AtomGraph
diff --git a/‎platform/datasets/admin.trig
-19 b/‎platform/datasets/admin.trig
-19
diff --git a/‎src/main/java/com/atomgraph/linkeddatahub/resource/acl/Access.java
+4-57 b/‎src/main/java/com/atomgraph/linkeddatahub/resource/acl/Access.java
+4-57
diff --git a/‎src/main/java/com/atomgraph/linkeddatahub/resource/acl/AccessRequest.java
+18-3 b/‎src/main/java/com/atomgraph/linkeddatahub/resource/acl/AccessRequest.java
+18-3
diff --git a/‎src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java
+6-56 b/‎src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java
+6-56
@@ -794,25 +794,6 @@ WHERE
 
 }
 
-# creator access
-
-<acl/authorizations/creator/>
-{
-
-    <acl/authorizations/creator/> a dh:Item ;
-        sioc:has_container <acl/authorizations/> ;
-        dct:title "Creator access" ;
-        foaf:primaryTopic <acl/authorizations/creator/#this> .
-
-    <acl/authorizations/creator/#this> a lacl:CreatorAuthorization ;
-        rdfs:label "Creator access" ;
-        rdfs:comment "Creators have full control of their created resources" ;
-        lacl:accessProperty foaf:maker ;
-        acl:accessToClass dh:Item, dh:Container, def:Root ;
-        acl:agentClass acl:AuthenticatedAgent .
-
-}
-
 # GROUPS
 
 # owners
 
@@ -26,9 +26,8 @@
 import com.atomgraph.linkeddatahub.model.Service;
 import com.atomgraph.linkeddatahub.model.auth.Agent;
 import com.atomgraph.linkeddatahub.server.security.AgentContext;
-import com.atomgraph.linkeddatahub.vocabulary.ACL;
-import com.atomgraph.linkeddatahub.vocabulary.SIOC;
-import com.atomgraph.server.vocabulary.LDT;
+import com.atomgraph.linkeddatahub.server.util.AuthorizationParams;
+import com.atomgraph.linkeddatahub.server.util.SetResultSetValues;
 import com.atomgraph.spinrdf.vocabulary.SPIN;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.BadRequestException;
@@ -41,7 +40,6 @@
 import jakarta.ws.rs.core.UriInfo;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 import org.apache.jena.ontology.Ontology;
@@ -52,9 +50,6 @@
 import org.apache.jena.query.ResultSetRewindable;
 import org.apache.jena.rdf.model.Resource;
 import org.apache.jena.rdf.model.ResourceFactory;
-import org.apache.jena.sparql.core.Var;
-import org.apache.jena.sparql.engine.binding.Binding;
-import org.apache.jena.vocabulary.RDFS;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -124,8 +119,8 @@ public Response get(@QueryParam(QUERY) Query query,
             ResultSet docTypes = loadResultSet(getEndUserService(), getDocumentTypeQuery(), docTypeQsm);
             try
             {
-                authPss.setParams(getAuthorizationParams(accessTo, agent));
-                query = setResultSetValues(authPss.asQuery(), docTypes);
+                authPss.setParams(new AuthorizationParams(getApplication().getBase(), accessTo, agent).get());
+                query = new SetResultSetValues().apply(authPss.asQuery(), docTypes);
 
                 return super.get(query, defaultGraphUris, namedGraphUris);
             }
@@ -140,33 +135,6 @@ public Response get(@QueryParam(QUERY) Query query,
         }
     }
 
-    /**
-     * Builds solution map for the authorization query.
-     * 
-     * @param absolutePath request URL without query string
-     * @param agent agent resource or null
-     * @return solution map
-     */
-    public QuerySolutionMap getAuthorizationParams(Resource absolutePath, Resource agent)
-    {
-        QuerySolutionMap qsm = new QuerySolutionMap();
-        qsm.add(SPIN.THIS_VAR_NAME, absolutePath);
-        qsm.add(LDT.base.getLocalName(), getApplication().getBase());
-        
-        if (agent != null)
-        {
-            qsm.add("AuthenticatedAgentClass", ACL.AuthenticatedAgent); // enable AuthenticatedAgent UNION branch
-            qsm.add("agent", agent);
-        }
-        else
-        {
-            qsm.add("AuthenticatedAgentClass", RDFS.Resource); // disable AuthenticatedAgent UNION branch
-            qsm.add("agent", RDFS.Resource); // disables UNION branch with $agent
-        }
-        
-        return qsm;
-    }
-    
     /**
      * Loads SPARQL result set from a service.
      * 
@@ -199,27 +167,6 @@ protected ResultSet loadResultSet(com.atomgraph.linkeddatahub.model.Service serv
         }
     }
 
-    /**
-     * Converts a SPARQL result set into a <code>VALUES</code> block.
-     * 
-     * @param query SPARQL query
-     * @param resultSet result set
-     * @return query with appended values
-     */
-    public Query setResultSetValues(Query query, ResultSet resultSet)
-    {
-        if (query == null) throw new IllegalArgumentException("Query cannot be null");
-        if (resultSet == null) throw new IllegalArgumentException("ResultSet cannot be null");
-        
-        List<Var> vars = resultSet.getResultVars().stream().map(Var::alloc).toList();
-        List<Binding> values = new ArrayList<>();
-        while (resultSet.hasNext())
-            values.add(resultSet.nextBinding());
-
-        query.setValuesDataBlock(vars, values);
-        return query;
-    }
-    
     /**
      * Returns the SPARQL service for end-user data.
      * 
 
@@ -58,6 +58,7 @@
 import org.apache.jena.rdf.model.StmtIterator;
 import org.apache.jena.vocabulary.DCTerms;
 import org.apache.jena.vocabulary.RDF;
+import org.apache.jena.vocabulary.RDFS;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -119,6 +120,9 @@ public Response post(Model model, @QueryParam("default") @DefaultValue("false")
                 Resource agent = authorization.getPropertyResourceValue(ACL.agent);
                 if (!agent.equals(getAgentContext().get().getAgent())) throw new IllegalStateException("Agent requesting access must be authenticated");
 
+                String humanReadableName = getAgentsHumanReadableName(getAgentContext().get().getAgent());
+                String accessRequestLabel = humanReadableName != null ? "Access request by " + humanReadableName : null; // TO-DO: localize the string
+                        
                 Resource agentGroup = authorization.getPropertyResourceValue(ACL.agentGroup);
                 Resource accessTo = authorization.getPropertyResourceValue(ACL.accessTo);
                 Resource accessToClass = authorization.getPropertyResourceValue(ACL.accessToClass);
@@ -127,7 +131,8 @@ public Response post(Model model, @QueryParam("default") @DefaultValue("false")
                     addProperty(RDF.type, LACL.AuthorizationRequest).
                     addProperty(LACL.requestAgent, agent).
                     addLiteral(DCTerms.created, GregorianCalendar.getInstance());
-
+                if (accessRequestLabel != null) accessRequest.addLiteral(RDFS.label, accessRequestLabel);
+                    
                 // add all requested access modes
                 StmtIterator modeIt = authorization.listProperties(ACL.mode);
                 try
@@ -144,11 +149,12 @@ public Response post(Model model, @QueryParam("default") @DefaultValue("false")
                 if (accessToClass != null) accessRequest.addProperty(LACL.requestAccessToClass, accessToClass);
 
                 // attach document to parent explicitly because this class extends GraphStoreImpl and not Graph (which would handle it implicitly)
-                requestModel.createResource(graphUri.toString()).
+                Resource doc = requestModel.createResource(graphUri.toString()).
                     addProperty(RDF.type, DH.Item).
                     addProperty(SIOC.HAS_CONTAINER, requestModel.createResource(getAuthRequestContainerUriBuilder().build().toString())).
                     addProperty(FOAF.primaryTopic, accessRequest);
-                
+                if (accessRequestLabel != null) doc.addLiteral(DCTerms.title, accessRequestLabel);
+
     //            try
     //            {
     //                sendEmail(owner, accessRequest);
@@ -175,6 +181,15 @@ public Response post(Model model, @QueryParam("default") @DefaultValue("false")
         }
     }
 
+    public String getAgentsHumanReadableName(Agent agent)
+    {
+        if (agent.hasProperty(FOAF.givenName) && agent.hasProperty(FOAF.familyName))
+            return agent.getProperty(FOAF.givenName).getString() + " " + agent.getProperty(FOAF.familyName).getString();
+        
+        if (agent.hasProperty(FOAF.name)) return agent.getProperty(FOAF.name).getString();
+        
+        return null;
+    }
 
     /**
      * Returns the URI builder for authorization requests.
 
@@ -23,10 +23,12 @@
 import com.atomgraph.linkeddatahub.model.auth.Agent;
 import com.atomgraph.linkeddatahub.model.Service;
 import com.atomgraph.linkeddatahub.server.security.AuthorizationContext;
+import com.atomgraph.linkeddatahub.server.util.AuthorizationParams;
+import com.atomgraph.linkeddatahub.server.util.SetResultSetValues;
 import com.atomgraph.linkeddatahub.vocabulary.ACL;
 import com.atomgraph.linkeddatahub.vocabulary.DH;
 import com.atomgraph.linkeddatahub.vocabulary.Default;
-import com.atomgraph.server.vocabulary.LDT;
+import com.atomgraph.linkeddatahub.vocabulary.LACL;
 import com.atomgraph.spinrdf.vocabulary.SPIN;
 import java.io.IOException;
 import java.util.Collections;
@@ -43,9 +45,7 @@
 import jakarta.ws.rs.container.PreMatching;
 import jakarta.ws.rs.core.Response;
 import java.net.URI;
-import java.util.ArrayList;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 import org.apache.jena.query.ParameterizedSparqlString;
 import org.apache.jena.query.Query;
@@ -58,10 +58,7 @@
 import org.apache.jena.rdf.model.ResIterator;
 import org.apache.jena.rdf.model.Resource;
 import org.apache.jena.rdf.model.ResourceFactory;
-import org.apache.jena.sparql.core.Var;
-import org.apache.jena.sparql.engine.binding.Binding;
 import org.apache.jena.vocabulary.RDF;
-import org.apache.jena.vocabulary.RDFS;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -156,33 +153,6 @@ public void filter(ContainerRequestContext request) throws IOException
             request.setProperty(AuthorizationContext.class.getCanonicalName(), new AuthorizationContext(authorization.getModel()));
     }
 
-    /**
-     * Builds solution map for the authorization query.
-     * 
-     * @param absolutePath request URL without query string
-     * @param agent agent resource or null
-     * @return solution map
-     */
-    public QuerySolutionMap getAuthorizationParams(Resource absolutePath, Resource agent)
-    {
-        QuerySolutionMap qsm = new QuerySolutionMap();
-        qsm.add(SPIN.THIS_VAR_NAME, absolutePath);
-        qsm.add(LDT.base.getLocalName(), getApplication().getBase());
-        
-        if (agent != null)
-        {
-            qsm.add("AuthenticatedAgentClass", ACL.AuthenticatedAgent); // enable AuthenticatedAgent UNION branch
-            qsm.add("agent", agent);
-        }
-        else
-        {
-            qsm.add("AuthenticatedAgentClass", RDFS.Resource); // disable AuthenticatedAgent UNION branch
-            qsm.add("agent", RDFS.Resource); // disables UNION branch with $agent
-        }
-        
-        return qsm;
-    }
-    
     /**
      * Returns authorization for the current request.
      * 
@@ -241,11 +211,11 @@ public Resource authorize(ContainerRequestContext request, Resource agent, Resou
             }
 
             ParameterizedSparqlString pss = getApplication().canAs(EndUserApplication.class) ? getACLQuery() : getOwnerACLQuery();
-            Query query = setResultSetValues(pss.asQuery(), docTypes);
+            Query query = new SetResultSetValues().apply(pss.asQuery(), docTypes);
             pss = new ParameterizedSparqlString(query.toString()); // make sure VALUES are now part of the query string
             assert pss.toString().contains("VALUES");
 
-            Model authModel = loadModel(getAdminService(), pss, getAuthorizationParams(accessTo, agent));
+            Model authModel = loadModel(getAdminService(), pss, new AuthorizationParams(getApplication().getBase(), accessTo, agent).get());
             return authorize(authModel, accessMode);
         }
         finally
@@ -360,27 +330,6 @@ protected ResultSetRewindable loadResultSet(com.atomgraph.linkeddatahub.model.Se
         }
     }
 
-    /**
-     * Converts a SPARQL result set into a <code>VALUES</code> block.
-     * 
-     * @param query SPARQL query
-     * @param resultSet result set
-     * @return query with appended values
-     */
-    public Query setResultSetValues(Query query, ResultSet resultSet)
-    {
-        if (query == null) throw new IllegalArgumentException("Query cannot be null");
-        if (resultSet == null) throw new IllegalArgumentException("ResultSet cannot be null");
-        
-        List<Var> vars = resultSet.getResultVars().stream().map(Var::alloc).toList();
-        List<Binding> values = new ArrayList<>();
-        while (resultSet.hasNext())
-            values.add(resultSet.nextBinding());
-
-        query.setValuesDataBlock(vars, values);
-        return query;
-    }
-    
     /**
      * Creates a special <code>acl:Authorization</code> resource for an owner.
      * @param accessTo requested URI
@@ -395,6 +344,7 @@ public Resource createOwnerAuthorization(Resource accessTo, Resource agent)
         return ModelFactory.createDefaultModel().
                 createResource().
                 addProperty(RDF.type, ACL.Authorization).
+                addProperty(RDF.type, LACL.CreatorAuthorization).
                 addProperty(ACL.accessTo, accessTo).
                 addProperty(ACL.agent, agent).
                 addProperty(ACL.mode, ACL.Read).