ddr-models 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +20 -3
- data/lib/ddr/models/has_content.rb +1 -3
- data/lib/ddr/models/version.rb +1 -1
- data/{app → spec/dummy/app}/models/solr_document.rb +1 -1
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/log/development.log +2449 -1445
- data/spec/dummy/log/test.log +58622 -52811
- data/spec/models/attachment_spec.rb +0 -6
- data/spec/spec_helper.rb +9 -2
- data/spec/support/shared_examples_for_has_content.rb +0 -7
- metadata +4 -24
- data/config/initializers/devise.rb~ +0 -245
- data/db/migrate/20141104181418_create_users.rb~ +0 -6
- data/lib/ddr/auth.rb~ +0 -47
- data/lib/ddr/auth/ability.rb~ +0 -204
- data/lib/ddr/auth/group_service.rb~ +0 -53
- data/lib/ddr/auth/grouper_service.rb~ +0 -77
- data/lib/ddr/auth/remote_group_service.rb~ +0 -35
- data/lib/ddr/auth/superuser.rb~ +0 -9
- data/lib/ddr/auth/user.rb~ +0 -65
- data/spec/factories/user_factories.rb~ +0 -7
- data/spec/features/grouper_integration_spec.rb~ +0 -21
- data/spec/models/ability_spec.rb~ +0 -245
- data/spec/models/superuser_spec.rb~ +0 -13
- data/spec/models/user_spec.rb~ +0 -56
- data/spec/services/group_service_spec.rb~ +0 -71
@@ -1,21 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'dul_hydra'
|
3
|
-
|
4
|
-
describe "Grouper integration", :type => :feature do
|
5
|
-
let(:user) { FactoryGirl.create(:user) }
|
6
|
-
let(:object) { FactoryGirl.create(:collection) }
|
7
|
-
before do
|
8
|
-
object.title = [ "Grouper Works!" ]
|
9
|
-
object.read_groups = ["duke:library:repository:ddr:foo:bar"]
|
10
|
-
object.save!
|
11
|
-
Warden.on_next_request do |proxy|
|
12
|
-
proxy.env[DulHydra.remote_groups_env_key] = "urn:mace:duke.edu:groups:library:repository:ddr:foo:bar"
|
13
|
-
proxy.set_user user
|
14
|
-
end
|
15
|
-
end
|
16
|
-
it "should honor Grouper group access control" do
|
17
|
-
visit url_for(object)
|
18
|
-
expect(page).to have_content("Grouper Works!")
|
19
|
-
end
|
20
|
-
|
21
|
-
end
|
@@ -1,245 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'dul_hydra'
|
3
|
-
require 'cancan/matchers'
|
4
|
-
|
5
|
-
describe Ability, type: :model, abilities: true do
|
6
|
-
|
7
|
-
subject { described_class.new(user) }
|
8
|
-
let(:user) { FactoryGirl.create(:user) }
|
9
|
-
|
10
|
-
describe "#upload_permissions", uploads: true do
|
11
|
-
let(:resource) { FactoryGirl.build(:component) }
|
12
|
-
context "user has edit permission" do
|
13
|
-
before { subject.can(:edit, resource) }
|
14
|
-
it { is_expected.to be_able_to(:upload, resource) }
|
15
|
-
end
|
16
|
-
context "user does not have edit permission" do
|
17
|
-
before { subject.cannot(:edit, resource) }
|
18
|
-
it { is_expected.not_to be_able_to(:upload, resource) }
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
describe "#download_permissions", downloads: true do
|
23
|
-
context "on an object" do
|
24
|
-
context "which is a Component", components: true do
|
25
|
-
let!(:resource) { FactoryGirl.create(:component) }
|
26
|
-
context "and user does NOT have the downloader role" do
|
27
|
-
context "and user has edit permission" do
|
28
|
-
before do
|
29
|
-
resource.edit_users = [user.user_key]
|
30
|
-
resource.save
|
31
|
-
end
|
32
|
-
it { is_expected.to be_able_to(:download, resource) }
|
33
|
-
end
|
34
|
-
context "and user has read permission" do
|
35
|
-
before do
|
36
|
-
resource.read_users = [user.user_key]
|
37
|
-
resource.save
|
38
|
-
end
|
39
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
40
|
-
end
|
41
|
-
context "and user lacks read permission" do
|
42
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
context "and user has the downloader role", roles: true do
|
47
|
-
before do
|
48
|
-
resource.roleAssignments.downloader << user.principal_name
|
49
|
-
resource.save
|
50
|
-
end
|
51
|
-
context "and user has edit permission" do
|
52
|
-
before do
|
53
|
-
resource.edit_users = [user.user_key]
|
54
|
-
resource.save
|
55
|
-
end
|
56
|
-
it { is_expected.to be_able_to(:download, resource) }
|
57
|
-
end
|
58
|
-
context "and user has read permission" do
|
59
|
-
before do
|
60
|
-
resource.read_users = [user.user_key]
|
61
|
-
resource.save
|
62
|
-
end
|
63
|
-
it { is_expected.to be_able_to(:download, resource) }
|
64
|
-
end
|
65
|
-
context "and user lacks read permission" do
|
66
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
|
-
context "which is not a Component" do
|
72
|
-
let(:resource) { FactoryGirl.create(:test_content) }
|
73
|
-
context "and user has read permission" do
|
74
|
-
before do
|
75
|
-
resource.read_users = [user.user_key]
|
76
|
-
resource.save
|
77
|
-
end
|
78
|
-
it { is_expected.to be_able_to(:download, resource) }
|
79
|
-
end
|
80
|
-
context "and user lacks read permission" do
|
81
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
context "on a datastream", datastreams: true do
|
87
|
-
|
88
|
-
context "named 'content'", content: true do
|
89
|
-
let(:resource) { obj.content }
|
90
|
-
context "and object is a Component", components: true do
|
91
|
-
let(:obj) { FactoryGirl.create(:component) }
|
92
|
-
context "and user does not have the downloader role" do
|
93
|
-
context "and user has read permission on the object" do
|
94
|
-
before do
|
95
|
-
obj.read_users = [user.user_key]
|
96
|
-
obj.save
|
97
|
-
end
|
98
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
99
|
-
end
|
100
|
-
context "and user lacks read permission on the object" do
|
101
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
|
-
context "and user has the downloader role", roles: true do
|
106
|
-
before do
|
107
|
-
obj.roleAssignments.downloader << user.principal_name
|
108
|
-
obj.save
|
109
|
-
end
|
110
|
-
context "and user has read permission on the object" do
|
111
|
-
before do
|
112
|
-
obj.read_users = [user.user_key]
|
113
|
-
obj.save
|
114
|
-
end
|
115
|
-
it { is_expected.to be_able_to(:download, resource) }
|
116
|
-
end
|
117
|
-
context "and user lacks read permission on the object" do
|
118
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
119
|
-
end
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
|
-
context "and object is not a Component" do
|
124
|
-
let(:obj) { FactoryGirl.create(:test_content) }
|
125
|
-
context "and user has read permission on the object" do
|
126
|
-
before do
|
127
|
-
obj.read_users = [user.user_key]
|
128
|
-
obj.save
|
129
|
-
end
|
130
|
-
it { is_expected.to be_able_to(:download, resource) }
|
131
|
-
end
|
132
|
-
context "and user lacks read permission on the object" do
|
133
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
end
|
138
|
-
|
139
|
-
context "not named 'content'" do
|
140
|
-
let(:obj) { FactoryGirl.create(:test_model) }
|
141
|
-
let(:resource) { obj.descMetadata }
|
142
|
-
context "and user has read permission on the object" do
|
143
|
-
before do
|
144
|
-
obj.read_users = [user.user_key]
|
145
|
-
obj.save
|
146
|
-
end
|
147
|
-
it { is_expected.to be_able_to(:download, resource) }
|
148
|
-
end
|
149
|
-
context "and user lacks read permission on the object" do
|
150
|
-
it { is_expected.not_to be_able_to(:download, resource) }
|
151
|
-
end
|
152
|
-
end
|
153
|
-
|
154
|
-
end
|
155
|
-
|
156
|
-
end # download_permissions
|
157
|
-
|
158
|
-
describe "#discover_permissions" do
|
159
|
-
# TODO
|
160
|
-
end
|
161
|
-
|
162
|
-
describe "#events_permissions", events: true do
|
163
|
-
let(:object) { FactoryGirl.create(:test_model) }
|
164
|
-
let(:resource) { Ddr::Events::Event.new(pid: object.pid) }
|
165
|
-
context "event is associated with a user" do
|
166
|
-
before { resource.user = user }
|
167
|
-
it { is_expected.to be_able_to(:read, resource) }
|
168
|
-
end
|
169
|
-
context "event is not associated with a user" do
|
170
|
-
context "and can read object" do
|
171
|
-
before do
|
172
|
-
object.read_users = [user.user_key]
|
173
|
-
object.save!
|
174
|
-
end
|
175
|
-
it { is_expected.to be_able_to(:read, resource) }
|
176
|
-
end
|
177
|
-
context "and cannot read object" do
|
178
|
-
it { is_expected.not_to be_able_to(:read, resource) }
|
179
|
-
end
|
180
|
-
end
|
181
|
-
end
|
182
|
-
|
183
|
-
describe "#export_sets_permissions", export_sets: true do
|
184
|
-
let(:resource) { ExportSet.new(user: user) }
|
185
|
-
context "associated user" do
|
186
|
-
it { is_expected.to be_able_to(:manage, resource) }
|
187
|
-
end
|
188
|
-
context "other user" do
|
189
|
-
subject { described_class.new(other_user) }
|
190
|
-
let(:other_user) { FactoryGirl.create(:user) }
|
191
|
-
it { is_expected.not_to be_able_to(:read, resource) }
|
192
|
-
end
|
193
|
-
end
|
194
|
-
|
195
|
-
describe "#ingest_folders_permissions", ingest_folders: true do
|
196
|
-
let(:resource) { IngestFolder }
|
197
|
-
context "user has no permitted ingest folders" do
|
198
|
-
before { allow(resource).to receive(:permitted_folders).with(user).and_return([]) }
|
199
|
-
it { is_expected.not_to be_able_to(:create, resource) }
|
200
|
-
end
|
201
|
-
context "user has at least one permitted ingest folder" do
|
202
|
-
before { allow(resource).to receive(:permitted_folders).with(user).and_return(['dir']) }
|
203
|
-
it { is_expected.to be_able_to(:create, resource) }
|
204
|
-
end
|
205
|
-
end
|
206
|
-
|
207
|
-
describe "#attachment_permissions", attachments: true do
|
208
|
-
context "object can have attachments" do
|
209
|
-
let(:resource) { FactoryGirl.build(:test_model_omnibus) }
|
210
|
-
context "and user lacks edit rights" do
|
211
|
-
before { subject.cannot(:edit, resource) }
|
212
|
-
it { is_expected.not_to be_able_to(:add_attachment, resource) }
|
213
|
-
end
|
214
|
-
context "and user has edit rights" do
|
215
|
-
before { subject.can(:edit, resource) }
|
216
|
-
it { is_expected.to be_able_to(:add_attachment, resource) }
|
217
|
-
end
|
218
|
-
end
|
219
|
-
context "object cannot have attachments" do
|
220
|
-
let(:resource) { FactoryGirl.build(:test_model) }
|
221
|
-
before { subject.can(:edit, resource) }
|
222
|
-
it { is_expected.not_to be_able_to(:add_attachment, resource) }
|
223
|
-
end
|
224
|
-
end
|
225
|
-
|
226
|
-
describe "#children_permissions", children: true do
|
227
|
-
context "user has edit rights on object" do
|
228
|
-
before { subject.can(:edit, resource) }
|
229
|
-
context "and object can have children" do
|
230
|
-
let(:resource) { FactoryGirl.build(:collection) }
|
231
|
-
it { is_expected.to be_able_to(:add_children, resource) }
|
232
|
-
end
|
233
|
-
context "but object cannot have children" do
|
234
|
-
let(:resource) { FactoryGirl.build(:component) }
|
235
|
-
it { is_expected.not_to be_able_to(:add_children, resource) }
|
236
|
-
end
|
237
|
-
end
|
238
|
-
context "user lacks edit rights on attached_to object" do
|
239
|
-
let(:resource) { FactoryGirl.build(:collection) }
|
240
|
-
before { subject.cannot(:edit, resource) }
|
241
|
-
it { is_expected.not_to be_able_to(:add_children, resource) }
|
242
|
-
end
|
243
|
-
end
|
244
|
-
|
245
|
-
end
|
@@ -1,13 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'cancan/matchers'
|
3
|
-
|
4
|
-
module Ddr
|
5
|
-
module Auth
|
6
|
-
describe Superuser, type: :model, abilities: true do
|
7
|
-
subject { described_class.new }
|
8
|
-
it "should be able to manage all" do
|
9
|
-
expect(subject).to be_able_to(:manage, :all)
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
data/spec/models/user_spec.rb~
DELETED
@@ -1,56 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe User, :type => :model do
|
4
|
-
|
5
|
-
subject { FactoryGirl.build(:user) }
|
6
|
-
|
7
|
-
describe "#member_of?" do
|
8
|
-
it "should return true if the user is a member of the group" do
|
9
|
-
allow(subject).to receive(:groups).and_return(["foo", "bar"])
|
10
|
-
expect(subject).to be_member_of("foo")
|
11
|
-
end
|
12
|
-
it "should return false if the user is not a member of the group" do
|
13
|
-
allow(subject).to receive(:groups).and_return(["foo", "bar"])
|
14
|
-
expect(subject).not_to be_member_of("baz")
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
describe "#authorized_to_act_as_superuser?" do
|
19
|
-
it "should return false if the superuser group is not defined (nil)" do
|
20
|
-
DulHydra.superuser_group = nil
|
21
|
-
expect(subject).not_to be_authorized_to_act_as_superuser
|
22
|
-
end
|
23
|
-
it "should return false if the user is not a member of the superuser group" do
|
24
|
-
DulHydra.superuser_group = "superusers"
|
25
|
-
allow(subject).to receive(:groups).and_return(["normal"])
|
26
|
-
expect(subject).not_to be_authorized_to_act_as_superuser
|
27
|
-
end
|
28
|
-
it "should return true if the user is a member of the superuser group" do
|
29
|
-
DulHydra.superuser_group = "superusers"
|
30
|
-
allow(subject).to receive(:groups).and_return(["superusers"])
|
31
|
-
expect(subject).to be_authorized_to_act_as_superuser
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
describe "#principal_name" do
|
36
|
-
it "should return the principal name for the user" do
|
37
|
-
expect(subject.principal_name).to eq subject.user_key
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
describe "#principals" do
|
42
|
-
it "should be a list of the user's groups + the user's principal_name" do
|
43
|
-
allow(subject).to receive(:groups) { ["foo", "bar"] }
|
44
|
-
expect(subject.principals).to match_array ["foo", "bar", subject.principal_name]
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
describe "#has_role?" do
|
49
|
-
let(:obj) { double }
|
50
|
-
it "should send :principal_has_role? to the object with the user's principals" do
|
51
|
-
expect(obj).to receive(:principal_has_role?).with(subject.principals, :administrator)
|
52
|
-
subject.has_role?(obj, :administrator)
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
end
|
@@ -1,71 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe DulHydra::Services::GroupService do
|
4
|
-
subject { described_class.new }
|
5
|
-
|
6
|
-
describe "#groups" do
|
7
|
-
describe "at minimum" do
|
8
|
-
it "should include the 'public' and 'registered' groups" do
|
9
|
-
expect(subject.groups).to include("public", "registered")
|
10
|
-
end
|
11
|
-
end
|
12
|
-
describe "using #append_groups hook" do
|
13
|
-
before { allow(subject).to receive(:append_groups).and_return(["spam:eggs", "fish:water"]) }
|
14
|
-
it "should add the groups to the list" do
|
15
|
-
expect(subject.groups).to include("spam:eggs", "fish:water")
|
16
|
-
end
|
17
|
-
end
|
18
|
-
describe "when RoleMapper config file is present and not empty" do
|
19
|
-
before do
|
20
|
-
allow(described_class).to receive(:include_role_mapper_groups).and_return(true)
|
21
|
-
allow(RoleMapper).to receive(:role_names).and_return(["foo", "bar"])
|
22
|
-
end
|
23
|
-
it "should include the role mapper groups" do
|
24
|
-
expect(subject.groups).to include("foo", "bar")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
describe "when RoleMapper config file is missing or empty" do
|
28
|
-
before { allow(described_class).to receive(:include_role_mapper_groups).and_return(false) }
|
29
|
-
it "should only include the default minimum groups" do
|
30
|
-
expect(subject.groups).to match_array(["public", "registered"])
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
describe "#user_groups(user)" do
|
36
|
-
describe "when user is not persisted" do
|
37
|
-
let(:user) { FactoryGirl.build(:user) }
|
38
|
-
it "should return only 'public' group" do
|
39
|
-
expect(subject.user_groups(user)).to eq(["public"])
|
40
|
-
end
|
41
|
-
end
|
42
|
-
describe "when the user is persisted" do
|
43
|
-
let(:user) { FactoryGirl.create(:user) }
|
44
|
-
it "should include the 'public' and 'registered' groups" do
|
45
|
-
expect(subject.user_groups(user)).to include("public", "registered")
|
46
|
-
end
|
47
|
-
describe "using #append_user_groups(user) hook" do
|
48
|
-
before { allow(subject).to receive(:append_user_groups).with(user).and_return(["spam:eggs", "fish:water"]) }
|
49
|
-
it "should add the groups to the list" do
|
50
|
-
expect(subject.user_groups(user)).to include("spam:eggs", "fish:water")
|
51
|
-
end
|
52
|
-
end
|
53
|
-
describe "when the RoleMapper config file is present and not empty" do
|
54
|
-
before do
|
55
|
-
allow(described_class).to receive(:include_role_mapper_groups).and_return(true)
|
56
|
-
allow(RoleMapper).to receive(:roles).with(user).and_return(["foo", "bar"])
|
57
|
-
end
|
58
|
-
it "should add the user's roles to the list" do
|
59
|
-
expect(subject.user_groups(user)).to include("foo", "bar")
|
60
|
-
end
|
61
|
-
end
|
62
|
-
describe "when RoleMapper config file is missing or empty" do
|
63
|
-
before { allow(described_class).to receive(:include_role_mapper_groups).and_return(false) }
|
64
|
-
it "should only include the default minimum groups" do
|
65
|
-
expect(subject.groups).to match_array(["public", "registered"])
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|