From e15af380748d758c17ff86c0f31fa6b98881ddb6 Mon Sep 17 00:00:00 2001
From: Michiel de Jong <michiel@unhosted.org>
Date: Fri, 15 Dec 2023 12:01:36 +0100
Subject: [PATCH] Further clarify requirements for PUT-to-create and
 PATCH-to-create (#128)

* Further clarify requirements for PUT-to-create and PATCH-to-create

This updates the text to match what we decided in https://github.com/solid/web-access-control-spec/issues/105#issuecomment-1160876522. At the time we decided not to update the spec text, but now that the spec text is more detailed, the current statement is not correctly conveying that access to both the containing folder and the non-existing resource URL is required.

See the confusion that was created by this in https://github.com/solid-contrib/web-access-control-tests/pull/56 which was an (I think incorrect) reaction to #122.

* Apply suggestions from code review

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>

---------

Co-authored-by: Sarven Capadisli <info@csarven.ca>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
---
 index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.html b/index.html
index 3ace3e2..e1bc53c 100644
--- a/index.html
+++ b/index.html
@@ -805,10 +805,10 @@ <h5 property="schema:name"><span>Note</span>: HTTP Method and Access Mode Mappin
                             <dd>The HTTP <code>POST</code> can be used to create a new resource in a container or add information to existing resources (but not remove resources or its contents) with either <code>acl:Append</code> or <code>acl:Write</code>.</dd>
 
                             <dt id="http-put"><code>PUT</code></dt>
-                            <dd>As the HTTP <code>PUT</code> method requests to create or replace the resource state, the <code>acl:Write</code> access mode is required to replace an existing resource, but to create a new resource, access to the container can be either <code>acl:Append</code> or <code>acl:Write</code>.</dd>
+                            <dd>The HTTP <code>PUT</code> method requests to create or replace the resource state. <i>Creating</i> a new resource requires <code>acl:Append</code> and/or <code>acl:Write</code> access to the container as well as <code>acl:Write</code> access to the (new) resource. <i>Replacing</i> an existing resource requires only <code>acl:Write</code> access to the resource itself.</dd>
 
                             <dt id="http-patch"><code>PATCH</code></dt>
-                            <dd>As the processing of HTTP <code>PATCH</code> method requests depends on the request semantics and content, <code>acl:Append</code> can allow requests using SPARQL 1.1 Update’s [<cite><a class="bibref" href="#bib-sparql11-update">SPARQL11-UPDATE</a></cite>] <code>INSERT DATA</code> operation but not <code>DELETE DATA</code>, whereas <code>acl:Write</code> would allow both operations.</dd>
+                            <dd>As the processing of HTTP <code>PATCH</code> method request depends on the request semantics and content, <code>acl:Append</code> can allow requests to <em>insert</em> but not <em>delete<em> operations, whereas <code>acl:Write</code> would allow both operations. To create a new resource, <code>acl:Append</code> or <code>acl:Write</code> access mode to the container is additionally required.</dd>
 
                             <dt id="http-delete"><code>DELETE</code></dt>
                             <dd>As the HTTP <code>DELETE</code> method requests to remove a resource, the <code>acl:Write</code> access mode would be required.</dd>