ddr-models 3.0.0.alpha.4 → 3.0.0.beta.1

data/spec/auth/effective_roles_spec.rb

@@ -2,9 +2,9 @@ module Ddr::Auth
   RSpec.describe EffectiveRoles do
     
     let(:resource) { FactoryGirl.build(:item) }
-    let(:policy) { Collection.new(pid: "coll-1") }
+    let(:policy) { Collection.new(id: "coll-1") }
     let(:agents) { [ "Editors", "bob@example.com", "public" ] }
-    let(:editor) { Roles::Role.build type: "Editor", agent: "Editors", scope: "policy" }
+    let(:editor) { Roles::Role.build role_type: "Editor", agent: "Editors", scope: "policy" }
     let(:downloader) { FactoryGirl.build(:role, :downloader, :public) }
     
     before do
@@ -13,9 +13,9 @@ module Ddr::Auth
       policy.roles.grant editor
     end
 
-    it "should return the list of roles granted to the agents on the resource in resource scope, plus the roles granted to the agents on the resource's policy in policy scope" do
-      expect(described_class.call(resource, agents).detach)
-        .to eq(Roles::DetachedRoleSet.new([downloader, editor]))
+    it "returns the list of roles granted to the agents on the resource in resource scope, plus the roles granted to the agents on the resource's policy in policy scope" do
+      expect(described_class.call(resource, agents))
+        .to eq(Roles::RoleSet.new(roles: [downloader, editor]))
     end
 
   end

data/spec/auth/roles/role_set_manager_spec.rb

@@ -0,0 +1,86 @@
+module Ddr::Auth
+  module Roles
+    RSpec.describe RoleSetManager do
+
+      subject { described_class.new(object) }
+
+      let(:object) { Item.new }
+
+      let(:role1) { FactoryGirl.build(:role, :editor, :person, :resource) }
+      let(:role2) { FactoryGirl.build(:role, :curator, :group, :policy) }
+      let(:role3) { FactoryGirl.build(:role, :viewer, :public) }
+
+      describe "#grant" do
+        describe "by attributes" do
+          it "can grant a role" do
+            subject.grant role1.to_h
+            expect(object.roles.granted?(role1)).to be true
+          end
+          it "can grant multiple roles" do
+            subject.grant role1.to_h, role2.to_h
+            expect(object.roles.granted?(role1)).to be true
+            expect(object.roles.granted?(role2)).to be true
+          end
+        end
+        describe "by resource" do
+          it "can grant a role by role instance" do
+            subject.grant role1
+            expect(object.roles.granted?(role1)).to be true
+          end
+          it "can grant multiple roles" do
+            subject.grant role1, role2
+            expect(object.roles.granted?(role1)).to be true
+            expect(object.roles.granted?(role2)).to be true
+          end
+        end
+      end
+
+      describe "#revoke" do
+        before { subject.grant role1, role2 }
+        it "can revoke a role by type, agent name and (optionally) scope" do
+          subject.revoke role1.to_h
+          expect(object.roles.granted?(role1)).to be false
+        end
+        it "can revoke a role by role instance" do
+          subject.revoke role1
+          expect(object.roles.granted?(role1)).to be false
+        end
+        it "can revoke multiple roles" do
+          subject.revoke role1, role2
+          expect(object.roles.granted?(role1)).to be false
+          expect(object.roles.granted?(role2)).to be false
+        end
+      end
+
+      describe "#revoke_all" do
+        before { subject.grant role1, role2 }
+        it "revokes all roles" do
+          subject.revoke_all
+          expect(object.roles).to be_empty
+        end
+      end
+
+      describe "#replace" do
+        before { subject.grant role1, role2 }
+        it "replaces the current role(s) with the new role(s)" do
+          expect { subject.replace(role3) }.to change(subject, :to_a).from([role1, role2]).to([role3])
+        end
+      end
+
+      describe "#granted?" do
+        before { subject.grant role1 }
+        it "returns true if an equivalent role has been granted" do
+          expect(subject.granted?(role1.dup)).to be true
+        end
+        it "returns false if no equivalent role has been granted" do
+          expect(subject.granted?(role2)).to be false
+        end
+        it "returns true if a role matching the arguments has been granted" do
+          expect(subject.granted?(role1.to_h)).to be true
+          expect(subject.granted?(role2.to_h)).to be false
+        end
+      end
+
+    end
+  end
+end

data/spec/auth/roles/role_set_query_spec.rb

@@ -2,86 +2,69 @@ module Ddr::Auth
   module Roles
     RSpec.describe RoleSetQuery do
 
-      shared_examples "a role set query" do
+      subject { described_class.new(role_set) }
 
-        subject { described_class.new(role_set) }
+      let(:role_set) { RoleSet.new }
+      let(:curator) { "curator@example.com" }
+      let(:editor) { "editor@example.com" }
+      let(:other_person) { "other@example.com" }
+      let(:other_group) { "Others" }
+      let(:contributor_group) { "Contributors" }
+      let(:downloader_group) { "Downloaders" }
+      let(:viewer_group) { "Viewers" }
+      let(:contributor_role) { Role.build(role_type: "Contributor", agent: contributor_group, scope: "resource") }
+      let(:downloader_role) { Role.build(role_type: "Downloader", agent: downloader_group, scope: "resource") }
+      let(:editor_role) { Role.build(role_type: "Editor", agent: editor, scope: "resource") }
+      let(:curator_role) { Role.build(role_type: "Curator", agent: curator, scope: "policy") }
+      let(:viewer_role) { Role.build(role_type: "Viewer", agent: viewer_group, scope: "policy") }
+      let(:policy_roles) { [curator_role, viewer_role] }
+      let(:resource_roles) { [contributor_role, downloader_role, editor_role] }
 
-        let(:curator) { "curator@example.com" }
-        let(:editor) { "editor@example.com" }
-        let(:other_person) { "other@example.com" }
-        let(:other_group) { "Others" }
-        let(:contributor_group) { "Contributors" }
-        let(:downloader_group) { "Downloaders" }
-        let(:viewer_group) { "Viewers" }
-        let(:contributor_role) { Role.build(type: "Contributor", agent: contributor_group, scope: "resource") }
-        let(:downloader_role) { Role.build(type: "Downloader", agent: downloader_group, scope: "resource") }
-        let(:editor_role) { Role.build(type: "Editor", agent: editor, scope: "resource") }
-        let(:curator_role) { Role.build(type: "Curator", agent: curator, scope: "policy") }
-        let(:viewer_role) { Role.build(type: "Viewer", agent: viewer_group, scope: "policy") }
-        let(:policy_roles) { [curator_role, viewer_role] }
-        let(:resource_roles) { [contributor_role, downloader_role, editor_role] }
+      before do
+        role_set.roles = [contributor_role, downloader_role, editor_role, curator_role, viewer_role]
+      end
 
-        before do
-          role_set.grant(contributor_role, downloader_role, editor_role, curator_role, viewer_role)
+      describe "filtering by role type" do
+        it "should filter by a type" do
+          expect(subject.where(role_type: "Contributor").to_a).to eq([contributor_role])
+          expect(subject.role_type("Contributor").to_a).to eq([contributor_role])
+          expect(subject.type("Contributor").to_a).to eq([contributor_role])
         end
-
-        describe "filtering by role type" do
-          it "should filter by a type" do
-            expect(subject.where(role_type: "Contributor").to_a).to eq([contributor_role])
-            expect(subject.role_type("Contributor").to_a).to eq([contributor_role])
-            expect(subject.type("Contributor").to_a).to eq([contributor_role])
-          end
-          it "should filter by a list of types" do
-            expect(subject.where(role_type: ["Contributor", "Curator", "MetadataEditor"]).to_a)
-              .to eq([contributor_role, curator_role])
-            expect(subject.role_type(["Contributor", "Curator", "MetadataEditor"]).to_a)
-              .to eq([contributor_role, curator_role])
-            expect(subject.type(["Contributor", "Curator", "MetadataEditor"]).to_a)
-              .to eq([contributor_role, curator_role])
-          end
+        it "should filter by a list of types" do
+          expect(subject.where(role_type: ["Contributor", "Curator", "MetadataEditor"]).to_a)
+            .to eq([contributor_role, curator_role])
+          expect(subject.role_type(["Contributor", "Curator", "MetadataEditor"]).to_a)
+            .to eq([contributor_role, curator_role])
+          expect(subject.type(["Contributor", "Curator", "MetadataEditor"]).to_a)
+            .to eq([contributor_role, curator_role])
         end
+      end
 
-        describe "filtering by agent" do
-          it "should filter by an agent" do
-            expect(subject.where(agent: curator).to_a).to eq([curator_role])
-            expect(subject.agent(curator).to_a).to eq([curator_role])
-          end
-          it "should filter by a list of agents" do
-            expect(subject.where(agent: [curator, other_person, downloader_group]).to_a)
-              .to eq([downloader_role, curator_role])
-            expect(subject.agent([curator, other_person, downloader_group]).to_a)
-              .to eq([downloader_role, curator_role])
-          end
+      describe "filtering by agent" do
+        it "should filter by an agent" do
+          expect(subject.where(agent: curator).to_a).to eq([curator_role])
+          expect(subject.agent(curator).to_a).to eq([curator_role])
         end
-
-        describe "filtering by scope" do
-          it "should filter by the policy scope" do
-            expect(subject.where(scope: "policy").to_a).to eq(policy_roles)
-            expect(subject.scope("policy").to_a).to eq(policy_roles)
-          end
-          it "should filter by the resource scope" do
-            expect(subject.where(scope: "resource").to_a).to eq(resource_roles)
-            expect(subject.scope("resource").to_a).to eq(resource_roles)
-          end
+        it "should filter by a list of agents" do
+          expect(subject.where(agent: [curator, other_person, downloader_group]).to_a)
+            .to eq([downloader_role, curator_role])
+          expect(subject.agent([curator, other_person, downloader_group]).to_a)
+            .to eq([downloader_role, curator_role])
         end
-
       end
 
-      describe "with a PropertyRoleSet" do
-        let(:role_assignable) do
-          Class.new(ActiveTriples::Resource) do
-            property :role, predicate: Ddr::Vocab::Roles.hasRole
-          end
+      describe "filtering by scope" do
+        it "should filter by the policy scope" do
+          expect(subject.where(scope: "policy").to_a).to eq(policy_roles)
+          expect(subject.scope("policy").to_a).to eq(policy_roles)
+        end
+        it "should filter by the resource scope" do
+          expect(subject.where(scope: "resource").to_a).to eq(resource_roles)
+          expect(subject.scope("resource").to_a).to eq(resource_roles)
         end
-        let(:role_set) { PropertyRoleSet.new(role_assignable.new.role) }
-        it_behaves_like "a role set query"
-      end
-
-      describe "with a DetachedRoleSet" do
-        let(:role_set) { DetachedRoleSet.new }
-        it_behaves_like "a role set query"
       end
 
     end
+
   end
 end

data/spec/auth/roles/role_set_spec.rb

@@ -0,0 +1,41 @@
+module Ddr::Auth
+  module Roles
+    RSpec.describe RoleSet do
+
+      describe "JSON serialization / deserialization" do
+        subject { described_class.new roles: [role1, role2] }
+
+        let(:role1) { {role_type: "Editor", agent: "bob@example.com", scope: "resource"} }
+        let(:role2) { {role_type: "Curator", agent: "sue@example.com", scope: "policy"} }
+        let(:json) { "{\"roles\":[{\"agent\":\"bob@example.com\",\"role_type\":\"Editor\",\"scope\":\"resource\"},{\"agent\":\"sue@example.com\",\"role_type\":\"Curator\",\"scope\":\"policy\"}]}" }
+
+        its(:to_json) { is_expected.to eq(json) }
+        it "loads data from JSON" do
+          expect(described_class.from_json(json).roles).to eq(Set.new([Role.new(role1), Role.new(role2)]))
+        end
+      end
+
+      describe "conversion to array" do
+        subject { described_class.new roles: roles }
+
+        let(:roles) { FactoryGirl.build_list(:role, 3, :contributor, :person, :resource) }
+
+        its(:to_a) { is_expected.to be_a(Array) }
+        it { is_expected.to contain_exactly(*roles) }
+      end
+
+      describe "equality" do
+        subject { described_class.new roles: [role1, role2] }
+
+        let(:role1) { FactoryGirl.build(:role, :curator, :person, :policy) }
+        let(:role2) { FactoryGirl.build(:role, :editor, :group, :resource) }
+        let(:other) { described_class.new roles: [role2, role1] }
+
+        it "is equal to another role set if it has the same roles, regardless of order" do
+          expect(subject).to eq(other)
+        end
+      end
+
+    end
+  end
+end

data/spec/auth/roles/role_spec.rb

@@ -2,81 +2,84 @@ module Ddr::Auth
   module Roles
     RSpec.describe Role do
 
-      let(:agent) { "bob@example.com" }
-
-      describe "equality" do
-        subject { described_class.build(type: "Viewer", agent: "public", scope: "policy") }
-        describe "when two roles have the same type, agent and scope" do
-          let(:other) { described_class.build(type: "Viewer", agent: "public", scope: "policy") }
-          it { should eq(other) }
-          it { should eql(other) }
-        end
-      end
-
       describe "scope" do
         describe "default scope" do
-          subject { described_class.build(type: "Curator", agent: agent) }
-          its(:scope) { should eq([described_class::DEFAULT_SCOPE]) }
+          subject { described_class.new(role_type: "Curator", agent: "bob") }
+          its(:scope) { is_expected.to eq(described_class::DEFAULT_SCOPE) }
         end
         describe "#in_resource_scope?" do
           describe "when scope == 'resource'" do
-            subject { described_class.build(type: "Curator", agent: agent, scope: "resource") }
-            it { should be_in_resource_scope }
+            subject { described_class.new(role_type: "Curator", agent: "bob", scope: "resource") }
+            it { is_expected.to be_in_resource_scope }
           end
           describe "when scope != 'resource'" do
-            subject { described_class.build(type: "Curator", agent: agent, scope: "policy") }
-            it { should_not be_in_resource_scope }
+            subject { described_class.new(role_type: "Curator", agent: "bob", scope: "policy") }
+            it { is_expected.to_not be_in_resource_scope }
           end
         end
         describe "#in_policy_scope?" do
           describe "when scope != 'policy'" do
-            subject { described_class.build(type: "Curator", agent: agent, scope: "resource") }
-            it { should_not be_in_policy_scope }
+            subject { described_class.new(role_type: "Curator", agent: "bob", scope: "resource") }
+            it { is_expected.to_not be_in_policy_scope }
           end
           describe "when scope == 'policy'" do
-            subject { described_class.build(type: "Curator", agent: agent, scope: "policy") }
-            it { should be_in_policy_scope }
+            subject { described_class.new(role_type: "Curator", agent: "bob", scope: "policy") }
+            it { is_expected.to be_in_policy_scope }
           end
         end
       end
 
       describe "validation" do
-        it "should require the presence of an agent" do
-          expect { described_class.build(type: "Curator", scope: "resource") }.to raise_error(Ddr::Models::Error)
-          expect { described_class.build(type: "Curator", agent: nil, scope: "resource") }.to raise_error(Ddr::Models::Error)
-          expect { described_class.build(type: "Curator", agent: "", scope: "resource") }.to raise_error(Ddr::Models::Error)
+        it "requires the presence of an agent" do
+          expect { described_class.new(role_type: "Curator", scope: "resource") }
+            .to raise_error(Ddr::Models::Error)
+          expect { described_class.new(role_type: "Curator", agent: nil, scope: "resource") }
+            .to raise_error(Ddr::Models::Error)
+          expect { described_class.new(role_type: "Curator", agent: "", scope: "resource") }
+            .to raise_error(Ddr::Models::Error)
         end
-        it "should require a valid scope" do
-          expect { described_class.build(type: "Curator", agent: agent, scope: "") }.to raise_error(Ddr::Models::Error)
-          expect { described_class.build(type: "Curator", agent: agent, scope: "other") }.to raise_error(Ddr::Models::Error)
+        it "requires a valid scope" do
+          expect { described_class.new(role_type: "Curator", agent: "bob", scope: "") }
+            .to raise_error(Ddr::Models::Error)
+          expect { described_class.new(role_type: "Curator", agent: "bob", scope: "other") }
+            .to raise_error(Ddr::Models::Error)
         end
-        it "should require a valid type" do
-          expect { described_class.build(agent: agent, scope: "policy") }.to raise_error(Ddr::Models::Error)
-          expect { described_class.build(type: nil, agent: agent, scope: "policy") }.to raise_error(Ddr::Models::Error)
-          expect { described_class.build(type: "", agent: agent, scope: "policy") }.to raise_error(Ddr::Models::Error)
-          expect { described_class.build(type: "Invalid", agent: agent, scope: "policy") }.to raise_error(Ddr::Models::Error)
+        it "requires a valid type" do
+          expect { described_class.new(agent: "bob", scope: "policy") }
+            .to raise_error(Ddr::Models::Error)
+          expect { described_class.new(role_type: nil, agent: "bob", scope: "policy") }
+            .to raise_error(Ddr::Models::Error)
+          expect { described_class.new(role_type: "", agent: "bob", scope: "policy") }
+            .to raise_error(Ddr::Models::Error)
+          expect { described_class.new(role_type: "Invalid", agent: "bob", scope: "policy") }
+            .to raise_error(Ddr::Models::Error)
         end
       end
 
       describe "serialization / deserialization" do
         subject { FactoryGirl.build(:role, :curator, :person, :resource) }
-        it { should eq(described_class.deserialize(subject.serialize)) }
-        it { should eq(described_class.from_json(subject.to_json)) }
+        it { is_expected.to eq(described_class.from_json(subject.to_json)) }
+      end
+
+      describe "attribute value coercion" do
+        subject { described_class.new(role_type: ["Curator"], agent: user, scope: :resource) }
+        let(:user) { ::User.new(username: "bob") }
+        its(:role_type) { is_expected.to eq("Curator") }
+        its(:agent) { is_expected.to eq("bob") }
+        its(:scope) { is_expected.to eq("resource") }
       end
 
       Roles.type_map.each_key do |type|
         describe "#{type} role type" do
           Roles::SCOPES.each do |scope|
             describe "#{scope} scope" do
-              subject { described_class.build(type: type, agent: agent, scope: scope) }
+              subject { described_class.new(role_type: type, agent: "bob", scope: scope) }
               it { is_expected.to be_valid }
-              its(:role_type) { is_expected.to eq([type]) }
-              its(:agent) { is_expected.to eq([agent]) }
-              its(:scope) { is_expected.to eq([scope]) }
-              its(:to_h) { is_expected.to eq({"role_type"=>[type], "agent"=>[agent], "scope"=>[scope]}) }
+              its(:to_h) { is_expected.to eq({role_type: type, agent: "bob", scope: scope}) }
               its(:permissions) { is_expected.to eq(Roles.type_map[type].permissions) }
-              it "should be isomorphic" do
-                expect(subject).to eq(described_class.build(type: type, agent: agent, scope: scope))
+              it "is a value object" do
+                expect(subject).to eq(described_class.new(role_type: type, agent: "bob", scope: scope))
+                expect(subject).to eql(described_class.new(role_type: type, agent: "bob", scope: scope))
               end
             end
           end

data/spec/models/collection_spec.rb

@@ -35,7 +35,7 @@ RSpec.describe Collection, type: :model do
     let(:user) { FactoryGirl.build(:user) }
     before { subject.grant_roles_to_creator(user) }
     it "should include Curator roles in both resource abd policy scopes" do
-      expect(subject.roles.to_a).to eq([Ddr::Auth::Roles::Role.build(type: "Curator", agent: user.agent, scope: "resource"), Ddr::Auth::Roles::Role.build(type: "Curator", agent: user.agent, scope: "policy")])
+      expect(subject.roles.to_a).to eq([Ddr::Auth::Roles::Role.build(role_type: "Curator", agent: user.agent, scope: "resource"), Ddr::Auth::Roles::Role.build(role_type: "Curator", agent: user.agent, scope: "policy")])
     end
   end
 

data/spec/models/has_admin_metadata_spec.rb

@@ -163,7 +163,7 @@ module Ddr::Models
       describe "#grant_roles_to_creator" do
         let(:user) { FactoryGirl.build(:user) }
         before { subject.grant_roles_to_creator(user) }
-        its(:roles) { should include(Ddr::Auth::Roles::Role.build(type: "Editor", agent: user.agent, scope: "resource")) }
+        its(:roles) { should include(Ddr::Auth::Roles::Role.build(role_type: "Editor", agent: user.agent, scope: "resource")) }
       end
 
       describe "persistence" do
@@ -172,7 +172,7 @@ module Ddr::Models
           subject.roles.grant role
           subject.save!
           subject.reload
-          expect(subject.roles).to contain_exactly(role)
+          expect(subject.roles.role_set).to contain_exactly(role)
         end
       end
 

data/spec/models/indexing_spec.rb

@@ -27,8 +27,8 @@ module Ddr::Models
     its([Indexing::PERMANENT_URL]) { is_expected.to eq("http://id.library.duke.edu/ark:/99999/fk4zzz") }
     its([Indexing::DISPLAY_FORMAT]) { is_expected.to eq("Image") }
     its([Indexing::ACCESS_ROLE]) { is_expected.to eq(obj.roles.to_json) }
-    its([Indexing::POLICY_ROLE]) { is_expected.to contain_exactly(role2.agent.first, role3.agent.first, role4.agent.first) }
-    its([Indexing::RESOURCE_ROLE]) { is_expected.to contain_exactly(role1.agent.first) }
+    its([Indexing::POLICY_ROLE]) { is_expected.to contain_exactly(role2.agent, role3.agent, role4.agent) }
+    its([Indexing::RESOURCE_ROLE]) { is_expected.to contain_exactly(role1.agent) }
 
   end
 end