ddr-models 2.0.0.pre.1 → 2.0.0.pre.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/collection.rb +0 -10
- data/app/models/item.rb +1 -12
- data/lib/ddr/auth.rb +8 -2
- data/lib/ddr/auth/legacy/abstract_legacy_permissions.rb +17 -0
- data/lib/ddr/auth/legacy/legacy_authorization.rb +44 -0
- data/lib/ddr/auth/legacy/legacy_default_permissions.rb +33 -0
- data/lib/ddr/auth/legacy/legacy_permissions.rb +33 -0
- data/lib/ddr/auth/legacy/legacy_roles.rb +25 -0
- data/lib/ddr/auth/roles/role_set.rb +1 -1
- data/lib/ddr/datastreams/administrative_metadata_datastream.rb +2 -0
- data/lib/ddr/datastreams/structural_metadata_datastream.rb +3 -16
- data/lib/ddr/index_fields.rb +1 -0
- data/lib/ddr/jobs.rb +1 -0
- data/lib/ddr/jobs/migrate_legacy_authorization.rb +23 -0
- data/lib/ddr/models.rb +2 -0
- data/lib/ddr/models/access_controllable.rb +0 -1
- data/lib/ddr/models/base.rb +4 -0
- data/lib/ddr/models/has_admin_metadata.rb +2 -7
- data/lib/ddr/models/has_struct_metadata.rb +34 -31
- data/lib/ddr/models/indexing.rb +1 -0
- data/lib/ddr/models/solr_document.rb +4 -0
- data/lib/ddr/models/struct_div.rb +45 -0
- data/lib/ddr/models/structure.rb +52 -0
- data/lib/ddr/models/version.rb +1 -1
- data/lib/ddr/vocab.rb +1 -0
- data/lib/ddr/vocab/display.rb +11 -0
- data/spec/auth/legacy_authorization_spec.rb +94 -0
- data/spec/auth/legacy_default_permissions_spec.rb +37 -0
- data/spec/auth/legacy_permissions_spec.rb +14 -12
- data/spec/auth/legacy_roles_spec.rb +32 -0
- data/spec/factories/structure_factories.rb +27 -0
- data/spec/jobs/migrate_legacy_authorization_spec.rb +43 -0
- data/spec/models/has_admin_metadata_spec.rb +5 -0
- data/spec/models/has_struct_metadata_spec.rb +38 -0
- data/spec/models/item_spec.rb +0 -12
- data/spec/models/solr_document_spec.rb +5 -0
- data/spec/models/struct_div_spec.rb +65 -0
- data/spec/models/structure_spec.rb +20 -0
- data/spec/spec_helper.rb +1 -0
- data/spec/support/structural_metadata_helper.rb +95 -0
- metadata +29 -4
- data/lib/ddr/auth/legacy_permissions.rb +0 -39
- data/lib/ddr/auth/legacy_roles.rb +0 -33
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: daeaeb1ce7b02969ac1ba49962844211e7269aa5
|
|
4
|
+
data.tar.gz: 64a81704bbaf023d596eba10c943285fef47dff7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4bf9a10f346187f78ac98e17b6ec36fc739b7d67983fdc0c62b07edc0fb15d96aee79fb7b1f768daaed39e55fe1caad3615c13291927755e012510f995cd06b6
|
|
7
|
+
data.tar.gz: 9c3b5476c2fe4450edb2c5026af2ffc09703cbd19ba9ec487cf95d025e7e526c5b16911e80465ee2569e3ab29f4daa531a47e164ecf5e8564033e520976a83d7
|
data/app/models/collection.rb
CHANGED
|
@@ -78,16 +78,6 @@ class Collection < Ddr::Models::Base
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
def set_policy_roles_from_legacy_data
|
|
82
|
-
roles.revoke *(roles.in_policy_scope)
|
|
83
|
-
roles.grant *(legacy_default_permissions.to_policy_roles)
|
|
84
|
-
end
|
|
85
|
-
alias_method :set_policy_roles, :set_policy_roles_from_legacy_data
|
|
86
|
-
|
|
87
|
-
def legacy_default_permissions
|
|
88
|
-
Ddr::Auth::LegacyPermissions.new(default_permissions)
|
|
89
|
-
end
|
|
90
|
-
|
|
91
81
|
def grant_roles_to_creator(creator)
|
|
92
82
|
roles.grant type: Ddr::Auth::Roles::CURATOR, agent: creator.agent, scope: Ddr::Auth::Roles::RESOURCE_SCOPE
|
|
93
83
|
roles.grant type: Ddr::Auth::Roles::CURATOR, agent: creator.agent, scope: Ddr::Auth::Roles::POLICY_SCOPE
|
data/app/models/item.rb
CHANGED
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
class Item < Ddr::Models::Base
|
|
7
7
|
|
|
8
8
|
include Ddr::Models::HasChildren
|
|
9
|
+
include Ddr::Models::HasStructMetadata
|
|
9
10
|
|
|
10
11
|
has_many :children, property: :is_part_of, class_name: 'Component'
|
|
11
12
|
belongs_to :parent, property: :is_member_of_collection, class_name: 'Collection'
|
|
@@ -20,16 +21,4 @@ class Item < Ddr::Models::Base
|
|
|
20
21
|
alias_method :collection_id, :parent_id
|
|
21
22
|
alias_method :collection=, :parent=
|
|
22
23
|
|
|
23
|
-
def children_by_file_use
|
|
24
|
-
file_uses = {}
|
|
25
|
-
sort_key = "#{Ddr::IndexFields::FILE_USE} ASC, #{Ddr::IndexFields::ORDER} ASC"
|
|
26
|
-
results = ActiveFedora::SolrService.query(association_query(:children), rows: 999999, sort: sort_key)
|
|
27
|
-
objs = ActiveFedora::SolrService.lazy_reify_solr_results(results)
|
|
28
|
-
objs.each do |obj|
|
|
29
|
-
file_uses[obj.file_use] ||= []
|
|
30
|
-
file_uses[obj.file_use] << obj
|
|
31
|
-
end
|
|
32
|
-
file_uses
|
|
33
|
-
end
|
|
34
|
-
|
|
35
24
|
end
|
data/lib/ddr/auth.rb
CHANGED
|
@@ -21,8 +21,6 @@ module Ddr
|
|
|
21
21
|
autoload :Groups
|
|
22
22
|
autoload :InheritedRoles
|
|
23
23
|
autoload :LdapGateway
|
|
24
|
-
autoload :LegacyPermissions
|
|
25
|
-
autoload :LegacyRoles
|
|
26
24
|
autoload :Permissions
|
|
27
25
|
autoload :RemoteGroups
|
|
28
26
|
autoload :ResourceRoles
|
|
@@ -44,6 +42,14 @@ module Ddr
|
|
|
44
42
|
autoload :SuperuserAbilityDefinitions
|
|
45
43
|
end
|
|
46
44
|
|
|
45
|
+
autoload_under 'legacy' do
|
|
46
|
+
autoload :AbstractLegacyPermissions
|
|
47
|
+
autoload :LegacyAuthorization
|
|
48
|
+
autoload :LegacyDefaultPermissions
|
|
49
|
+
autoload :LegacyPermissions
|
|
50
|
+
autoload :LegacyRoles
|
|
51
|
+
end
|
|
52
|
+
|
|
47
53
|
# Name of group whose members are authorized to act as superuser
|
|
48
54
|
mattr_accessor :superuser_group
|
|
49
55
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require "delegate"
|
|
2
|
+
|
|
3
|
+
module Ddr::Auth
|
|
4
|
+
class AbstractLegacyPermissions < SimpleDelegator
|
|
5
|
+
|
|
6
|
+
def to_roles
|
|
7
|
+
source.each_with_object(Roles::DetachedRoleSet.new) do |perm, role_set|
|
|
8
|
+
role_set.grant(role(perm))
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def role(permission)
|
|
13
|
+
Roles::Role.build type: role_type(permission[:access]), agent: permission[:name], scope: scope
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
require "delegate"
|
|
2
|
+
|
|
3
|
+
module Ddr::Auth
|
|
4
|
+
class LegacyAuthorization < SimpleDelegator
|
|
5
|
+
|
|
6
|
+
def to_roles
|
|
7
|
+
sources.map(&:to_roles).reduce(&:merge)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def clear
|
|
11
|
+
sources.each(&:clear)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def clear?
|
|
15
|
+
sources.all? { |auth| auth.source.empty? }
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def migrate
|
|
19
|
+
migrated = inspect
|
|
20
|
+
roles.grant *to_roles
|
|
21
|
+
clear
|
|
22
|
+
["LEGACY AUTHORIZATION DATA", migrated, "ROLES", roles.serialize.inspect].join("\n\n")
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def inspect
|
|
26
|
+
sources.map { |auth| auth.inspect }.join("\n")
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def sources
|
|
32
|
+
wrappers.map { |wrapper| wrapper.new(self) }
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def wrappers
|
|
36
|
+
classes = [ LegacyPermissions, LegacyRoles ]
|
|
37
|
+
if respond_to? :default_permissions
|
|
38
|
+
classes << LegacyDefaultPermissions
|
|
39
|
+
end
|
|
40
|
+
classes
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
end
|
|
44
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module Ddr::Auth
|
|
2
|
+
class LegacyDefaultPermissions < AbstractLegacyPermissions
|
|
3
|
+
|
|
4
|
+
def source
|
|
5
|
+
default_permissions
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def role_type(access)
|
|
9
|
+
case access
|
|
10
|
+
when "discover"
|
|
11
|
+
Roles::VIEWER
|
|
12
|
+
when "read"
|
|
13
|
+
Roles::VIEWER
|
|
14
|
+
when "edit"
|
|
15
|
+
Roles::CURATOR
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def scope
|
|
20
|
+
Roles::POLICY_SCOPE
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def clear
|
|
24
|
+
defaultRights.clear_permissions!
|
|
25
|
+
defaultRights.content = defaultRights.to_xml
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def inspect
|
|
29
|
+
"DEFAULT PERMISSIONS: #{source.inspect}"
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module Ddr::Auth
|
|
2
|
+
class LegacyPermissions < AbstractLegacyPermissions
|
|
3
|
+
|
|
4
|
+
def source
|
|
5
|
+
permissions
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def role_type(access)
|
|
9
|
+
case access
|
|
10
|
+
when "discover"
|
|
11
|
+
Roles::VIEWER
|
|
12
|
+
when "read"
|
|
13
|
+
Roles::VIEWER
|
|
14
|
+
when "edit"
|
|
15
|
+
Roles::EDITOR
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def scope
|
|
20
|
+
Roles::RESOURCE_SCOPE
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def clear
|
|
24
|
+
rightsMetadata.clear_permissions!
|
|
25
|
+
rightsMetadata.content = rightsMetadata.to_xml
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def inspect
|
|
29
|
+
"PERMISSIONS: #{source.map(&:to_hash).inspect}"
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require "delegate"
|
|
2
|
+
|
|
3
|
+
module Ddr::Auth
|
|
4
|
+
class LegacyRoles < SimpleDelegator
|
|
5
|
+
|
|
6
|
+
def source
|
|
7
|
+
adminMetadata.downloader
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def to_roles
|
|
11
|
+
source.each_with_object(Roles::DetachedRoleSet.new) do |agent, memo|
|
|
12
|
+
memo.grant Roles::Role.build(type: Roles::DOWNLOADER, agent: agent, scope: Roles::RESOURCE_SCOPE)
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def clear
|
|
17
|
+
source.clear
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def inspect
|
|
21
|
+
"DOWNLOADER: #{source.inspect}"
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -2,23 +2,10 @@ require "rdf/vocab"
|
|
|
2
2
|
|
|
3
3
|
module Ddr
|
|
4
4
|
module Datastreams
|
|
5
|
-
class StructuralMetadataDatastream <
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
property :file_use, predicate: Ddr::Vocab::Asset.fileUse do |index|
|
|
9
|
-
index.as :stored_sortable
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
# analogous to METS fileSec "SEQ" or structMap "ORDER" attribute
|
|
13
|
-
property :order, predicate: Ddr::Vocab::Asset.order do |index|
|
|
14
|
-
index.as :stored_sortable
|
|
5
|
+
class StructuralMetadataDatastream < ActiveFedora::Datastream
|
|
6
|
+
def self.default_attributes
|
|
7
|
+
super.merge({ mimeType: 'text/xml', dsLabel: 'Structural metadata for this object' })
|
|
15
8
|
end
|
|
16
|
-
|
|
17
|
-
# analogous to METS fileSec "GROUPID" attribute
|
|
18
|
-
property :file_group, predicate: Ddr::Vocab::Asset.fileGroup do |index|
|
|
19
|
-
index.as :stored_sortable
|
|
20
|
-
end
|
|
21
|
-
|
|
22
9
|
end
|
|
23
10
|
end
|
|
24
11
|
end
|
data/lib/ddr/index_fields.rb
CHANGED
|
@@ -17,6 +17,7 @@ module Ddr
|
|
|
17
17
|
DEFAULT_LICENSE_DESCRIPTION = solr_name :default_license_description, type: :string
|
|
18
18
|
DEFAULT_LICENSE_TITLE = solr_name :default_license_title, type: :string
|
|
19
19
|
DEFAULT_LICENSE_URL = solr_name :default_license_url, type: :string
|
|
20
|
+
DISPLAY_FORMAT = solr_name :display_format, :stored_sortable
|
|
20
21
|
EXTRACTED_TEXT = solr_name :extracted_text, :searchable, type: :text
|
|
21
22
|
FILE_GROUP = solr_name :struct_metadata__file_group, :stored_sortable
|
|
22
23
|
FILE_USE = solr_name :struct_metadata__file_use, :stored_sortable
|
data/lib/ddr/jobs.rb
CHANGED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
module Ddr::Jobs
|
|
2
|
+
class MigrateLegacyAuthorization
|
|
3
|
+
|
|
4
|
+
@queue = :migration
|
|
5
|
+
|
|
6
|
+
SUMMARY = "Legacy authorization data migrated to roles"
|
|
7
|
+
|
|
8
|
+
def self.perform(pid)
|
|
9
|
+
obj = ActiveFedora::Base.find(pid)
|
|
10
|
+
event_args = { pid: pid, summary: SUMMARY }
|
|
11
|
+
begin
|
|
12
|
+
event_args[:detail] = obj.legacy_authorization.migrate
|
|
13
|
+
obj.save!
|
|
14
|
+
rescue Exception => e
|
|
15
|
+
event_args[:exception] = e
|
|
16
|
+
raise e
|
|
17
|
+
ensure
|
|
18
|
+
Ddr::Events::UpdateEvent.create(event_args)
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
data/lib/ddr/models.rb
CHANGED
data/lib/ddr/models/base.rb
CHANGED
|
@@ -10,6 +10,7 @@ module Ddr
|
|
|
10
10
|
control_group: "M"
|
|
11
11
|
|
|
12
12
|
has_attributes :admin_set,
|
|
13
|
+
:display_format,
|
|
13
14
|
:local_id,
|
|
14
15
|
:permanent_id,
|
|
15
16
|
:permanent_url,
|
|
@@ -23,14 +24,12 @@ module Ddr
|
|
|
23
24
|
around_destroy :update_permanent_id_on_destroy, if: "permanent_id.present?"
|
|
24
25
|
end
|
|
25
26
|
|
|
26
|
-
include Ddr::Auth::LegacyRoles
|
|
27
|
-
|
|
28
27
|
def permanent_id_manager
|
|
29
28
|
@permanent_id_manager ||= Ddr::Managers::PermanentIdManager.new(self)
|
|
30
29
|
end
|
|
31
30
|
|
|
32
31
|
def roles
|
|
33
|
-
|
|
32
|
+
Ddr::Auth::Roles::PropertyRoleSet.new(adminMetadata.access_role)
|
|
34
33
|
end
|
|
35
34
|
|
|
36
35
|
def workflow
|
|
@@ -67,10 +66,6 @@ module Ddr
|
|
|
67
66
|
Resque.enqueue(Ddr::Jobs::PermanentId::MakeUnavailable, @permanent_id, "deleted")
|
|
68
67
|
end
|
|
69
68
|
|
|
70
|
-
def legacy_permissions
|
|
71
|
-
Ddr::Auth::LegacyPermissions.new(permissions)
|
|
72
|
-
end
|
|
73
|
-
|
|
74
69
|
end
|
|
75
70
|
end
|
|
76
71
|
end
|
|
@@ -3,51 +3,54 @@ module Ddr
|
|
|
3
3
|
module HasStructMetadata
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
|
-
FILE_USE_MASTER = 'master'
|
|
7
|
-
FILE_USE_REFERENCE = 'reference'
|
|
8
|
-
|
|
9
6
|
included do
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
control_group: "M"
|
|
7
|
+
has_file_datastream name: Ddr::Datastreams::STRUCT_METADATA,
|
|
8
|
+
type: Ddr::Datastreams::StructuralMetadataDatastream
|
|
9
|
+
end
|
|
14
10
|
|
|
15
|
-
|
|
16
|
-
|
|
11
|
+
def structure
|
|
12
|
+
unless @structure
|
|
13
|
+
if datastreams[Ddr::Datastreams::STRUCT_METADATA].content
|
|
14
|
+
@structure = Ddr::Models::Structure.new(Nokogiri::XML(datastreams[Ddr::Datastreams::STRUCT_METADATA].content))
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
@structure
|
|
17
18
|
end
|
|
18
19
|
|
|
19
|
-
def
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
20
|
+
def build_default_structure
|
|
21
|
+
structure = Ddr::Models::Structure.new(Ddr::Models::Structure.template)
|
|
22
|
+
children = find_children
|
|
23
|
+
children.each do |child|
|
|
24
|
+
add_to_struct_map(structure, child)
|
|
25
|
+
end
|
|
26
|
+
structure
|
|
24
27
|
end
|
|
25
28
|
|
|
26
29
|
private
|
|
27
30
|
|
|
28
|
-
def
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
31
|
+
def find_children
|
|
32
|
+
query = association_query(:children)
|
|
33
|
+
sort = "#{Ddr::IndexFields::LOCAL_ID} ASC, #{Ddr::IndexFields::OBJECT_CREATE_DATE} ASC"
|
|
34
|
+
ActiveFedora::SolrService.query(query, sort: sort, rows: 999999)
|
|
32
35
|
end
|
|
33
36
|
|
|
34
|
-
def
|
|
35
|
-
|
|
37
|
+
def add_to_struct_map(stru, child)
|
|
38
|
+
div = create_div(stru)
|
|
39
|
+
create_fptr(stru, div, child['id'])
|
|
36
40
|
end
|
|
37
41
|
|
|
38
|
-
def
|
|
39
|
-
|
|
42
|
+
def create_div(stru)
|
|
43
|
+
div_count = stru.structMap('default').xpath('xmlns:div').size
|
|
44
|
+
div = Nokogiri::XML::Node.new('div', stru.as_xml_document)
|
|
45
|
+
div['ORDER'] = div_count + 1
|
|
46
|
+
stru.structMap('default').add_child(div)
|
|
47
|
+
div
|
|
40
48
|
end
|
|
41
49
|
|
|
42
|
-
def
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
else
|
|
47
|
-
sibs = parent.children
|
|
48
|
-
end
|
|
49
|
-
end
|
|
50
|
-
sibs || []
|
|
50
|
+
def create_fptr(stru, div, pid)
|
|
51
|
+
fptr = Nokogiri::XML::Node.new('fptr', stru.as_xml_document)
|
|
52
|
+
fptr['CONTENTIDS'] = "info:fedora/#{pid}"
|
|
53
|
+
div.add_child(fptr)
|
|
51
54
|
end
|
|
52
55
|
|
|
53
56
|
end
|