RubyGems - ddr-core - Versions diffs - 0.2.1 - Mend

ddr-core 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

checksums.yaml +7 -0
data/LICENSE.txt +12 -0
data/README.md +27 -0
data/Rakefile +30 -0
data/app/assets/config/ddr_core_manifest.js +0 -0
data/app/controllers/users/omniauth_callbacks_controller.rb +11 -0
data/app/controllers/users/sessions_controller.rb +15 -0
data/app/models/concerns/ddr/captionable.rb +25 -0
data/app/models/concerns/ddr/describable.rb +108 -0
data/app/models/concerns/ddr/governable.rb +25 -0
data/app/models/concerns/ddr/has_admin_metadata.rb +141 -0
data/app/models/concerns/ddr/has_attachments.rb +10 -0
data/app/models/concerns/ddr/has_children.rb +10 -0
data/app/models/concerns/ddr/has_content.rb +132 -0
data/app/models/concerns/ddr/has_extracted_text.rb +10 -0
data/app/models/concerns/ddr/has_intermediate_file.rb +25 -0
data/app/models/concerns/ddr/has_multires_image.rb +14 -0
data/app/models/concerns/ddr/has_parent.rb +18 -0
data/app/models/concerns/ddr/has_struct_metadata.rb +21 -0
data/app/models/concerns/ddr/has_thumbnail.rb +33 -0
data/app/models/concerns/ddr/solr_document_behavior.rb +429 -0
data/app/models/concerns/ddr/streamable.rb +25 -0
data/app/models/ddr/admin_set.rb +28 -0
data/app/models/ddr/attachment.rb +14 -0
data/app/models/ddr/collection.rb +28 -0
data/app/models/ddr/component.rb +31 -0
data/app/models/ddr/contact.rb +23 -0
data/app/models/ddr/digest.rb +8 -0
data/app/models/ddr/file.rb +40 -0
data/app/models/ddr/item.rb +36 -0
data/app/models/ddr/language.rb +31 -0
data/app/models/ddr/media_type.rb +22 -0
data/app/models/ddr/resource.rb +94 -0
data/app/models/ddr/rights_statement.rb +25 -0
data/app/models/ddr/target.rb +17 -0
data/config/initializers/devise.rb +262 -0
data/config/locales/ddr-core.en.yml +85 -0
data/config/routes.rb +3 -0
data/db/migrate/20141104181418_create_users.rb +34 -0
data/db/migrate/20141107124012_add_columns_to_user.rb +46 -0
data/lib/ddr-core.rb +1 -0
data/lib/ddr/auth.rb +80 -0
data/lib/ddr/auth/ability.rb +18 -0
data/lib/ddr/auth/ability_definitions.rb +26 -0
data/lib/ddr/auth/ability_definitions/admin_set_ability_definitions.rb +9 -0
data/lib/ddr/auth/ability_definitions/alias_ability_definitions.rb +23 -0
data/lib/ddr/auth/ability_definitions/attachment_ability_definitions.rb +13 -0
data/lib/ddr/auth/ability_definitions/collection_ability_definitions.rb +28 -0
data/lib/ddr/auth/ability_definitions/component_ability_definitions.rb +13 -0
data/lib/ddr/auth/ability_definitions/item_ability_definitions.rb +13 -0
data/lib/ddr/auth/ability_definitions/lock_ability_definitions.rb +13 -0
data/lib/ddr/auth/ability_definitions/publication_ability_definitions.rb +16 -0
data/lib/ddr/auth/ability_definitions/role_based_ability_definitions.rb +39 -0
data/lib/ddr/auth/ability_definitions/superuser_ability_definitions.rb +9 -0
data/lib/ddr/auth/ability_factory.rb +10 -0
data/lib/ddr/auth/abstract_ability.rb +48 -0
data/lib/ddr/auth/affiliation.rb +14 -0
data/lib/ddr/auth/affiliation_groups.rb +20 -0
data/lib/ddr/auth/anonymous_ability.rb +7 -0
data/lib/ddr/auth/auth_context.rb +109 -0
data/lib/ddr/auth/auth_context_factory.rb +13 -0
data/lib/ddr/auth/detached_auth_context.rb +19 -0
data/lib/ddr/auth/dynamic_groups.rb +13 -0
data/lib/ddr/auth/effective_permissions.rb +12 -0
data/lib/ddr/auth/effective_roles.rb +9 -0
data/lib/ddr/auth/failure_app.rb +16 -0
data/lib/ddr/auth/group.rb +40 -0
data/lib/ddr/auth/grouper_gateway.rb +70 -0
data/lib/ddr/auth/groups.rb +32 -0
data/lib/ddr/auth/ldap_gateway.rb +74 -0
data/lib/ddr/auth/permissions.rb +18 -0
data/lib/ddr/auth/remote_groups.rb +14 -0
data/lib/ddr/auth/role_based_access_controls_enforcement.rb +56 -0
data/lib/ddr/auth/roles.rb +28 -0
data/lib/ddr/auth/roles/role.rb +121 -0
data/lib/ddr/auth/roles/role_type.rb +23 -0
data/lib/ddr/auth/roles/role_types.rb +52 -0
data/lib/ddr/auth/superuser_ability.rb +7 -0
data/lib/ddr/auth/test_helpers.rb +22 -0
data/lib/ddr/auth/user.rb +54 -0
data/lib/ddr/auth/web_auth_context.rb +29 -0
data/lib/ddr/core.rb +110 -0
data/lib/ddr/core/engine.rb +8 -0
data/lib/ddr/core/version.rb +5 -0
data/lib/ddr/error.rb +16 -0
data/lib/ddr/files.rb +13 -0
data/lib/ddr/fits.rb +189 -0
data/lib/ddr/index.rb +29 -0
data/lib/ddr/index/abstract_query_result.rb +22 -0
data/lib/ddr/index/connection.rb +38 -0
data/lib/ddr/index/csv_query_result.rb +84 -0
data/lib/ddr/index/document_builder.rb +9 -0
data/lib/ddr/index/field.rb +35 -0
data/lib/ddr/index/field_attribute.rb +22 -0
data/lib/ddr/index/fields.rb +154 -0
data/lib/ddr/index/filter.rb +139 -0
data/lib/ddr/index/query.rb +82 -0
data/lib/ddr/index/query_builder.rb +185 -0
data/lib/ddr/index/query_clause.rb +112 -0
data/lib/ddr/index/query_params.rb +40 -0
data/lib/ddr/index/query_result.rb +102 -0
data/lib/ddr/index/response.rb +30 -0
data/lib/ddr/index/sort_order.rb +28 -0
data/lib/ddr/index/unique_key_field.rb +12 -0
data/lib/ddr/managers.rb +9 -0
data/lib/ddr/managers/manager.rb +13 -0
data/lib/ddr/managers/technical_metadata_manager.rb +141 -0
data/lib/ddr/structure.rb +188 -0
data/lib/ddr/structures/agent.rb +49 -0
data/lib/ddr/structures/component_type_term.rb +29 -0
data/lib/ddr/structures/div.rb +64 -0
data/lib/ddr/structures/f_locat.rb +54 -0
data/lib/ddr/structures/file.rb +52 -0
data/lib/ddr/structures/file_grp.rb +35 -0
data/lib/ddr/structures/file_sec.rb +22 -0
data/lib/ddr/structures/fptr.rb +31 -0
data/lib/ddr/structures/mets_hdr.rb +37 -0
data/lib/ddr/structures/mptr.rb +49 -0
data/lib/ddr/structures/struct_map.rb +40 -0
data/lib/ddr/utils.rb +185 -0
data/lib/ddr/vocab.rb +22 -0
data/lib/ddr/vocab/asset.rb +51 -0
data/lib/ddr/vocab/contact.rb +9 -0
data/lib/ddr/vocab/display.rb +9 -0
data/lib/ddr/vocab/duke_terms.rb +13 -0
data/lib/ddr/vocab/rdf_vocabulary_parser.rb +43 -0
data/lib/ddr/vocab/roles.rb +25 -0
data/lib/ddr/vocab/sources/duketerms.rdf +870 -0
data/lib/ddr/vocab/vocabulary.rb +37 -0
data/lib/ddr/workflow.rb +8 -0
data/lib/tasks/ddr/core_tasks.rake +4 -0
metadata +428 -0

data/lib/ddr/auth/ldap_gateway.rb ADDED

@@ -0,0 +1,74 @@
+require "net-ldap"
+module Ddr::Auth
+  class LdapGateway
+    SCOPE = Net::LDAP::SearchScope_SingleLevel
+    class_attribute :attributes
+    self.attributes = [ "edupersonaffiliation", "ismemberof" ]
+    attr_reader :ldap
+    def self.find(user_key)
+      new.find(user_key)
+    end
+    def initialize
+      @ldap = Net::LDAP.new(config)
+    end
+    def find(user_key)
+      result_set = ldap.search find_params(user_key)
+      if result_set
+        Result.new result_set.first
+      else
+        raise ldap.get_operation_result.message
+      end
+    end
+    class Result
+      attr_reader :result
+      def initialize(result)
+        @result = result
+      end
+      def affiliation
+        result ? result[:edupersonaffiliation] : []
+      end
+      def ismemberof
+        result ? result[:ismemberof] : []
+      end
+    end
+    private
+    def find_params(user_key)
+      { scope: SCOPE,
+        filter: filter(user_key),
+        size: 1,
+        attributes: attributes
+      }
+    end
+    def filter(user_key)
+      Net::LDAP::Filter.eq("eduPersonPrincipalName", user_key)
+    end
+    def config
+      { host: ENV["LDAP_HOST"],
+        port: ENV["LDAP_PORT"],
+        base: ENV["LDAP_BASE"],
+        auth:
+          { method: :simple,
+            username: ENV["LDAP_USER"],
+            password: ENV["LDAP_PASSWORD"]
+          },
+        encryption: { method: :simple_tls }
+      }
+    end
+  end
+end

data/lib/ddr/auth/permissions.rb ADDED

@@ -0,0 +1,18 @@
+module Ddr::Auth
+  class Permissions
+    READ         = :read
+    DOWNLOAD     = :download
+    ADD_CHILDREN = :add_children
+    UPDATE       = :update
+    REPLACE      = :replace
+    ARRANGE      = :arrange
+    PUBLISH      = :publish
+    UNPUBLISH    = :unpublish
+    AUDIT        = :audit
+    GRANT        = :grant
+    ALL = [ READ, DOWNLOAD, ADD_CHILDREN, UPDATE, REPLACE, ARRANGE, PUBLISH, UNPUBLISH, AUDIT, GRANT ]
+  end
+end

data/lib/ddr/auth/remote_groups.rb ADDED

@@ -0,0 +1,14 @@
+module Ddr::Auth
+  class RemoteGroups
+    # @param auth_context [AuthContext]
+    # @return [Array<Group>]
+    def self.call(auth_context)
+      auth_context.ismemberof.map do |id|
+        Group.new id.sub(/\Aurn:mace:duke\.edu:groups/, "duke")
+      end
+    end
+  end
+end

data/lib/ddr/auth/role_based_access_controls_enforcement.rb ADDED

@@ -0,0 +1,56 @@
+module Ddr
+  module Auth
+    #
+    # Hydra controller mixin for role-based access control
+    #
+    # Overrides Hydra::AccessControlsEnforcement#gated_discovery_filters
+    # to apply role filters instead of permissions filters.
+    #
+    module RoleBasedAccessControlsEnforcement
+      def self.included(controller)
+        controller.delegate :authorized_to_act_as_superuser?, to: :current_ability
+        controller.helper_method :authorized_to_act_as_superuser?
+      end
+      def current_ability
+        @current_ability ||= AbilityFactory.call(current_user, request.env)
+      end
+      # List of URIs for policies on which any of the current user's agent has a role in policy scope
+      def policy_role_policies
+        @policy_role_policies ||= Array.new.tap do |uris|
+          filters = current_ability.agents.map do |agent|
+            "#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\""
+          end.join(" OR ")
+          query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})"
+          results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::INTERNAL_URI)
+          results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::INTERNAL_URI] }
+        end
+      end
+      def policy_role_filters
+        if policy_role_policies.present?
+          rels = policy_role_policies.map { |pid| [:is_governed_by, pid] }
+          ActiveFedora::SolrService.construct_query_for_rel(rels, "OR")
+        end
+      end
+      def resource_role_filters
+        current_ability.agents.map do |agent|
+          ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent)
+        end.join(" OR ")
+      end
+      def gated_discovery_filters
+        [resource_role_filters, policy_role_filters].compact
+      end
+      # Overrides Hydra::AccessControlsEnforcement
+      def enforce_show_permissions
+        authorize! :read, params[:id]
+      end
+    end
+  end
+end

data/lib/ddr/auth/roles.rb ADDED

@@ -0,0 +1,28 @@
+module Ddr::Auth
+  module Roles
+    extend ActiveSupport::Autoload
+    autoload :Role
+    autoload :RoleType
+    autoload :RoleTypes
+    include RoleTypes
+    RESOURCE_SCOPE = "resource".freeze
+    POLICY_SCOPE = "policy".freeze
+    SCOPES = [RESOURCE_SCOPE, POLICY_SCOPE].freeze
+    class << self
+      def type_map
+        @type_map ||= role_types.map { |role_type| [role_type.to_s, role_type] }.to_h
+      end
+      def role_types
+        @role_types ||= RoleTypes.constants(false).map { |const| RoleTypes.const_get(const) }
+      end
+    end
+  end
+end

data/lib/ddr/auth/roles/role.rb ADDED

@@ -0,0 +1,121 @@
+module Ddr
+  module Auth
+    module Roles
+      #
+      # The assignment of a role to an agent within a scope.
+      #
+      class Role < Valkyrie::Resource
+        DEFAULT_SCOPE = Roles::RESOURCE_SCOPE
+        ValidScope = Valkyrie::Types::Strict::String.enum(*(Roles::SCOPES))
+        ValidRoleType = Valkyrie::Types::Strict::String.enum(*(Roles::role_types.map(&:title)))
+        attribute :agent, Valkyrie::Types::Strict::String.constrained(min_size: 1)
+        attribute :role_type, ValidRoleType
+        attribute :scope, ValidScope
+        class << self
+          # Build a Role instance from hash attributes
+          # @param args [Hash] the attributes
+          # @return [Role] the role
+          # @example
+          #   Role.build type: "Curator", agent: "bob", scope: "resource"
+          def build(args={})
+            new.tap do |role|
+              args[:role_type] ||= args.delete(:type)
+              args[:agent] ||= nil # Triggers a constraint error
+              args[:agent] = args[:agent].to_s # Coerce Ddr::Auth:Group to string
+              args.each do |attr, val|
+                role.set_value(attr, val)
+              end
+              role.scope ||= DEFAULT_SCOPE
+            end
+          end
+          ###############
+          # FIXME or remove serialization/deserialization
+          ###############
+          #
+          # # Deserialize a Role from JSON
+          # # @param json [String] the JSON string
+          # # @return [Role] the role
+          # def from_json(json)
+          #   build JSON.parse(json)
+          # end
+          # alias_method :deserialize, :from_json
+          private
+          #
+          # DELETEME
+          #
+          # def build_attributes(args={})
+          #   # symbolize keys and stringify values
+          #   attrs = args.each_with_object({}) do |(k, v), memo|
+          #     memo[k.to_sym] = Array(v).first.to_s
+          #   end
+          #   # set default scope if necessary
+          #   attrs[:scope] ||= DEFAULT_SCOPE
+          #   # accept :type key for role_type attribute
+          #   if attrs.key?(:type)
+          #     attrs[:role_type] = attrs.delete(:type)
+          #   end
+          #   attrs
+          # end
+        end # class << self
+        # Roles are considered equal (==) if they
+        # are of the same type and have the same agent and scope.
+        # @param other [Object] the object of comparison
+        # @return [Boolean] the result
+        def ==(other)
+          self.class == other.class &&
+            role_type == other.role_type &&
+            scope == other.scope &&
+            agent == other.agent
+        end
+        alias_method :eql?, :==
+        def in_resource_scope?
+          scope == Roles::RESOURCE_SCOPE
+        end
+        def in_policy_scope?
+          scope == Roles::POLICY_SCOPE
+        end
+        def inspect
+          "#<#{self.class.name} role_type=#{role_type.inspect}, " \
+          "agent=#{agent.inspect}, scope=#{scope.inspect}>"
+        end
+        # TODO refactor up?
+        def proper_attributes
+          attributes.slice(self.class.fields - self.class.reserved_attributes)
+        end
+        ###############
+        # FIXME or remove serialization/deserialization
+        ###############
+        #
+        # delegate :to_json, to: :proper_attributes
+        #
+        # alias_method :serialize, :to_json
+        # Returns the permissions associated with the role
+        # @return [Array<Symbol>] the permissions
+        def permissions
+          Roles.type_map[role_type].permissions
+        end
+      end
+    end
+  end
+end

data/lib/ddr/auth/roles/role_type.rb ADDED

@@ -0,0 +1,23 @@
+module Ddr
+  module Auth
+    module Roles
+      class RoleType
+        attr_reader :title, :description, :permissions
+        alias_method :label, :title
+        def initialize(title, description, permissions)
+          @title = title.freeze
+          @description = description.freeze
+          @permissions = permissions.freeze
+          freeze
+        end
+        def to_s
+          title
+        end
+      end
+    end
+  end
+end

data/lib/ddr/auth/roles/role_types.rb ADDED

@@ -0,0 +1,52 @@
+module Ddr
+  module Auth
+    module Roles
+      module RoleTypes
+        CURATOR = RoleType.new(
+          "Curator",
+          "The Curator role conveys responsibility for curating a resource " \
+          "and delegating responsibilities to other agents.",
+          Permissions::ALL
+        )
+        EDITOR = RoleType.new(
+          "Editor",
+          "The Editor role conveys reponsibility for managing the content, " \
+          "description and structural arrangement of a resource.",
+          [ Permissions::READ, Permissions::DOWNLOAD, Permissions::ADD_CHILDREN,
+            Permissions::UPDATE, Permissions::REPLACE, Permissions::ARRANGE ]
+        )
+        METADATA_EDITOR = RoleType.new(
+          "MetadataEditor",
+          "The Metadata Editor role conveys responsibility for " \
+          "managing the description of a resource.",
+          [ Permissions::READ, Permissions::DOWNLOAD, Permissions::UPDATE ]
+        )
+        CONTRIBUTOR = RoleType.new(
+          "Contributor",
+          "The Contributor role conveys responsibility for adding related " \
+          "resources to a resource, such as works to a collection.",
+          [ Permissions::READ, Permissions::ADD_CHILDREN ]
+        )
+        DOWNLOADER = RoleType.new(
+          "Downloader",
+          "The Downloader role conveys access to the \"master\" file " \
+          "(original content bitstream) of a resource.",
+          [ Permissions::READ, Permissions::DOWNLOAD ]
+        )
+        VIEWER = RoleType.new(
+          "Viewer",
+          "The Viewer role conveys access to the description and \"access\" " \
+          "files (e.g., derivative bitstreams) of a resource.",
+          [ Permissions::READ ]
+        )
+      end
+    end
+  end
+end

data/lib/ddr/auth/superuser_ability.rb ADDED

@@ -0,0 +1,7 @@
+module Ddr::Auth
+  class SuperuserAbility < AbstractAbility
+    self.ability_definitions = [ SuperuserAbilityDefinitions ]
+  end
+end

data/lib/ddr/auth/test_helpers.rb ADDED

@@ -0,0 +1,22 @@
+module Ddr
+  module Auth
+    module TestHelpers
+      class MockLdapGateway
+        def self.find(*args); new.find(*args); end
+        def find(user_key); Ddr::Auth::LdapGateway::Result.new(nil); end
+      end
+      class MockGrouperGateway
+        def self.repository_groups(*args); new.repository_groups(*args); end
+        def repository_groups(raw = false); []; end
+        def self.user_groups(*args); new.user_groups(*args); end
+        def user_groups(user, raw = false); []; end
+      end
+    end
+  end
+end
+Ddr::Auth.ldap_gateway = Ddr::Auth::TestHelpers::MockLdapGateway
+Ddr::Auth.grouper_gateway = Ddr::Auth::TestHelpers::MockGrouperGateway

data/lib/ddr/auth/user.rb ADDED

@@ -0,0 +1,54 @@
+require 'devise'
+module Ddr::Auth
+  module User
+    extend ActiveSupport::Concern
+    included do
+      delegate :can, :can?, :cannot, :cannot?, to: :ability
+      validates_uniqueness_of :username, case_sensitive: false
+      validates_format_of :email, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/
+      devise :database_authenticatable, :omniauthable, omniauth_providers: [:shibboleth]
+      class_attribute :user_key_attribute
+      self.user_key_attribute = Devise.authentication_keys.first
+    end
+    module ClassMethods
+      def find_by_user_key(key)
+        send("find_by_#{user_key_attribute}", key)
+      end
+      def from_omniauth(auth)
+        user = find_by_user_key(auth.uid) ||
+               new(user_key_attribute => auth.uid, :password => Devise.friendly_token)
+        user.update!(email: auth.info.email,
+                     display_name: auth.info.name,
+                     first_name: auth.info.first_name,
+                     last_name: auth.info.last_name,
+                     nickname: auth.info.nickname)
+        user
+      end
+    end
+    # Copied from Hydra::User
+    def user_key
+      send(user_key_attribute)
+    end
+    def to_s
+      user_key
+    end
+    def agent
+      user_key
+    end
+    def ability
+      @ability ||= AbilityFactory.call(self)
+    end
+  end
+end