From d5b074b0ed5cc2ef615c93a5532d407ac8fdce89 Mon Sep 17 00:00:00 2001
From: Aaron Coburn <acoburn@apache.org>
Date: Tue, 1 Sep 2020 21:01:14 -0400
Subject: [PATCH] WebACL default statements do not require acl:accessTo
 predicates

Resolves #1027
---
 .../src/main/java/org/trellisldp/webac/WebAcService.java   | 7 +++++--
 .../test/java/org/trellisldp/webac/WebAcServiceTest.java   | 3 +--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/auth/webac/src/main/java/org/trellisldp/webac/WebAcService.java b/auth/webac/src/main/java/org/trellisldp/webac/WebAcService.java
index 7e4362b01..5bc1f1716 100644
--- a/auth/webac/src/main/java/org/trellisldp/webac/WebAcService.java
+++ b/auth/webac/src/main/java/org/trellisldp/webac/WebAcService.java
@@ -315,7 +315,8 @@ private Authorizations getAllAuthorizationsFor(final Resource resource, final bo
                             authorizations.stream().filter(getInheritedAuth(resource.getIdentifier())));
                 }
                 // If not inheriting, just return the relevant Authorizations
-                return new Authorizations(resource.getIdentifier(), authorizations.stream());
+                return new Authorizations(resource.getIdentifier(), authorizations.stream()
+                        .filter(auth -> auth.getAccessTo().contains(resource.getIdentifier())));
             } catch (final Exception ex) {
                 throw new TrellisRuntimeException("Error closing graph", ex);
             }
@@ -335,7 +336,9 @@ static List<Authorization> getAuthorizationFromGraph(final IRI identifier, final
                 } catch (final Exception ex) {
                     throw new TrellisRuntimeException("Error closing graph", ex);
                 }
-            }).filter(auth -> auth.getAccessTo().contains(identifier)).collect(toList());
+            })
+        .filter(auth -> auth.getAccessTo().contains(identifier) || auth.getDefault().contains(identifier))
+        .collect(toList());
     }
 
     static class Authorizations {
diff --git a/auth/webac/src/test/java/org/trellisldp/webac/WebAcServiceTest.java b/auth/webac/src/test/java/org/trellisldp/webac/WebAcServiceTest.java
index c2db7c0b3..7766fbf95 100644
--- a/auth/webac/src/test/java/org/trellisldp/webac/WebAcServiceTest.java
+++ b/auth/webac/src/test/java/org/trellisldp/webac/WebAcServiceTest.java
@@ -714,7 +714,7 @@ void testGroup2() {
                 rdf.createQuad(PreferAccessControl, authIRI3, ACL.mode, ACL.Read),
                 rdf.createQuad(PreferAccessControl, authIRI3, ACL.agentGroup, groupIRI2),
                 rdf.createQuad(PreferAccessControl, authIRI3, ACL.accessTo, childIRI),
-                rdf.createQuad(PreferAccessControl, authIRI2, ACL.default_, childIRI),
+                rdf.createQuad(PreferAccessControl, authIRI3, ACL.default_, childIRI),
 
                 rdf.createQuad(PreferAccessControl, authIRI4, ACL.agentGroup, groupIRI2),
                 rdf.createQuad(PreferAccessControl, authIRI4, type, ACL.Authorization)));
@@ -906,7 +906,6 @@ private void setUpChildResource() {
                 rdf.createQuad(PreferAccessControl, authIRI1, type, ACL.Authorization),
                 rdf.createQuad(PreferAccessControl, authIRI1, ACL.mode, ACL.Read),
                 rdf.createQuad(PreferAccessControl, authIRI1, ACL.agent, addisonIRI),
-                rdf.createQuad(PreferAccessControl, authIRI1, ACL.accessTo, childIRI),
                 rdf.createQuad(PreferAccessControl, authIRI1, ACL.default_, childIRI),
 
                 rdf.createQuad(PreferAccessControl, authIRI2, ACL.mode, ACL.Read),