blacklight-access_controls 0.1.0

data/spec/unit/enforcement_spec.rb

@@ -0,0 +1,147 @@
+require 'spec_helper'
+
+describe Blacklight::AccessControls::Enforcement do
+  let(:controller) { CatalogController.new }
+  let(:search_builder) { SearchBuilder.new(method_chain, context) }
+  let(:method_chain) { CatalogController.search_params_logic }
+  let(:context) { controller }
+
+  let(:user) { User.new }
+  let(:ability) { Ability.new(user) }
+
+  subject { search_builder }
+
+  describe "When I am searching for content" do
+    before do
+      @solr_parameters = {}
+    end
+
+    context "Given I am not logged in" do
+      before do
+        subject.current_ability = ability
+        subject.send(:apply_gated_discovery, @solr_parameters)
+      end
+
+      it "Then I should be treated as a member of the 'public' group" do
+        expect(@solr_parameters[:fq].first).to eq 'discover_access_group_ssim:public OR read_access_group_ssim:public'
+      end
+
+      it "Then I should not be treated as a member of the 'registered' group" do
+        expect(@solr_parameters[:fq].first).to_not match(/registered/)
+      end
+    end
+
+    context "Given I am a registered user" do
+      let(:user) { create(:user) }
+
+      before do
+        allow(user).to receive(:groups) { ["faculty", "africana-faculty"] }
+        subject.current_ability = Ability.new(user)
+        subject.send(:apply_gated_discovery, @solr_parameters)
+      end
+
+      it "Then I should be treated as a member of the 'public' and 'registered' groups" do
+        ["discover","read"].each do |type|
+          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:public/)
+          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:registered/)
+        end
+      end
+
+      it "Then I should see assets that I have discover or read access to" do
+        ["discover","read"].each do |type|
+          expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{user.user_key}/)
+        end
+      end
+
+      it "Then I should see assets that my groups have discover or read access to" do
+        ["faculty", "africana-faculty"].each do |group_id|
+          ["discover","read"].each do |type|
+            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:#{group_id}/)
+          end
+        end
+      end
+    end
+  end
+
+  describe "apply_gated_discovery" do
+    let(:user) { create(:user) }
+    let(:groups) { ["archivist","researcher"] }
+
+    before do
+      allow(user).to receive(:groups) { groups }
+      subject.current_ability = Ability.new(user)
+      @solr_parameters = {}
+    end
+
+    it "should set query fields for the user id checking against the discover, read fields" do
+      subject.send(:apply_gated_discovery, @solr_parameters)
+      ["discover","read"].each do |type|
+        expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{user.user_key}/)
+      end
+    end
+
+    it "should set query fields for all roles the user is a member of checking against the discover, read fields" do
+      subject.send(:apply_gated_discovery, @solr_parameters)
+      ["discover","read"].each do |type|
+        expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:archivist/)
+        expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:researcher/)
+      end
+    end
+
+    context 'slashes in the group names' do
+      let(:groups) { ["abc/123","cde/567"] }
+
+      it "should escape slashes" do
+        subject.send(:apply_gated_discovery, @solr_parameters)
+        ["discover","read"].each do |type|
+          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\\/123/)
+            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\\/567/)
+        end
+      end
+    end
+
+    context 'spaces in the group names' do
+      let(:groups) { ["abc 123","cd/e 567"] }
+
+      it "should escape spaces" do
+        subject.send(:apply_gated_discovery, @solr_parameters)
+        ["discover","read"].each do |type|
+          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\ 123/)
+            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cd\\\/e\\ 567/)
+        end
+      end
+    end
+
+    context 'colons in the groups names' do
+      let(:groups) { ["abc:123","cde:567"] }
+
+      it "should escape colons" do
+        subject.send(:apply_gated_discovery, @solr_parameters)
+        ["discover","read"].each do |type|
+          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\:123/)
+            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\:567/)
+        end
+      end
+    end
+  end
+
+  describe "apply_user_permissions" do
+    describe "when the user is a guest user (user key nil)" do
+      before { subject.current_ability = ability }
+
+      it "should not create filters" do
+        expect(subject.send(:apply_user_permissions, ["discover","read"])).to eq []
+      end
+    end
+
+    describe "when the user is a guest user (user key empty string)" do
+      let(:user) { User.new(email: '') }
+      before { subject.current_ability = ability }
+
+      it "should not create filters" do
+        expect(subject.send(:apply_user_permissions, ["discover","read"])).to eq []
+      end
+    end
+  end
+
+end

metadata

@@ -0,0 +1,265 @@
+--- !ruby/object:Gem::Specification
+name: blacklight-access_controls
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Chris Beer
+- Justin Coyne
+- Matt Zumwalt
+- Valerie Maher
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-12-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: blacklight
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.1'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: engine_cart
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: solr_wrapper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Access controls for blacklight-based applications
+email:
+- blacklight-development@googlegroups.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.textile
+- Rakefile
+- VERSION
+- blacklight-access_controls.gemspec
+- lib/blacklight-access_controls.rb
+- lib/blacklight/access_controls.rb
+- lib/blacklight/access_controls/ability.rb
+- lib/blacklight/access_controls/catalog.rb
+- lib/blacklight/access_controls/config.rb
+- lib/blacklight/access_controls/enforcement.rb
+- lib/blacklight/access_controls/permissions_cache.rb
+- lib/blacklight/access_controls/permissions_query.rb
+- lib/blacklight/access_controls/permissions_solr_document.rb
+- lib/blacklight/access_controls/user.rb
+- lib/generators/blacklight/ability.rb
+- lib/generators/blacklight/access_controls_generator.rb
+- solr_conf/conf/abc123
+- solr_conf/conf/admin-extra.html
+- solr_conf/conf/admin-extra.menu-bottom.html
+- solr_conf/conf/admin-extra.menu-top.html
+- solr_conf/conf/clustering/carrot2/kmeans-attributes.xml
+- solr_conf/conf/clustering/carrot2/lingo-attributes.xml
+- solr_conf/conf/clustering/carrot2/stc-attributes.xml
+- solr_conf/conf/currency.xml
+- solr_conf/conf/dataimport.properties
+- solr_conf/conf/db-data-config.xml
+- solr_conf/conf/elevate.xml
+- solr_conf/conf/lang/contractions_ca.txt
+- solr_conf/conf/lang/contractions_fr.txt
+- solr_conf/conf/lang/contractions_ga.txt
+- solr_conf/conf/lang/contractions_it.txt
+- solr_conf/conf/lang/hyphenations_ga.txt
+- solr_conf/conf/lang/stemdict_nl.txt
+- solr_conf/conf/lang/stoptags_ja.txt
+- solr_conf/conf/lang/stopwords_ar.txt
+- solr_conf/conf/lang/stopwords_bg.txt
+- solr_conf/conf/lang/stopwords_ca.txt
+- solr_conf/conf/lang/stopwords_ckb.txt
+- solr_conf/conf/lang/stopwords_cz.txt
+- solr_conf/conf/lang/stopwords_da.txt
+- solr_conf/conf/lang/stopwords_de.txt
+- solr_conf/conf/lang/stopwords_el.txt
+- solr_conf/conf/lang/stopwords_en.txt
+- solr_conf/conf/lang/stopwords_es.txt
+- solr_conf/conf/lang/stopwords_eu.txt
+- solr_conf/conf/lang/stopwords_fa.txt
+- solr_conf/conf/lang/stopwords_fi.txt
+- solr_conf/conf/lang/stopwords_fr.txt
+- solr_conf/conf/lang/stopwords_ga.txt
+- solr_conf/conf/lang/stopwords_gl.txt
+- solr_conf/conf/lang/stopwords_hi.txt
+- solr_conf/conf/lang/stopwords_hu.txt
+- solr_conf/conf/lang/stopwords_hy.txt
+- solr_conf/conf/lang/stopwords_id.txt
+- solr_conf/conf/lang/stopwords_it.txt
+- solr_conf/conf/lang/stopwords_ja.txt
+- solr_conf/conf/lang/stopwords_lv.txt
+- solr_conf/conf/lang/stopwords_nl.txt
+- solr_conf/conf/lang/stopwords_no.txt
+- solr_conf/conf/lang/stopwords_pt.txt
+- solr_conf/conf/lang/stopwords_ro.txt
+- solr_conf/conf/lang/stopwords_ru.txt
+- solr_conf/conf/lang/stopwords_sv.txt
+- solr_conf/conf/lang/stopwords_th.txt
+- solr_conf/conf/lang/stopwords_tr.txt
+- solr_conf/conf/lang/userdict_ja.txt
+- solr_conf/conf/mapping-FoldToASCII.txt
+- solr_conf/conf/mapping-ISOLatin1Accent.txt
+- solr_conf/conf/protwords.txt
+- solr_conf/conf/schema.blacklight.xml
+- solr_conf/conf/schema.xml
+- solr_conf/conf/schema.xml.orig
+- solr_conf/conf/solrconfig.adams.xml
+- solr_conf/conf/solrconfig.blacklight.xml
+- solr_conf/conf/solrconfig.old.xml
+- solr_conf/conf/solrconfig.xml
+- solr_conf/conf/solrconfig.xml.orig
+- solr_conf/conf/spellings.txt
+- solr_conf/conf/stopwords.txt
+- solr_conf/conf/synonyms.txt
+- solr_conf/conf/update-script.js
+- solr_conf/conf/xslt/example.xsl
+- solr_conf/conf/xslt/example_atom.xsl
+- solr_conf/conf/xslt/example_rss.xsl
+- solr_conf/conf/xslt/luke.xsl
+- solr_conf/conf/xslt/updateXml.xsl
+- spec/factories/user.rb
+- spec/spec_helper.rb
+- spec/support/solr_support.rb
+- spec/test_app_templates/blacklight.yml
+- spec/test_app_templates/lib/generators/test_app_generator.rb
+- spec/unit/ability_spec.rb
+- spec/unit/catalog_spec.rb
+- spec/unit/config_spec.rb
+- spec/unit/enforcement_spec.rb
+homepage: https://github.com/projectblacklight/blacklight-access_controls
+licenses:
+- APACHE2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Access controls for blacklight-based applications
+test_files:
+- spec/factories/user.rb
+- spec/spec_helper.rb
+- spec/support/solr_support.rb
+- spec/test_app_templates/blacklight.yml
+- spec/test_app_templates/lib/generators/test_app_generator.rb
+- spec/unit/ability_spec.rb
+- spec/unit/catalog_spec.rb
+- spec/unit/config_spec.rb
+- spec/unit/enforcement_spec.rb