blacklight-access_controls 0.6.1 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +20 -0
- data/Gemfile +2 -2
- data/VERSION +1 -1
- data/blacklight-access_controls.gemspec +17 -17
- data/lib/blacklight-access_controls.rb +1 -0
- data/lib/blacklight/access_controls.rb +1 -0
- data/lib/blacklight/access_controls/ability.rb +2 -1
- data/lib/blacklight/access_controls/catalog.rb +1 -0
- data/lib/blacklight/access_controls/config.rb +1 -0
- data/lib/blacklight/access_controls/enforcement.rb +2 -1
- data/lib/blacklight/access_controls/permissions_cache.rb +1 -0
- data/lib/blacklight/access_controls/permissions_query.rb +3 -2
- data/lib/blacklight/access_controls/user.rb +1 -0
- data/lib/generators/blacklight/ability.rb +1 -0
- data/lib/generators/blacklight/access_controls_generator.rb +1 -0
- data/lib/generators/blacklight/blacklight_access_controls.rb +1 -0
- data/spec/factories/user.rb +1 -0
- data/spec/spec_helper.rb +1 -0
- data/spec/support/solr_support.rb +1 -0
- data/spec/test_app_templates/lib/generators/test_app_generator.rb +1 -0
- data/spec/unit/ability_spec.rb +81 -59
- data/spec/unit/catalog_spec.rb +2 -0
- data/spec/unit/config_spec.rb +1 -0
- data/spec/unit/enforcement_spec.rb +4 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c08621f2787c992b840763f78bfbbd0da777c238
|
4
|
+
data.tar.gz: 9a0333f2b7a1f34835afeb65e24e08465b595845
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 894505d49a44f7dfa2ae0e993314f086da84add4dd7aa1bcb578fedd2333ee01c9a55f783b1a682cb840f1cb450a19e6ffffc03bfab4052f3c195471961a5d55
|
7
|
+
data.tar.gz: 5bbe9d38b52bf2d19e5da972a8a895bc985a2761ee1b263205198239d03c2294413e10b64d92b5978a14f3942b6f3ef553955911661ec36555d6611fb0b859fa
|
data/.rubocop.yml
CHANGED
@@ -8,8 +8,28 @@ AllCops:
|
|
8
8
|
Exclude:
|
9
9
|
- '.internal_test_app/**/*'
|
10
10
|
|
11
|
+
Bundler/DuplicatedGem:
|
12
|
+
Enabled: false
|
13
|
+
|
14
|
+
Style/FileName:
|
15
|
+
Exclude:
|
16
|
+
- 'Gemfile'
|
17
|
+
- 'blacklight-access_controls.gemspec'
|
18
|
+
- 'lib/blacklight-access_controls.rb'
|
19
|
+
|
20
|
+
Style/MixinGrouping:
|
21
|
+
Enabled: false # pending fix of https://github.com/bbatsov/rubocop/issues/4172
|
22
|
+
|
11
23
|
Rails:
|
12
24
|
Enabled: true
|
13
25
|
|
26
|
+
Metrics/BlockLength:
|
27
|
+
Exclude:
|
28
|
+
- 'spec/**/*'
|
29
|
+
|
14
30
|
Metrics/LineLength:
|
15
31
|
Max: 185
|
32
|
+
|
33
|
+
RSpec/MessageSpies:
|
34
|
+
Enabled: false
|
35
|
+
|
data/Gemfile
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
source
|
1
|
+
source 'https://rubygems.org'
|
2
2
|
|
3
3
|
# Specify gem dependencies in blacklight-access_controls.gemspec
|
4
4
|
gemspec
|
@@ -29,9 +29,9 @@ else
|
|
29
29
|
|
30
30
|
case ENV['RAILS_VERSION']
|
31
31
|
when /^4.2/
|
32
|
+
gem 'coffee-rails', '~> 4.1.0'
|
32
33
|
gem 'responders', '~> 2.0'
|
33
34
|
gem 'sass-rails', '>= 5.0'
|
34
|
-
gem 'coffee-rails', '~> 4.1.0'
|
35
35
|
when /^4.[01]/
|
36
36
|
gem 'sass-rails', '< 5.0'
|
37
37
|
end
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.6.
|
1
|
+
0.6.2
|
@@ -1,32 +1,32 @@
|
|
1
|
-
version = File.read(File.expand_path(
|
1
|
+
version = File.read(File.expand_path('../VERSION', __FILE__)).strip
|
2
2
|
|
3
3
|
Gem::Specification.new do |gem|
|
4
|
-
gem.name =
|
4
|
+
gem.name = 'blacklight-access_controls'
|
5
5
|
|
6
|
-
gem.description =
|
7
|
-
gem.summary =
|
8
|
-
gem.homepage =
|
9
|
-
gem.email = [
|
10
|
-
gem.authors = [
|
6
|
+
gem.description = 'Access controls for blacklight-based applications'
|
7
|
+
gem.summary = 'Access controls for blacklight-based applications'
|
8
|
+
gem.homepage = 'https://github.com/projectblacklight/blacklight-access_controls'
|
9
|
+
gem.email = ['blacklight-development@googlegroups.com']
|
10
|
+
gem.authors = ['Chris Beer', 'Justin Coyne', 'Matt Zumwalt', 'Valerie Maher']
|
11
11
|
|
12
|
-
gem.files = `git ls-files`.split(
|
12
|
+
gem.files = `git ls-files`.split($OUTPUT_RECORD_SEPARATOR)
|
13
13
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
14
|
-
gem.require_paths = [
|
14
|
+
gem.require_paths = ['lib']
|
15
15
|
gem.version = version
|
16
|
-
gem.license =
|
16
|
+
gem.license = 'APACHE2'
|
17
17
|
|
18
18
|
gem.required_ruby_version = '>= 1.9.3'
|
19
19
|
|
20
20
|
gem.add_dependency 'cancancan', '~> 1.8'
|
21
|
-
gem.add_dependency
|
22
|
-
gem.add_dependency
|
21
|
+
gem.add_dependency 'blacklight', '~> 6.0'
|
22
|
+
gem.add_dependency 'deprecation', '~> 1.0'
|
23
23
|
|
24
|
-
gem.add_development_dependency
|
24
|
+
gem.add_development_dependency 'rake', '~> 11.3'
|
25
25
|
gem.add_development_dependency 'rspec', '~> 3.1'
|
26
|
-
gem.add_development_dependency
|
27
|
-
gem.add_development_dependency
|
28
|
-
gem.add_development_dependency
|
29
|
-
gem.add_development_dependency
|
26
|
+
gem.add_development_dependency 'engine_cart', '~> 1.0'
|
27
|
+
gem.add_development_dependency 'solr_wrapper'
|
28
|
+
gem.add_development_dependency 'factory_girl_rails', '~> 4.0'
|
29
|
+
gem.add_development_dependency 'database_cleaner'
|
30
30
|
gem.add_development_dependency 'rubocop'
|
31
31
|
gem.add_development_dependency 'rubocop-rspec'
|
32
32
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'cancan'
|
3
4
|
|
4
5
|
module Blacklight
|
@@ -14,7 +15,7 @@ module Blacklight
|
|
14
15
|
# permission methods to ability_logic, like so:
|
15
16
|
# self.ability_logic += [:setup_my_permissions]
|
16
17
|
class_attribute :ability_logic
|
17
|
-
self.ability_logic =
|
18
|
+
self.ability_logic = %i(discover_permissions read_permissions download_permissions)
|
18
19
|
end
|
19
20
|
|
20
21
|
def initialize(user, options = {})
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
module Blacklight
|
3
4
|
module AccessControls
|
4
5
|
# Attributes and methods used to restrict access via Solr.
|
@@ -21,7 +22,7 @@ module Blacklight
|
|
21
22
|
class_attribute :solr_access_filters_logic
|
22
23
|
alias_method :add_access_controls_to_solr_params, :apply_gated_discovery
|
23
24
|
|
24
|
-
self.solr_access_filters_logic =
|
25
|
+
self.solr_access_filters_logic = %i(apply_group_permissions apply_user_permissions)
|
25
26
|
|
26
27
|
# Apply appropriate access controls to all solr queries
|
27
28
|
self.default_processor_chain += [:add_access_controls_to_solr_params] if respond_to?(:default_processor_chain)
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
module Blacklight::AccessControls
|
3
4
|
module PermissionsQuery
|
4
5
|
extend ActiveSupport::Concern
|
@@ -24,12 +25,12 @@ module Blacklight::AccessControls
|
|
24
25
|
# @param [String] id of the documetn to retrieve
|
25
26
|
# @param [Hash] extra_controller_params (optional)
|
26
27
|
def get_permissions_solr_response_for_doc_id(id = nil, extra_controller_params = {})
|
27
|
-
raise Blacklight::Exceptions::
|
28
|
+
raise Blacklight::Exceptions::RecordNotFound, 'The application is trying to retrieve permissions without specifying an asset id' if id.nil?
|
28
29
|
solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
|
29
30
|
response = Blacklight.default_index.connection.get('select', params: solr_opts)
|
30
31
|
solr_response = Blacklight::Solr::Response.new(response, solr_opts, document_model: permissions_document_class)
|
31
32
|
|
32
|
-
raise Blacklight::Exceptions::
|
33
|
+
raise Blacklight::Exceptions::RecordNotFound, "The solr permissions search handler didn't return anything for id \"#{id}\"" if solr_response.docs.empty?
|
33
34
|
solr_response.docs.first
|
34
35
|
end
|
35
36
|
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
Blacklight::AccessControls.configure do |config|
|
3
4
|
# This specifies the solr field names of permissions-related fields.
|
4
5
|
# The default fields used are shown below, if you index your permissions to other fields update the configuration below.
|
data/spec/factories/user.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
data/spec/unit/ability_spec.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
require 'cancan/matchers'
|
3
4
|
|
4
5
|
describe Ability do
|
@@ -21,35 +22,37 @@ describe Ability do
|
|
21
22
|
|
22
23
|
context 'Then a not-signed-in user' do
|
23
24
|
let(:user) { nil }
|
25
|
+
|
24
26
|
subject { ability }
|
25
27
|
|
26
|
-
it {
|
27
|
-
it {
|
28
|
-
it {
|
28
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
29
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
30
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
29
31
|
end
|
30
32
|
|
31
33
|
context 'Then a registered user' do
|
32
34
|
let(:user) { create(:user) }
|
35
|
+
|
33
36
|
subject { ability }
|
34
37
|
|
35
|
-
it {
|
36
|
-
it {
|
37
|
-
it {
|
38
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
39
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
40
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
38
41
|
end
|
39
42
|
|
40
43
|
context 'With an ID instead of a SolrDocument' do
|
41
|
-
let(:user) { create(:user) }
|
42
44
|
subject { ability }
|
43
45
|
|
46
|
+
let(:user) { create(:user) }
|
44
47
|
let(:asset) {
|
45
48
|
create_solr_doc(id: 'public_discovery',
|
46
49
|
discover_access_group_ssim: ['public'])
|
47
50
|
}
|
48
51
|
|
49
52
|
# It should still work, even if we just pass in an ID
|
50
|
-
it {
|
51
|
-
it {
|
52
|
-
it {
|
53
|
+
it { is_expected.to be_able_to(:discover, asset.id) }
|
54
|
+
it { is_expected.not_to be_able_to(:read, asset.id) }
|
55
|
+
it { is_expected.not_to be_able_to(:download, asset.id) }
|
53
56
|
end
|
54
57
|
end
|
55
58
|
|
@@ -59,35 +62,37 @@ describe Ability do
|
|
59
62
|
|
60
63
|
context 'Then a not-signed-in user' do
|
61
64
|
let(:user) { nil }
|
65
|
+
|
62
66
|
subject { ability }
|
63
67
|
|
64
|
-
it {
|
65
|
-
it {
|
66
|
-
it {
|
68
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
69
|
+
it { is_expected.to be_able_to(:read, asset) }
|
70
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
67
71
|
end
|
68
72
|
|
69
73
|
context 'Then a registered user' do
|
70
74
|
let(:user) { create(:user) }
|
75
|
+
|
71
76
|
subject { ability }
|
72
77
|
|
73
|
-
it {
|
74
|
-
it {
|
75
|
-
it {
|
78
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
79
|
+
it { is_expected.to be_able_to(:read, asset) }
|
80
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
76
81
|
end
|
77
82
|
|
78
83
|
context 'With an ID instead of a SolrDocument' do
|
79
|
-
let(:user) { create(:user) }
|
80
84
|
subject { ability }
|
81
85
|
|
86
|
+
let(:user) { create(:user) }
|
82
87
|
let(:asset) {
|
83
88
|
create_solr_doc(id: 'public_read',
|
84
89
|
read_access_group_ssim: ['public'])
|
85
90
|
}
|
86
91
|
|
87
92
|
# It should still work, even if we just pass in an ID
|
88
|
-
it {
|
89
|
-
it {
|
90
|
-
it {
|
93
|
+
it { is_expected.to be_able_to(:discover, asset.id) }
|
94
|
+
it { is_expected.to be_able_to(:read, asset.id) }
|
95
|
+
it { is_expected.not_to be_able_to(:download, asset.id) }
|
91
96
|
end
|
92
97
|
end
|
93
98
|
|
@@ -98,35 +103,37 @@ describe Ability do
|
|
98
103
|
|
99
104
|
context 'Then a not-signed-in user' do
|
100
105
|
let(:user) { nil }
|
106
|
+
|
101
107
|
subject { ability }
|
102
108
|
|
103
|
-
it {
|
104
|
-
it {
|
105
|
-
it {
|
109
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
110
|
+
it { is_expected.to be_able_to(:read, asset) }
|
111
|
+
it { is_expected.to be_able_to(:download, asset) }
|
106
112
|
end
|
107
113
|
|
108
114
|
context 'Then a registered user' do
|
109
|
-
let(:user) { create(:user) }
|
110
115
|
subject { ability }
|
111
116
|
|
112
|
-
|
113
|
-
|
114
|
-
it {
|
117
|
+
let(:user) { create(:user) }
|
118
|
+
|
119
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
120
|
+
it { is_expected.to be_able_to(:read, asset) }
|
121
|
+
it { is_expected.to be_able_to(:download, asset) }
|
115
122
|
end
|
116
123
|
|
117
124
|
context 'With an ID instead of a record' do
|
118
|
-
let(:user) { create(:user) }
|
119
125
|
subject { ability }
|
120
126
|
|
127
|
+
let(:user) { create(:user) }
|
121
128
|
let(:asset) {
|
122
129
|
create_solr_doc(id: id,
|
123
130
|
download_access_group_ssim: ['public'])
|
124
131
|
}
|
125
132
|
|
126
133
|
# It should still work, even if we just pass in an ID
|
127
|
-
it {
|
128
|
-
it {
|
129
|
-
it {
|
134
|
+
it { is_expected.to be_able_to(:discover, asset.id) }
|
135
|
+
it { is_expected.to be_able_to(:read, asset.id) }
|
136
|
+
it { is_expected.to be_able_to(:download, asset.id) }
|
130
137
|
end
|
131
138
|
end
|
132
139
|
|
@@ -136,29 +143,32 @@ describe Ability do
|
|
136
143
|
|
137
144
|
context 'Then a not-signed-in user' do
|
138
145
|
let(:user) { nil }
|
146
|
+
|
139
147
|
subject { ability }
|
140
148
|
|
141
|
-
it {
|
142
|
-
it {
|
143
|
-
it {
|
149
|
+
it { is_expected.not_to be_able_to(:discover, asset) }
|
150
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
151
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
144
152
|
end
|
145
153
|
|
146
154
|
context 'Then a different registered user' do
|
147
155
|
let(:user) { create(:user) }
|
156
|
+
|
148
157
|
subject { ability }
|
149
158
|
|
150
|
-
it {
|
151
|
-
it {
|
152
|
-
it {
|
159
|
+
it { is_expected.not_to be_able_to(:discover, asset) }
|
160
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
161
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
153
162
|
end
|
154
163
|
|
155
164
|
context 'Then that user' do
|
156
165
|
let(:user) { user_with_access }
|
166
|
+
|
157
167
|
subject { ability }
|
158
168
|
|
159
|
-
it {
|
160
|
-
it {
|
161
|
-
it {
|
169
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
170
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
171
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
162
172
|
end
|
163
173
|
end
|
164
174
|
|
@@ -168,29 +178,32 @@ describe Ability do
|
|
168
178
|
|
169
179
|
context 'Then a not-signed-in user' do
|
170
180
|
let(:user) { nil }
|
181
|
+
|
171
182
|
subject { ability }
|
172
183
|
|
173
|
-
it {
|
174
|
-
it {
|
175
|
-
it {
|
184
|
+
it { is_expected.not_to be_able_to(:discover, asset) }
|
185
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
186
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
176
187
|
end
|
177
188
|
|
178
189
|
context 'Then a different registered user' do
|
179
190
|
let(:user) { create(:user) }
|
191
|
+
|
180
192
|
subject { ability }
|
181
193
|
|
182
|
-
it {
|
183
|
-
it {
|
184
|
-
it {
|
194
|
+
it { is_expected.not_to be_able_to(:discover, asset) }
|
195
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
196
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
185
197
|
end
|
186
198
|
|
187
199
|
context 'Then that user' do
|
188
200
|
let(:user) { user_with_access }
|
201
|
+
|
189
202
|
subject { ability }
|
190
203
|
|
191
|
-
it {
|
192
|
-
it {
|
193
|
-
it {
|
204
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
205
|
+
it { is_expected.to be_able_to(:read, asset) }
|
206
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
194
207
|
end
|
195
208
|
end
|
196
209
|
|
@@ -200,39 +213,44 @@ describe Ability do
|
|
200
213
|
|
201
214
|
context 'Then a not-signed-in user' do
|
202
215
|
let(:user) { nil }
|
216
|
+
|
203
217
|
subject { ability }
|
204
218
|
|
205
|
-
it {
|
206
|
-
it {
|
207
|
-
it {
|
219
|
+
it { is_expected.not_to be_able_to(:discover, asset) }
|
220
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
221
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
208
222
|
end
|
209
223
|
|
210
224
|
context 'Then a different registered user' do
|
211
225
|
let(:user) { create(:user) }
|
226
|
+
|
212
227
|
subject { ability }
|
213
228
|
|
214
|
-
it {
|
215
|
-
it {
|
216
|
-
it {
|
229
|
+
it { is_expected.not_to be_able_to(:discover, asset) }
|
230
|
+
it { is_expected.not_to be_able_to(:read, asset) }
|
231
|
+
it { is_expected.not_to be_able_to(:download, asset) }
|
217
232
|
end
|
218
233
|
|
219
234
|
context 'Then that user' do
|
220
235
|
let(:user) { user_with_access }
|
236
|
+
|
221
237
|
subject { ability }
|
222
238
|
|
223
|
-
it {
|
224
|
-
it {
|
225
|
-
it {
|
239
|
+
it { is_expected.to be_able_to(:discover, asset) }
|
240
|
+
it { is_expected.to be_able_to(:read, asset) }
|
241
|
+
it { is_expected.to be_able_to(:download, asset) }
|
226
242
|
end
|
227
243
|
end
|
228
244
|
|
229
245
|
describe '.user_class' do
|
230
246
|
subject { Blacklight::AccessControls::Ability.user_class }
|
247
|
+
|
231
248
|
it { is_expected.to eq User }
|
232
249
|
end
|
233
250
|
|
234
251
|
describe '#guest_user' do
|
235
252
|
let(:user) { nil }
|
253
|
+
|
236
254
|
subject { ability.guest_user }
|
237
255
|
|
238
256
|
it 'is a new user' do
|
@@ -246,22 +264,26 @@ describe Ability do
|
|
246
264
|
|
247
265
|
context 'an unregistered user' do
|
248
266
|
let(:user) { build(:user) }
|
267
|
+
|
249
268
|
it { is_expected.to contain_exactly('public') }
|
250
269
|
end
|
251
270
|
|
252
271
|
context 'a registered user' do
|
253
272
|
let(:user) { create(:user) }
|
273
|
+
|
254
274
|
it { is_expected.to contain_exactly('registered', 'public') }
|
255
275
|
end
|
256
276
|
|
257
277
|
context 'a user with groups' do
|
258
278
|
let(:user) { double(groups: %w(group1 group2), new_record?: false) }
|
279
|
+
|
259
280
|
it { is_expected.to include('group1', 'group2') }
|
260
281
|
end
|
261
282
|
end
|
262
283
|
|
263
284
|
describe 'with a custom method' do
|
264
285
|
let(:user) { create(:user) }
|
286
|
+
|
265
287
|
subject { MyAbility.new(user) }
|
266
288
|
|
267
289
|
before do
|
@@ -280,6 +302,6 @@ describe Ability do
|
|
280
302
|
end
|
281
303
|
|
282
304
|
# Make sure it called the custom method
|
283
|
-
it {
|
305
|
+
it { is_expected.to be_able_to(:accept, SolrDocument) }
|
284
306
|
end
|
285
307
|
end
|
data/spec/unit/catalog_spec.rb
CHANGED
@@ -1,9 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
describe Blacklight::AccessControls::Catalog do
|
3
4
|
let(:controller) { CatalogController.new }
|
4
5
|
|
5
6
|
describe '#enforce_show_permissions' do
|
6
7
|
subject { controller.send(:enforce_show_permissions) }
|
8
|
+
|
7
9
|
let(:params) { { id: doc.id } }
|
8
10
|
|
9
11
|
before do
|
data/spec/unit/config_spec.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
class MyController # < ApplicationController
|
3
4
|
include Blacklight::AccessControls::Enforcement
|
4
5
|
end
|
@@ -11,6 +12,7 @@ describe Blacklight::AccessControls::Enforcement do
|
|
11
12
|
end
|
12
13
|
let(:user) { User.new }
|
13
14
|
let(:ability) { Ability.new(user) }
|
15
|
+
|
14
16
|
subject { controller }
|
15
17
|
|
16
18
|
describe '#discovery_permissions' do
|
@@ -33,10 +35,10 @@ describe Blacklight::AccessControls::Enforcement do
|
|
33
35
|
solr_parameters[:fq].first
|
34
36
|
end
|
35
37
|
|
36
|
-
# rubocop:disable RSpec/MessageExpectation
|
37
38
|
describe 'logger' do
|
38
39
|
# Expectation will be triggered by Ability class (that calls Rails.logger.debug earlier). So we double Ability to avoid false positive.
|
39
40
|
let(:ability) { instance_double(Ability, user_groups: [], current_user: user) }
|
41
|
+
|
40
42
|
it 'is called with debug' do
|
41
43
|
expect(Rails.logger).to receive(:debug).with(/^Solr parameters/)
|
42
44
|
controller.send(:apply_gated_discovery, {})
|
@@ -114,6 +116,7 @@ describe Blacklight::AccessControls::Enforcement do
|
|
114
116
|
|
115
117
|
describe 'when the user is a guest user (user key empty string)' do
|
116
118
|
let(:user) { User.new(email: '') }
|
119
|
+
|
117
120
|
it 'does not create filters' do
|
118
121
|
expect(subject.send(:apply_user_permissions, %w(discover read))).to eq []
|
119
122
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: blacklight-access_controls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Beer
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2017-03-28 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: cancancan
|
@@ -296,7 +296,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
296
296
|
version: '0'
|
297
297
|
requirements: []
|
298
298
|
rubyforge_project:
|
299
|
-
rubygems_version: 2.
|
299
|
+
rubygems_version: 2.6.10
|
300
300
|
signing_key:
|
301
301
|
specification_version: 4
|
302
302
|
summary: Access controls for blacklight-based applications
|