ddr-models 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE.txt +12 -0
- data/README.md +5 -0
- data/Rakefile +37 -0
- data/app/models/attachment.rb +7 -0
- data/app/models/collection.rb +54 -0
- data/app/models/component.rb +15 -0
- data/app/models/item.rb +19 -0
- data/app/models/solr_document.rb +36 -0
- data/app/models/target.rb +8 -0
- data/config/initializers/active_fedora_base.rb +77 -0
- data/config/initializers/active_fedora_datastream.rb +5 -0
- data/config/initializers/ddr.rb +8 -0
- data/config/initializers/devise.rb +245 -0
- data/config/initializers/devise.rb~ +245 -0
- data/config/initializers/subscriptions.rb +15 -0
- data/config/routes.rb +2 -0
- data/db/migrate/20141021233359_create_events.rb +28 -0
- data/db/migrate/20141021234156_create_minted_ids.rb +19 -0
- data/db/migrate/20141103192146_create_workflow_state.rb +13 -0
- data/db/migrate/20141104181418_create_users.rb +34 -0
- data/db/migrate/20141104181418_create_users.rb~ +6 -0
- data/lib/ddr-models.rb +1 -0
- data/lib/ddr/actions.rb +8 -0
- data/lib/ddr/actions/fixity_check.rb +35 -0
- data/lib/ddr/auth.rb +45 -0
- data/lib/ddr/auth.rb~ +47 -0
- data/lib/ddr/auth/ability.rb +204 -0
- data/lib/ddr/auth/ability.rb~ +204 -0
- data/lib/ddr/auth/group_service.rb +53 -0
- data/lib/ddr/auth/group_service.rb~ +53 -0
- data/lib/ddr/auth/grouper_service.rb +76 -0
- data/lib/ddr/auth/grouper_service.rb~ +77 -0
- data/lib/ddr/auth/remote_group_service.rb +35 -0
- data/lib/ddr/auth/remote_group_service.rb~ +35 -0
- data/lib/ddr/auth/superuser.rb +13 -0
- data/lib/ddr/auth/superuser.rb~ +9 -0
- data/lib/ddr/auth/user.rb +71 -0
- data/lib/ddr/auth/user.rb~ +65 -0
- data/lib/ddr/configurable.rb +34 -0
- data/lib/ddr/datastreams.rb +32 -0
- data/lib/ddr/datastreams/content_metadata_datastream.rb +147 -0
- data/lib/ddr/datastreams/datastream_behavior.rb +95 -0
- data/lib/ddr/datastreams/descriptive_metadata_datastream.rb +84 -0
- data/lib/ddr/datastreams/properties_datastream.rb +25 -0
- data/lib/ddr/datastreams/role_assignments_datastream.rb +19 -0
- data/lib/ddr/events.rb +17 -0
- data/lib/ddr/events/creation_event.rb +12 -0
- data/lib/ddr/events/event.rb +163 -0
- data/lib/ddr/events/fixity_check_event.rb +43 -0
- data/lib/ddr/events/ingestion_event.rb +12 -0
- data/lib/ddr/events/preservation_event_behavior.rb +37 -0
- data/lib/ddr/events/preservation_event_type.rb +24 -0
- data/lib/ddr/events/reindex_object_after_save.rb +18 -0
- data/lib/ddr/events/update_event.rb +9 -0
- data/lib/ddr/events/validation_event.rb +11 -0
- data/lib/ddr/events/virus_check_event.rb +30 -0
- data/lib/ddr/index_fields.rb +39 -0
- data/lib/ddr/metadata.rb +22 -0
- data/lib/ddr/metadata/duke_terms.rb +15 -0
- data/lib/ddr/metadata/premis_event.rb +59 -0
- data/lib/ddr/metadata/rdf_vocabulary_parser.rb +45 -0
- data/lib/ddr/metadata/roles_vocabulary.rb +10 -0
- data/lib/ddr/metadata/sources/duketerms.rdf.xml +856 -0
- data/lib/ddr/metadata/vocabulary.rb +37 -0
- data/lib/ddr/models.rb +60 -0
- data/lib/ddr/models/access_controllable.rb +23 -0
- data/lib/ddr/models/base.rb +37 -0
- data/lib/ddr/models/describable.rb +81 -0
- data/lib/ddr/models/engine.rb +58 -0
- data/lib/ddr/models/error.rb +12 -0
- data/lib/ddr/models/event_loggable.rb +36 -0
- data/lib/ddr/models/file_management.rb +183 -0
- data/lib/ddr/models/fixity_checkable.rb +20 -0
- data/lib/ddr/models/governable.rb +48 -0
- data/lib/ddr/models/has_attachments.rb +12 -0
- data/lib/ddr/models/has_children.rb +21 -0
- data/lib/ddr/models/has_content.rb +114 -0
- data/lib/ddr/models/has_content_metadata.rb +16 -0
- data/lib/ddr/models/has_properties.rb +15 -0
- data/lib/ddr/models/has_role_assignments.rb +17 -0
- data/lib/ddr/models/has_thumbnail.rb +27 -0
- data/lib/ddr/models/has_workflow.rb +29 -0
- data/lib/ddr/models/indexing.rb +53 -0
- data/lib/ddr/models/licensable.rb +28 -0
- data/lib/ddr/models/minted_id.rb +10 -0
- data/lib/ddr/models/permanent_identification.rb +48 -0
- data/lib/ddr/models/solr_document.rb +193 -0
- data/lib/ddr/models/version.rb +5 -0
- data/lib/ddr/notifications.rb +15 -0
- data/lib/ddr/services.rb +8 -0
- data/lib/ddr/services/id_service.rb +48 -0
- data/lib/ddr/utils.rb +153 -0
- data/lib/ddr/workflow.rb +8 -0
- data/lib/ddr/workflow/workflow_state.rb +39 -0
- data/spec/dummy/README.rdoc +28 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/javascripts/application.js +13 -0
- data/spec/dummy/app/assets/stylesheets/application.css +15 -0
- data/spec/dummy/app/controllers/application_controller.rb +5 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +5 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +29 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +37 -0
- data/spec/dummy/config/environments/production.rb +78 -0
- data/spec/dummy/config/environments/test.rb +39 -0
- data/spec/dummy/config/initializers/assets.rb +8 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +4 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/en.yml +23 -0
- data/spec/dummy/config/routes.rb +56 -0
- data/spec/dummy/config/secrets.yml +22 -0
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/db/schema.rb +80 -0
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/log/development.log +4974 -0
- data/spec/dummy/log/test.log +55627 -0
- data/spec/dummy/public/404.html +67 -0
- data/spec/dummy/public/422.html +67 -0
- data/spec/dummy/public/500.html +66 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/factories/attachment_factories.rb +15 -0
- data/spec/factories/collection_factories.rb +16 -0
- data/spec/factories/component_factories.rb +15 -0
- data/spec/factories/event_factories.rb +7 -0
- data/spec/factories/item_factories.rb +16 -0
- data/spec/factories/target_factories.rb +11 -0
- data/spec/factories/test_model_factories.rb +133 -0
- data/spec/factories/user_factories.rb +7 -0
- data/spec/factories/user_factories.rb~ +7 -0
- data/spec/features/grouper_integration_spec.rb~ +21 -0
- data/spec/fixtures/contentMetadata.xml +37 -0
- data/spec/fixtures/image1.tiff +0 -0
- data/spec/fixtures/image2.tiff +0 -0
- data/spec/fixtures/image3.tiff +0 -0
- data/spec/fixtures/library-devil.tiff +0 -0
- data/spec/fixtures/sample.docx +0 -0
- data/spec/fixtures/sample.pdf +0 -0
- data/spec/fixtures/target.png +0 -0
- data/spec/models/ability_spec.rb +248 -0
- data/spec/models/ability_spec.rb~ +245 -0
- data/spec/models/active_fedora_base_spec.rb +107 -0
- data/spec/models/active_fedora_datastream_spec.rb +121 -0
- data/spec/models/attachment_spec.rb +13 -0
- data/spec/models/collection_spec.rb +33 -0
- data/spec/models/component_spec.rb +8 -0
- data/spec/models/descriptive_metadata_datastream_spec.rb +102 -0
- data/spec/models/events_spec.rb +64 -0
- data/spec/models/file_management_spec.rb +179 -0
- data/spec/models/has_role_assignments_spec.rb +29 -0
- data/spec/models/has_workflow_spec.rb +54 -0
- data/spec/models/item_spec.rb +8 -0
- data/spec/models/permanent_identification_spec.rb +65 -0
- data/spec/models/role_assignments_datastream_spec.rb +25 -0
- data/spec/models/superuser_spec.rb +13 -0
- data/spec/models/superuser_spec.rb~ +13 -0
- data/spec/models/target_spec.rb +8 -0
- data/spec/models/user_spec.rb +60 -0
- data/spec/models/user_spec.rb~ +56 -0
- data/spec/services/group_service_spec.rb +75 -0
- data/spec/services/group_service_spec.rb~ +71 -0
- data/spec/services/id_service_spec.rb +33 -0
- data/spec/spec_helper.rb +125 -0
- data/spec/support/shared_examples_for_access_controllables.rb +6 -0
- data/spec/support/shared_examples_for_associations.rb +8 -0
- data/spec/support/shared_examples_for_ddr_models.rb +7 -0
- data/spec/support/shared_examples_for_describables.rb +63 -0
- data/spec/support/shared_examples_for_event_loggables.rb +3 -0
- data/spec/support/shared_examples_for_events.rb +179 -0
- data/spec/support/shared_examples_for_governables.rb +17 -0
- data/spec/support/shared_examples_for_has_content.rb +136 -0
- data/spec/support/shared_examples_for_has_content_metadata.rb +74 -0
- data/spec/support/shared_examples_for_has_properties.rb +5 -0
- data/spec/support/shared_examples_for_indexing.rb +36 -0
- metadata +562 -0
@@ -0,0 +1,53 @@
|
|
1
|
+
module Ddr
|
2
|
+
module Auth
|
3
|
+
class GroupService
|
4
|
+
|
5
|
+
class_attribute :include_role_mapper_groups
|
6
|
+
self.include_role_mapper_groups = RoleMapper.role_names.present? rescue false
|
7
|
+
|
8
|
+
def role_mapper_user_groups(user)
|
9
|
+
RoleMapper.roles(user) rescue []
|
10
|
+
end
|
11
|
+
|
12
|
+
def role_mapper_groups
|
13
|
+
RoleMapper.role_names rescue []
|
14
|
+
end
|
15
|
+
|
16
|
+
def groups
|
17
|
+
default_groups | append_groups
|
18
|
+
end
|
19
|
+
|
20
|
+
def user_groups(user)
|
21
|
+
default_user_groups(user) | append_user_groups(user)
|
22
|
+
end
|
23
|
+
|
24
|
+
def superuser_group
|
25
|
+
Ddr::Auth.superuser_group
|
26
|
+
end
|
27
|
+
|
28
|
+
def append_groups
|
29
|
+
[]
|
30
|
+
end
|
31
|
+
|
32
|
+
def append_user_groups(user)
|
33
|
+
[]
|
34
|
+
end
|
35
|
+
|
36
|
+
def default_groups
|
37
|
+
dg = [Ddr::Auth.everyone_group, Ddr::Auth.authenticated_users_group]
|
38
|
+
dg += role_mapper_groups if include_role_mapper_groups
|
39
|
+
dg
|
40
|
+
end
|
41
|
+
|
42
|
+
def default_user_groups(user)
|
43
|
+
dug = [Hydra::AccessControls::AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]
|
44
|
+
if user && user.persisted?
|
45
|
+
dug << Hydra::AccessControls::AccessRight::PERMISSION_TEXT_VALUE_AUTHENTICATED
|
46
|
+
dug += role_mapper_user_groups(user) if include_role_mapper_groups
|
47
|
+
end
|
48
|
+
dug
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
module Ddr
|
2
|
+
module Auth
|
3
|
+
class GroupService
|
4
|
+
|
5
|
+
class_attribute :include_role_mapper_groups
|
6
|
+
self.include_role_mapper_groups = RoleMapper.role_names.present? rescue false
|
7
|
+
|
8
|
+
def role_mapper_user_groups(user)
|
9
|
+
RoleMapper.roles(user) rescue []
|
10
|
+
end
|
11
|
+
|
12
|
+
def role_mapper_groups
|
13
|
+
RoleMapper.role_names rescue []
|
14
|
+
end
|
15
|
+
|
16
|
+
def groups
|
17
|
+
default_groups | append_groups
|
18
|
+
end
|
19
|
+
|
20
|
+
def user_groups(user)
|
21
|
+
default_user_groups(user) | append_user_groups(user)
|
22
|
+
end
|
23
|
+
|
24
|
+
def superuser_group
|
25
|
+
Ddr::Auth.superuser_group
|
26
|
+
end
|
27
|
+
|
28
|
+
def append_groups
|
29
|
+
[]
|
30
|
+
end
|
31
|
+
|
32
|
+
def append_user_groups(user)
|
33
|
+
[]
|
34
|
+
end
|
35
|
+
|
36
|
+
def default_groups
|
37
|
+
dg = [Ddr::Auth.everyone_group, Ddr::Auth.authenticated_users_group]
|
38
|
+
dg += role_mapper_groups if include_role_mapper_groups
|
39
|
+
dg
|
40
|
+
end
|
41
|
+
|
42
|
+
def default_user_groups(user)
|
43
|
+
dug = [Hydra::AccessControls::AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]
|
44
|
+
if user && user.persisted?
|
45
|
+
dug << Hydra::AccessControls::AccessRight::PERMISSION_TEXT_VALUE_AUTHENTICATED
|
46
|
+
dug += role_mapper_user_groups(user) if include_role_mapper_groups
|
47
|
+
end
|
48
|
+
dug
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,76 @@
|
|
1
|
+
require 'grouper-rest-client'
|
2
|
+
|
3
|
+
module Ddr
|
4
|
+
module Auth
|
5
|
+
class GrouperService
|
6
|
+
|
7
|
+
class_attribute :config
|
8
|
+
|
9
|
+
def self.configured?
|
10
|
+
!config.nil?
|
11
|
+
end
|
12
|
+
|
13
|
+
# List of all grouper groups for the repository
|
14
|
+
def self.repository_groups
|
15
|
+
groups = []
|
16
|
+
begin
|
17
|
+
client do |c|
|
18
|
+
g = c.groups(Ddr::Auth.remote_groups_name_filter)
|
19
|
+
groups = g if c.ok?
|
20
|
+
end
|
21
|
+
rescue Ddr::Models::Error
|
22
|
+
end
|
23
|
+
groups
|
24
|
+
end
|
25
|
+
|
26
|
+
def self.repository_group_names
|
27
|
+
repository_groups.collect { |g| g["name"] }
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.user_groups(user)
|
31
|
+
groups = []
|
32
|
+
begin
|
33
|
+
client do |c|
|
34
|
+
request_body = {
|
35
|
+
"WsRestGetGroupsRequest" => {
|
36
|
+
"subjectLookups" => [{"subjectIdentifier" => subject_id(user)}]
|
37
|
+
}
|
38
|
+
}
|
39
|
+
# Have to use :call b/c grouper-rest-client :subjects method doesn't support POST
|
40
|
+
response = c.call("subjects", :post, request_body)
|
41
|
+
if c.ok?
|
42
|
+
result = response["WsGetGroupsResults"]["results"].first
|
43
|
+
# Have to manually filter results b/c Grouper WS version 1.5 does not support filter parameter
|
44
|
+
if result && result["wsGroups"]
|
45
|
+
groups = result["wsGroups"].select { |g| g["name"] =~ /^#{Ddr::Auth.remote_groups_name_filter}/ }
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
rescue StandardError => e
|
50
|
+
Rails.logger.error e
|
51
|
+
end
|
52
|
+
groups
|
53
|
+
end
|
54
|
+
|
55
|
+
def self.user_group_names(user)
|
56
|
+
user_groups(user).collect { |g| g["name"] }
|
57
|
+
end
|
58
|
+
|
59
|
+
def self.subject_id(user)
|
60
|
+
user.user_key.split('@').first
|
61
|
+
end
|
62
|
+
|
63
|
+
private
|
64
|
+
|
65
|
+
def self.client
|
66
|
+
raise Ddr::Models::Error unless configured?
|
67
|
+
yield Grouper::Rest::Client::Resource.new(config["url"],
|
68
|
+
user: config["user"],
|
69
|
+
password: config["password"],
|
70
|
+
timeout: config.fetch("timeout", 5).to_i
|
71
|
+
)
|
72
|
+
end
|
73
|
+
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
require 'dul_hydra'
|
2
|
+
require 'grouper-rest-client'
|
3
|
+
|
4
|
+
module DulHydra
|
5
|
+
module Services
|
6
|
+
class GrouperService
|
7
|
+
|
8
|
+
class_attribute :config
|
9
|
+
|
10
|
+
def self.configured?
|
11
|
+
!config.nil?
|
12
|
+
end
|
13
|
+
|
14
|
+
# List of all grouper groups for the repository
|
15
|
+
def self.repository_groups
|
16
|
+
groups = []
|
17
|
+
begin
|
18
|
+
client do |c|
|
19
|
+
g = c.groups(DulHydra.remote_groups_name_filter)
|
20
|
+
groups = g if c.ok?
|
21
|
+
end
|
22
|
+
rescue Ddr::Models::Error
|
23
|
+
end
|
24
|
+
groups
|
25
|
+
end
|
26
|
+
|
27
|
+
def self.repository_group_names
|
28
|
+
repository_groups.collect { |g| g["name"] }
|
29
|
+
end
|
30
|
+
|
31
|
+
def self.user_groups(user)
|
32
|
+
groups = []
|
33
|
+
begin
|
34
|
+
client do |c|
|
35
|
+
request_body = {
|
36
|
+
"WsRestGetGroupsRequest" => {
|
37
|
+
"subjectLookups" => [{"subjectIdentifier" => subject_id(user)}]
|
38
|
+
}
|
39
|
+
}
|
40
|
+
# Have to use :call b/c grouper-rest-client :subjects method doesn't support POST
|
41
|
+
response = c.call("subjects", :post, request_body)
|
42
|
+
if c.ok?
|
43
|
+
result = response["WsGetGroupsResults"]["results"].first
|
44
|
+
# Have to manually filter results b/c Grouper WS version 1.5 does not support filter parameter
|
45
|
+
if result && result["wsGroups"]
|
46
|
+
groups = result["wsGroups"].select { |g| g["name"] =~ /^#{DulHydra.remote_groups_name_filter}/ }
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
rescue StandardError => e
|
51
|
+
Rails.logger.error e
|
52
|
+
end
|
53
|
+
groups
|
54
|
+
end
|
55
|
+
|
56
|
+
def self.user_group_names(user)
|
57
|
+
user_groups(user).collect { |g| g["name"] }
|
58
|
+
end
|
59
|
+
|
60
|
+
def self.subject_id(user)
|
61
|
+
user.user_key.split('@').first
|
62
|
+
end
|
63
|
+
|
64
|
+
private
|
65
|
+
|
66
|
+
def self.client
|
67
|
+
raise Ddr::Models::Error unless configured?
|
68
|
+
yield Grouper::Rest::Client::Resource.new(config["url"],
|
69
|
+
user: config["user"],
|
70
|
+
password: config["password"],
|
71
|
+
timeout: config.fetch("timeout", 5).to_i
|
72
|
+
)
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
module Ddr
|
2
|
+
module Auth
|
3
|
+
class RemoteGroupService < GroupService
|
4
|
+
|
5
|
+
attr_reader :env
|
6
|
+
|
7
|
+
def initialize(env = nil)
|
8
|
+
@env = env
|
9
|
+
end
|
10
|
+
|
11
|
+
def append_groups
|
12
|
+
GrouperService.repository_group_names
|
13
|
+
end
|
14
|
+
|
15
|
+
def append_user_groups(user)
|
16
|
+
if env && env.key?(Ddr::Auth.remote_groups_env_key)
|
17
|
+
remote_groups
|
18
|
+
else
|
19
|
+
GrouperService.user_group_names(user)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def remote_groups
|
24
|
+
# get the raw list of values
|
25
|
+
groups = env[Ddr::Auth.remote_groups_env_key].split(Ddr::Auth.remote_groups_env_value_delim)
|
26
|
+
# munge values to proper Grouper group names, if necessary
|
27
|
+
groups = groups.collect { |g| g.sub(*Ddr::Auth.remote_groups_env_value_sub) } if Ddr::Auth.remote_groups_env_value_sub
|
28
|
+
# filter group list as configured
|
29
|
+
groups = groups.select { |g| g =~ /^#{Ddr::Auth.remote_groups_name_filter}/ } if Ddr::Auth.remote_groups_name_filter
|
30
|
+
groups
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
module DulHydra
|
2
|
+
module Services
|
3
|
+
class RemoteGroupService < GroupService
|
4
|
+
|
5
|
+
attr_reader :env
|
6
|
+
|
7
|
+
def initialize(env = nil)
|
8
|
+
@env = env
|
9
|
+
end
|
10
|
+
|
11
|
+
def append_groups
|
12
|
+
GrouperService.repository_group_names
|
13
|
+
end
|
14
|
+
|
15
|
+
def append_user_groups(user)
|
16
|
+
if env && env.key?(DulHydra.remote_groups_env_key)
|
17
|
+
remote_groups
|
18
|
+
else
|
19
|
+
GrouperService.user_group_names(user)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def remote_groups
|
24
|
+
# get the raw list of values
|
25
|
+
groups = env[DulHydra.remote_groups_env_key].split(DulHydra.remote_groups_env_value_delim)
|
26
|
+
# munge values to proper Grouper group names, if necessary
|
27
|
+
groups = groups.collect { |g| g.sub(*DulHydra.remote_groups_env_value_sub) } if DulHydra.remote_groups_env_value_sub
|
28
|
+
# filter group list as configured
|
29
|
+
groups = groups.select { |g| g =~ /^#{DulHydra.remote_groups_name_filter}/ } if DulHydra.remote_groups_name_filter
|
30
|
+
groups
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
module Ddr
|
2
|
+
module Auth
|
3
|
+
module User
|
4
|
+
extend ActiveSupport::Concern
|
5
|
+
|
6
|
+
included do
|
7
|
+
include Blacklight::User
|
8
|
+
|
9
|
+
has_many :events, inverse_of: :user, class_name: "Ddr::Events::Event"
|
10
|
+
|
11
|
+
delegate :can?, :cannot?, to: :ability
|
12
|
+
|
13
|
+
validates_uniqueness_of :username, :case_sensitive => false
|
14
|
+
validates_format_of :email, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/
|
15
|
+
|
16
|
+
# TODO Remove :trackable, :validatable
|
17
|
+
devise :remote_user_authenticatable, :database_authenticatable, :rememberable, :trackable, :validatable
|
18
|
+
|
19
|
+
attr_writer :group_service
|
20
|
+
end
|
21
|
+
|
22
|
+
module ClassMethods
|
23
|
+
def find_by_user_key(key)
|
24
|
+
self.send("find_by_#{Devise.authentication_keys.first}", key)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
# Copied from Hydra::User
|
29
|
+
def user_key
|
30
|
+
send(Devise.authentication_keys.first)
|
31
|
+
end
|
32
|
+
|
33
|
+
def group_service
|
34
|
+
@group_service ||= GroupService.new
|
35
|
+
end
|
36
|
+
|
37
|
+
def to_s
|
38
|
+
user_key
|
39
|
+
end
|
40
|
+
|
41
|
+
def ability
|
42
|
+
@ability ||= ::Ability.new(self)
|
43
|
+
end
|
44
|
+
|
45
|
+
def groups
|
46
|
+
@groups ||= group_service.user_groups(self)
|
47
|
+
end
|
48
|
+
|
49
|
+
def member_of?(group)
|
50
|
+
group ? self.groups.include?(group) : false
|
51
|
+
end
|
52
|
+
|
53
|
+
def authorized_to_act_as_superuser?
|
54
|
+
member_of? group_service.superuser_group
|
55
|
+
end
|
56
|
+
|
57
|
+
def principal_name
|
58
|
+
user_key
|
59
|
+
end
|
60
|
+
|
61
|
+
def principals
|
62
|
+
groups.dup << principal_name
|
63
|
+
end
|
64
|
+
|
65
|
+
def has_role?(obj, role)
|
66
|
+
obj.principal_has_role?(principals, role)
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
module Ddr
|
2
|
+
module Auth
|
3
|
+
module User
|
4
|
+
extend ActiveSupport::Concern
|
5
|
+
|
6
|
+
included do
|
7
|
+
include Blacklight::User
|
8
|
+
include Hydra::User
|
9
|
+
|
10
|
+
# has_many :batches, :inverse_of => :user, :class_name => DulHydra::Batch::Models::Batch
|
11
|
+
# has_many :ingest_folders, :inverse_of => :user
|
12
|
+
# has_many :metadata_files, :inverse_of => :user
|
13
|
+
# has_many :export_sets, :dependent => :destroy
|
14
|
+
has_many :events, inverse_of: :user, class_name: "Ddr::Events::Event"
|
15
|
+
|
16
|
+
delegate :can?, :cannot?, to: :ability
|
17
|
+
|
18
|
+
validates_uniqueness_of :username, :case_sensitive => false
|
19
|
+
validates_format_of :email, with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/
|
20
|
+
|
21
|
+
# TODO Remove :trackable, :validatable
|
22
|
+
devise :remote_user_authenticatable, :database_authenticatable, :rememberable, :trackable, :validatable
|
23
|
+
|
24
|
+
attr_writer :group_service
|
25
|
+
end
|
26
|
+
|
27
|
+
def group_service
|
28
|
+
@group_service ||= Ddr::Auth::GroupService.new
|
29
|
+
end
|
30
|
+
|
31
|
+
def to_s
|
32
|
+
user_key
|
33
|
+
end
|
34
|
+
|
35
|
+
def ability
|
36
|
+
@ability ||= ::Ability.new(self)
|
37
|
+
end
|
38
|
+
|
39
|
+
def groups
|
40
|
+
@groups ||= group_service.user_groups(self)
|
41
|
+
end
|
42
|
+
|
43
|
+
def member_of?(group)
|
44
|
+
group ? self.groups.include?(group) : false
|
45
|
+
end
|
46
|
+
|
47
|
+
def authorized_to_act_as_superuser?
|
48
|
+
member_of? group_service.superuser_group
|
49
|
+
end
|
50
|
+
|
51
|
+
def principal_name
|
52
|
+
user_key
|
53
|
+
end
|
54
|
+
|
55
|
+
def principals
|
56
|
+
groups.dup << principal_name
|
57
|
+
end
|
58
|
+
|
59
|
+
def has_role?(obj, role)
|
60
|
+
obj.principal_has_role?(principals, role)
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|