blacklight-access_controls 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ffbb2c368a44b27a8f4f2f2d8a1dcaf9e852d1d2
-  data.tar.gz: 8bbce1c96b6dc86e87bdc34e0ee0fb38d3fd1a29
+  metadata.gz: df1f39af20b67cfc2e2c67c604b555349db0974f
+  data.tar.gz: fff1a1c47059217f4469cc263407787f12a66cd4
 SHA512:
-  metadata.gz: 609ee8e41330854b9e56b63739244696f50d2caf110117cf6581b974ad25a4e5526e9aebece6d51774f81c816cda17fbaa6ef5d9b1eb6db375eacf817125b751
-  data.tar.gz: dab7487a3bb03d5bd9133f91e9a4cb1650e43a371adf08fdd22d8ff961619c8629aeb1f7174f2f11cdf1455649d275bf669c981b12cfe224de25283bb163f4a7
+  metadata.gz: 4744d9de092e65196a7a3a7be04981496fff4277eb2fb48cfad7efb14ae2b6878c14562cd40149e95b812c2b7c28e8c97e6ac56ea92600281a6482bdbe541fb3
+  data.tar.gz: a42057263e9c5cd3fe599f4f833b0a18b0a26891fd0f31f64bd4d38ce39ec7043d0a6c590a9543477ff67e2e5cf00488c321c309b8e4364b93e3fc1be32926e4

data/VERSION

@@ -1 +1 @@
-0.4.1
+0.5.0

data/lib/blacklight/access_controls/enforcement.rb

@@ -68,13 +68,12 @@ module Blacklight
 
       def apply_group_permissions(permission_types, ability = current_ability)
         # for groups
-        user_access_filters = []
-        ability.user_groups.each_with_index do |group, i|
-          permission_types.each do |type|
-            user_access_filters << escape_filter(solr_field_for(type, 'group'), group)
-          end
+        permission_types.map do |type|
+          field = solr_field_for(type, 'group')
+          groups = ability.user_groups.map { |g| escape_value(g) }
+          # The parens are required to properly OR the cases together.
+          "({!terms f=#{field}}#{groups.join(',')})"
         end
-        user_access_filters
       end
 
       def apply_user_permissions(permission_types, ability = current_ability)
@@ -97,9 +96,12 @@ module Blacklight
       end
 
       def escape_filter(key, value)
-        [key, value.gsub(/[ :\/]/, ' ' => '\ ', '/' => '\/', ':' => '\:')].join(':')
+        [key, escape_value(value)].join(':')
       end
 
+      def escape_value(value)
+        RSolr.solr_escape(value).gsub(/ /, '\ ')
+      end
     end
   end
 end

data/spec/unit/enforcement_spec.rb

@@ -27,7 +27,7 @@ describe Blacklight::AccessControls::Enforcement do
       end
 
       it "Then I should be treated as a member of the 'public' group" do
-        expect(@solr_parameters[:fq].first).to eq 'discover_access_group_ssim:public OR read_access_group_ssim:public'
+        expect(@solr_parameters[:fq].first).to eq '({!terms f=discover_access_group_ssim}public) OR ({!terms f=read_access_group_ssim}public)'
       end
 
       it "Then I should not be treated as a member of the 'registered' group" do
@@ -46,26 +46,16 @@ describe Blacklight::AccessControls::Enforcement do
         subject.send(:apply_gated_discovery, @solr_parameters)
       end
 
-      it "Then I should be treated as a member of the 'public' and 'registered' groups" do
-        ["discover","read"].each do |type|
-          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:public/)
-          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:registered/)
-        end
+      it "searches for my groups" do
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=discover_access_group_ssim\}public,faculty,africana\\-faculty,registered})
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=read_access_group_ssim\}public,faculty,africana\\-faculty,registered})
       end
 
-      it "Then I should see assets that I have discover or read access to" do
+      it "searches for my user key" do
         ["discover","read"].each do |type|
           expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{user.user_key}/)
         end
       end
-
-      it "Then I should see assets that my groups have discover or read access to" do
-        ["faculty", "africana-faculty"].each do |group_id|
-          ["discover","read"].each do |type|
-            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:#{group_id}/)
-          end
-        end
-      end
     end
   end
 
@@ -99,44 +89,35 @@ describe Blacklight::AccessControls::Enforcement do
 
     before do
       @solr_parameters = {}
+      subject.send(:apply_gated_discovery, @solr_parameters)
     end
 
     it "sets query fields for the user id checking against the discover, read fields" do
-      subject.send(:apply_gated_discovery, @solr_parameters)
       ["discover","read"].each do |type|
         expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{user.user_key}/)
       end
     end
 
-    it "sets query fields for all roles the user is a member of checking against the discover, read fields" do
-      subject.send(:apply_gated_discovery, @solr_parameters)
-      ["discover","read"].each do |type|
-        expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:archivist/)
-        expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:researcher/)
-      end
+    it "queries roles the user is a member of checking against the discover, read fields" do
+      expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=discover_access_group_ssim\}public,archivist,researcher,registered})
+      expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=read_access_group_ssim\}public,archivist,researcher,registered})
     end
 
     context 'slashes in the group names' do
       let(:groups) { ["abc/123","cde/567"] }
 
       it "should escape slashes" do
-        subject.send(:apply_gated_discovery, @solr_parameters)
-        ["discover","read"].each do |type|
-          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\\/123/)
-            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\\/567/)
-        end
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=discover_access_group_ssim\}public,abc\\/123,cde\\/567,registered})
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=read_access_group_ssim\}public,abc\\/123,cde\\/567,registered})
       end
     end
 
     context 'spaces in the group names' do
       let(:groups) { ["abc 123","cd/e 567"] }
 
-      it "should escape spaces" do
-        subject.send(:apply_gated_discovery, @solr_parameters)
-        ["discover","read"].each do |type|
-          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\ 123/)
-            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cd\\\/e\\ 567/)
-        end
+      it "escapes spaces in group names" do
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=discover_access_group_ssim\}public,abc\\ 123,cd\\/e\\ 567,registered})
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=read_access_group_ssim\}public,abc\\ 123,cd\\/e\\ 567,registered})
       end
     end
 
@@ -144,11 +125,8 @@ describe Blacklight::AccessControls::Enforcement do
       let(:groups) { ["abc:123","cde:567"] }
 
       it "should escape colons" do
-        subject.send(:apply_gated_discovery, @solr_parameters)
-        ["discover","read"].each do |type|
-          expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\:123/)
-            expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\:567/)
-        end
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=discover_access_group_ssim\}public,abc\\:123,cde\\:567,registered})
+        expect(@solr_parameters[:fq].first).to match(%r{\{!terms f=read_access_group_ssim\}public,abc\\:123,cde\\:567,registered})
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: blacklight-access_controls
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Chris Beer