curation_concerns 2.0.0.rc1 → 2.0.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e81b2b7327614964ca1080ca909509a8507c50da
-  data.tar.gz: fabb27df90a8acf516119dce697de849f7c9844c
+  metadata.gz: 29d4c68c5f93e50404f6ea9c1aa9a837db39e4f8
+  data.tar.gz: 08c65bfb19049a3c02d02cf25d01fc9714fcda90
 SHA512:
-  metadata.gz: 9ef801991780a893dc44f81f87ca732b2760822db90fef34329b51ea1970e591debb298f59ec8b9af811e9b9ba851656e4bd8313b77f15e2ae93057c8a3c5bd2
-  data.tar.gz: db8aa95e273ca9bff4ddce19a82f36c36142359f426d0876c6c96e9aa098d25b571b3f3f12d42e1c5a3d959b18da66488342ace5c9ab84822b0c21f8f7f82535
+  metadata.gz: dcf7ccd7a0e3ab73aca23c0215d7fd97905d24c9008929094314b8fad1b3facd22d88cefbf7d11856c3c9f91c59314f7c1081e078720df868dee47580e2994cb
+  data.tar.gz: 66f20ea8d9ac70ef5dea6afbc8a4730658d46b9b47db562b047f012a9bfb0bd80752e232cc11f1730316b91924cd322901bfcde9dd1488d52d8b0928a06f12fa

data/.rubocop.yml

@@ -40,7 +40,6 @@ Metrics/ClassLength:
   Exclude:
     - lib/curation_concerns/configuration.rb
     - 'lib/generators/curation_concerns/templates/catalog_controller.rb'
-    - 'app/actors/curation_concerns/file_set_actor.rb'
 
 Metrics/ModuleLength:
   Exclude:
@@ -119,12 +118,6 @@ Style/GlobalVars:
 Style/SingleLineBlockParams:
   Enabled: false
 
-Style/ClassVars:
-  Exclude:
-    - 'lib/curation_concerns/models.rb'
-    - 'lib/curation_concerns/models/engine.rb'
-    - 'app/models/concerns/curation_concerns/file_set/versions.rb'
-
 Style/SignalException:
   Enabled: false
 
@@ -163,13 +156,8 @@ RSpec/NotToNot:
 RSpec/DescribeClass:
   Exclude:
     - 'spec/javascripts/jasmine_spec.rb'
-    - 'spec/tasks/rake_spec.rb'
     - 'spec/abilities/**/*'
     - 'spec/views/**/*'
     - 'spec/routing/**/*'
     - 'spec/inputs/**/*'
     - 'spec/conversions/**/*'
-
-RSpec/DescribedClass:
-  Exclude:
-    - 'spec/actors/curation_concerns/manages_embargoes_actor_spec.rb'

data/.travis.yml

@@ -1,8 +1,12 @@
 language: ruby
 cache: bundler
 sudo: false
+
 rvm:
   - 2.3.1
+
+services: redis
+
 env:
   global:
   - NOKOGIRI_USE_SYSTEM_LIBRARIES=true
@@ -10,6 +14,7 @@ env:
     - RAILS_VERSION=4.2.7.1
       RDF_VERSION=1.99.1
     - RAILS_VERSION=5.0.0.1
-      RDF_VERSION=2.1.0
+      RDF_VERSION=2.1.1
+
 before_script:
   - jdk_switcher use oraclejdk8

data/CONTRIBUTING.md

@@ -3,6 +3,13 @@
 We want your help to make Project Hydra great.
 There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
 
+## Code of Conduct
+
+The Hydra community is dedicated to providing a welcoming and positive experience for all its
+members, whether they are at a formal gathering, in a social setting, or taking part in activities
+online.  Please see our [Code of Conduct](https://wiki.duraspace.org/display/hydra/Code+of+Conduct)
+for more information.
+
 ## Hydra Project Intellectual Property Licensing and Ownership
 
 All code contributors must have an Individual Contributor License Agreement (iCLA) on file with the Hydra Project Steering Group.
@@ -10,12 +17,16 @@ If the contributor works for an institution, the institution must have a Corpora
 
 https://wiki.duraspace.org/display/hydra/Hydra+Project+Intellectual+Property+Licensing+and+Ownership
 
+You should also add yourself to the `CONTRIBUTORS.md` file in the root of the project.
+
 ## Contribution Tasks
 
 * Reporting Issues
 * Making Changes
+* Documenting Code
+* Committing Changes
 * Submitting Changes
-* Merging Changes
+* Reviewing and Merging Changes
 
 ### Reporting Issues
 
@@ -36,8 +47,28 @@ https://wiki.duraspace.org/display/hydra/Hydra+Project+Intellectual+Property+Lic
   * Then checkout the new branch with `git checkout fix/master/my_contribution`.
   * Please avoid working directly on the `master` branch.
   * You may find the [hub suite of commands](https://github.com/defunkt/hub) helpful
+* Make sure you have added sufficient tests and documentation for your changes.
+  * Test functionality with RSpec; est features / UI with Capybara.
+* Run _all_ the tests to assure nothing else was accidentally broken.
+
+### Documenting Code
+
+* All new public methods, modules, and classes should include inline documentation in [YARD](http://yardoc.org/).
+  * Documentation should seek to answer the question "why does this code exist?"
+* Document private / protected methods as desired.
+* If you are working in a file with no prior documentation, do try to document as you gain understanding of the code.
+  * If you don't know exactly what a bit of code does, it is extra likely that it needs to be documented. Take a stab at it and ask for feedback in your pull request. You can use the 'blame' button on GitHub to identify the original developer of the code and @mention them in your comment.
+  * This work greatly increases the usability of the code base and supports the on-ramping of new committers.
+  * We will all be understanding of one another's time constraints in this area.
+* YARD examples:
+  * [Hydra::Works::RemoveGenericFile](https://github.com/projecthydra-labs/hydra-works/blob/master/lib/hydra/works/services/generic_work/remove_generic_file.rb)
+  * [ActiveTriples::LocalName::Minter](https://github.com/ActiveTriples/active_triples-local_name/blob/master/lib/active_triples/local_name/minter.rb)
+* [Getting started with YARD](http://www.rubydoc.info/gems/yard/file/docs/GettingStarted.md)
+
+### Committing changes
+
 * Make commits of logical units.
-  * Your commit should include a high level description of your work in HISTORY.textile 
+  * Your commit should include a high level description of your work in HISTORY.textile
 * Check for unnecessary whitespace with `git diff --check` before committing.
 * Make sure your commit messages are [well formed](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
 * If you created an issue, you can close it by including "Closes #issue" in your commit message. See [Github's blog post for more details](https://github.com/blog/1386-closing-issues-via-commit-messages)
@@ -58,7 +89,9 @@ https://wiki.duraspace.org/display/hydra/Hydra+Project+Intellectual+Property+Lic
 
         class PostsController
           def index
-            respond_with Post.limit(10)
+            respond_to do |wants|
+              wants.html { render 'index' }
+            end
           end
         end
 
@@ -70,38 +103,53 @@ https://wiki.duraspace.org/display/hydra/Hydra+Project+Intellectual+Property+Lic
       long to fit in 72 characters
 ```
 
-* Make sure you have added the necessary tests for your changes.
-* Run _all_ the tests to assure nothing else was accidentally broken.
-* When you are ready to submit a pull request
-
 ### Submitting Changes
 
-[Detailed Walkthrough of One Pull Request per Commit](http://ndlib.github.io/practices/one-commit-per-pull-request/)
-
 * Read the article ["Using Pull Requests"](https://help.github.com/articles/using-pull-requests) on GitHub.
 * Make sure your branch is up to date with its parent branch (i.e. master)
   * `git checkout master`
   * `git pull --rebase`
   * `git checkout <your-branch>`
   * `git rebase master`
-  * It is likely a good idea to run your tests again.
-* Squash the commits for your branch into one commit
-  * `git rebase --interactive HEAD~<number-of-commits>` ([See Github help](https://help.github.com/articles/interactive-rebase))
-  * To determine the number of commits on your branch: `git log master..<your-branch> --oneline | wc -l`
+  * It is a good idea to run your tests again.
+* If you've made more than one commit take a moment to consider whether squashing commits together would help improve their logical grouping.
+  * [Detailed Walkthrough of One Pull Request per Commit](http://ndlib.github.io/practices/one-commit-per-pull-request/)
+  * `git rebase --interactive master` ([See Github help](https://help.github.com/articles/interactive-rebase))
   * Squashing your branch's changes into one commit is "good form" and helps the person merging your request to see everything that is going on.
 * Push your changes to a topic branch in your fork of the repository.
 * Submit a pull request from your fork to the project.
 
-### Merging Changes
+### Reviewing and Merging Changes
+
+We adopted [Github's Pull Request Review](https://help.github.com/articles/about-pull-request-reviews/) for our repositories.
+Common checks that may occur in our repositories:
+
+1. Travis CI - where our automated tests are running
+2. Hound CI - where we check for style violations
+3. Approval Required - Github enforces at least one person approve a pull request. Also, all reviewers that have chimed in must approve.
+4. CodeClimate - is our code remaining healthy (at least according to static code analysis)
+
+If one or more of the required checks failed (or are incomplete), the code should not be merged (and the UI will not allow it). If all of the checks have passed, then anyone on the project (including the pull request submitter) may merge the code.
+
+*Example: Carolyn submits a pull request, Justin reviews the pull request and approves. However, Justin is still waiting on other checks (Travis CI is usually the culprit), so he does not merge the pull request. Eventually, all of the checks pass. At this point, Carolyn or anyone else may merge the pull request.*
+
+#### Things to Consider When Reviewing
+
+First, the person contributing the code is putting themselves out there. Be mindful of what you say in a review.
+
+* Ask clarifying questions
+* State your understanding and expectations
+* Provide example code or alternate solutions, and explain why
+
+This is your chance for a mentoring moment of another developer. Take time to give an honest and thorough review of what has changed. Things to consider:
 
-* It is considered "poor from" to merge your own request.
-* Please take the time to review the changes and get a sense of what is being changed. Things to consider:
   * Does the commit message explain what is going on?
-  * Does the code changes have tests? _Not all changes need new tests, some changes are refactorings_
+  * Does the code changes have tests? _Not all changes need new tests, some changes are refactors_
+  * Do new or changed methods, modules, and classes have documentation?
   * Does the commit contain more than it should? Are two separate concerns being addressed in one commit?
-  * Did the Travis tests complete successfully?
-* If you are uncertain, bring other contributors into the conversation by creating a comment that includes their @username.
-* If you like the pull request, but want others to chime in, create a +1 comment and tag a user.
+  * Does the description of the new/changed specs match your understanding of what the spec is doing?
+
+If you are uncertain, bring other contributors into the conversation by assigning them as a reviewer.
 
 # Additional Resources
 

data/app/actors/curation_concerns/actors/add_as_member_of_collections_actor.rb

@@ -16,7 +16,10 @@ module CurationConcerns
         # Maps from collection ids to collection objects
         def add_to_collections(collection_ids)
           return true unless collection_ids
+          # grab/save collections this user has no edit access to
+          other_collections = curation_concern.member_of_collections.select { |coll| !coll.edit_users.include?(user.user_key) }
           curation_concern.member_of_collections = collection_ids.map { |id| ::Collection.find(id) }
+          curation_concern.member_of_collections.concat other_collections
         end
     end
   end

data/app/actors/curation_concerns/actors/add_to_work_actor.rb

@@ -13,6 +13,14 @@ module CurationConcerns
 
       private
 
+        def ability
+          ::Ability.new(user)
+        end
+
+        def can_edit_both_works?(work)
+          ability.can?(:edit, work) && ability.can?(:edit, curation_concern)
+        end
+
         def add_to_works(new_work_ids)
           return true if new_work_ids.nil?
           (curation_concern.in_works_ids - new_work_ids).each do |old_id|
@@ -22,13 +30,17 @@ module CurationConcerns
             work.save
           end
 
-          # add to new
+          # add to new so long as the depositor for the parent and child matches, otherwise inject an error
           (new_work_ids - curation_concern.in_works_ids).each do |work_id|
             work = ::ActiveFedora::Base.find(work_id)
-            work.ordered_members << curation_concern
-            work.save
+            if can_edit_both_works?(work)
+              work.ordered_members << curation_concern
+              work.save
+            else
+              curation_concern.errors[:in_works_ids] << "Works can only be related to each other if user has ability to edit both."
+            end
           end
-          true
+          curation_concern.errors[:in_works_ids].empty?
         end
     end
   end

data/app/actors/curation_concerns/actors/apply_order_actor.rb

@@ -3,12 +3,19 @@ module CurationConcerns
     class ApplyOrderActor < AbstractActor
       def update(attributes)
         ordered_member_ids = attributes.delete(:ordered_member_ids)
-        sync_members(ordered_member_ids)
-        apply_order(ordered_member_ids) && next_actor.update(attributes)
+        sync_members(ordered_member_ids) && apply_order(ordered_member_ids) && next_actor.update(attributes)
       end
 
       private
 
+        def ability
+          ::Ability.new(user)
+        end
+
+        def can_edit_both_works?(work)
+          ability.can?(:edit, work) && ability.can?(:edit, curation_concern)
+        end
+
         def sync_members(ordered_member_ids)
           return true if ordered_member_ids.nil?
           existing_members_ids = curation_concern.ordered_member_ids
@@ -20,10 +27,14 @@ module CurationConcerns
 
           (ordered_member_ids - existing_members_ids).each do |work_id|
             work = ::ActiveFedora::Base.find(work_id)
-            curation_concern.ordered_members << work
+            if can_edit_both_works?(work)
+              curation_concern.ordered_members << work
+              curation_concern.save
+            else
+              curation_concern.errors[:ordered_member_ids] << "Works can only be related to each other if user has ability to edit both."
+            end
           end
-          curation_concern.save
-          true
+          curation_concern.errors[:ordered_member_ids].empty?
         end
 
         def apply_order(new_order)

data/app/actors/curation_concerns/optimistic_lock_validator.rb

@@ -0,0 +1,28 @@
+module CurationConcerns
+  # Validates that the submitted version is the most recent version in the datastore.
+  # Caveat: we are not detecting if the version is changed by a different process between
+  # the time this validator is run and when the object is saved
+  class OptimisticLockValidator < Actors::AbstractActor
+    class_attribute :version_field
+    self.version_field = 'version'
+
+    def update(attributes)
+      validate_lock(version_attribute(attributes)) && next_actor.update(attributes)
+    end
+
+    private
+
+      # @return [Boolean] returns true if the lock is missing or
+      #                   if it matches the current object version.
+      def validate_lock(version)
+        return true if version.blank? || version == curation_concern.etag
+        curation_concern.errors.add(:base, :conflict)
+        false
+      end
+
+      # Removes the version attribute
+      def version_attribute(attributes)
+        attributes.delete(version_field)
+      end
+  end
+end

data/app/assets/javascripts/curation_concerns/file_manager/sorting.es6

@@ -15,18 +15,14 @@ export default class SortManager {
   }
 
   persist() {
-    let params = {}
-    params[this.singular_class_name] = {
-      "ordered_member_ids": this.order
-    }
-    params["_method"] = "PATCH"
     this.element.addClass("pending")
     this.element.removeClass("success")
     this.element.removeClass("failure")
     let persisting = $.post(
       `/concern/${this.class_name}/${this.id}.json`,
-      params
-    ).done(() => {
+      this.params()
+    ).done((response) => {
+      this.element.data('version', response.version)
       this.element.data("current-order", this.order)
       this.element.addClass("success")
       this.element.removeClass("failure")
@@ -39,6 +35,16 @@ export default class SortManager {
     return persisting
   }
 
+  params() {
+    let params = {}
+    params[this.singular_class_name] = {
+      "version": this.version,
+      "ordered_member_ids": this.order
+    }
+    params["_method"] = "PATCH"
+    return params
+  }
+
   get_sort_position(item) {
     return this.element.children().index(item)
   }
@@ -88,6 +94,10 @@ export default class SortManager {
     ).toArray()
   }
 
+  get version() {
+    return this.element.data('version')
+  }
+
   get alpha_sort_button() {
     return $("*[data-action='alpha-sort-action']")
   }

data/app/controllers/concerns/curation_concerns/curation_concern_controller.rb

@@ -22,6 +22,11 @@ module CurationConcerns
     module ClassMethods
       def curation_concern_type=(curation_concern_type)
         load_and_authorize_resource class: curation_concern_type, instance_name: :curation_concern, except: [:show, :file_manager, :inspect_work]
+
+        # Load the fedora resource to get the etag.
+        # No need to authorize for the file manager, because it does authorization via the presenter.
+        load_resource class: curation_concern_type, instance_name: :curation_concern, only: :file_manager
+
         self._curation_concern_type = curation_concern_type
       end
 
@@ -104,7 +109,7 @@ module CurationConcerns
     end
 
     def file_manager
-      presenter
+      @form = Forms::FileManagerForm.new(curation_concern, current_ability)
     end
 
     def inspect_work
@@ -218,6 +223,7 @@ module CurationConcerns
         message = I18n.t("curation_concerns.workflow.unauthorized")
         respond_to do |wants|
           wants.html do
+            unavailable_presenter
             flash[:notice] = message
             render 'unavailable', status: :unauthorized
           end
@@ -236,5 +242,9 @@ module CurationConcerns
           end
         end
       end
+
+      def unavailable_presenter
+        @presenter ||= show_presenter.new(::SolrDocument.find(params[:id]), current_ability, request)
+      end
   end
 end

data/app/controllers/concerns/curation_concerns/download_behavior.rb

@@ -40,6 +40,12 @@ module CurationConcerns
       # that files are in a LDP basic container, and thus, included in the asset's uri.
       def authorize_download!
         authorize! :read, params[asset_param_key]
+      rescue CanCan::AccessDenied
+        redirect_to default_image
+      end
+
+      def default_image
+        ActionController::Base.helpers.image_path 'default.png'
       end
 
       # Overrides Hydra::Controller::DownloadBehavior#load_file, which is hard-coded to assume files are in BasicContainer.

data/app/forms/curation_concerns/forms/file_manager_form.rb

@@ -0,0 +1,27 @@
+module CurationConcerns
+  module Forms
+    class FileManagerForm
+      include HydraEditor::Form
+      self.terms = []
+      delegate :id, :thumbnail_id, :representative_id, :to_s, to: :model
+      attr_reader :current_ability, :request
+      def initialize(work, ability)
+        super(work)
+        @current_ability = ability
+        @request = nil
+      end
+
+      def version
+        model.etag
+      end
+
+      delegate :member_presenters, to: :member_presenter_factory
+
+      private
+
+        def member_presenter_factory
+          MemberPresenterFactory.new(model, current_ability)
+        end
+    end
+  end
+end