ddr-models 1.9.0 → 1.10.0

data/spec/models/ability_spec.rb

@@ -10,10 +10,12 @@ module Ddr
 
       describe "collection permissions" do
         before { allow(Ddr::Auth).to receive(:collection_creators_group) { "Collection Creators" } }
+
         context "user is a collection creator" do
           before { allow(user).to receive(:groups) { ["Collection Creators"] } }
           it { is_expected.to be_able_to(:create, Collection) }
         end
+
         context "user is not a collection creator" do
           it { is_expected.not_to be_able_to(:create, Collection) }
         end
@@ -21,10 +23,12 @@ module Ddr
 
       describe "#upload_permissions", uploads: true do
         let(:resource) { FactoryGirl.build(:component) }
+
         context "user has edit permission" do
           before { subject.can(:edit, resource) }
           it { is_expected.to be_able_to(:upload, resource) }
         end
+
         context "user does not have edit permission" do
           before { subject.cannot(:edit, resource) }
           it { is_expected.not_to be_able_to(:upload, resource) }
@@ -32,64 +36,84 @@ module Ddr
       end
 
       describe "#download_permissions", downloads: true do
+
         context "on an object" do
+
           context "which is a Component", components: true do
-            let!(:resource) { FactoryGirl.create(:component) }
+            let(:resource) { Component.new(pid: "test:1") }
+
             context "and user does NOT have the downloader role" do
+              before do
+                allow(subject.current_user).to receive(:has_role?).with(resource, :downloader) { false }
+              end
+
               context "and user has edit permission" do
-                before do
-                  resource.edit_users = [user.user_key]
-                  resource.save
-                end
+                before { subject.can :edit, resource }
                 it { is_expected.to be_able_to(:download, resource) }
               end
+
               context "and user has read permission" do
                 before do
-                  resource.read_users = [user.user_key]
-                  resource.save
+                  subject.cannot :edit, resource
+                  subject.can :read, resource
                 end
                 it { is_expected.not_to be_able_to(:download, resource) }
               end
+
               context "and user lacks read permission" do
+                before do
+                  subject.cannot :edit, resource
+                  subject.cannot :read, resource
+                end
                 it { is_expected.not_to be_able_to(:download, resource) }
               end
             end
+
             # Component
             context "and user has the downloader role", roles: true do
               before do
-                resource.roles.downloader << user.principal_name
-                resource.save
+                allow(subject.current_user).to receive(:has_role?).with(resource, :downloader) { true }
               end
+
               context "and user has edit permission" do
-                before do
-                  resource.edit_users = [user.user_key]
-                  resource.save
-                end
+                before { subject.can :edit, resource }
                 it { is_expected.to be_able_to(:download, resource) }
               end
+
               context "and user has read permission" do
                 before do
-                  resource.read_users = [user.user_key]
-                  resource.save
+                  subject.cannot :edit, resource
+                  subject.can :read, resource
                 end
                 it { is_expected.to be_able_to(:download, resource) }
               end
+
               context "and user lacks read permission" do
+                before do
+                  subject.cannot :edit, resource
+                  subject.cannot :read, resource
+                end
                 it { is_expected.not_to be_able_to(:download, resource) }
               end          
             end
           end
 
           context "which is not a Component" do
-            let(:resource) { FactoryGirl.create(:test_content) }
+            let(:resource) { FactoryGirl.build(:test_content) }
+
             context "and user has read permission" do
               before do
-                resource.read_users = [user.user_key]
-                resource.save
+                subject.cannot :edit, resource
+                subject.can :read, resource
               end
               it { is_expected.to be_able_to(:download, resource) }
             end
+
             context "and user lacks read permission" do
+              before do
+                subject.cannot :edit, resource
+                subject.cannot :read, resource
+              end
               it { is_expected.not_to be_able_to(:download, resource) }
             end                  
           end
@@ -97,45 +121,58 @@ module Ddr
 
         context "on a Solr document" do
           let(:resource) { SolrDocument.new(doc) }
+
           context "for a Component" do
             let(:doc) { {'id'=>'test:1', 'active_fedora_model_ssi'=>'Component'} }
+
             context "on which the user has the downloader role" do
               before { doc.merge!('admin_metadata__downloader_ssim'=>[user.to_s]) }
+
               context "but does not have read permission" do
                 it { is_expected.not_to be_able_to(:download, resource) }
               end
+
               context "and has read permission" do
                 before { doc.merge!('read_access_person_ssim'=>[user.to_s]) }
                 it { is_expected.to be_able_to(:download, resource) }
               end
+
               context "and has edit permission" do
                 before { doc.merge!('edit_access_person_ssim'=>[user.to_s]) }
                 it { is_expected.to be_able_to(:download, resource) }
               end
             end
+
             context "on which the user does NOT have the downloader role" do
+
               context "and does not have read permission" do
                 it { is_expected.not_to be_able_to(:download, resource) }
               end
+
               context "but has read permission" do
                 before { doc.merge!('read_access_person_ssim'=>[user.to_s]) }
                 it { is_expected.not_to be_able_to(:download, resource) }
               end
+
               context "but has edit permission" do
                 before { doc.merge!('edit_access_person_ssim'=>[user.to_s]) }
                 it { is_expected.to be_able_to(:download, resource) }
               end              
             end
           end
+
           context "for a non-Component" do
             let(:doc) { {'id'=>'test:1', 'active_fedora_model_ssi'=>'Attachment'} }
+
             context "on which the user does NOT have read permission" do
               it { is_expected.not_to be_able_to(:download, resource) }
             end
+
             context "on which the user has read permission" do
               before { doc.merge!('read_access_person_ssim'=>[user.to_s]) }
               it { is_expected.to be_able_to(:download, resource) }
             end
+
             context "on which the user has edit permission" do
               before { doc.merge!('edit_access_person_ssim'=>[user.to_s]) }
               it { is_expected.to be_able_to(:download, resource) }
@@ -144,51 +181,63 @@ module Ddr
         end
 
         context "on a datastream", datastreams: true do
+
           context "named 'content'", content: true do
             let(:resource) { obj.content }
+            let(:solr_doc) { SolrDocument.new({id: obj.pid}) }
+            before do
+              allow(subject).to receive(:solr_doc).with(obj.pid) { solr_doc }
+              subject.cannot :edit, obj.pid 
+            end
+
             context "and object is a Component", components: true do
-              let(:obj) { FactoryGirl.create(:component) }
-              context "and user does not have the downloader role" do
+              let(:obj) { Component.new(pid: "test:1") }
+
+              context "and user does not have the downloader role" do            
+                before do
+                  allow(subject.current_user).to receive(:has_role?).with(solr_doc, :downloader) { false } 
+                end
+
                 context "and user has read permission on the object" do
-                  before do
-                    obj.read_users = [user.user_key]
-                    obj.save
-                  end
+                  before { subject.can :read, obj.pid }
                   it { is_expected.not_to be_able_to(:download, resource) }
                 end
+
                 context "and user lacks read permission on the object" do
+                  before { subject.cannot :read, obj.pid }
                   it { is_expected.not_to be_able_to(:download, resource) }
                 end
               end
+
               # Component content datastream
               context "and user has the downloader role", roles: true do
                 before do
-                  obj.roles.downloader << user.principal_name
-                  obj.save
+                  allow(subject.current_user).to receive(:has_role?).with(solr_doc, :downloader) { true } 
                 end
+
                 context "and user has read permission on the object" do
-                  before do
-                    obj.read_users = [user.user_key]
-                    obj.save
-                  end
+                  before { subject.can :read, obj.pid }
                   it { is_expected.to be_able_to(:download, resource) }
                 end
+
                 context "and user lacks read permission on the object" do
+                  before { subject.cannot :read, obj.pid }
                   it { is_expected.not_to be_able_to(:download, resource) }
                 end          
               end
             end
+
             # non-Component content datastream
             context "and object is not a Component" do
-              let(:obj) { FactoryGirl.create(:test_content) }
+              let(:obj) { TestContent.new(pid: "test:1") }
+
               context "and user has read permission on the object" do
-                before do
-                  obj.read_users = [user.user_key]
-                  obj.save
-                end
+                before { subject.can :read, obj.pid }
                 it { is_expected.to be_able_to(:download, resource) }
               end
+
               context "and user lacks read permission on the object" do
+                before { subject.cannot :read, obj.pid }
                 it { is_expected.not_to be_able_to(:download, resource) }
               end                  
             end
@@ -196,16 +245,22 @@ module Ddr
           end
           # datastream - not "content"
           context "not named 'content'" do
-            let(:obj) { FactoryGirl.create(:test_model) }
+            let(:obj) { FactoryGirl.build(:test_model) }
             let(:resource) { obj.descMetadata }
+
             context "and user has read permission on the object" do
               before do
-                obj.read_users = [user.user_key]
-                obj.save
+                subject.cannot :edit, obj.pid 
+                subject.can :read, obj.pid 
               end
               it { is_expected.to be_able_to(:download, resource) }
             end
+
             context "and user lacks read permission on the object" do
+              before do
+                subject.cannot :edit, obj.pid 
+                subject.cannot :read, obj.pid 
+              end
               it { is_expected.not_to be_able_to(:download, resource) }
             end        
           end
@@ -219,38 +274,35 @@ module Ddr
       end
 
       describe "#events_permissions", events: true do
-        let(:object) { FactoryGirl.create(:test_model) }
-        let(:resource) { Ddr::Events::Event.new(pid: object.pid) }
-        context "event is associated with a user" do
-          before { resource.user = user }
+        let(:resource) { Ddr::Events::Event.new(pid: "test:1") }
+
+        context "when the user can read the object" do
+          before { subject.can :read, "test:1" }
           it { is_expected.to be_able_to(:read, resource) }
         end
-        context "event is not associated with a user" do      
-          context "and can read object" do
-            before do
-              object.read_users = [user.user_key]
-              object.save!
-            end
-            it { is_expected.to be_able_to(:read, resource) }
-          end
-          context "and cannot read object" do
-            it { is_expected.not_to be_able_to(:read, resource) }
-          end
+
+        context "when the user cannot read the object" do
+          before { subject.cannot :read, "test:1" }
+          it { is_expected.not_to be_able_to(:read, resource) }
         end
       end
 
       describe "#attachment_permissions", attachments: true do
+
         context "object can have attachments" do
           let(:resource) { FactoryGirl.build(:test_model_omnibus) }
+
           context "and user lacks edit rights" do
             before { subject.cannot(:edit, resource) }
             it { is_expected.not_to be_able_to(:add_attachment, resource) }
           end
+
           context "and user has edit rights" do
             before { subject.can(:edit, resource) }
             it { is_expected.to be_able_to(:add_attachment, resource) }
           end
         end
+
         context "object cannot have attachments" do
           let(:resource) { FactoryGirl.build(:test_model) }
           before { subject.can(:edit, resource) }
@@ -259,17 +311,21 @@ module Ddr
       end
 
       describe "#children_permissions", children: true do
+
         context "user has edit rights on object" do
           before { subject.can(:edit, resource) }
+
           context "and object can have children" do
             let(:resource) { FactoryGirl.build(:collection) }
             it { is_expected.to be_able_to(:add_children, resource) }
           end
+
           context "but object cannot have children" do
             let(:resource) { FactoryGirl.build(:component) }
             it { is_expected.not_to be_able_to(:add_children, resource) }
           end
         end
+
         context "user lacks edit rights on attached_to object" do
           let(:resource) { FactoryGirl.build(:collection) }
           before { subject.cannot(:edit, resource) }

data/spec/routing/user_routing_spec.rb

@@ -0,0 +1,26 @@
+RSpec.describe "users router", type: :routing do
+  it "should have a new session route" do
+    expect(get: '/users/sign_in').to route_to(controller: 'users/sessions', action: 'new')
+  end
+  it "should have a new session path helper" do
+    expect(get: new_user_session_path).to route_to(controller: 'users/sessions', action: 'new')
+  end
+  it "should have a destroy session route" do
+    expect(get: '/users/sign_out').to route_to(controller: 'users/sessions', action: 'destroy')
+  end
+  it "should have a destroy session path helper" do
+    expect(get: destroy_user_session_path).to route_to(controller: 'users/sessions', action: 'destroy')
+  end
+  it "should have a shibboleth authentication path" do
+    expect(get: '/users/auth/shibboleth').to route_to(controller: 'users/omniauth_callbacks', action: 'passthru', provider: 'shibboleth')
+  end
+  it "should have a shibboleth authentication path helper" do
+    expect(get: user_omniauth_authorize_path(:shibboleth)).to route_to(controller: 'users/omniauth_callbacks', action: 'passthru', provider: 'shibboleth')
+  end
+  describe "redirects", type: :request do
+    it "should have a signed out path" do
+      get '/users/signed_out'
+      expect(response).to redirect_to('/')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -100,6 +100,8 @@ RSpec.configure do |config|
   # as the one that triggered the failure.
   Kernel.srand config.seed
 
+  config.include Devise::TestHelpers, type: :controller
+
   config.before(:suite) do
     DatabaseCleaner.clean
     ActiveFedora::Base.destroy_all

data/spec/support/shared_examples_for_events.rb

@@ -165,7 +165,9 @@ RSpec.shared_examples "an event" do
 
   describe "rendering who/what performed the action" do
     context "when performed by a user" do
-      before { subject.user = User.new(username: "bob") }
+      before do
+        subject.user_key = "bob"
+      end
       it "should render the user" do
         expect(subject.performed_by).to eq "bob"
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ddr-models
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.10.0
 platform: ruby
 authors:
 - Jim Coble
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-26 00:00:00.000000000 Z
+date: 2015-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -289,7 +289,6 @@ files:
 - Rakefile
 - app/controllers/users/omniauth_callbacks_controller.rb
 - app/controllers/users/sessions_controller.rb
-- app/controllers/users/sessions_controller.rb~
 - app/models/attachment.rb
 - app/models/collection.rb
 - app/models/component.rb
@@ -299,6 +298,7 @@ files:
 - config/initializers/active_fedora_datastream.rb
 - config/initializers/devise.rb
 - config/initializers/subscriptions.rb
+- config/locales/groups.en.yml
 - config/routes.rb
 - db/migrate/20141021233359_create_events.rb
 - db/migrate/20141021234156_create_minted_ids.rb
@@ -308,11 +308,13 @@ files:
 - db/migrate/20141216040225_drop_minted_ids.rb
 - db/migrate/20141218020612_add_exception_to_events.rb
 - db/migrate/20150110023410_drop_workflow_states.rb
+- db/migrate/20150130134416_add_user_key_to_events.rb
 - lib/ddr-models.rb
 - lib/ddr/actions.rb
 - lib/ddr/actions/fixity_check.rb
 - lib/ddr/auth.rb
 - lib/ddr/auth/ability.rb
+- lib/ddr/auth/failure_app.rb
 - lib/ddr/auth/group_service.rb
 - lib/ddr/auth/grouper_service.rb
 - lib/ddr/auth/remote_group_service.rb
@@ -339,22 +341,17 @@ files:
 - lib/ddr/events/virus_check_event.rb
 - lib/ddr/index_fields.rb
 - lib/ddr/managers.rb
-- lib/ddr/managers/#index_manager.rb#
 - lib/ddr/managers/manager.rb
 - lib/ddr/managers/permanent_id_manager.rb
 - lib/ddr/managers/role_manager.rb
 - lib/ddr/managers/workflow_manager.rb
 - lib/ddr/metadata.rb
-- lib/ddr/metadata/#permanent_id_record.rb#
 - lib/ddr/metadata/duke_terms.rb
 - lib/ddr/metadata/premis_event.rb
 - lib/ddr/metadata/rdf_vocabulary_parser.rb
 - lib/ddr/metadata/sources/duketerms.rdf.xml
 - lib/ddr/metadata/vocabulary.rb
 - lib/ddr/models.rb
-- lib/ddr/models/#has_ezid_identifier.rb#
-- lib/ddr/models/#has_permanent_identifier.rb#
-- lib/ddr/models/#index_fields.rb#
 - lib/ddr/models/access_controllable.rb
 - lib/ddr/models/base.rb
 - lib/ddr/models/describable.rb
@@ -380,6 +377,7 @@ files:
 - lib/ddr/vocab.rb
 - lib/ddr/vocab/asset.rb
 - lib/ddr/vocab/roles.rb
+- spec/controllers/application_controller_spec.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
 - spec/dummy/app/assets/javascripts/application.js
@@ -415,18 +413,11 @@ files:
 - spec/dummy/db/schema.rb
 - spec/dummy/db/test.sqlite3
 - spec/dummy/log/development.log
-- spec/dummy/log/production.log
 - spec/dummy/log/test.log
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
-- spec/dummy/tmp/cache/assets/development/sprockets/13fe41fee1fe35b49d145bcc06610705
-- spec/dummy/tmp/cache/assets/development/sprockets/2f5173deea6c795b8fdde723bb4b63af
-- spec/dummy/tmp/cache/assets/development/sprockets/357970feca3ac29060c1e3861e2c0953
-- spec/dummy/tmp/cache/assets/development/sprockets/cffd775d018f68ce5dba1ee0d951a994
-- spec/dummy/tmp/cache/assets/development/sprockets/d771ace226fc8215a3572e0aa35bb0d6
-- spec/dummy/tmp/cache/assets/development/sprockets/f7cbd26ba1d28d48de824f0e94586655
 - spec/factories/attachment_factories.rb
 - spec/factories/collection_factories.rb
 - spec/factories/component_factories.rb
@@ -457,6 +448,7 @@ files:
 - spec/models/superuser_spec.rb
 - spec/models/target_spec.rb
 - spec/models/user_spec.rb
+- spec/routing/user_routing_spec.rb
 - spec/services/group_service_spec.rb
 - spec/spec_helper.rb
 - spec/support/shared_examples_for_access_controllables.rb
@@ -496,6 +488,7 @@ signing_key:
 specification_version: 4
 summary: Models used in the Duke Digital Repository
 test_files:
+- spec/controllers/application_controller_spec.rb
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/application_controller.rb
@@ -529,7 +522,6 @@ test_files:
 - spec/dummy/db/schema.rb
 - spec/dummy/db/test.sqlite3
 - spec/dummy/log/development.log
-- spec/dummy/log/production.log
 - spec/dummy/log/test.log
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
@@ -537,12 +529,6 @@ test_files:
 - spec/dummy/public/favicon.ico
 - spec/dummy/Rakefile
 - spec/dummy/README.rdoc
-- spec/dummy/tmp/cache/assets/development/sprockets/13fe41fee1fe35b49d145bcc06610705
-- spec/dummy/tmp/cache/assets/development/sprockets/2f5173deea6c795b8fdde723bb4b63af
-- spec/dummy/tmp/cache/assets/development/sprockets/357970feca3ac29060c1e3861e2c0953
-- spec/dummy/tmp/cache/assets/development/sprockets/cffd775d018f68ce5dba1ee0d951a994
-- spec/dummy/tmp/cache/assets/development/sprockets/d771ace226fc8215a3572e0aa35bb0d6
-- spec/dummy/tmp/cache/assets/development/sprockets/f7cbd26ba1d28d48de824f0e94586655
 - spec/factories/attachment_factories.rb
 - spec/factories/collection_factories.rb
 - spec/factories/component_factories.rb
@@ -573,6 +559,7 @@ test_files:
 - spec/models/superuser_spec.rb
 - spec/models/target_spec.rb
 - spec/models/user_spec.rb
+- spec/routing/user_routing_spec.rb
 - spec/services/group_service_spec.rb
 - spec/spec_helper.rb
 - spec/support/shared_examples_for_access_controllables.rb