access_roles 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 91cf664298c08ca0b5395696453206d0b573e09e
+  data.tar.gz: 355b638c263cd0323f6b563656d963c3847cfa2f
+SHA512:
+  metadata.gz: f384c27417bb992ddfada04ed2a0cad5ce1583d24116624006ea4ae990c39510487156f833c5b0a83a753e614cb151ce641d8699005e09502a7b8f3bddd4e039
+  data.tar.gz: 4ee35f09f45373b67b649fe9a2d79abebf321e695cb114ce85b113da7f7bc11f7b0787ef2e5f01b0f51c1bfe8a88f32de48e5640fe056837e9a3d1f01b3ec057

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.1
+before_install: gem install bundler -v 1.10.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in access_roles.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,12 @@
+Copyright (c) 2014, Duke University
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,36 @@
+# AccessRoles
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/access_roles`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'access_roles'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install access_roles
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/access_roles.
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/access_roles.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'access_roles/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "access_roles"
+  spec.version       = AccessRoles::VERSION
+  spec.authors       = ["David Chandek-Stark"]
+  spec.email         = ["dchandekstark@gmail.com"]
+
+  spec.summary       = %q{Access role management library for role-based access control.}
+  spec.description   = %q{Access role management library for role-based access control, based on RDF and ActiveTriples.}
+  spec.homepage      = "https://github.com/duke-libraries/access_roles"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "hashie"
+  spec.add_dependency "active-triples", "~> 0.6.1"
+  spec.add_dependency "hydra-validations"
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "rspec-its"
+  spec.add_development_dependency "factory_girl"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "access_roles"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/access_roles.rb

@@ -0,0 +1,16 @@
+require "access_roles/version"
+
+module AccessRoles
+
+  autoload :DetachedRoleSet, "access_roles/detached_role_set"
+  autoload :Permissions, "access_roles/permissions"
+  autoload :PropertyRoleSet, "access_roles/property_role_set"
+  autoload :Role, "access_roles/role"
+  autoload :Roles, "access_roles/roles"
+  autoload :RolesVocabulary, "access_roles/roles_vocabulary"
+  autoload :RoleSet, "access_roles/role_set"
+  autoload :RoleSetQuery, "access_roles/role_set_query"
+  autoload :RoleType, "access_roles/role_type"
+  autoload :RoleTypes, "access_roles/role_types"
+
+end

data/lib/access_roles/detached_role_set.rb

@@ -0,0 +1,56 @@
+require "set"
+require "json"
+
+module AccessRoles
+  #
+  # Wraps a set of Roles detached from a repository object
+  #
+  class DetachedRoleSet < RoleSet
+
+    def_delegator :role_set, :each
+
+    class << self
+      # Deserialize a serialized RoleSet into a DetachedRoleSet
+      def deserialize(serialized)
+        role_set = serialized.map { |role_data| Role.deserialize(role_data) }
+        new(role_set)
+      end
+
+      # Deserialize a JSON representation of a set of Roles into a DetachedRoleSet
+      def from_json(json)
+        deserialize JSON.parse(json)
+      end
+    end
+
+    attr_writer :role_set
+
+    def initialize(role_set = Set.new)
+      super role_set.to_set
+    end
+
+    def grant(*roles)
+      role_set.merge coerce(roles)
+    end
+
+    def revoke(*roles)
+      self.role_set -= coerce(roles)
+    end
+
+    def revoke_all
+      clear
+    end
+
+    def to_a
+      role_set.to_a
+    end
+
+    # Merges the roles from another role set into the role set
+    # @param other [Enumerable<Role>]
+    # @return [DetachedRoleSet] self
+    def merge(other)
+      role_set.merge other
+      self
+    end
+
+  end
+end

data/lib/access_roles/permissions.rb

@@ -0,0 +1,16 @@
+module AccessRoles
+  class Permissions
+
+    READ         = :read
+    DOWNLOAD     = :download
+    ADD_CHILDREN = :add_children
+    UPDATE       = :update
+    REPLACE      = :replace
+    ARRANGE      = :arrange
+    AUDIT        = :audit
+    GRANT        = :grant
+
+    ALL = [ READ, DOWNLOAD, ADD_CHILDREN, UPDATE, REPLACE, ARRANGE, AUDIT, GRANT ]
+
+  end
+end

data/lib/access_roles/property_role_set.rb

@@ -0,0 +1,42 @@
+module AccessRoles
+  #
+  # Wraps a set of Roles implemented as an ActiveTriples::Term.
+  #
+  class PropertyRoleSet < RoleSet
+
+    def grant(*roles)
+      if roles.present?
+        role_set << coerce(roles)
+      end
+    end
+
+    # @note We have to destroy resources on the ActiveTriples::Term
+    #   because Term#delete does not support isomorphism.
+    # @see https://github.com/ActiveTriples/ActiveTriples/issues/42
+    def revoke(*roles)
+      coerce(roles).each do |role|
+        if role_index = find_index(role)
+          role_set[role_index].destroy
+        end
+      end
+    end
+
+    # @note We have to destroy resources on the
+    #   ActiveTriples::Term because Term#delete does not
+    #   support isomorphism.
+    # @see https://github.com/ActiveTriples/ActiveTriples/issues/42
+    def revoke_all
+      each(&:destroy)
+      self
+    end
+
+    def each(&block)
+      role_set.map.each(&block)
+    end
+
+    def to_set
+      map.to_set
+    end
+
+  end
+end

data/lib/access_roles/role.rb

@@ -0,0 +1,119 @@
+require 'active_triples'
+require 'hydra/validations'
+
+module AccessRoles
+  #
+  # The assignment of a role to an agent within a scope.
+  #
+  class Role < ActiveTriples::Resource
+
+    DEFAULT_SCOPE = Roles::RESOURCE_SCOPE
+
+    include Hydra::Validations
+
+    configure type: RolesVocabulary.Role
+    property :role_type, predicate: RolesVocabulary.type
+    property :agent, predicate: RolesVocabulary.agent
+    property :scope, predicate: RolesVocabulary.scope
+
+    validates :agent, presence: true, cardinality: { is: 1 }
+    validates :role_type, inclusion: { in: Roles.type_map.keys }, cardinality: { is: 1 }
+    validates :scope, inclusion: { in: Roles::SCOPES }, cardinality: { is: 1 }
+
+    class << self
+
+      # Build a Role instance from hash attributes
+      # @param args [Hash] the attributes
+      # @return [Role] the role
+      # @example
+      #   Role.build type: "Curator", agent: "bob", scope: "resource"
+      def build(args={})
+        new.tap do |role|
+          role.attributes = build_attributes(args)
+          if role.invalid?
+            raise "Invalid #{self.name}: #{role.errors.full_messages.join('; ')}"
+          end
+        end
+      end
+
+      alias_method :deserialize, :build
+
+      # Deserialize a Role from JSON
+      # @param json [String] the JSON string
+      # @return [Role] the role
+      def from_json(json)
+        deserialize JSON.parse(json)
+      end
+
+      private
+
+      def build_attributes(args={})
+        # symbolize keys and stringify values
+        attrs = args.each_with_object({}) do |(k, v), memo|
+          memo[k.to_sym] = Array(v).first.to_s
+        end
+        # set default scope if necessary
+        attrs[:scope] ||= DEFAULT_SCOPE
+        # accept :type key for role_type attribute
+        if attrs.key?(:type)
+          attrs[:role_type] = attrs.delete(:type)
+        end
+        attrs
+      end
+
+    end
+
+    # Roles are considered equivalent (== and eql?) if they
+    # are of the same type and have the same agent and scope.
+    # @param other [Object] the object of comparison
+    # @return [Boolean] the result
+    def ==(other)
+      if self.class == other.class
+        self.to_h == other.to_h
+      else
+        super
+      end
+    end
+
+    def eql?(other)
+      (self == other) && (hash == other.hash)
+    end
+
+    def hash
+      to_h.hash
+    end
+
+    def to_s
+      to_h.to_s
+    end
+
+    def in_resource_scope?
+      scope.first == Roles::RESOURCE_SCOPE
+    end
+
+    def in_policy_scope?
+      scope.first == Roles::POLICY_SCOPE
+    end
+
+    def inspect
+      "#<#{self.class.name} role_type=#{role_type.first.inspect}, " \
+      "agent=#{agent.first.inspect}, scope=#{scope.first.inspect}>"
+    end
+
+    def to_h
+      { "role_type"=>role_type,
+         "agent"=>agent,
+         "scope"=>scope,
+      }
+    end
+    alias_method :to_hash, :to_h
+    alias_method :serialize, :to_h
+
+    # Returns the permissions associated with the role
+    # @return [Array<Symbol>] the permissions
+    def permissions
+      Roles.type_map[role_type.first].permissions
+    end
+
+  end
+end

data/lib/access_roles/role_set.rb

@@ -0,0 +1,104 @@
+require "forwardable"
+
+module AccessRoles
+  #
+  # Wraps a set of Roles
+  #
+  # @abstract
+  #
+  class RoleSet
+    include Enumerable
+    extend Forwardable
+
+    attr_reader :role_set
+
+    def_delegators :query,
+                   :where, :agent, :scope, :role_type, :type, :agents, :permissions,
+                   :in_policy_scope, :in_resource_scope
+
+    def_delegators :role_set,
+                   :empty?, :clear
+
+    def initialize(role_set)
+      @role_set = role_set
+    end
+
+    # Grants roles - i.e., adds them to the role set
+    # @example - default scope ("resource")
+    #   grant type: "Curator", agent: "bob"
+    # @example - explicit scope
+    #   grant type: "Curator", agent: "sue", scope: "policy"
+    # @param roles [Role, Hash, RoleSet, Array] the role(s) to grant
+    def grant(*roles)
+      raise NotImplementedError, "Subclasses must implement `grant`."
+    end
+
+    # Return true/false depending on whether the role has been granted
+    # @param role [Role, Hash] the role
+    # @return [Boolean] whether the role has been granted
+    def granted?(role)
+      include? coerce(role)
+    end
+
+    # Revokes roles - i.e., removes them from the role set
+    # @example
+    #   revoke type: "Curator", agent: "bob", scope: "resource"
+    # @param roles [Role, Hash, RoleSet, Array] the role(s) to revoke
+    def revoke(*roles)
+      raise NotImplementedError, "Subclasses must implement `revoke`."
+    end
+
+    # Replace the current roles in the role set with new roles
+    # @param roles [Role, Hash, RoleSet, Array] the role(s) to grant
+    def replace(*roles)
+      revoke_all
+      grant(*roles)
+    end
+
+    # Remove all roles from the role set
+    # @return [RoleSet] self
+    def revoke_all
+      raise NotImplementedError, "Subclasses must implement `revoke_all`."
+    end
+
+    # Return the RoleSet serialized as JSON
+    # @return [String] the JSON string
+    def to_json
+      serialize.to_json
+    end
+
+    # Return the RoleSet serialized as an Array of serialized Roles
+    # @return [Array<Hash>]
+    def serialize
+      to_a.map(&:serialize)
+    end
+
+    def ==(other)
+      if other.is_a? RoleSet
+        self.to_set == other.to_set
+      else
+        super
+      end
+    end
+
+    private
+
+    def query
+      RoleSetQuery.new(self)
+    end
+
+    def coerce(obj)
+      case obj
+      when RoleSet
+        coerce(obj.role_set)
+      when Array, Set
+        obj.map { |r| coerce(r) }.flatten
+      when Role
+        obj
+      else
+        Role.build(obj)
+      end
+    end
+
+  end
+end

data/lib/access_roles/role_set_query.rb

@@ -0,0 +1,83 @@
+module AccessRoles
+  #
+  # RoleSet query interface
+  #
+  # @api private
+  #
+  class RoleSetQuery
+    include Enumerable
+
+    attr_reader :role_set
+
+    def initialize(role_set)
+      @role_set = role_set
+    end
+
+    def criteria
+      @criteria ||= {}
+    end
+
+    def where(conditions={})
+      criteria.merge!(conditions)
+      self
+    end
+
+    def scope(s)
+      where(scope: s)
+    end
+
+    def in_policy_scope
+      scope(Roles::POLICY_SCOPE)
+    end
+
+    def in_resource_scope
+      scope(Roles::RESOURCE_SCOPE)
+    end
+
+    def agent(a)
+      where(agent: a)
+    end
+    alias_method :group, :agent
+
+    def role_type(r)
+      where(role_type: r)
+    end
+    alias_method :type, :role_type
+
+    def each(&block)
+      role_set.select { |role| matches_all?(role) }.each(&block)
+    end
+
+    # Return the list of agents for the Roles matching the criteria.
+    # @return [Array] the agents
+    def agents
+      map { |role| role.agent.first }
+    end
+
+    # Return a list of the permissions granted to the Roles matching the criteria.
+    # @return [Array<Symbol>] the permissions
+    def permissions
+      map(&:permissions).flatten.uniq
+    end
+
+    def detach
+      DetachedRoleSet.new(self)
+    end
+
+    private
+
+    # Return a list of the permissions granted to any of the agents in the given scope
+    def permissions_for_agents_in_scope(agents, scope)
+      agent(agents).scope(scope).permissions
+    end
+
+    def matches_all?(role)
+      criteria.all? { |key, value| matches_one?(role, key, value) }
+    end
+
+    def matches_one?(role, key, value)
+      Array(value).include?(role.send(key).first)
+    end
+
+  end
+end

data/lib/access_roles/role_type.rb

@@ -0,0 +1,19 @@
+module AccessRoles
+  class RoleType
+
+    attr_reader :title, :description, :permissions
+    alias_method :label, :title
+
+    def initialize(title, description, permissions)
+      @title = title.freeze
+      @description = description.freeze
+      @permissions = permissions.freeze
+      freeze
+    end
+
+    def to_s
+      title
+    end
+
+  end
+end

data/lib/access_roles/role_types.rb

@@ -0,0 +1,48 @@
+module AccessRoles
+  module RoleTypes
+
+    CURATOR = RoleType.new(
+      "Curator",
+      "The Curator role conveys responsibility for curating a resource " \
+      "and delegating responsibilities to other agents.",
+      Permissions::ALL
+    )
+
+    EDITOR = RoleType.new(
+      "Editor",
+      "The Editor role conveys reponsibility for managing the content, " \
+      "description and structural arrangement of a resource.",
+      [ Permissions::READ, Permissions::DOWNLOAD, Permissions::ADD_CHILDREN,
+        Permissions::UPDATE, Permissions::REPLACE, Permissions::ARRANGE ]
+    )
+
+    METADATA_EDITOR = RoleType.new(
+      "MetadataEditor",
+      "The Metadata Editor role conveys responsibility for " \
+      "managing the description of a resource.",
+      [ Permissions::READ, Permissions::DOWNLOAD, Permissions::UPDATE ]
+    )
+
+    CONTRIBUTOR = RoleType.new(
+      "Contributor",
+      "The Contributor role conveys responsibility for adding related " \
+      "resources to a resource, such as works to a collection.",
+      [ Permissions::READ, Permissions::ADD_CHILDREN ]
+    )
+
+    DOWNLOADER = RoleType.new(
+      "Downloader",
+      "The Downloader role conveys access to the \"master\" file " \
+      "(original content bitstream) of a resource.",
+      [ Permissions::READ, Permissions::DOWNLOAD ]
+    )
+
+    VIEWER = RoleType.new(
+      "Viewer",
+      "The Viewer role conveys access to the description and \"access\" " \
+      "files (e.g., derivative bitstreams) of a resource.",
+      [ Permissions::READ ]
+    )
+
+  end
+end

data/lib/access_roles/roles.rb

@@ -0,0 +1,21 @@
+module AccessRoles
+  module Roles
+
+    include RoleTypes
+
+    RESOURCE_SCOPE = "resource".freeze
+    POLICY_SCOPE = "policy".freeze
+    SCOPES = [RESOURCE_SCOPE, POLICY_SCOPE].freeze
+
+    class << self
+      def type_map
+        @type_map ||= role_types.map { |role_type| [role_type.to_s, role_type] }.to_h
+      end
+
+      def role_types
+        @role_types ||= RoleTypes.constants(false).map { |const| RoleTypes.const_get(const) }
+      end
+    end
+
+  end
+end

data/lib/access_roles/roles_vocabulary.rb

@@ -0,0 +1,25 @@
+module AccessRoles
+  class RolesVocabulary < RDF::StrictVocabulary("http://repository.lib.duke.edu/vocab/roles/")
+
+    term :Role,
+         label: "Role",
+         comment: "An assertion of a role granted to an agent."
+
+    property :hasRole,
+             label: "Has Role",
+             comment: "Asserts the granting of a role on the subject to an agent."
+
+    property :type,
+             label: "Type",
+             comment: "The type of role granted to the agent."
+
+    property :agent,
+             label: "Agent",
+             comment: "The agent to whom the role is granted."
+
+    property :scope,
+             label: "Scope",
+             comment: "The scope within which the role applies."
+
+  end
+end

data/lib/access_roles/version.rb

@@ -0,0 +1,3 @@
+module AccessRoles
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: access_roles
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- David Chandek-Stark
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-09-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: active-triples
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+- !ruby/object:Gem::Dependency
+  name: hydra-validations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Access role management library for role-based access control, based on
+  RDF and ActiveTriples.
+email:
+- dchandekstark@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- access_roles.gemspec
+- bin/console
+- bin/setup
+- lib/access_roles.rb
+- lib/access_roles/detached_role_set.rb
+- lib/access_roles/permissions.rb
+- lib/access_roles/property_role_set.rb
+- lib/access_roles/role.rb
+- lib/access_roles/role_set.rb
+- lib/access_roles/role_set_query.rb
+- lib/access_roles/role_type.rb
+- lib/access_roles/role_types.rb
+- lib/access_roles/roles.rb
+- lib/access_roles/roles_vocabulary.rb
+- lib/access_roles/version.rb
+homepage: https://github.com/duke-libraries/access_roles
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Access role management library for role-based access control.
+test_files: []