if the agent has acl:Write acess to the *parent* URI
-        if (request.getMethod().equals(HttpMethod.PUT) && accessMode.equals(ACL.Write))
+        QuerySolutionMap thisQsm = new QuerySolutionMap();
+        thisQsm.add(SPIN.THIS_VAR_NAME, accessTo);
+        ResultSetRewindable docTypesResult = loadResultSet(getApplication().get().getService(), getDocumentTypeQuery(), thisQsm);  
+        try
         {
-            // Use Jena's IRIx for RFC 3986-compliant resolution - java.net.URI.resolve("..") is non-compliant
-            // (RFC 3986 section 5.2.4 step 2D requires ".." to be removed, but java.net.URI leaves it literal)
-            IRIx parentURI = IRIx.create(accessTo.getURI()).resolve("..");
-            Resource parent = ResourceFactory.createResource(parentURI.toString());
-            log.debug("Requested document <{}> not found, falling back to parent URI <{}>", parent, parentURI);
-
-            QuerySolutionMap parentQsm = new QuerySolutionMap();
-            parentQsm.add(SPIN.THIS_VAR_NAME, parent);
-            ResultSetRewindable docTypesResult = loadResultSet(getApplication().get().getService(), getDocumentTypeQuery(), parentQsm);
-            try
+            // special case for PUT requests: if the document does not exist, check acl:Write access on the *parent* URI instead
+            if (!docTypesResult.hasNext() && request.getMethod().equals(HttpMethod.PUT) && accessMode.equals(ACL.Write))
             {
-                Set<Resource> parentTypes = new HashSet<>();
-                docTypesResult.forEachRemaining(qs -> parentTypes.add(qs.getResource("Type")));
+                // Use Jena's IRIx for RFC 3986-compliant resolution - java.net.URI.resolve("..") is non-compliant
+                // (RFC 3986 section 5.2.4 step 2D requires ".." to be removed, but java.net.URI leaves it literal)
+                IRIx parentURI = IRIx.create(accessTo.getURI()).resolve("..");
+                Resource parent = ResourceFactory.createResource(parentURI.toString());
+                log.debug("Requested document <{}> not found, falling back to parent URI <{}>", parent, parentURI);
 
-                // only root and containers allow child documents. This needs to be checked before checking ownership
-                if (Collections.disjoint(parentTypes, Set.of(Default.Root, DH.Container))) return null;
+                QuerySolutionMap parentQsm = new QuerySolutionMap();
+                parentQsm.add(SPIN.THIS_VAR_NAME, parent);
+                ResultSetRewindable parentTypesResult = loadResultSet(getApplication().get().getService(), getDocumentTypeQuery(), parentQsm);
+                try
+                {
+                    Set<Resource> parentTypes = new HashSet<>();
+                    parentTypesResult.forEachRemaining(qs -> parentTypes.add(qs.getResource("Type")));
+
+                    // only root and containers allow child documents. This needs to be checked before checking ownership
+                    if (Collections.disjoint(parentTypes, Set.of(Default.Root, DH.Container))) return null;
 
-                // the agent is the owner of the requested document - automatically grant acl:Read/acl:Append/acl:Write access
-                if (agent != null && isOwner(parent, agent))
+                    // the agent is the owner of the requested document - automatically grant acl:Read/acl:Append/acl:Write access
+                    if (agent != null && isOwner(parent, agent))
+                    {
+                        log.debug("Agent <{}> is the owner of <{}>, granting acl:Read/acl:Append/acl:Write access", agent, parent);
+                        createOwnerAuthorization(authorizations, parent, agent);
+                    }
+
+                    accessTo = parent; // redirect ACL query to parent URI since the document does not exist yet
+                }
+                finally
                 {
-                    log.debug("Agent <{}> is the owner of <{}>, granting acl:Read/acl:Append/acl:Write access", agent, parent);
-                    createOwnerAuthorization(authorizations, parent, agent);
+                    parentTypesResult.close();
                 }
             }
-            finally
-            {
-                docTypesResult.close();
-            }
-        }
-
-        QuerySolutionMap thisQsm = new QuerySolutionMap();
-        thisQsm.add(SPIN.THIS_VAR_NAME, accessTo);
-        ResultSetRewindable docTypesResult = loadResultSet(getApplication().get().getService(), getDocumentTypeQuery(), thisQsm);           
-        try
-        {
+         
             ParameterizedSparqlString pss = getApplication().get().canAs(EndUserApplication.class) ? getACLQuery() : getOwnerACLQuery();
             if (docTypesResult.hasNext())
             {
                 Query query = new SetResultSetValues().apply(pss.asQuery(), docTypesResult);
-                pss = new ParameterizedSparqlString(query.toString()); // make sure VALUES are now part of the query string
+                pss = new ParameterizedSparqlString(query.toString()); // make sure type VALUES are now part of the query string
                 assert pss.toString().contains("VALUES");
             }
 
