ddr-core 0.3.0 → 1.2.0.rc1

data/lib/ddr/auth/duke_directory.rb~

@@ -0,0 +1,7 @@
+module Ddr::Auth
+  class DukeDirectory
+
+
+
+  end
+end

data/lib/ddr/auth/effective_permissions.rb

@@ -1,7 +1,8 @@
 module Ddr::Auth
   class EffectivePermissions
 
-    # @param obj [Object] an object that receives :roles and returns a RoleSet
+    # @param obj [Object] an object that receives :roles and returns an Array
+    # of Ddr::Auth::Roles::Role.
     # @param agents [String, Array<String>] agent(s) to match roles
     # @return [Array<Symbol>]
     def self.call(obj, agents)

data/lib/ddr/auth/effective_roles.rb

@@ -1,8 +1,12 @@
 module Ddr::Auth
   class EffectiveRoles
 
-    def self.call(obj, agents)
-      ( obj.resource_roles | obj.inherited_roles ).select { |r| agents.include?(r.agent) }
+    def self.call(obj, agents = nil)
+      ( obj.roles | obj.inherited_roles ).tap do |roles|
+        if agents
+          roles.select! { |r| agents.include?(r.agent) }
+        end
+      end
     end
 
   end

data/lib/ddr/auth/failure_app.rb

@@ -5,7 +5,7 @@ module Ddr
       def respond
         if scope == :user && Ddr::Auth.require_shib_user_authn
           store_location!
-          redirect_to user_omniauth_authorize_path(:shibboleth)
+          redirect_to user_shibboleth_omniauth_authorize_path
         else
           super
         end

data/lib/ddr/auth/grouper_gateway.rb

@@ -25,7 +25,7 @@ module Ddr
 
       # List of all grouper groups for the repository
       def repository_groups(raw = false)
-        repo_groups = groups(REPOSITORY_GROUP_FILTER)
+        repo_groups = groups(Ddr::Auth.repository_group_filter)
         if ok?
           return repo_groups if raw
           repo_groups.map do |g|
@@ -52,7 +52,7 @@ module Ddr
             result = response["WsGetGroupsResults"]["results"].first
             # Have to manually filter results b/c Grouper WS version 1.5 does not support filter parameter
             if result && result["wsGroups"]
-              groups = result["wsGroups"].select { |g| g["name"] =~ /^#{REPOSITORY_GROUP_FILTER}/ }
+              groups = result["wsGroups"].select { |g| g["name"] =~ /^#{Ddr::Auth.repository_group_filter}/ }
             end
           end
         rescue StandardError => e

data/lib/ddr/auth/permissions.rb

@@ -1,18 +1,21 @@
 module Ddr::Auth
   class Permissions
 
-    READ         = :read
-    DOWNLOAD     = :download
-    ADD_CHILDREN = :add_children
-    UPDATE       = :update
-    REPLACE      = :replace
-    ARRANGE      = :arrange
-    PUBLISH      = :publish
-    UNPUBLISH    = :unpublish
-    AUDIT        = :audit
-    GRANT        = :grant
+    DISCOVER            = :discover
+    READ                = :read
+    DOWNLOAD            = :download
+    ADD_CHILDREN        = :add_children
+    UPDATE              = :update
+    REPLACE             = :replace
+    ARRANGE             = :arrange
+    PUBLISH             = :publish
+    UNPUBLISH           = :unpublish
+    MAKE_NONPUBLISHABLE = :make_nonpublishable
+    AUDIT               = :audit
+    GRANT               = :grant
 
-    ALL = [ READ, DOWNLOAD, ADD_CHILDREN, UPDATE, REPLACE, ARRANGE, PUBLISH, UNPUBLISH, AUDIT, GRANT ]
+    ALL = [ DISCOVER, READ, DOWNLOAD, ADD_CHILDREN, UPDATE,
+            REPLACE, ARRANGE, PUBLISH, UNPUBLISH, MAKE_NONPUBLISHABLE, AUDIT, GRANT ]
 
   end
 end

data/lib/ddr/auth/role_based_access_controls_enforcement.rb

@@ -1,11 +1,5 @@
 module Ddr
   module Auth
-    #
-    # Hydra controller mixin for role-based access control
-    #
-    # Overrides Hydra::AccessControlsEnforcement#gated_discovery_filters
-    # to apply role filters instead of permissions filters.
-    #
     module RoleBasedAccessControlsEnforcement
 
       def self.included(controller)
@@ -17,38 +11,8 @@ module Ddr
         @current_ability ||= AbilityFactory.call(current_user, request.env)
       end
 
-      # List of URIs for policies on which any of the current user's agent has a role in policy scope
-      def policy_role_policies
-        @policy_role_policies ||= Array.new.tap do |uris|
-          filters = current_ability.agents.map do |agent|
-            "#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\""
-          end.join(" OR ")
-          query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})"
-          results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::INTERNAL_URI)
-          results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::INTERNAL_URI] }
-        end
-      end
-
-      def policy_role_filters
-        if policy_role_policies.present?
-          rels = policy_role_policies.map { |pid| [:is_governed_by, pid] }
-          ActiveFedora::SolrService.construct_query_for_rel(rels, "OR")
-        end
-      end
-
-      def resource_role_filters
-        current_ability.agents.map do |agent|
-          ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent)
-        end.join(" OR ")
-      end
-
-      def gated_discovery_filters
-        [resource_role_filters, policy_role_filters].compact
-      end
-
-      # Overrides Hydra::AccessControlsEnforcement
       def enforce_show_permissions
-        authorize! :read, params[:id]
+        authorize! Permissions::DISCOVER, params[:id]
       end
 
     end

data/lib/ddr/auth/roles.rb

@@ -10,18 +10,30 @@ module Ddr::Auth
 
     RESOURCE_SCOPE = "resource".freeze
     POLICY_SCOPE = "policy".freeze
-    SCOPES = [RESOURCE_SCOPE, POLICY_SCOPE].freeze
+    SCOPES = [ RESOURCE_SCOPE, POLICY_SCOPE ].freeze
+
+    ORDERED_ROLE_TYPES = [
+      CURATOR,
+      EDITOR,
+      METADATA_EDITOR,
+      CONTRIBUTOR,
+      DOWNLOADER,
+      VIEWER,
+      METADATA_VIEWER
+    ]
 
     class << self
-
       def type_map
         @type_map ||= role_types.map { |role_type| [role_type.to_s, role_type] }.to_h
       end
 
       def role_types
-        @role_types ||= RoleTypes.constants(false).map { |const| RoleTypes.const_get(const) }
+        ORDERED_ROLE_TYPES
       end
 
+      def titles
+        @titles ||= role_types.map(&:title)
+      end
     end
 
   end

data/lib/ddr/auth/roles/role.rb

@@ -8,67 +8,38 @@ module Ddr
 
         DEFAULT_SCOPE = Roles::RESOURCE_SCOPE
 
-        ValidScope = Valkyrie::Types::Strict::String.enum(*(Roles::SCOPES))
-        ValidRoleType = Valkyrie::Types::Strict::String.enum(*(Roles::role_types.map(&:title)))
-
-        attribute :agent, Valkyrie::Types::Strict::String.constrained(min_size: 1)
-        attribute :role_type, ValidRoleType
-        attribute :scope, ValidScope
-
-        class << self
-
-          # Build a Role instance from hash attributes
-          # @param args [Hash] the attributes
-          # @return [Role] the role
-          # @example
-          #   Role.build type: "Curator", agent: "bob", scope: "resource"
-          def build(args={})
-            new.tap do |role|
-              args[:role_type] ||= args.delete(:type)
-              args[:agent] ||= nil # Triggers a constraint error
-              args[:agent] = args[:agent].to_s # Coerce Ddr::Auth:Group to string
-
-              args.each do |attr, val|
-                role.set_value(attr, val)
-              end
+        ValidScope = Valkyrie::Types::Coercible::String.default(DEFAULT_SCOPE).enum(*(Roles::SCOPES))
+        ValidRoleType = Valkyrie::Types::Strict::String.enum(*(Roles.titles))
+        ValidAgent = Valkyrie::Types::Coercible::String.constrained(min_size: 1)
+
+        # Symbolize input keys
+        # https://dry-rb.org/gems/dry-struct/1.0/recipes/#symbolize-input-keys
+        transform_keys do |key|
+          _k = key.to_sym
+          # For backwards compat allow :type as an alias for :role_type
+          _k == :type ? :role_type : _k
+        end
 
-              role.scope ||= DEFAULT_SCOPE
+        # Make nils use default values
+        # https://dry-rb.org/gems/dry-struct/1.0/recipes/#resolving-default-values-on-code-nil-code
+        transform_types do |type|
+          if type.default?
+            type.constructor do |value|
+              value.nil? ? Dry::Types::Undefined : value
             end
+          else
+            type
           end
+        end
 
-          ###############
-          # FIXME or remove serialization/deserialization
-          ###############
-          #
-          # # Deserialize a Role from JSON
-          # # @param json [String] the JSON string
-          # # @return [Role] the role
-          # def from_json(json)
-          #   build JSON.parse(json)
-          # end
-
-          # alias_method :deserialize, :from_json
-
-          private
-
-          #
-          # DELETEME
-          #
-          # def build_attributes(args={})
-          #   # symbolize keys and stringify values
-          #   attrs = args.each_with_object({}) do |(k, v), memo|
-          #     memo[k.to_sym] = Array(v).first.to_s
-          #   end
-          #   # set default scope if necessary
-          #   attrs[:scope] ||= DEFAULT_SCOPE
-          #   # accept :type key for role_type attribute
-          #   if attrs.key?(:type)
-          #     attrs[:role_type] = attrs.delete(:type)
-          #   end
-          #   attrs
-          # end
+        attribute :agent, ValidAgent
+        attribute :role_type, ValidRoleType
+        attribute :scope, ValidScope
 
-        end # class << self
+        # DEPRECATED: Use constructor
+        def self.build(args={})
+          new(args)
+        end
 
         # Roles are considered equal (==) if they
         # are of the same type and have the same agent and scope.
@@ -96,19 +67,6 @@ module Ddr
           "agent=#{agent.inspect}, scope=#{scope.inspect}>"
         end
 
-        # TODO refactor up?
-        def proper_attributes
-          attributes.slice(self.class.fields - self.class.reserved_attributes)
-        end
-
-        ###############
-        # FIXME or remove serialization/deserialization
-        ###############
-        #
-        # delegate :to_json, to: :proper_attributes
-        #
-        # alias_method :serialize, :to_json
-
         # Returns the permissions associated with the role
         # @return [Array<Symbol>] the permissions
         def permissions

data/lib/ddr/auth/roles/role_types.rb

@@ -14,36 +14,43 @@ module Ddr
           "Editor",
           "The Editor role conveys reponsibility for managing the content, " \
           "description and structural arrangement of a resource.",
-          [ Permissions::READ, Permissions::DOWNLOAD, Permissions::ADD_CHILDREN,
-            Permissions::UPDATE, Permissions::REPLACE, Permissions::ARRANGE ]
+          [ Permissions::DISCOVER, Permissions::READ, Permissions::DOWNLOAD,
+            Permissions::ADD_CHILDREN, Permissions::UPDATE,
+            Permissions::REPLACE, Permissions::ARRANGE ]
         )
 
         METADATA_EDITOR = RoleType.new(
           "MetadataEditor",
           "The Metadata Editor role conveys responsibility for " \
           "managing the description of a resource.",
-          [ Permissions::READ, Permissions::DOWNLOAD, Permissions::UPDATE ]
+          [ Permissions::DISCOVER, Permissions::READ, Permissions::DOWNLOAD, Permissions::UPDATE ]
         )
 
         CONTRIBUTOR = RoleType.new(
           "Contributor",
           "The Contributor role conveys responsibility for adding related " \
           "resources to a resource, such as works to a collection.",
-          [ Permissions::READ, Permissions::ADD_CHILDREN ]
+          [ Permissions::DISCOVER, Permissions::READ, Permissions::ADD_CHILDREN ]
         )
 
         DOWNLOADER = RoleType.new(
           "Downloader",
           "The Downloader role conveys access to the \"master\" file " \
           "(original content bitstream) of a resource.",
-          [ Permissions::READ, Permissions::DOWNLOAD ]
+          [ Permissions::DISCOVER, Permissions::READ, Permissions::DOWNLOAD ]
         )
 
         VIEWER = RoleType.new(
           "Viewer",
           "The Viewer role conveys access to the description and \"access\" " \
           "files (e.g., derivative bitstreams) of a resource.",
-          [ Permissions::READ ]
+          [ Permissions::DISCOVER, Permissions::READ ]
+        )
+
+        METADATA_VIEWER = RoleType.new(
+          "MetadataViewer",
+          "The MetadataViewer role coveys access to the description of a resource.",
+          [ Permissions::DISCOVER ]
         )
 
       end

data/lib/ddr/core.rb

@@ -9,6 +9,7 @@ module Ddr
   autoload :Files
   autoload :NotFoundError, 'ddr/error'
   autoload :Fits
+  autoload :FindingAid
   autoload :Index
   autoload :Managers
   autoload :Utils
@@ -103,6 +104,14 @@ module Ddr
     false
   end
 
+  mattr_accessor :ddr_aux_api_url do
+    ENV["DDR_AUX_API_URL"]
+  end
+
+  mattr_accessor :ead_xml_base_url do
+    ENV["EAD_XML_BASE_URL"]
+  end
+
   module Core
 
   end

data/lib/ddr/core/version.rb

@@ -1,5 +1,5 @@
 module Ddr
   module Core
-    VERSION = '0.3.0'
+    VERSION = '1.2.0.rc1'
   end
 end

data/lib/ddr/fits.rb

@@ -94,96 +94,5 @@ module Ddr
       xpath('//fits:fits', fits: FITS_XMLNS).first
     end
 
-    ### DDRevo ##########################################
-    # From Ddr::Datastreams::FitsDatastream.  Code above accounts for proxy terms from below and has a private 'root'
-    # method but does not (yet) provide methods for all the terms in the terminology.  Thought it was better to wait
-    # and see which ones are actually needed.
-    ### DDRevo ##########################################
-    # set_terminology do |t|
-    #   t.root(path: "fits",
-    #          xmlns: FITS_XMLNS,
-    #          schema: FITS_SCHEMA)
-    #   t.version(path: {attribute: "version"})
-    #   t.timestamp(path: {attribute: "timestamp"})
-    #   t.identification {
-    #     t.identity {
-    #       t.mimetype(path: {attribute: "mimetype"})
-    #       t.format_label(path: {attribute: "format"})
-    #       t.version
-    #       t.externalIdentifier
-    #       t.pronom_identifier(path: "externalIdentifier", attributes: {type: "puid"})
-    #     }
-    #   }
-    #   t.fileinfo {
-    #     t.created
-    #     t.creatingApplicationName
-    #     t.creatingos
-    #     t.filename
-    #     t.filepath
-    #     t.fslastmodified
-    #     t.lastmodified
-    #     t.md5checksum
-    #     t.size
-    #   }
-    #   t.filestatus {
-    #     t.valid
-    #     t.well_formed(path: "well-formed")
-    #   }
-    #   t.metadata {
-    #     t.image {
-    #       t.imageWidth
-    #       t.imageHeight
-    #       t.colorSpace
-    #       t.iccProfileName
-    #       t.iccProfileVersion
-    #     }
-    #     t.document {
-    #       # TODO - configure to get from Tika?
-    #       # t.encoding
-    #     }
-    #     t.text
-    #     t.audio
-    #     t.video
-    #   }
-    #
-    #   ## proxy terms
-    #
-    #   # identification / identity
-    #   t.format_label         proxy: [:identification, :identity, :format_label]
-    #   t.format_version       proxy: [:identification, :identity, :version]
-    #   t.media_type           proxy: [:identification, :identity, :mimetype]
-    #   t.pronom_identifier    proxy: [:identification, :identity, :pronom_identifier]
-    #
-    #   # filestatus
-    #   t.valid                proxy: [:filestatus, :valid]
-    #   t.well_formed          proxy: [:filestatus, :well_formed]
-    #
-    #   # fileinfo
-    #   t.created              proxy: [:fileinfo, :created]
-    #   t.creating_application proxy: [:fileinfo, :creatingApplicationName]
-    #   t.extent               proxy: [:fileinfo, :size]
-    #   t.md5                  proxy: [:fileinfo, :md5checksum]
-    #
-    #   # image metadata
-    #   t.color_space          proxy: [:metadata, :image, :colorSpace]
-    #   t.icc_profile_name     proxy: [:metadata, :image, :iccProfileName]
-    #   t.icc_profile_version  proxy: [:metadata, :image, :iccProfileVersion]
-    #   t.image_height         proxy: [:metadata, :image, :imageHeight]
-    #   t.image_width          proxy: [:metadata, :image, :imageWidth]
-    # end
-    #
-    # def self.xml_template
-    #   builder = Nokogiri::XML::Builder.new do |xml|
-    #     xml.fits("xmlns"=>FITS_XMLNS,
-    #              "xmlns:xsi"=>"http://www.w3.org/2001/XMLSchema-instance",
-    #              "xsi:schemaLocation"=>"http://hul.harvard.edu/ois/xml/ns/fits/fits_output http://hul.harvard.edu/ois/xml/xsd/fits/fits_output.xsd")
-    #   end
-    #   builder.doc
-    # end
-    #
-    # def prefix
-    #   "fits__"
-    # end
-
   end
 end