ddr-models 2.4.15 → 2.4.16

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ddr/auth.rb +5 -0
  3. data/lib/ddr/auth/ability.rb +3 -1
  4. data/lib/ddr/auth/ability_definitions/admin_set_ability_definitions.rb +9 -0
  5. data/lib/ddr/auth/ability_factory.rb +2 -25
  6. data/lib/ddr/auth/abstract_ability.rb +2 -1
  7. data/lib/ddr/auth/auth_context.rb +18 -0
  8. data/lib/ddr/auth/auth_context_factory.rb +0 -2
  9. data/lib/ddr/models/version.rb +1 -1
  10. data/spec/auth/ability_factory_spec.rb +18 -1
  11. data/spec/auth/ability_spec.rb +19 -0
  12. data/spec/support/shared_examples_for_auth_contexts.rb +33 -0
  13. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b36660eee0bd55bbbbbe5ec8ee9c0b69291bd46e
4
- data.tar.gz: b0b5714f775e92d23fa50f1cfd2d0286dce8c17f
3
+ metadata.gz: f83d8acaf696ecb6e92b5958efd1d09c9727acf1
4
+ data.tar.gz: d6af219cbb3395901762d0eb5f4a1f60c6b2ce0e
5
5
  SHA512:
6
- metadata.gz: 894ff0cff82bc9bb72102b741a4959e69d06bd3d8a0c62f8322d9ff5478834b95fdab8491eb2829230c9f466ec099e3c3f6d7d96bf923f62f5815ed149f750ec
7
- data.tar.gz: 4656487fb2cce3c1c5a62150b0733a4ccb22ae0c19f38f2e7407b87762c995c6f17cd3fe56077452651509c916e61a225f9ba702eb62b8f0edbc8502f99fcbdb
6
+ metadata.gz: 76e0f78041619d77258e3877f2dc587cb204e18c75b1be5e85ab7c883ac45ec5dec92cbfc2ab8d77306677d300bb831e2e1ce5dfa7e0e67a41d3f1adeb4a8963
7
+ data.tar.gz: 4f6c466ac5ed669cd23babebff7ef3b7cb2a0f62c957b02e6967121f6b75f950e62b77440994cfc7ffc942690be7b5558f0d119f9ffa0747404d5d72517479c3
data/lib/ddr/auth.rb CHANGED
@@ -32,6 +32,7 @@ module Ddr
32
32
  autoload :WebAuthContext
33
33
 
34
34
  autoload_under 'ability_definitions' do
35
+ autoload :AdminSetAbilityDefinitions
35
36
  autoload :AliasAbilityDefinitions
36
37
  autoload :AttachmentAbilityDefinitions
37
38
  autoload :CollectionAbilityDefinitions
@@ -108,6 +109,10 @@ module Ddr
108
109
  "::Ability"
109
110
  end
110
111
 
112
+ mattr_accessor :metadata_managers_group do
113
+ ENV["METADATA_MANAGERS_GROUP"]
114
+ end
115
+
111
116
  def self.repository_group_filter
112
117
  if filter = ENV["REPOSITORY_GROUP_FILTER"]
113
118
  return filter
data/lib/ddr/auth/ability.rb CHANGED
@@ -11,7 +11,9 @@ module Ddr
11
11
  DatastreamAbilityDefinitions,
12
12
  EventAbilityDefinitions,
13
13
  PublicationAbilityDefinitions,
14
- LockAbilityDefinitions ]
14
+ LockAbilityDefinitions,
15
+ AdminSetAbilityDefinitions,
16
+ ]
15
17
 
16
18
  end
17
19
  end
data/lib/ddr/auth/ability_definitions/admin_set_ability_definitions.rb ADDED
@@ -0,0 +1,9 @@
1
+ module Ddr::Auth
2
+ class AdminSetAbilityDefinitions < AbilityDefinitions
3
+
4
+ def call
5
+ can :export, Ddr::Models::AdminSet if metadata_manager?
6
+ end
7
+
8
+ end
9
+ end
data/lib/ddr/auth/ability_factory.rb CHANGED
@@ -1,32 +1,9 @@
1
1
  module Ddr::Auth
2
2
  class AbilityFactory
3
3
 
4
- private_class_method :new
5
-
6
4
  def self.call(user = nil, env = nil)
7
- new(user, env).call
8
- end
9
-
10
- attr_reader :auth_context
11
-
12
- delegate :anonymous?, :superuser?, to: :auth_context
13
-
14
- def initialize(user, env)
15
- @auth_context = AuthContextFactory.call(user, env)
16
- end
17
-
18
- def call
19
- if anonymous?
20
- AnonymousAbility.new(auth_context)
21
- elsif superuser?
22
- SuperuserAbility.new(auth_context)
23
- else
24
- default_ability.new(auth_context)
25
- end
26
- end
27
-
28
- def default_ability
29
- Ddr::Auth::default_ability.constantize
5
+ auth_context = AuthContextFactory.call(user, env)
6
+ auth_context.ability
30
7
  end
31
8
 
32
9
  end
data/lib/ddr/auth/abstract_ability.rb CHANGED
@@ -17,7 +17,8 @@ module Ddr::Auth
17
17
 
18
18
  attr_reader :auth_context
19
19
 
20
- delegate :anonymous?, :authenticated?, :user, :groups, :agents, :member_of?,
20
+ delegate :anonymous?, :authenticated?, :metadata_manager?,
21
+ :user, :groups, :agents, :member_of?,
21
22
  :authorized_to_act_as_superuser?,
22
23
  to: :auth_context
23
24
 
data/lib/ddr/auth/auth_context.rb CHANGED
@@ -9,6 +9,20 @@ module Ddr::Auth
9
9
  @env = env
10
10
  end
11
11
 
12
+ def ability
13
+ if anonymous?
14
+ AnonymousAbility.new(self)
15
+ elsif superuser?
16
+ SuperuserAbility.new(self)
17
+ else
18
+ default_ability_class.new(self)
19
+ end
20
+ end
21
+
22
+ def default_ability_class
23
+ Ddr::Auth::default_ability.constantize
24
+ end
25
+
12
26
  # Return whether a user is absent from the auth context.
13
27
  # @return [Boolean]
14
28
  def anonymous?
@@ -27,6 +41,10 @@ module Ddr::Auth
27
41
  env && env.key?("warden") && env["warden"].authenticate?(scope: :superuser)
28
42
  end
29
43
 
44
+ def metadata_manager?
45
+ member_of? Ddr::Auth.metadata_managers_group
46
+ end
47
+
30
48
  # Return the user agent for this context.
31
49
  # @return [String] or nil, if auth context is anonymous/
32
50
  def agent
data/lib/ddr/auth/auth_context_factory.rb CHANGED
@@ -1,8 +1,6 @@
1
1
  module Ddr::Auth
2
2
  class AuthContextFactory
3
3
 
4
- private_class_method :new
5
-
6
4
  def self.call(user = nil, env = nil)
7
5
  if env
8
6
  WebAuthContext.new(user, env)
data/lib/ddr/models/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Ddr
2
2
  module Models
3
- VERSION = "2.4.15"
3
+ VERSION = "2.4.16"
4
4
  end
5
5
  end
data/spec/auth/ability_factory_spec.rb CHANGED
@@ -1,7 +1,24 @@
1
1
  module Ddr::Auth
2
2
  RSpec.describe AbilityFactory do
3
3
 
4
- # write tests or delete this module
4
+ describe ".call" do
5
+ subject { described_class.call(user, env) }
6
+
7
+ describe "anonymous context" do
8
+ let(:user) { nil }
9
+ let(:env) { Hash.new }
10
+ it { is_expected.to be_a(AnonymousAbility) }
11
+ end
12
+
13
+ describe "superuser context" do
14
+ let(:user) { FactoryGirl.create(:user) }
15
+ let(:env) { Hash.new }
16
+ before {
17
+ allow_any_instance_of(AuthContext).to receive(:superuser?) { true }
18
+ }
19
+ it { is_expected.to be_a(SuperuserAbility) }
20
+ end
21
+ end
5
22
 
6
23
  end
7
24
  end
data/spec/auth/ability_spec.rb CHANGED
@@ -56,6 +56,23 @@ module Ddr::Auth
56
56
  end
57
57
  end
58
58
 
59
+ describe "AdminSet abilities" do
60
+ describe "export" do
61
+ describe "when the user is a metadata manager" do
62
+ before {
63
+ allow(auth_context).to receive(:metadata_manager?) { true }
64
+ }
65
+ it { is_expected.to be_able_to(:export, Ddr::Models::AdminSet) }
66
+ end
67
+ describe "when the user is a metadata manager" do
68
+ before {
69
+ allow(auth_context).to receive(:metadata_manager?) { false }
70
+ }
71
+ it { is_expected.not_to be_able_to(:export, Ddr::Models::AdminSet) }
72
+ end
73
+ end
74
+ end
75
+
59
76
  describe "Collection abilities" do
60
77
  describe "create" do
61
78
  before do
@@ -63,6 +80,7 @@ module Ddr::Auth
63
80
  end
64
81
  describe "when the user is a collection creator" do
65
82
  before do
83
+ allow(auth_context).to receive(:member_of?) { false }
66
84
  allow(auth_context).to receive(:member_of?).with("collection_creators") { true }
67
85
  end
68
86
  it { should be_able_to(:create, Collection) }
@@ -70,6 +88,7 @@ module Ddr::Auth
70
88
 
71
89
  describe "when the user is not a collection creator" do
72
90
  before do
91
+ allow(auth_context).to receive(:member_of?) { false }
73
92
  allow(auth_context).to receive(:member_of?).with("collection_creators") { false }
74
93
  end
75
94
  it { should_not be_able_to(:create, Collection) }
data/spec/support/shared_examples_for_auth_contexts.rb CHANGED
@@ -23,6 +23,39 @@ module Ddr::Auth
23
23
  end
24
24
  end
25
25
 
26
+ describe "#metadata_manager?" do
27
+ describe "when a user is present" do
28
+ before { allow(subject).to receive(:user) { double(agent: "bob@example.com") } }
29
+ describe "and there is no metadata managers group" do
30
+ before {
31
+ allow(Ddr::Auth).to receive(:metadata_managers_group) { nil }
32
+ }
33
+ its(:metadata_manager?) { should be false }
34
+ end
35
+ describe "and there is a metadata managers group" do
36
+ before {
37
+ allow(Ddr::Auth).to receive(:metadata_managers_group) { "metadata_managers" }
38
+ }
39
+ describe "and the auth context is a member of the group" do
40
+ before {
41
+ allow(subject).to receive(:groups) { [ Group.new("metadata_managers") ] }
42
+ }
43
+ its(:metadata_manager?) { should be true }
44
+ end
45
+ describe "and the auth context is not a member of the group" do
46
+ before {
47
+ allow(subject).to receive(:groups) { [ Group.new("foo"), Group.new("bar") ] }
48
+ }
49
+ its(:metadata_manager?) { should be false }
50
+ end
51
+ end
52
+ end
53
+ describe "when no user is present" do
54
+ before { allow(subject).to receive(:user) { nil } }
55
+ its(:metadata_manager?) { should be false }
56
+ end
57
+ end
58
+
26
59
  describe "#duke_agent?" do
27
60
  describe "when the auth context is anonymous" do
28
61
  before { allow(subject).to receive(:user) { nil } }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ddr-models
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.15
4
+ version: 2.4.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jim Coble
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-09-16 00:00:00.000000000 Z
12
+ date: 2016-09-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rails
@@ -404,6 +404,7 @@ files:
404
404
  - lib/ddr/auth.rb
405
405
  - lib/ddr/auth/ability.rb
406
406
  - lib/ddr/auth/ability_definitions.rb
407
+ - lib/ddr/auth/ability_definitions/admin_set_ability_definitions.rb
407
408
  - lib/ddr/auth/ability_definitions/alias_ability_definitions.rb
408
409
  - lib/ddr/auth/ability_definitions/attachment_ability_definitions.rb
409
410
  - lib/ddr/auth/ability_definitions/collection_ability_definitions.rb