blacklight-access_controls 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +22 -0
- data/Rakefile +11 -3
- data/VERSION +1 -1
- data/blacklight-access_controls.gemspec +1 -1
- data/lib/blacklight-access_controls.rb +1 -0
- data/lib/blacklight/access_controls.rb +1 -0
- data/lib/blacklight/access_controls/ability.rb +1 -0
- data/lib/blacklight/access_controls/catalog.rb +4 -3
- data/lib/blacklight/access_controls/config.rb +1 -0
- data/lib/blacklight/access_controls/enforcement.rb +9 -0
- data/lib/blacklight/access_controls/permissions_cache.rb +1 -0
- data/lib/blacklight/access_controls/permissions_query.rb +1 -0
- data/lib/blacklight/access_controls/user.rb +1 -0
- data/lib/generators/blacklight/ability.rb +1 -0
- data/lib/generators/blacklight/access_controls_generator.rb +6 -0
- data/lib/generators/blacklight/blacklight_access_controls.rb +16 -0
- data/spec/factories/user.rb +1 -0
- data/spec/spec_helper.rb +1 -0
- data/spec/support/solr_support.rb +1 -0
- data/spec/test_app_templates/lib/generators/test_app_generator.rb +1 -0
- data/spec/unit/ability_spec.rb +1 -0
- data/spec/unit/catalog_spec.rb +1 -0
- data/spec/unit/config_spec.rb +1 -0
- data/spec/unit/enforcement_spec.rb +24 -1
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7e7447f8da715903fc974515f34db237e8ba5653
|
|
4
|
+
data.tar.gz: 6afe65e64d3fc0ee3bb9b8c79279a6167dd5d74c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b4c4174a084bda61d07de209e9b2486a84bed7cd9b714a557f85ffc47bc371fc1aa85241db4155a532622e13a38418ec563f5d4b113707427578b051af9221e0
|
|
7
|
+
data.tar.gz: e5ab41654830f20e8355a51f07b2f6c2ae05dc7aa917bc7e71d31c4ca560490e61fe0cfe00aed1430f0688c1b2778438d454d4a394ad7d0f21c5f6be9e7a00b1
|
data/.travis.yml
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
language: ruby
|
|
2
|
+
sudo: false
|
|
3
|
+
cache:
|
|
4
|
+
directories:
|
|
5
|
+
- /tmp/solr-5.3.0
|
|
6
|
+
|
|
7
|
+
notifications:
|
|
8
|
+
email: false
|
|
9
|
+
|
|
10
|
+
rvm:
|
|
11
|
+
- 2.3.0
|
|
12
|
+
|
|
13
|
+
env:
|
|
14
|
+
- "RAILS_VERSION=4.2.5"
|
|
15
|
+
|
|
16
|
+
notifications:
|
|
17
|
+
irc: "irc.freenode.org#blacklight"
|
|
18
|
+
email:
|
|
19
|
+
- blacklight-commits@googlegroups.com
|
|
20
|
+
|
|
21
|
+
global_env:
|
|
22
|
+
- NOKOGIRI_USE_SYSTEM_LIBRARIES=true
|
data/Rakefile
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
1
|
#!/usr/bin/env rake
|
|
2
|
+
begin
|
|
3
|
+
require 'bundler/setup'
|
|
4
|
+
rescue LoadError
|
|
5
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
Bundler::GemHelper.install_tasks
|
|
2
9
|
|
|
3
10
|
require 'solr_wrapper'
|
|
4
11
|
|
|
@@ -19,14 +26,13 @@ require 'engine_cart/rake_task'
|
|
|
19
26
|
require 'rspec/core/rake_task'
|
|
20
27
|
RSpec::Core::RakeTask.new(:spec)
|
|
21
28
|
|
|
22
|
-
task :
|
|
29
|
+
task default: 'ci'
|
|
23
30
|
|
|
24
31
|
def solr_config_dir
|
|
25
32
|
File.join(File.expand_path(File.dirname(__FILE__)), "solr_conf", "conf")
|
|
26
33
|
end
|
|
27
34
|
|
|
28
35
|
namespace :solr do
|
|
29
|
-
|
|
30
36
|
desc 'Configure solr cores'
|
|
31
37
|
task :config do
|
|
32
38
|
SolrWrapper.wrap do |solr|
|
|
@@ -43,5 +49,7 @@ namespace :solr do
|
|
|
43
49
|
end
|
|
44
50
|
end
|
|
45
51
|
end
|
|
46
|
-
|
|
47
52
|
end
|
|
53
|
+
|
|
54
|
+
desc "Run CI build"
|
|
55
|
+
task ci: ['engine_cart:generate', 'solr:spec']
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.3.0
|
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |gem|
|
|
|
18
18
|
gem.required_ruby_version = '>= 1.9.3'
|
|
19
19
|
|
|
20
20
|
gem.add_dependency 'cancancan', '~> 1.8'
|
|
21
|
-
gem.add_dependency "blacklight", '~>
|
|
21
|
+
gem.add_dependency "blacklight", '~> 6.0'
|
|
22
22
|
|
|
23
23
|
gem.add_development_dependency "rake", '~> 10.1'
|
|
24
24
|
gem.add_development_dependency 'rspec', '~> 3.1'
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
# This is behavior for the catalog controller.
|
|
2
3
|
|
|
3
4
|
module Blacklight
|
|
@@ -7,9 +8,9 @@ module Blacklight
|
|
|
7
8
|
|
|
8
9
|
# Override blacklight to produce a search_builder that has
|
|
9
10
|
# the current ability in context
|
|
10
|
-
def search_builder
|
|
11
|
-
super
|
|
12
|
-
end
|
|
11
|
+
def search_builder
|
|
12
|
+
super.tap { |builder| builder.current_ability = current_ability }
|
|
13
|
+
end
|
|
13
14
|
|
|
14
15
|
# Controller "before" filter for enforcing access controls
|
|
15
16
|
# on show actions.
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
module Blacklight
|
|
2
3
|
module AccessControls
|
|
3
4
|
module Enforcement
|
|
@@ -23,6 +24,14 @@ module Blacklight
|
|
|
23
24
|
@current_ability || raise("current_ability has not been set on #{self}")
|
|
24
25
|
end
|
|
25
26
|
|
|
27
|
+
def except(*)
|
|
28
|
+
super.tap { |new_builder| new_builder.current_ability = current_ability }
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def append(*)
|
|
32
|
+
super.tap { |new_builder| new_builder.current_ability = current_ability }
|
|
33
|
+
end
|
|
34
|
+
|
|
26
35
|
protected
|
|
27
36
|
|
|
28
37
|
def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
module Blacklight
|
|
2
3
|
class AccessControlsGenerator < Rails::Generators::Base
|
|
3
4
|
|
|
@@ -56,5 +57,10 @@ module Blacklight
|
|
|
56
57
|
copy_file 'ability.rb', 'app/models/ability.rb'
|
|
57
58
|
end
|
|
58
59
|
|
|
60
|
+
def add_configuration
|
|
61
|
+
say_status('status', 'ADDING BLACKLIGHT ACCESS CONTROLS CONFIGURATION', :yellow)
|
|
62
|
+
copy_file 'blacklight_access_controls.rb', 'config/initializers/blacklight_access_controls.rb'
|
|
63
|
+
end
|
|
64
|
+
|
|
59
65
|
end
|
|
60
66
|
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
Blacklight::AccessControls.configure do |config|
|
|
3
|
+
# This specifies the solr field names of permissions-related fields.
|
|
4
|
+
# The default fields used are shown below, if you index your permissions to other fields update the configuration below.
|
|
5
|
+
# If you change these, you must also update the permissions request handler in your solrconfig.xml to return those values
|
|
6
|
+
#
|
|
7
|
+
# config.discover_group_field = Solrizer.solr_name("discover_access_group", :symbol)
|
|
8
|
+
# config.discover_user_field = Solrizer.solr_name("discover_access_person", :symbol)
|
|
9
|
+
# config.read_group_field = Solrizer.solr_name("read_access_group", :symbol)
|
|
10
|
+
# config.read_user_field = Solrizer.solr_name("read_access_person", :symbol)
|
|
11
|
+
# config.download_group_field = Solrizer.solr_name("download_access_group", :symbol)
|
|
12
|
+
# config.download_user_field = Solrizer.solr_name("dowload_access_person", :symbol)
|
|
13
|
+
#
|
|
14
|
+
# specify the user model
|
|
15
|
+
# config.user_model = 'User'
|
|
16
|
+
end
|
data/spec/factories/user.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
data/spec/unit/ability_spec.rb
CHANGED
data/spec/unit/catalog_spec.rb
CHANGED
data/spec/unit/config_spec.rb
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
require 'spec_helper'
|
|
2
3
|
|
|
3
4
|
describe Blacklight::AccessControls::Enforcement do
|
|
4
5
|
let(:controller) { CatalogController.new }
|
|
5
6
|
let(:search_builder) { SearchBuilder.new(method_chain, context) }
|
|
6
|
-
let(:method_chain) {
|
|
7
|
+
let(:method_chain) { SearchBuilder.default_processor_chain }
|
|
7
8
|
let(:context) { controller }
|
|
8
9
|
|
|
9
10
|
let(:user) { User.new }
|
|
@@ -63,6 +64,28 @@ describe Blacklight::AccessControls::Enforcement do
|
|
|
63
64
|
end
|
|
64
65
|
end
|
|
65
66
|
|
|
67
|
+
describe "#except" do
|
|
68
|
+
let(:user) { build(:user) }
|
|
69
|
+
let(:ability) { Ability.new(user) }
|
|
70
|
+
before { search_builder.current_ability = ability }
|
|
71
|
+
subject { search_builder.except('foo') }
|
|
72
|
+
|
|
73
|
+
it "keeps the current_ability set" do
|
|
74
|
+
expect(subject.current_ability).to eq ability
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
describe "#append" do
|
|
79
|
+
let(:user) { build(:user) }
|
|
80
|
+
let(:ability) { Ability.new(user) }
|
|
81
|
+
before { search_builder.current_ability = ability }
|
|
82
|
+
subject { search_builder.append('foo') }
|
|
83
|
+
|
|
84
|
+
it "keeps the current_ability set" do
|
|
85
|
+
expect(subject.current_ability).to eq ability
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
66
89
|
describe "apply_gated_discovery" do
|
|
67
90
|
let(:user) { create(:user) }
|
|
68
91
|
let(:groups) { ["archivist","researcher"] }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: blacklight-access_controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2016-01-21 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: cancancan
|
|
@@ -33,14 +33,14 @@ dependencies:
|
|
|
33
33
|
requirements:
|
|
34
34
|
- - "~>"
|
|
35
35
|
- !ruby/object:Gem::Version
|
|
36
|
-
version: '
|
|
36
|
+
version: '6.0'
|
|
37
37
|
type: :runtime
|
|
38
38
|
prerelease: false
|
|
39
39
|
version_requirements: !ruby/object:Gem::Requirement
|
|
40
40
|
requirements:
|
|
41
41
|
- - "~>"
|
|
42
42
|
- !ruby/object:Gem::Version
|
|
43
|
-
version: '
|
|
43
|
+
version: '6.0'
|
|
44
44
|
- !ruby/object:Gem::Dependency
|
|
45
45
|
name: rake
|
|
46
46
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -133,6 +133,7 @@ extensions: []
|
|
|
133
133
|
extra_rdoc_files: []
|
|
134
134
|
files:
|
|
135
135
|
- ".gitignore"
|
|
136
|
+
- ".travis.yml"
|
|
136
137
|
- Gemfile
|
|
137
138
|
- README.textile
|
|
138
139
|
- Rakefile
|
|
@@ -149,6 +150,7 @@ files:
|
|
|
149
150
|
- lib/blacklight/access_controls/user.rb
|
|
150
151
|
- lib/generators/blacklight/ability.rb
|
|
151
152
|
- lib/generators/blacklight/access_controls_generator.rb
|
|
153
|
+
- lib/generators/blacklight/blacklight_access_controls.rb
|
|
152
154
|
- solr_conf/conf/abc123
|
|
153
155
|
- solr_conf/conf/admin-extra.html
|
|
154
156
|
- solr_conf/conf/admin-extra.menu-bottom.html
|