ddr-models 2.11.0 → 3.0.0.alpha.1

data/config/initializers/{active_fedora_datastream.rb → active_fedora_file.rb}

@@ -1,5 +1,5 @@
 module ActiveFedora
-  class Datastream
+  class File
     include Ddr::Datastreams::DatastreamBehavior
   end
 end

data/config/initializers/devise.rb

@@ -218,15 +218,14 @@ Devise.setup do |config|
   # Explicit require is needed here for devise to find strategy
   require "omniauth-shibboleth"
   config.omniauth :shibboleth, {
-    uid_field: lambda { |rpm| rpm.call("eppn") || rpm.call("duDukeID") },
+    uid_field: "eppn",
     name_field: "displayName",
     info_fields: {
       email: "mail",
       first_name: "givenName",
       last_name: "sn",
       nickname: "eduPersonNickname"
-    },
-    extra_fields: ["duDukeID"],
+    }
   }
 
   # ==> Warden configuration

data/config/initializers/subscriptions.rb

@@ -8,28 +8,11 @@ ActiveSupport::Notifications.subscribe(Ddr::Notifications::FIXITY_CHECK, Ddr::Ev
 # Virus Checks
 ActiveSupport::Notifications.subscribe(Ddr::Notifications::VIRUS_CHECK, Ddr::Events::VirusCheckEvent)
 
-# Ingestion/Creation
+# Creation
 ActiveSupport::Notifications.subscribe(Ddr::Notifications::CREATION, Ddr::Events::CreationEvent)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::INGEST, Ddr::Events::IngestionEvent)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::INGEST, Ddr::Derivatives::UpdateDerivatives)
 
 # Update
 ActiveSupport::Notifications.subscribe(Ddr::Notifications::UPDATE, Ddr::Events::UpdateEvent)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::UPDATE, Ddr::Events::UpdateEvent)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::UPDATE, Ddr::Models::PermanentId)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::UPDATE, Ddr::Derivatives::UpdateDerivatives)
 
-# Delete
+# Deletion
 ActiveSupport::Notifications.subscribe(Ddr::Notifications::DELETION, Ddr::Events::DeletionEvent)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::DELETE, Ddr::Models::PermanentId)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::DELETE, Ddr::Events::DeletionEvent)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::DELETE, Ddr::Datastreams::DeleteExternalFiles)
-
-# Deaccession
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::DEACCESSION, Ddr::Models::PermanentId)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::DEACCESSION, Ddr::Events::DeaccessionEvent)
-ActiveSupport::Notifications.subscribe(Ddr::Models::Base::DEACCESSION, Ddr::Datastreams::DeleteExternalFiles)
-
-# Files
-ActiveSupport::Notifications.subscribe(Ddr::Datastreams::DELETE, Ddr::Derivatives::UpdateDerivatives)
-ActiveSupport::Notifications.subscribe(Ddr::Datastreams::DELETE, Ddr::Datastreams::DeleteExternalFiles)

data/ddr-models.gemspec

@@ -18,32 +18,28 @@ Gem::Specification.new do |s|
 
   s.require_paths = ["lib", "app/models"]
 
-  s.add_dependency "rails", ">= 4.2.7", "< 5" # Hydra 7.x not compatible/tested with Rails 5
-  s.add_dependency "activeresource"
-  s.add_dependency "active-fedora", ">= 7.3.1", "< 8"
-  s.add_dependency "rubydora", "~> 2.0"
-  s.add_dependency "hydra-core", "~> 7.2"
+  s.add_dependency "rails", "~> 4.1.13"
+  s.add_dependency "active-triples", "~> 0.7.2"
+  s.add_dependency "active-fedora", "~> 9.5"
+  s.add_dependency "hydra-core", "~> 9.3"
   s.add_dependency "hydra-validations", "~> 0.5"
   s.add_dependency "devise", "~> 3.4"
   s.add_dependency "omniauth-shibboleth", "~> 1.2.0"
   s.add_dependency "grouper-rest-client"
-  s.add_dependency "ezid-client", "~> 1.6"
+  s.add_dependency "ezid-client", "~> 1.1", ">= 1.1.1"
   s.add_dependency "resque", "~> 1.25"
   s.add_dependency "rdf-vocab", "~> 0.8"
-  s.add_dependency "net-ldap", "~> 0.16"
+  s.add_dependency "net-ldap", "~> 0.11"
   s.add_dependency "cancancan", "~> 1.12"
-  s.add_dependency "ddr-antivirus", "~> 2.1.1"
-  s.add_dependency "virtus", "~> 1.0.5"
-  s.add_dependency "hashie", "~> 3.4", "< 3.4.4"
-  s.add_dependency "edtf", "~> 3.0"
+  s.add_dependency "ddr-aux-client", "~> 1.2", ">= 1.2.2"
+  s.add_dependency "ddr-antivirus", "2.0.0"
 
-  s.add_development_dependency "bundler", "~> 1.11"
+  s.add_development_dependency "bundler", "~> 1.10"
   s.add_development_dependency "rake"
   s.add_development_dependency "sqlite3"
   s.add_development_dependency "rspec-rails", "~> 3.1"
   s.add_development_dependency "rspec-its"
   s.add_development_dependency "factory_girl_rails", "~> 4.4"
-  s.add_development_dependency "jettywrapper", "~> 1.8"
+  s.add_development_dependency "jettywrapper", "~> 2.0"
   s.add_development_dependency "database_cleaner"
-  s.add_development_dependency "byebug"
 end

data/lib/ddr/actions/fixity_check.rb

@@ -12,7 +12,7 @@ module Ddr
       # Return result of fixity check
       def self._execute(object)
         Result.new(pid: object.pid).tap do |r|
-          object.datastreams_having_content.each do |dsid, ds|
+          object.datastreams_to_validate.each do |dsid, ds|
             r.success &&= ds.dsChecksumValid
             r.results[dsid] = ds.profile
           end

data/lib/ddr/actions/virus_check.rb

@@ -1,20 +1,27 @@
+require "open3"
+require "ostruct"
+require "shellwords"
+
 module Ddr::Actions
   class VirusCheck
 
     # @return [Hash] result data
     # @raises [Ddr::Antivirus::VirusFoundError]
     def self.call(file_path)
-      Hash.new.tap do |result|
-        begin
-          scan_result = Ddr::Antivirus.scan(file_path)
-        rescue Ddr::Antivirus::ScannerError => e
-          result[:exception] = [e.class.name, e.to_s]
-          scan_result = e.result
-        end
-        result[:event_date_time] = scan_result.scanned_at
-        result[:software]        = scan_result.version
-        result[:detail]          = scan_result.output
+      unless File.exist?(file_path)
+        raise Error, "File not found: #{file_path}"
+      end
+      result = {}
+      begin
+        scan_result = Ddr::Antivirus.scan(file_path)
+      rescue Ddr::Antivirus::ScannerError => e
+        result[:exception] = [e.class.name, e.to_s]
+        scan_result = e.result
       end
+      result[:event_date_time] = scan_result.scanned_at
+      result[:software]        = scan_result.version
+      result[:detail]          = scan_result.output
+      result
     end
 
   end

data/lib/ddr/auth.rb

@@ -1,7 +1,6 @@
 module Ddr
   module Auth
     extend ActiveSupport::Autoload
-    extend Deprecation
 
     autoload :Ability
     autoload :AbilityDefinitions
@@ -32,7 +31,6 @@ module Ddr
     autoload :WebAuthContext
 
     autoload_under 'ability_definitions' do
-      autoload :AdminSetAbilityDefinitions
       autoload :AliasAbilityDefinitions
       autoload :AttachmentAbilityDefinitions
       autoload :CollectionAbilityDefinitions
@@ -40,8 +38,6 @@ module Ddr
       autoload :DatastreamAbilityDefinitions
       autoload :EventAbilityDefinitions
       autoload :ItemAbilityDefinitions
-      autoload :PublicationAbilityDefinitions
-      autoload :LockAbilityDefinitions
       autoload :RoleBasedAbilityDefinitions
       autoload :SuperuserAbilityDefinitions
     end
@@ -52,40 +48,15 @@ module Ddr
     # Name of group whose members are authorized to create Collections
     mattr_accessor :collection_creators_group
 
-    # Name of group whose members are authorized to act as a metadata manager
-    mattr_accessor :metadata_managers_group
-
-    # Group of which everyone (including anonymous users) is a member
-    def self.everyone_group
-      Deprecation.warn(Ddr::Auth,
-                       "`Ddr::Auth.everyone_group` is deprecated and will be removed in ddr-models 3.0." \
-                       " Use `Ddr::Auth::Groups::PUBLIC` instead.")
-      Groups::PUBLIC
-    end
-
-    # Group of authenticated users
-    def self.authenticated_users_group
-      Deprecation.warn(Ddr::Auth,
-                       "`Ddr::Auth.authenticated_users_group` is deprecated and will be removed in ddr-models 3.0." \
-                       " Use `Ddr::Auth::Groups::REGISTERED` instead.")
-      Groups::REGISTERED
-    end
-
-    def self.const_missing(name)
-      if name == :Superuser
-        Deprecation.warn(Ddr::Auth,
-                         "`Ddr::Auth::Superuser` is deprecated and will be removed in ddr-models 3.0." \
-                         " Use `Ddr::Auth::SuperuserAbility` instead.")
-        return SuperuserAbility
-      end
-      super
-    end
-
     # Whether to require Shibboleth authentication
     mattr_accessor :require_shib_user_authn do
       false
     end
 
+    mattr_accessor :sso_logout_url do
+      "/Shibboleth.sso/Logout?return=https://shib.oit.duke.edu/cgi-bin/logout.pl"
+    end
+
     # Grouper gateway implementation
     mattr_accessor :grouper_gateway do
       GrouperGateway
@@ -100,11 +71,8 @@ module Ddr
       "::Ability"
     end
 
-    def self.repository_group_filter
-      if filter = ENV["REPOSITORY_GROUP_FILTER"]
-        return filter
-      end
-      raise Ddr::Models::Error, "The \"REPOSITORY_GROUP_FILTER\" environment variable is not set."
+    mattr_accessor :repository_group_filter do
+      ENV["REPOSITORY_GROUP_FILTER"]
     end
 
   end

data/lib/ddr/auth/ability.rb

@@ -9,11 +9,7 @@ module Ddr
                                    AttachmentAbilityDefinitions,
                                    RoleBasedAbilityDefinitions,
                                    DatastreamAbilityDefinitions,
-                                   EventAbilityDefinitions,
-                                   PublicationAbilityDefinitions,
-                                   LockAbilityDefinitions,
-                                   AdminSetAbilityDefinitions,
-                                 ]
+                                   EventAbilityDefinitions ]
 
     end
   end

data/lib/ddr/auth/ability_definitions/collection_ability_definitions.rb

@@ -6,22 +6,6 @@ module Ddr
         if member_of? Ddr::Auth.collection_creators_group
           can :create, ::Collection
         end
-        can :export, ::Collection do |obj|
-          has_policy_permission?(obj, Permissions::READ)
-        end
-      end
-
-      private
-
-      def policy_permissions(obj)
-        obj.roles
-          .in_policy_scope
-          .agent(agents)
-          .permissions
-      end
-
-      def has_policy_permission?(obj, perm)
-        policy_permissions(obj).include?(perm)
       end
 
     end

data/lib/ddr/auth/ability_definitions/datastream_ability_definitions.rb

@@ -9,22 +9,28 @@ module Ddr
       # course by the :manage ability.
       DATASTREAM_DOWNLOAD_ABILITIES = {
         Ddr::Datastreams::CONTENT         => :download,
-        Ddr::Datastreams::DESC_METADATA   => :read,
         Ddr::Datastreams::EXTRACTED_TEXT  => :download,
         Ddr::Datastreams::FITS            => :read,
-        Ddr::Datastreams::MULTIRES_IMAGE  => :read,
         Ddr::Datastreams::STRUCT_METADATA => :read,
         Ddr::Datastreams::THUMBNAIL       => :read,
       }.freeze
 
       def call
-        can :download, ActiveFedora::Datastream do |ds|
-          can_download_datastream?(ds.dsid, ds.pid)
+        can :download, ActiveFedora::File do |file|
+          can_download_datastream?(_dsid(file), _pid(file))
         end
       end
 
       private
 
+      def _dsid(file)
+        File.basename(file.id)
+      end
+
+      def _pid(file)
+        File.dirname(file.id)
+      end
+
       def can_download_datastream?(dsid, pid)
         can? DATASTREAM_DOWNLOAD_ABILITIES.fetch(dsid), pid
       rescue KeyError

data/lib/ddr/auth/ability_definitions/role_based_ability_definitions.rb

@@ -12,20 +12,19 @@ module Ddr
 
       private
 
-      def has_permission?(permission, object_or_id)
-        permissions(object_or_id).include? permission
+      def has_permission?(permission, obj)
+        permissions(obj).include? permission
       end
 
-      def permissions(object_or_id)
-        case object_or_id
+      def permissions(obj)
+        case obj
         when Ddr::Models::Base, SolrDocument
-          cached_permissions(object_or_id.id) do
-            object_or_id.effective_permissions(agents)
+          cached_permissions obj.pid do
+            obj.effective_permissions(agents)
           end
         when String
-          cached_permissions(object_or_id) do
-            doc = SolrDocument.find(object_or_id) # raises SolrDocument::NotFound
-            doc.effective_permissions(agents)
+          cached_permissions obj do
+            permissions_doc(obj).effective_permissions(agents)
           end
         end
       end
@@ -34,6 +33,14 @@ module Ddr
         cache[pid] ||= block.call
       end
 
+      def permissions_doc(pid)
+        roles_query_result = ActiveFedora::SolrService.query("id:\"#{pid}\"", rows: 1).first
+        if roles_query_result.nil?
+          raise "Solr document not found for PID \"#{pid}\"."
+        end
+        SolrDocument.new roles_query_result
+      end
+
     end
   end
 end

data/lib/ddr/auth/ability_factory.rb

@@ -1,9 +1,32 @@
 module Ddr::Auth
   class AbilityFactory
 
+    private_class_method :new
+
     def self.call(user = nil, env = nil)
-      auth_context = AuthContextFactory.call(user, env)
-      auth_context.ability
+      new(user, env).call
+    end
+
+    attr_reader :auth_context
+
+    delegate :anonymous?, :superuser?, to: :auth_context
+    
+    def initialize(user, env)
+      @auth_context = AuthContextFactory.call(user, env)
+    end
+
+    def call
+      if anonymous?
+        AnonymousAbility.new(auth_context)
+      elsif superuser?
+        SuperuserAbility.new(auth_context)
+      else
+        default_ability.new(auth_context)
+      end
+    end
+
+    def default_ability
+      Ddr::Auth::default_ability.constantize
     end
 
   end

data/lib/ddr/auth/abstract_ability.rb

@@ -17,8 +17,7 @@ module Ddr::Auth
 
     attr_reader :auth_context
 
-    delegate :anonymous?, :authenticated?, :metadata_manager?,
-             :user, :groups, :agents, :member_of?,
+    delegate :anonymous?, :authenticated?, :user, :groups, :agents, :member_of?,
              :authorized_to_act_as_superuser?,
              to: :auth_context
 

data/lib/ddr/auth/auth_context.rb

@@ -9,20 +9,6 @@ module Ddr::Auth
       @env = env
     end
 
-    def ability
-      if anonymous?
-        AnonymousAbility.new(self)
-      elsif superuser?
-        SuperuserAbility.new(self)
-      else
-        default_ability_class.new(self)
-      end
-    end
-
-    def default_ability_class
-      Ddr::Auth::default_ability.constantize
-    end
-
     # Return whether a user is absent from the auth context.
     # @return [Boolean]
     def anonymous?
@@ -41,10 +27,6 @@ module Ddr::Auth
       env && env.key?("warden") && env["warden"].authenticate?(scope: :superuser)
     end
 
-    def metadata_manager?
-      member_of? Ddr::Auth.metadata_managers_group
-    end
-
     # Return the user agent for this context.
     # @return [String] or nil, if auth context is anonymous/
     def agent

data/lib/ddr/auth/auth_context_factory.rb

@@ -1,6 +1,8 @@
 module Ddr::Auth
   class AuthContextFactory
 
+    private_class_method :new
+
     def self.call(user = nil, env = nil)
       if env
         WebAuthContext.new(user, env)

data/lib/ddr/auth/group.rb

@@ -4,7 +4,6 @@ module Ddr
   module Auth
     # Wraps a String
     class Group < SimpleDelegator
-      extend Deprecation
 
       attr_reader :rule
 
@@ -32,11 +31,6 @@ module Ddr
         to_s
       end
 
-      def to_agent
-        Deprecation.warn(self.class, "`to_agent` is deprecated. Use `agent` instead.")
-        agent
-      end
-
       def inspect
         "#<#{self.class.name} id=#{id.inspect}, label=#{label.inspect}>"
       end