ddr-models 1.3.0 → 1.4.0

data/spec/factories/user_factories.rb~

@@ -1,7 +0,0 @@
-FactoryGirl.define do
-  factory :user, class: Ddr::Auth::User do
-    sequence(:username) { |n| "person#{n}" }
-    email { |u| "#{u.username}@example.com" }
-    password "secret"
-  end
-end

data/spec/features/grouper_integration_spec.rb~

@@ -1,21 +0,0 @@
-require 'spec_helper'
-require 'dul_hydra'
-
-describe "Grouper integration", :type => :feature do
-  let(:user) { FactoryGirl.create(:user) }
-  let(:object) { FactoryGirl.create(:collection) }
-  before do
-    object.title = [ "Grouper Works!" ]
-    object.read_groups = ["duke:library:repository:ddr:foo:bar"]
-    object.save!
-    Warden.on_next_request do |proxy|
-      proxy.env[DulHydra.remote_groups_env_key] = "urn:mace:duke.edu:groups:library:repository:ddr:foo:bar"
-      proxy.set_user user
-    end
-  end
-  it "should honor Grouper group access control" do
-    visit url_for(object)
-    expect(page).to have_content("Grouper Works!")
-  end
-  
-end

data/spec/models/ability_spec.rb~

@@ -1,245 +0,0 @@
-require 'spec_helper'
-require 'dul_hydra'
-require 'cancan/matchers'
-
-describe Ability, type: :model, abilities: true do
-
-  subject { described_class.new(user) }
-  let(:user) { FactoryGirl.create(:user) }
-
-  describe "#upload_permissions", uploads: true do
-    let(:resource) { FactoryGirl.build(:component) }
-    context "user has edit permission" do
-      before { subject.can(:edit, resource) }
-      it { is_expected.to be_able_to(:upload, resource) }
-    end
-    context "user does not have edit permission" do
-      before { subject.cannot(:edit, resource) }
-      it { is_expected.not_to be_able_to(:upload, resource) }
-    end
-  end
-
-  describe "#download_permissions", downloads: true do
-    context "on an object" do
-      context "which is a Component", components: true do
-        let!(:resource) { FactoryGirl.create(:component) }
-        context "and user does NOT have the downloader role" do
-          context "and user has edit permission" do
-            before do
-              resource.edit_users = [user.user_key]
-              resource.save
-            end
-            it { is_expected.to be_able_to(:download, resource) }
-          end
-          context "and user has read permission" do
-            before do
-              resource.read_users = [user.user_key]
-              resource.save
-            end
-            it { is_expected.not_to be_able_to(:download, resource) }
-          end
-          context "and user lacks read permission" do
-            it { is_expected.not_to be_able_to(:download, resource) }
-          end
-        end
-
-        context "and user has the downloader role", roles: true do
-          before do
-            resource.roleAssignments.downloader << user.principal_name
-            resource.save
-          end
-          context "and user has edit permission" do
-            before do
-              resource.edit_users = [user.user_key]
-              resource.save
-            end
-            it { is_expected.to be_able_to(:download, resource) }
-          end
-          context "and user has read permission" do
-            before do
-              resource.read_users = [user.user_key]
-              resource.save
-            end
-            it { is_expected.to be_able_to(:download, resource) }
-          end
-          context "and user lacks read permission" do
-            it { is_expected.not_to be_able_to(:download, resource) }
-          end          
-        end
-      end
-
-      context "which is not a Component" do
-        let(:resource) { FactoryGirl.create(:test_content) }
-        context "and user has read permission" do
-          before do
-            resource.read_users = [user.user_key]
-            resource.save
-          end
-          it { is_expected.to be_able_to(:download, resource) }
-        end
-        context "and user lacks read permission" do
-          it { is_expected.not_to be_able_to(:download, resource) }
-        end                  
-      end
-    end
-
-    context "on a datastream", datastreams: true do
-
-      context "named 'content'", content: true do
-        let(:resource) { obj.content }
-        context "and object is a Component", components: true do
-          let(:obj) { FactoryGirl.create(:component) }
-          context "and user does not have the downloader role" do
-            context "and user has read permission on the object" do
-              before do
-                obj.read_users = [user.user_key]
-                obj.save
-              end
-              it { is_expected.not_to be_able_to(:download, resource) }
-            end
-            context "and user lacks read permission on the object" do
-              it { is_expected.not_to be_able_to(:download, resource) }
-            end
-          end
-
-          context "and user has the downloader role", roles: true do
-            before do
-              obj.roleAssignments.downloader << user.principal_name
-              obj.save
-            end
-            context "and user has read permission on the object" do
-              before do
-                obj.read_users = [user.user_key]
-                obj.save
-              end
-              it { is_expected.to be_able_to(:download, resource) }
-            end
-            context "and user lacks read permission on the object" do
-              it { is_expected.not_to be_able_to(:download, resource) }
-            end          
-          end
-        end
-
-        context "and object is not a Component" do
-          let(:obj) { FactoryGirl.create(:test_content) }
-          context "and user has read permission on the object" do
-            before do
-              obj.read_users = [user.user_key]
-              obj.save
-            end
-            it { is_expected.to be_able_to(:download, resource) }
-          end
-          context "and user lacks read permission on the object" do
-            it { is_expected.not_to be_able_to(:download, resource) }
-          end                  
-        end
-
-      end
-
-      context "not named 'content'" do
-        let(:obj) { FactoryGirl.create(:test_model) }
-        let(:resource) { obj.descMetadata }
-        context "and user has read permission on the object" do
-          before do
-            obj.read_users = [user.user_key]
-            obj.save
-          end
-          it { is_expected.to be_able_to(:download, resource) }
-        end
-        context "and user lacks read permission on the object" do
-          it { is_expected.not_to be_able_to(:download, resource) }
-        end        
-      end
-
-    end
-
-  end # download_permissions
-
-  describe "#discover_permissions" do
-    # TODO
-  end
-
-  describe "#events_permissions", events: true do
-    let(:object) { FactoryGirl.create(:test_model) }
-    let(:resource) { Ddr::Events::Event.new(pid: object.pid) }
-    context "event is associated with a user" do
-      before { resource.user = user }
-      it { is_expected.to be_able_to(:read, resource) }
-    end
-    context "event is not associated with a user" do      
-      context "and can read object" do
-        before do
-          object.read_users = [user.user_key]
-          object.save!
-        end
-        it { is_expected.to be_able_to(:read, resource) }
-      end
-      context "and cannot read object" do
-        it { is_expected.not_to be_able_to(:read, resource) }
-      end
-    end
-  end
-
-  describe "#export_sets_permissions", export_sets: true do
-    let(:resource) { ExportSet.new(user: user) }
-    context "associated user" do
-      it { is_expected.to be_able_to(:manage, resource) }
-    end
-    context "other user" do
-      subject { described_class.new(other_user) }
-      let(:other_user) { FactoryGirl.create(:user) }
-      it { is_expected.not_to be_able_to(:read, resource) }
-    end
-  end
-  
-  describe "#ingest_folders_permissions", ingest_folders: true do
-    let(:resource) { IngestFolder }
-    context "user has no permitted ingest folders" do
-      before { allow(resource).to receive(:permitted_folders).with(user).and_return([]) }
-      it { is_expected.not_to be_able_to(:create, resource) }
-    end
-    context "user has at least one permitted ingest folder" do
-      before { allow(resource).to receive(:permitted_folders).with(user).and_return(['dir']) }
-      it { is_expected.to be_able_to(:create, resource) }
-    end
-  end
-
-  describe "#attachment_permissions", attachments: true do
-    context "object can have attachments" do
-      let(:resource) { FactoryGirl.build(:test_model_omnibus) }
-      context "and user lacks edit rights" do
-        before { subject.cannot(:edit, resource) }
-        it { is_expected.not_to be_able_to(:add_attachment, resource) }
-      end
-      context "and user has edit rights" do
-        before { subject.can(:edit, resource) }
-        it { is_expected.to be_able_to(:add_attachment, resource) }
-      end
-    end
-    context "object cannot have attachments" do
-      let(:resource) { FactoryGirl.build(:test_model) }
-      before { subject.can(:edit, resource) }
-      it { is_expected.not_to be_able_to(:add_attachment, resource) }
-    end
-  end
-
-  describe "#children_permissions", children: true do
-    context "user has edit rights on object" do
-      before { subject.can(:edit, resource) }
-      context "and object can have children" do
-        let(:resource) { FactoryGirl.build(:collection) }
-        it { is_expected.to be_able_to(:add_children, resource) }
-      end
-      context "but object cannot have children" do
-        let(:resource) { FactoryGirl.build(:component) }
-        it { is_expected.not_to be_able_to(:add_children, resource) }
-      end
-    end
-    context "user lacks edit rights on attached_to object" do
-      let(:resource) { FactoryGirl.build(:collection) }
-      before { subject.cannot(:edit, resource) }
-      it { is_expected.not_to be_able_to(:add_children, resource) }
-    end    
-  end
-
-end

data/spec/models/superuser_spec.rb~

@@ -1,13 +0,0 @@
-require 'spec_helper'
-require 'cancan/matchers'
-
-module Ddr
-  module Auth
-    describe Superuser, type: :model, abilities: true do
-      subject { described_class.new }
-      it "should be able to manage all" do
-        expect(subject).to be_able_to(:manage, :all)
-      end
-    end
-  end
-end

data/spec/models/user_spec.rb~

@@ -1,56 +0,0 @@
-require 'spec_helper'
-
-describe User, :type => :model do
-
-  subject { FactoryGirl.build(:user) }
-
-  describe "#member_of?" do
-    it "should return true if the user is a member of the group" do
-      allow(subject).to receive(:groups).and_return(["foo", "bar"])
-      expect(subject).to be_member_of("foo")
-    end
-    it "should return false if the user is not a member of the group" do
-      allow(subject).to receive(:groups).and_return(["foo", "bar"])
-      expect(subject).not_to be_member_of("baz")
-    end
-  end
-
-  describe "#authorized_to_act_as_superuser?" do
-    it "should return false if the superuser group is not defined (nil)" do
-      DulHydra.superuser_group = nil
-      expect(subject).not_to be_authorized_to_act_as_superuser
-    end
-    it "should return false if the user is not a member of the superuser group" do
-      DulHydra.superuser_group = "superusers"
-      allow(subject).to receive(:groups).and_return(["normal"])
-      expect(subject).not_to be_authorized_to_act_as_superuser
-    end
-    it "should return true if the user is a member of the superuser group" do
-      DulHydra.superuser_group = "superusers"
-      allow(subject).to receive(:groups).and_return(["superusers"])
-      expect(subject).to be_authorized_to_act_as_superuser
-    end
-  end
-
-  describe "#principal_name" do
-    it "should return the principal name for the user" do
-      expect(subject.principal_name).to eq subject.user_key
-    end
-  end
-
-  describe "#principals" do
-    it "should be a list of the user's groups + the user's principal_name" do
-      allow(subject).to receive(:groups) { ["foo", "bar"] }
-      expect(subject.principals).to match_array ["foo", "bar", subject.principal_name]
-    end
-  end
-
-  describe "#has_role?" do
-    let(:obj) { double }
-    it "should send :principal_has_role? to the object with the user's principals" do
-      expect(obj).to receive(:principal_has_role?).with(subject.principals, :administrator)
-      subject.has_role?(obj, :administrator)
-    end
-  end
-
-end

data/spec/services/group_service_spec.rb~

@@ -1,71 +0,0 @@
-require 'spec_helper'
-
-describe DulHydra::Services::GroupService do  
-  subject { described_class.new }
-  
-  describe "#groups" do
-    describe "at minimum" do
-      it "should include the 'public' and 'registered' groups" do
-        expect(subject.groups).to include("public", "registered")
-      end
-    end
-    describe "using #append_groups hook" do
-      before { allow(subject).to receive(:append_groups).and_return(["spam:eggs", "fish:water"]) }
-      it "should add the groups to the list" do
-        expect(subject.groups).to include("spam:eggs", "fish:water")
-      end
-    end
-    describe "when RoleMapper config file is present and not empty" do
-      before do
-        allow(described_class).to receive(:include_role_mapper_groups).and_return(true)
-        allow(RoleMapper).to receive(:role_names).and_return(["foo", "bar"])
-      end
-      it "should include the role mapper groups" do
-        expect(subject.groups).to include("foo", "bar")
-      end
-    end
-    describe "when RoleMapper config file is missing or empty" do
-      before { allow(described_class).to receive(:include_role_mapper_groups).and_return(false) }
-      it "should only include the default minimum groups" do
-        expect(subject.groups).to match_array(["public", "registered"])
-      end
-    end
-  end
-  
-  describe "#user_groups(user)" do
-    describe "when user is not persisted" do
-      let(:user) { FactoryGirl.build(:user) }
-      it "should return only 'public' group" do
-        expect(subject.user_groups(user)).to eq(["public"])
-      end
-    end
-    describe "when the user is persisted" do
-      let(:user) { FactoryGirl.create(:user) }
-      it "should include the 'public' and 'registered' groups" do
-        expect(subject.user_groups(user)).to include("public", "registered")
-      end
-      describe "using #append_user_groups(user) hook" do
-        before { allow(subject).to receive(:append_user_groups).with(user).and_return(["spam:eggs", "fish:water"]) }
-        it "should add the groups to the list" do
-          expect(subject.user_groups(user)).to include("spam:eggs", "fish:water")
-        end
-      end
-      describe "when the RoleMapper config file is present and not empty" do
-        before do
-          allow(described_class).to receive(:include_role_mapper_groups).and_return(true)
-          allow(RoleMapper).to receive(:roles).with(user).and_return(["foo", "bar"])
-        end
-        it "should add the user's roles to the list" do
-          expect(subject.user_groups(user)).to include("foo", "bar")
-        end
-      end
-      describe "when RoleMapper config file is missing or empty" do
-        before { allow(described_class).to receive(:include_role_mapper_groups).and_return(false) }
-        it "should only include the default minimum groups" do
-          expect(subject.groups).to match_array(["public", "registered"])
-        end
-      end
-    end
-  end
-end
-