ddr-models 2.4.14 → 2.4.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b36660eee0bd55bbbbbe5ec8ee9c0b69291bd46e
|
4
|
+
data.tar.gz: b0b5714f775e92d23fa50f1cfd2d0286dce8c17f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 894ff0cff82bc9bb72102b741a4959e69d06bd3d8a0c62f8322d9ff5478834b95fdab8491eb2829230c9f466ec099e3c3f6d7d96bf923f62f5815ed149f750ec
|
7
|
+
data.tar.gz: 4656487fb2cce3c1c5a62150b0733a4ccb22ae0c19f38f2e7407b87762c995c6f17cd3fe56077452651509c916e61a225f9ba702eb62b8f0edbc8502f99fcbdb
|
@@ -6,6 +6,22 @@ module Ddr
|
|
6
6
|
if member_of? Ddr::Auth.collection_creators_group
|
7
7
|
can :create, ::Collection
|
8
8
|
end
|
9
|
+
can :export, ::Collection do |obj|
|
10
|
+
has_policy_permission?(obj, Permissions::READ)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def policy_permissions(obj)
|
17
|
+
obj.roles
|
18
|
+
.in_policy_scope
|
19
|
+
.agent(agents)
|
20
|
+
.permissions
|
21
|
+
end
|
22
|
+
|
23
|
+
def has_policy_permission?(obj, perm)
|
24
|
+
policy_permissions(obj).include?(perm)
|
9
25
|
end
|
10
26
|
|
11
27
|
end
|
data/lib/ddr/models/version.rb
CHANGED
data/spec/auth/ability_spec.rb
CHANGED
@@ -57,21 +57,38 @@ module Ddr::Auth
|
|
57
57
|
end
|
58
58
|
|
59
59
|
describe "Collection abilities" do
|
60
|
-
|
61
|
-
allow(Ddr::Auth).to receive(:collection_creators_group) { "collection_creators" }
|
62
|
-
end
|
63
|
-
describe "when the user is a collection creator" do
|
60
|
+
describe "create" do
|
64
61
|
before do
|
65
|
-
allow(
|
62
|
+
allow(Ddr::Auth).to receive(:collection_creators_group) { "collection_creators" }
|
63
|
+
end
|
64
|
+
describe "when the user is a collection creator" do
|
65
|
+
before do
|
66
|
+
allow(auth_context).to receive(:member_of?).with("collection_creators") { true }
|
67
|
+
end
|
68
|
+
it { should be_able_to(:create, Collection) }
|
66
69
|
end
|
67
|
-
it { should be_able_to(:create, Collection) }
|
68
|
-
end
|
69
70
|
|
70
|
-
|
71
|
-
|
72
|
-
|
71
|
+
describe "when the user is not a collection creator" do
|
72
|
+
before do
|
73
|
+
allow(auth_context).to receive(:member_of?).with("collection_creators") { false }
|
74
|
+
end
|
75
|
+
it { should_not be_able_to(:create, Collection) }
|
76
|
+
end
|
77
|
+
end
|
78
|
+
describe "export" do
|
79
|
+
let(:collection) { FactoryGirl.build(:collection) }
|
80
|
+
describe "when the user has read permission via policy scope role" do
|
81
|
+
before {
|
82
|
+
collection.roles.grant role_type: "Viewer", agent: auth_context.user.to_s, scope: "policy"
|
83
|
+
}
|
84
|
+
it { is_expected.to be_able_to(:export, collection) }
|
85
|
+
end
|
86
|
+
describe "when the user does not have read permission via policy scope role" do
|
87
|
+
before {
|
88
|
+
collection.roles.grant role_type: "Viewer", agent: auth_context.user.to_s
|
89
|
+
}
|
90
|
+
it { is_expected.not_to be_able_to(:export, collection) }
|
73
91
|
end
|
74
|
-
it { should_not be_able_to(:create, Collection) }
|
75
92
|
end
|
76
93
|
end
|
77
94
|
|