ddr-models 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE.txt +12 -0
- data/README.md +5 -0
- data/Rakefile +37 -0
- data/app/models/attachment.rb +7 -0
- data/app/models/collection.rb +54 -0
- data/app/models/component.rb +15 -0
- data/app/models/item.rb +19 -0
- data/app/models/solr_document.rb +36 -0
- data/app/models/target.rb +8 -0
- data/config/initializers/active_fedora_base.rb +77 -0
- data/config/initializers/active_fedora_datastream.rb +5 -0
- data/config/initializers/ddr.rb +8 -0
- data/config/initializers/devise.rb +245 -0
- data/config/initializers/devise.rb~ +245 -0
- data/config/initializers/subscriptions.rb +15 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20141021233359_create_events.rb +28 -0
- data/db/migrate/20141021234156_create_minted_ids.rb +19 -0
- data/db/migrate/20141103192146_create_workflow_state.rb +13 -0
- data/db/migrate/20141104181418_create_users.rb +34 -0
- data/db/migrate/20141104181418_create_users.rb~ +6 -0
- data/lib/ddr-models.rb +1 -0
- data/lib/ddr/actions.rb +8 -0
- data/lib/ddr/actions/fixity_check.rb +35 -0
- data/lib/ddr/auth.rb +45 -0
- data/lib/ddr/auth.rb~ +47 -0
- data/lib/ddr/auth/ability.rb +204 -0
- data/lib/ddr/auth/ability.rb~ +204 -0
- data/lib/ddr/auth/group_service.rb +53 -0
- data/lib/ddr/auth/group_service.rb~ +53 -0
- data/lib/ddr/auth/grouper_service.rb +76 -0
- data/lib/ddr/auth/grouper_service.rb~ +77 -0
- data/lib/ddr/auth/remote_group_service.rb +35 -0
- data/lib/ddr/auth/remote_group_service.rb~ +35 -0
- data/lib/ddr/auth/superuser.rb +13 -0
- data/lib/ddr/auth/superuser.rb~ +9 -0
- data/lib/ddr/auth/user.rb +71 -0
- data/lib/ddr/auth/user.rb~ +65 -0
- data/lib/ddr/configurable.rb +34 -0
- data/lib/ddr/datastreams.rb +32 -0
- data/lib/ddr/datastreams/content_metadata_datastream.rb +147 -0
- data/lib/ddr/datastreams/datastream_behavior.rb +95 -0
- data/lib/ddr/datastreams/descriptive_metadata_datastream.rb +84 -0
- data/lib/ddr/datastreams/properties_datastream.rb +25 -0
- data/lib/ddr/datastreams/role_assignments_datastream.rb +19 -0
- data/lib/ddr/events.rb +17 -0
- data/lib/ddr/events/creation_event.rb +12 -0
- data/lib/ddr/events/event.rb +163 -0
- data/lib/ddr/events/fixity_check_event.rb +43 -0
- data/lib/ddr/events/ingestion_event.rb +12 -0
- data/lib/ddr/events/preservation_event_behavior.rb +37 -0
- data/lib/ddr/events/preservation_event_type.rb +24 -0
- data/lib/ddr/events/reindex_object_after_save.rb +18 -0
- data/lib/ddr/events/update_event.rb +9 -0
- data/lib/ddr/events/validation_event.rb +11 -0
- data/lib/ddr/events/virus_check_event.rb +30 -0
- data/lib/ddr/index_fields.rb +39 -0
- data/lib/ddr/metadata.rb +22 -0
- data/lib/ddr/metadata/duke_terms.rb +15 -0
- data/lib/ddr/metadata/premis_event.rb +59 -0
- data/lib/ddr/metadata/rdf_vocabulary_parser.rb +45 -0
- data/lib/ddr/metadata/roles_vocabulary.rb +10 -0
- data/lib/ddr/metadata/sources/duketerms.rdf.xml +856 -0
- data/lib/ddr/metadata/vocabulary.rb +37 -0
- data/lib/ddr/models.rb +60 -0
- data/lib/ddr/models/access_controllable.rb +23 -0
- data/lib/ddr/models/base.rb +37 -0
- data/lib/ddr/models/describable.rb +81 -0
- data/lib/ddr/models/engine.rb +58 -0
- data/lib/ddr/models/error.rb +12 -0
- data/lib/ddr/models/event_loggable.rb +36 -0
- data/lib/ddr/models/file_management.rb +183 -0
- data/lib/ddr/models/fixity_checkable.rb +20 -0
- data/lib/ddr/models/governable.rb +48 -0
- data/lib/ddr/models/has_attachments.rb +12 -0
- data/lib/ddr/models/has_children.rb +21 -0
- data/lib/ddr/models/has_content.rb +114 -0
- data/lib/ddr/models/has_content_metadata.rb +16 -0
- data/lib/ddr/models/has_properties.rb +15 -0
- data/lib/ddr/models/has_role_assignments.rb +17 -0
- data/lib/ddr/models/has_thumbnail.rb +27 -0
- data/lib/ddr/models/has_workflow.rb +29 -0
- data/lib/ddr/models/indexing.rb +53 -0
- data/lib/ddr/models/licensable.rb +28 -0
- data/lib/ddr/models/minted_id.rb +10 -0
- data/lib/ddr/models/permanent_identification.rb +48 -0
- data/lib/ddr/models/solr_document.rb +193 -0
- data/lib/ddr/models/version.rb +5 -0
- data/lib/ddr/notifications.rb +15 -0
- data/lib/ddr/services.rb +8 -0
- data/lib/ddr/services/id_service.rb +48 -0
- data/lib/ddr/utils.rb +153 -0
- data/lib/ddr/workflow.rb +8 -0
- data/lib/ddr/workflow/workflow_state.rb +39 -0
- data/spec/dummy/README.rdoc +28 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/javascripts/application.js +13 -0
- data/spec/dummy/app/assets/stylesheets/application.css +15 -0
- data/spec/dummy/app/controllers/application_controller.rb +5 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +5 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +29 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +37 -0
- data/spec/dummy/config/environments/production.rb +78 -0
- data/spec/dummy/config/environments/test.rb +39 -0
- data/spec/dummy/config/initializers/assets.rb +8 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +4 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/en.yml +23 -0
- data/spec/dummy/config/routes.rb +56 -0
- data/spec/dummy/config/secrets.yml +22 -0
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/db/schema.rb +80 -0
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/log/development.log +4974 -0
- data/spec/dummy/log/test.log +55627 -0
- data/spec/dummy/public/404.html +67 -0
- data/spec/dummy/public/422.html +67 -0
- data/spec/dummy/public/500.html +66 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/factories/attachment_factories.rb +15 -0
- data/spec/factories/collection_factories.rb +16 -0
- data/spec/factories/component_factories.rb +15 -0
- data/spec/factories/event_factories.rb +7 -0
- data/spec/factories/item_factories.rb +16 -0
- data/spec/factories/target_factories.rb +11 -0
- data/spec/factories/test_model_factories.rb +133 -0
- data/spec/factories/user_factories.rb +7 -0
- data/spec/factories/user_factories.rb~ +7 -0
- data/spec/features/grouper_integration_spec.rb~ +21 -0
- data/spec/fixtures/contentMetadata.xml +37 -0
- data/spec/fixtures/image1.tiff +0 -0
- data/spec/fixtures/image2.tiff +0 -0
- data/spec/fixtures/image3.tiff +0 -0
- data/spec/fixtures/library-devil.tiff +0 -0
- data/spec/fixtures/sample.docx +0 -0
- data/spec/fixtures/sample.pdf +0 -0
- data/spec/fixtures/target.png +0 -0
- data/spec/models/ability_spec.rb +248 -0
- data/spec/models/ability_spec.rb~ +245 -0
- data/spec/models/active_fedora_base_spec.rb +107 -0
- data/spec/models/active_fedora_datastream_spec.rb +121 -0
- data/spec/models/attachment_spec.rb +13 -0
- data/spec/models/collection_spec.rb +33 -0
- data/spec/models/component_spec.rb +8 -0
- data/spec/models/descriptive_metadata_datastream_spec.rb +102 -0
- data/spec/models/events_spec.rb +64 -0
- data/spec/models/file_management_spec.rb +179 -0
- data/spec/models/has_role_assignments_spec.rb +29 -0
- data/spec/models/has_workflow_spec.rb +54 -0
- data/spec/models/item_spec.rb +8 -0
- data/spec/models/permanent_identification_spec.rb +65 -0
- data/spec/models/role_assignments_datastream_spec.rb +25 -0
- data/spec/models/superuser_spec.rb +13 -0
- data/spec/models/superuser_spec.rb~ +13 -0
- data/spec/models/target_spec.rb +8 -0
- data/spec/models/user_spec.rb +60 -0
- data/spec/models/user_spec.rb~ +56 -0
- data/spec/services/group_service_spec.rb +75 -0
- data/spec/services/group_service_spec.rb~ +71 -0
- data/spec/services/id_service_spec.rb +33 -0
- data/spec/spec_helper.rb +125 -0
- data/spec/support/shared_examples_for_access_controllables.rb +6 -0
- data/spec/support/shared_examples_for_associations.rb +8 -0
- data/spec/support/shared_examples_for_ddr_models.rb +7 -0
- data/spec/support/shared_examples_for_describables.rb +63 -0
- data/spec/support/shared_examples_for_event_loggables.rb +3 -0
- data/spec/support/shared_examples_for_events.rb +179 -0
- data/spec/support/shared_examples_for_governables.rb +17 -0
- data/spec/support/shared_examples_for_has_content.rb +136 -0
- data/spec/support/shared_examples_for_has_content_metadata.rb +74 -0
- data/spec/support/shared_examples_for_has_properties.rb +5 -0
- data/spec/support/shared_examples_for_indexing.rb +36 -0
- metadata +562 -0
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<mets xmlns="http://www.loc.gov/METS/" xmlns:xlink="http://www.w3.org/1999/xlink">
|
|
3
|
+
<fileSec>
|
|
4
|
+
<fileGrp ID="GRP01" USE="Master Image">
|
|
5
|
+
<file ID="FILE001">
|
|
6
|
+
<FLocat xlink:href="test:1/content" LOCTYPE="URL"/>
|
|
7
|
+
</file>
|
|
8
|
+
<file ID="FILE002">
|
|
9
|
+
<FLocat xlink:href="test:2/content" LOCTYPE="URL"/>
|
|
10
|
+
</file>
|
|
11
|
+
<file ID="FILE003">
|
|
12
|
+
<FLocat xlink:href="test:3/content" LOCTYPE="URL"/>
|
|
13
|
+
</file>
|
|
14
|
+
</fileGrp>
|
|
15
|
+
<fileGrp ID="GRP00" USE="Composite PDF">
|
|
16
|
+
<file ID="FILE000">
|
|
17
|
+
<FLocat xlink:href="test:4/content" LOCTYPE="URL"/>
|
|
18
|
+
</file>
|
|
19
|
+
</fileGrp>
|
|
20
|
+
</fileSec>
|
|
21
|
+
<structMap>
|
|
22
|
+
<div ID="DIV01" TYPE="image" LABEL="Images">
|
|
23
|
+
<div ORDER="1">
|
|
24
|
+
<fptr FILEID="FILE001"/>
|
|
25
|
+
</div>
|
|
26
|
+
<div ORDER="2">
|
|
27
|
+
<fptr FILEID="FILE002"/>
|
|
28
|
+
</div>
|
|
29
|
+
<div ORDER="10">
|
|
30
|
+
<fptr FILEID="FILE003"/>
|
|
31
|
+
</div>
|
|
32
|
+
</div>
|
|
33
|
+
<div ID="DIV00" TYPE="pdf" LABEL="PDF">
|
|
34
|
+
<fptr FILEID="FILE000"/>
|
|
35
|
+
</div>
|
|
36
|
+
</structMap>
|
|
37
|
+
</mets>
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -0,0 +1,248 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'cancan/matchers'
|
|
3
|
+
|
|
4
|
+
module Ddr
|
|
5
|
+
module Auth
|
|
6
|
+
RSpec.describe Ability, type: :model, abilities: true do
|
|
7
|
+
|
|
8
|
+
subject { described_class.new(user) }
|
|
9
|
+
let(:user) { FactoryGirl.create(:user) }
|
|
10
|
+
|
|
11
|
+
describe "#upload_permissions", uploads: true do
|
|
12
|
+
let(:resource) { FactoryGirl.build(:component) }
|
|
13
|
+
context "user has edit permission" do
|
|
14
|
+
before { subject.can(:edit, resource) }
|
|
15
|
+
it { is_expected.to be_able_to(:upload, resource) }
|
|
16
|
+
end
|
|
17
|
+
context "user does not have edit permission" do
|
|
18
|
+
before { subject.cannot(:edit, resource) }
|
|
19
|
+
it { is_expected.not_to be_able_to(:upload, resource) }
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
describe "#download_permissions", downloads: true do
|
|
24
|
+
context "on an object" do
|
|
25
|
+
context "which is a Component", components: true do
|
|
26
|
+
let!(:resource) { FactoryGirl.create(:component) }
|
|
27
|
+
context "and user does NOT have the downloader role" do
|
|
28
|
+
context "and user has edit permission" do
|
|
29
|
+
before do
|
|
30
|
+
resource.edit_users = [user.user_key]
|
|
31
|
+
resource.save
|
|
32
|
+
end
|
|
33
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
34
|
+
end
|
|
35
|
+
context "and user has read permission" do
|
|
36
|
+
before do
|
|
37
|
+
resource.read_users = [user.user_key]
|
|
38
|
+
resource.save
|
|
39
|
+
end
|
|
40
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
41
|
+
end
|
|
42
|
+
context "and user lacks read permission" do
|
|
43
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
context "and user has the downloader role", roles: true do
|
|
48
|
+
before do
|
|
49
|
+
resource.roleAssignments.downloader << user.principal_name
|
|
50
|
+
resource.save
|
|
51
|
+
end
|
|
52
|
+
context "and user has edit permission" do
|
|
53
|
+
before do
|
|
54
|
+
resource.edit_users = [user.user_key]
|
|
55
|
+
resource.save
|
|
56
|
+
end
|
|
57
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
58
|
+
end
|
|
59
|
+
context "and user has read permission" do
|
|
60
|
+
before do
|
|
61
|
+
resource.read_users = [user.user_key]
|
|
62
|
+
resource.save
|
|
63
|
+
end
|
|
64
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
65
|
+
end
|
|
66
|
+
context "and user lacks read permission" do
|
|
67
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
context "which is not a Component" do
|
|
73
|
+
let(:resource) { FactoryGirl.create(:test_content) }
|
|
74
|
+
context "and user has read permission" do
|
|
75
|
+
before do
|
|
76
|
+
resource.read_users = [user.user_key]
|
|
77
|
+
resource.save
|
|
78
|
+
end
|
|
79
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
80
|
+
end
|
|
81
|
+
context "and user lacks read permission" do
|
|
82
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
context "on a datastream", datastreams: true do
|
|
88
|
+
|
|
89
|
+
context "named 'content'", content: true do
|
|
90
|
+
let(:resource) { obj.content }
|
|
91
|
+
context "and object is a Component", components: true do
|
|
92
|
+
let(:obj) { FactoryGirl.create(:component) }
|
|
93
|
+
context "and user does not have the downloader role" do
|
|
94
|
+
context "and user has read permission on the object" do
|
|
95
|
+
before do
|
|
96
|
+
obj.read_users = [user.user_key]
|
|
97
|
+
obj.save
|
|
98
|
+
end
|
|
99
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
100
|
+
end
|
|
101
|
+
context "and user lacks read permission on the object" do
|
|
102
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
context "and user has the downloader role", roles: true do
|
|
107
|
+
before do
|
|
108
|
+
obj.roleAssignments.downloader << user.principal_name
|
|
109
|
+
obj.save
|
|
110
|
+
end
|
|
111
|
+
context "and user has read permission on the object" do
|
|
112
|
+
before do
|
|
113
|
+
obj.read_users = [user.user_key]
|
|
114
|
+
obj.save
|
|
115
|
+
end
|
|
116
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
117
|
+
end
|
|
118
|
+
context "and user lacks read permission on the object" do
|
|
119
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
context "and object is not a Component" do
|
|
125
|
+
let(:obj) { FactoryGirl.create(:test_content) }
|
|
126
|
+
context "and user has read permission on the object" do
|
|
127
|
+
before do
|
|
128
|
+
obj.read_users = [user.user_key]
|
|
129
|
+
obj.save
|
|
130
|
+
end
|
|
131
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
132
|
+
end
|
|
133
|
+
context "and user lacks read permission on the object" do
|
|
134
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
context "not named 'content'" do
|
|
141
|
+
let(:obj) { FactoryGirl.create(:test_model) }
|
|
142
|
+
let(:resource) { obj.descMetadata }
|
|
143
|
+
context "and user has read permission on the object" do
|
|
144
|
+
before do
|
|
145
|
+
obj.read_users = [user.user_key]
|
|
146
|
+
obj.save
|
|
147
|
+
end
|
|
148
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
149
|
+
end
|
|
150
|
+
context "and user lacks read permission on the object" do
|
|
151
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
152
|
+
end
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
end # download_permissions
|
|
158
|
+
|
|
159
|
+
describe "#discover_permissions" do
|
|
160
|
+
# TODO
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
describe "#events_permissions", events: true do
|
|
164
|
+
let(:object) { FactoryGirl.create(:test_model) }
|
|
165
|
+
let(:resource) { Ddr::Events::Event.new(pid: object.pid) }
|
|
166
|
+
context "event is associated with a user" do
|
|
167
|
+
before { resource.user = user }
|
|
168
|
+
it { is_expected.to be_able_to(:read, resource) }
|
|
169
|
+
end
|
|
170
|
+
context "event is not associated with a user" do
|
|
171
|
+
context "and can read object" do
|
|
172
|
+
before do
|
|
173
|
+
object.read_users = [user.user_key]
|
|
174
|
+
object.save!
|
|
175
|
+
end
|
|
176
|
+
it { is_expected.to be_able_to(:read, resource) }
|
|
177
|
+
end
|
|
178
|
+
context "and cannot read object" do
|
|
179
|
+
it { is_expected.not_to be_able_to(:read, resource) }
|
|
180
|
+
end
|
|
181
|
+
end
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
# describe "#export_sets_permissions", export_sets: true do
|
|
185
|
+
# let(:resource) { ExportSet.new(user: user) }
|
|
186
|
+
# context "associated user" do
|
|
187
|
+
# it { is_expected.to be_able_to(:manage, resource) }
|
|
188
|
+
# end
|
|
189
|
+
# context "other user" do
|
|
190
|
+
# subject { described_class.new(other_user) }
|
|
191
|
+
# let(:other_user) { FactoryGirl.create(:user) }
|
|
192
|
+
# it { is_expected.not_to be_able_to(:read, resource) }
|
|
193
|
+
# end
|
|
194
|
+
# end
|
|
195
|
+
|
|
196
|
+
# describe "#ingest_folders_permissions", ingest_folders: true do
|
|
197
|
+
# let(:resource) { IngestFolder }
|
|
198
|
+
# context "user has no permitted ingest folders" do
|
|
199
|
+
# before { allow(resource).to receive(:permitted_folders).with(user).and_return([]) }
|
|
200
|
+
# it { is_expected.not_to be_able_to(:create, resource) }
|
|
201
|
+
# end
|
|
202
|
+
# context "user has at least one permitted ingest folder" do
|
|
203
|
+
# before { allow(resource).to receive(:permitted_folders).with(user).and_return(['dir']) }
|
|
204
|
+
# it { is_expected.to be_able_to(:create, resource) }
|
|
205
|
+
# end
|
|
206
|
+
# end
|
|
207
|
+
|
|
208
|
+
describe "#attachment_permissions", attachments: true do
|
|
209
|
+
context "object can have attachments" do
|
|
210
|
+
let(:resource) { FactoryGirl.build(:test_model_omnibus) }
|
|
211
|
+
context "and user lacks edit rights" do
|
|
212
|
+
before { subject.cannot(:edit, resource) }
|
|
213
|
+
it { is_expected.not_to be_able_to(:add_attachment, resource) }
|
|
214
|
+
end
|
|
215
|
+
context "and user has edit rights" do
|
|
216
|
+
before { subject.can(:edit, resource) }
|
|
217
|
+
it { is_expected.to be_able_to(:add_attachment, resource) }
|
|
218
|
+
end
|
|
219
|
+
end
|
|
220
|
+
context "object cannot have attachments" do
|
|
221
|
+
let(:resource) { FactoryGirl.build(:test_model) }
|
|
222
|
+
before { subject.can(:edit, resource) }
|
|
223
|
+
it { is_expected.not_to be_able_to(:add_attachment, resource) }
|
|
224
|
+
end
|
|
225
|
+
end
|
|
226
|
+
|
|
227
|
+
describe "#children_permissions", children: true do
|
|
228
|
+
context "user has edit rights on object" do
|
|
229
|
+
before { subject.can(:edit, resource) }
|
|
230
|
+
context "and object can have children" do
|
|
231
|
+
let(:resource) { FactoryGirl.build(:collection) }
|
|
232
|
+
it { is_expected.to be_able_to(:add_children, resource) }
|
|
233
|
+
end
|
|
234
|
+
context "but object cannot have children" do
|
|
235
|
+
let(:resource) { FactoryGirl.build(:component) }
|
|
236
|
+
it { is_expected.not_to be_able_to(:add_children, resource) }
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
context "user lacks edit rights on attached_to object" do
|
|
240
|
+
let(:resource) { FactoryGirl.build(:collection) }
|
|
241
|
+
before { subject.cannot(:edit, resource) }
|
|
242
|
+
it { is_expected.not_to be_able_to(:add_children, resource) }
|
|
243
|
+
end
|
|
244
|
+
end
|
|
245
|
+
|
|
246
|
+
end
|
|
247
|
+
end
|
|
248
|
+
end
|
|
@@ -0,0 +1,245 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'dul_hydra'
|
|
3
|
+
require 'cancan/matchers'
|
|
4
|
+
|
|
5
|
+
describe Ability, type: :model, abilities: true do
|
|
6
|
+
|
|
7
|
+
subject { described_class.new(user) }
|
|
8
|
+
let(:user) { FactoryGirl.create(:user) }
|
|
9
|
+
|
|
10
|
+
describe "#upload_permissions", uploads: true do
|
|
11
|
+
let(:resource) { FactoryGirl.build(:component) }
|
|
12
|
+
context "user has edit permission" do
|
|
13
|
+
before { subject.can(:edit, resource) }
|
|
14
|
+
it { is_expected.to be_able_to(:upload, resource) }
|
|
15
|
+
end
|
|
16
|
+
context "user does not have edit permission" do
|
|
17
|
+
before { subject.cannot(:edit, resource) }
|
|
18
|
+
it { is_expected.not_to be_able_to(:upload, resource) }
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
describe "#download_permissions", downloads: true do
|
|
23
|
+
context "on an object" do
|
|
24
|
+
context "which is a Component", components: true do
|
|
25
|
+
let!(:resource) { FactoryGirl.create(:component) }
|
|
26
|
+
context "and user does NOT have the downloader role" do
|
|
27
|
+
context "and user has edit permission" do
|
|
28
|
+
before do
|
|
29
|
+
resource.edit_users = [user.user_key]
|
|
30
|
+
resource.save
|
|
31
|
+
end
|
|
32
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
33
|
+
end
|
|
34
|
+
context "and user has read permission" do
|
|
35
|
+
before do
|
|
36
|
+
resource.read_users = [user.user_key]
|
|
37
|
+
resource.save
|
|
38
|
+
end
|
|
39
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
40
|
+
end
|
|
41
|
+
context "and user lacks read permission" do
|
|
42
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
context "and user has the downloader role", roles: true do
|
|
47
|
+
before do
|
|
48
|
+
resource.roleAssignments.downloader << user.principal_name
|
|
49
|
+
resource.save
|
|
50
|
+
end
|
|
51
|
+
context "and user has edit permission" do
|
|
52
|
+
before do
|
|
53
|
+
resource.edit_users = [user.user_key]
|
|
54
|
+
resource.save
|
|
55
|
+
end
|
|
56
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
57
|
+
end
|
|
58
|
+
context "and user has read permission" do
|
|
59
|
+
before do
|
|
60
|
+
resource.read_users = [user.user_key]
|
|
61
|
+
resource.save
|
|
62
|
+
end
|
|
63
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
64
|
+
end
|
|
65
|
+
context "and user lacks read permission" do
|
|
66
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
context "which is not a Component" do
|
|
72
|
+
let(:resource) { FactoryGirl.create(:test_content) }
|
|
73
|
+
context "and user has read permission" do
|
|
74
|
+
before do
|
|
75
|
+
resource.read_users = [user.user_key]
|
|
76
|
+
resource.save
|
|
77
|
+
end
|
|
78
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
79
|
+
end
|
|
80
|
+
context "and user lacks read permission" do
|
|
81
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
context "on a datastream", datastreams: true do
|
|
87
|
+
|
|
88
|
+
context "named 'content'", content: true do
|
|
89
|
+
let(:resource) { obj.content }
|
|
90
|
+
context "and object is a Component", components: true do
|
|
91
|
+
let(:obj) { FactoryGirl.create(:component) }
|
|
92
|
+
context "and user does not have the downloader role" do
|
|
93
|
+
context "and user has read permission on the object" do
|
|
94
|
+
before do
|
|
95
|
+
obj.read_users = [user.user_key]
|
|
96
|
+
obj.save
|
|
97
|
+
end
|
|
98
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
99
|
+
end
|
|
100
|
+
context "and user lacks read permission on the object" do
|
|
101
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
context "and user has the downloader role", roles: true do
|
|
106
|
+
before do
|
|
107
|
+
obj.roleAssignments.downloader << user.principal_name
|
|
108
|
+
obj.save
|
|
109
|
+
end
|
|
110
|
+
context "and user has read permission on the object" do
|
|
111
|
+
before do
|
|
112
|
+
obj.read_users = [user.user_key]
|
|
113
|
+
obj.save
|
|
114
|
+
end
|
|
115
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
116
|
+
end
|
|
117
|
+
context "and user lacks read permission on the object" do
|
|
118
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
119
|
+
end
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
context "and object is not a Component" do
|
|
124
|
+
let(:obj) { FactoryGirl.create(:test_content) }
|
|
125
|
+
context "and user has read permission on the object" do
|
|
126
|
+
before do
|
|
127
|
+
obj.read_users = [user.user_key]
|
|
128
|
+
obj.save
|
|
129
|
+
end
|
|
130
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
131
|
+
end
|
|
132
|
+
context "and user lacks read permission on the object" do
|
|
133
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
context "not named 'content'" do
|
|
140
|
+
let(:obj) { FactoryGirl.create(:test_model) }
|
|
141
|
+
let(:resource) { obj.descMetadata }
|
|
142
|
+
context "and user has read permission on the object" do
|
|
143
|
+
before do
|
|
144
|
+
obj.read_users = [user.user_key]
|
|
145
|
+
obj.save
|
|
146
|
+
end
|
|
147
|
+
it { is_expected.to be_able_to(:download, resource) }
|
|
148
|
+
end
|
|
149
|
+
context "and user lacks read permission on the object" do
|
|
150
|
+
it { is_expected.not_to be_able_to(:download, resource) }
|
|
151
|
+
end
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
end # download_permissions
|
|
157
|
+
|
|
158
|
+
describe "#discover_permissions" do
|
|
159
|
+
# TODO
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
describe "#events_permissions", events: true do
|
|
163
|
+
let(:object) { FactoryGirl.create(:test_model) }
|
|
164
|
+
let(:resource) { Ddr::Events::Event.new(pid: object.pid) }
|
|
165
|
+
context "event is associated with a user" do
|
|
166
|
+
before { resource.user = user }
|
|
167
|
+
it { is_expected.to be_able_to(:read, resource) }
|
|
168
|
+
end
|
|
169
|
+
context "event is not associated with a user" do
|
|
170
|
+
context "and can read object" do
|
|
171
|
+
before do
|
|
172
|
+
object.read_users = [user.user_key]
|
|
173
|
+
object.save!
|
|
174
|
+
end
|
|
175
|
+
it { is_expected.to be_able_to(:read, resource) }
|
|
176
|
+
end
|
|
177
|
+
context "and cannot read object" do
|
|
178
|
+
it { is_expected.not_to be_able_to(:read, resource) }
|
|
179
|
+
end
|
|
180
|
+
end
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
describe "#export_sets_permissions", export_sets: true do
|
|
184
|
+
let(:resource) { ExportSet.new(user: user) }
|
|
185
|
+
context "associated user" do
|
|
186
|
+
it { is_expected.to be_able_to(:manage, resource) }
|
|
187
|
+
end
|
|
188
|
+
context "other user" do
|
|
189
|
+
subject { described_class.new(other_user) }
|
|
190
|
+
let(:other_user) { FactoryGirl.create(:user) }
|
|
191
|
+
it { is_expected.not_to be_able_to(:read, resource) }
|
|
192
|
+
end
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
describe "#ingest_folders_permissions", ingest_folders: true do
|
|
196
|
+
let(:resource) { IngestFolder }
|
|
197
|
+
context "user has no permitted ingest folders" do
|
|
198
|
+
before { allow(resource).to receive(:permitted_folders).with(user).and_return([]) }
|
|
199
|
+
it { is_expected.not_to be_able_to(:create, resource) }
|
|
200
|
+
end
|
|
201
|
+
context "user has at least one permitted ingest folder" do
|
|
202
|
+
before { allow(resource).to receive(:permitted_folders).with(user).and_return(['dir']) }
|
|
203
|
+
it { is_expected.to be_able_to(:create, resource) }
|
|
204
|
+
end
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
describe "#attachment_permissions", attachments: true do
|
|
208
|
+
context "object can have attachments" do
|
|
209
|
+
let(:resource) { FactoryGirl.build(:test_model_omnibus) }
|
|
210
|
+
context "and user lacks edit rights" do
|
|
211
|
+
before { subject.cannot(:edit, resource) }
|
|
212
|
+
it { is_expected.not_to be_able_to(:add_attachment, resource) }
|
|
213
|
+
end
|
|
214
|
+
context "and user has edit rights" do
|
|
215
|
+
before { subject.can(:edit, resource) }
|
|
216
|
+
it { is_expected.to be_able_to(:add_attachment, resource) }
|
|
217
|
+
end
|
|
218
|
+
end
|
|
219
|
+
context "object cannot have attachments" do
|
|
220
|
+
let(:resource) { FactoryGirl.build(:test_model) }
|
|
221
|
+
before { subject.can(:edit, resource) }
|
|
222
|
+
it { is_expected.not_to be_able_to(:add_attachment, resource) }
|
|
223
|
+
end
|
|
224
|
+
end
|
|
225
|
+
|
|
226
|
+
describe "#children_permissions", children: true do
|
|
227
|
+
context "user has edit rights on object" do
|
|
228
|
+
before { subject.can(:edit, resource) }
|
|
229
|
+
context "and object can have children" do
|
|
230
|
+
let(:resource) { FactoryGirl.build(:collection) }
|
|
231
|
+
it { is_expected.to be_able_to(:add_children, resource) }
|
|
232
|
+
end
|
|
233
|
+
context "but object cannot have children" do
|
|
234
|
+
let(:resource) { FactoryGirl.build(:component) }
|
|
235
|
+
it { is_expected.not_to be_able_to(:add_children, resource) }
|
|
236
|
+
end
|
|
237
|
+
end
|
|
238
|
+
context "user lacks edit rights on attached_to object" do
|
|
239
|
+
let(:resource) { FactoryGirl.build(:collection) }
|
|
240
|
+
before { subject.cannot(:edit, resource) }
|
|
241
|
+
it { is_expected.not_to be_able_to(:add_children, resource) }
|
|
242
|
+
end
|
|
243
|
+
end
|
|
244
|
+
|
|
245
|
+
end
|