ddr-models 2.0.0.rc1 → 2.0.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/ddr/auth/ability_definitions/collection_ability_definitions.rb +1 -1
- data/lib/ddr/auth/auth_context.rb +1 -1
- data/lib/ddr/auth/dynamic_groups.rb +1 -7
- data/lib/ddr/auth/groups.rb +1 -14
- data/lib/ddr/models/solr_document.rb +1 -1
- data/lib/ddr/models/version.rb +1 -1
- data/spec/auth/ability_spec.rb +5 -2
- data/spec/auth/groups_spec.rb +0 -25
- data/spec/models/solr_document_spec.rb +6 -6
- data/spec/support/shared_examples_for_auth_contexts.rb +10 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c761f5250439f6f0cfc16eb0b2b34b93dfc202fb
|
4
|
+
data.tar.gz: fc0a12a51d85b46adf71cfe1183e929552b3363e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d18ef50d92eb13acf7ca8d81e5c0d5fc4c01764c6fe1fdf3cbabd0690d4167cf5aa6d68d21a4b77c27b6a366618c8ef36a9ee11a20574b436746d7dbeeb7e371
|
7
|
+
data.tar.gz: 0594dc9217ff806a7132cc106b723b5b6cbb1ca58cc2ad9b020995f8ac7ef1ddaacd08dd807d143696a40a40e85778dcaa21fe17f22c0e4850502b43fab698e2
|
@@ -60,7 +60,7 @@ module Ddr::Auth
|
|
60
60
|
# This is separate from whether the context is authenticated in superuser scope.
|
61
61
|
# @return [Boolean]
|
62
62
|
def authorized_to_act_as_superuser?
|
63
|
-
member_of?
|
63
|
+
member_of? Ddr::Auth.superuser_group
|
64
64
|
end
|
65
65
|
|
66
66
|
# Return the combined user and group agents for this context.
|
@@ -1,13 +1,7 @@
|
|
1
1
|
module Ddr::Auth
|
2
2
|
class DynamicGroups
|
3
3
|
|
4
|
-
ALL = [
|
5
|
-
Groups::REGISTERED,
|
6
|
-
Groups::DUKE_ALL,
|
7
|
-
Groups::SUPERUSERS,
|
8
|
-
Groups::COLLECTION_CREATORS ] +
|
9
|
-
AffiliationGroups::ALL
|
10
|
-
ALL.freeze
|
4
|
+
ALL = ([Groups::PUBLIC, Groups::REGISTERED, Groups::DUKE_ALL] + AffiliationGroups::ALL).freeze
|
11
5
|
|
12
6
|
# @param auth_context [AuthContext]
|
13
7
|
# @return [Array<Group>]
|
data/lib/ddr/auth/groups.rb
CHANGED
@@ -13,25 +13,12 @@ module Ddr
|
|
13
13
|
DUKE_ALL = Group.new "duke.all", label: "Duke NetIDs" do |auth_context|
|
14
14
|
auth_context.duke_agent?
|
15
15
|
end
|
16
|
-
|
17
|
-
SUPERUSERS = Group.new "ddr.superusers", label: "Superusers" do |auth_context|
|
18
|
-
auth_context.ismemberof.include? Ddr::Auth.superuser_group
|
19
|
-
end
|
20
|
-
|
21
|
-
COLLECTION_CREATORS = Group.new "ddr.collection_creators",
|
22
|
-
label: "Collection Creators" do |auth_context|
|
23
|
-
auth_context.ismemberof.include? Ddr::Auth.collection_creators_group
|
24
|
-
end
|
25
16
|
|
26
17
|
# Return the list of all groups available for use in the repository,
|
27
18
|
# i.e., that can be used to assert access controls.
|
28
19
|
# @return [Array<Group>] the groups
|
29
20
|
def self.all
|
30
|
-
|
31
|
-
REGISTERED,
|
32
|
-
DUKE_ALL ] +
|
33
|
-
AffiliationGroups::ALL +
|
34
|
-
Ddr::Auth.grouper_gateway.repository_groups
|
21
|
+
DynamicGroups::ALL + Ddr::Auth.grouper_gateway.repository_groups
|
35
22
|
end
|
36
23
|
|
37
24
|
# @param auth_context [AuthContext]
|
@@ -266,7 +266,7 @@ module Ddr
|
|
266
266
|
query = ActiveFedora::SolrService.construct_query_for_pids([admin_policy_pid])
|
267
267
|
results = ActiveFedora::SolrService.query(query)
|
268
268
|
doc = results.map { |result| ::SolrDocument.new(result) }.first
|
269
|
-
doc[Ddr::IndexFields::RESEARCH_HELP_CONTACT]
|
269
|
+
doc[Ddr::IndexFields::RESEARCH_HELP_CONTACT]
|
270
270
|
end
|
271
271
|
end
|
272
272
|
|
data/lib/ddr/models/version.rb
CHANGED
data/spec/auth/ability_spec.rb
CHANGED
@@ -57,16 +57,19 @@ module Ddr::Auth
|
|
57
57
|
end
|
58
58
|
|
59
59
|
describe "Collection abilities" do
|
60
|
+
before do
|
61
|
+
allow(Ddr::Auth).to receive(:collection_creators_group) { "collection_creators" }
|
62
|
+
end
|
60
63
|
describe "when the user is a collection creator" do
|
61
64
|
before do
|
62
|
-
allow(auth_context).to receive(:member_of?).with(
|
65
|
+
allow(auth_context).to receive(:member_of?).with("collection_creators") { true }
|
63
66
|
end
|
64
67
|
it { should be_able_to(:create, Collection) }
|
65
68
|
end
|
66
69
|
|
67
70
|
describe "when the user is not a collection creator" do
|
68
71
|
before do
|
69
|
-
allow(auth_context).to receive(:member_of?).with(
|
72
|
+
allow(auth_context).to receive(:member_of?).with("collection_creators") { false }
|
70
73
|
end
|
71
74
|
it { should_not be_able_to(:create, Collection) }
|
72
75
|
end
|
data/spec/auth/groups_spec.rb
CHANGED
@@ -9,8 +9,6 @@ module Ddr::Auth
|
|
9
9
|
it { should include(Groups::PUBLIC) }
|
10
10
|
it { should_not include(Groups::REGISTERED) }
|
11
11
|
it { should_not include(Groups::DUKE_ALL) }
|
12
|
-
it { should_not include(Groups::SUPERUSERS) }
|
13
|
-
it { should_not include(Groups::COLLECTION_CREATORS) }
|
14
12
|
it "should not include affiliation groups" do
|
15
13
|
expect(subject.any? { |g| AffiliationGroups::ALL.include?(g) }).to be false
|
16
14
|
end
|
@@ -21,8 +19,6 @@ module Ddr::Auth
|
|
21
19
|
it { should include(Groups::PUBLIC) }
|
22
20
|
it { should include(Groups::REGISTERED) }
|
23
21
|
it { should_not include(Groups::DUKE_ALL) }
|
24
|
-
it { should_not include(Groups::SUPERUSERS) }
|
25
|
-
it { should_not include(Groups::COLLECTION_CREATORS) }
|
26
22
|
it "should not include affiliation groups" do
|
27
23
|
expect(subject.any? { |g| AffiliationGroups::ALL.include?(g) }).to be false
|
28
24
|
end
|
@@ -33,8 +29,6 @@ module Ddr::Auth
|
|
33
29
|
it { should include(Groups::PUBLIC) }
|
34
30
|
it { should include(Groups::REGISTERED) }
|
35
31
|
it { should include(Groups::DUKE_ALL) }
|
36
|
-
it { should_not include(Groups::SUPERUSERS) }
|
37
|
-
it { should_not include(Groups::COLLECTION_CREATORS) }
|
38
32
|
|
39
33
|
describe "with affiliations" do
|
40
34
|
before do
|
@@ -61,26 +55,7 @@ module Ddr::Auth
|
|
61
55
|
end
|
62
56
|
end
|
63
57
|
|
64
|
-
describe "superusers" do
|
65
|
-
let(:auth_context) { FactoryGirl.build(:auth_context) }
|
66
|
-
before do
|
67
|
-
allow(Ddr::Auth).to receive(:superuser_group) { "superusers" }
|
68
|
-
allow(auth_context).to receive(:ismemberof) { [ Ddr::Auth.superuser_group ] }
|
69
|
-
end
|
70
|
-
it { should include(Groups::SUPERUSERS) }
|
71
|
-
end
|
72
|
-
|
73
|
-
describe "collection creators" do
|
74
|
-
let(:auth_context) { FactoryGirl.build(:auth_context) }
|
75
|
-
before do
|
76
|
-
allow(Ddr::Auth).to receive(:collection_creators_group) { "collection_creators" }
|
77
|
-
allow(auth_context).to receive(:ismemberof) { [ Ddr::Auth.collection_creators_group ] }
|
78
|
-
end
|
79
|
-
it { should include(Groups::COLLECTION_CREATORS) }
|
80
|
-
end
|
81
|
-
|
82
58
|
end
|
83
59
|
|
84
|
-
|
85
60
|
end
|
86
61
|
end
|
@@ -102,26 +102,26 @@ RSpec.describe SolrDocument, type: :model, contacts: true do
|
|
102
102
|
|
103
103
|
describe "contacts" do
|
104
104
|
before do
|
105
|
-
allow(YAML).to receive(:load_file) { { '
|
106
|
-
'
|
105
|
+
allow(YAML).to receive(:load_file) { { 'xa' => { 'name' => 'Contact A', 'short_name' => 'A' },
|
106
|
+
'yb' => { 'name' => 'Contact B', 'short_name' => 'B' } } }
|
107
107
|
Ddr::Contacts.load_contacts
|
108
108
|
end
|
109
109
|
describe "#research_help" do
|
110
110
|
context "object has research help contact" do
|
111
|
-
before { subject[Ddr::IndexFields::RESEARCH_HELP_CONTACT] = '
|
111
|
+
before { subject[Ddr::IndexFields::RESEARCH_HELP_CONTACT] = 'yb' }
|
112
112
|
it "should return the object's research help contact" do
|
113
|
-
expect(subject.research_help.slug).to eq('
|
113
|
+
expect(subject.research_help.slug).to eq('yb')
|
114
114
|
end
|
115
115
|
end
|
116
116
|
context "object does not have research help contact" do
|
117
117
|
context "collection has research help contact" do
|
118
|
-
let(:apo_solr_response) { [{"system_create_dtsi"=>"2015-03-10T15:20:16Z", "system_modified_dtsi"=>"2015-03-10T15:21:50Z", "object_state_ssi"=>"A", "active_fedora_model_ssi"=>"Collection", "id"=>"changeme:224", "object_profile_ssm"=>["{\"datastreams\":{\"DC\":{\"dsLabel\":\"Dublin Core Record for this object\",\"dsVersionID\":\"DC1.0\",\"dsCreateDate\":\"2015-03-10T15:20:16Z\",\"dsState\":\"A\",\"dsMIME\":\"text/xml\",\"dsFormatURI\":\"http://www.openarchives.org/OAI/2.0/oai_dc/\",\"dsControlGroup\":\"X\",\"dsSize\":341,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+DC+DC1.0\",\"dsLocationType\":null,\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"0555f020bbfc94c07745f530af4195fed9cf4e4ba539a30727f2d2d5743627be\"},\"RELS-EXT\":{\"dsLabel\":\"Fedora Object-to-Object Relationship Metadata\",\"dsVersionID\":\"RELS-EXT.1\",\"dsCreateDate\":\"2015-03-10T15:20:18Z\",\"dsState\":\"A\",\"dsMIME\":\"application/rdf+xml\",\"dsFormatURI\":null,\"dsControlGroup\":\"X\",\"dsSize\":417,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+RELS-EXT+RELS-EXT.1\",\"dsLocationType\":null,\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"6a7c2621534cd1cb28d9cfa7e45bb128a1f3c05028e29def4dea479be9596d7d\"},\"descMetadata\":{\"dsLabel\":\"Descriptive Metadata for this object\",\"dsVersionID\":\"descMetadata.1\",\"dsCreateDate\":\"2015-03-10T15:20:18Z\",\"dsState\":\"A\",\"dsMIME\":\"application/n-triples\",\"dsFormatURI\":null,\"dsControlGroup\":\"M\",\"dsSize\":80,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+descMetadata+descMetadata.1\",\"dsLocationType\":\"INTERNAL_ID\",\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"bbba526a1ca47f19dfe110f25a0a721bda481dc414f7ec89e3f02c5562eaa9a2\"},\"rightsMetadata\":{\"dsLabel\":null,\"dsVersionID\":\"rightsMetadata.0\",\"dsCreateDate\":\"2015-03-10T15:20:17Z\",\"dsState\":\"A\",\"dsMIME\":\"text/xml\",\"dsFormatURI\":null,\"dsControlGroup\":\"M\",\"dsSize\":550,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+rightsMetadata+rightsMetadata.0\",\"dsLocationType\":\"INTERNAL_ID\",\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"210d5a228bd96e22b20723de1dd20ea8d897252063713d0815369c49045c5c05\"},\"properties\":{},\"thumbnail\":{},\"adminMetadata\":{},\"defaultRights\":{\"dsLabel\":null,\"dsVersionID\":\"defaultRights.0\",\"dsCreateDate\":\"2015-03-10T15:21:50Z\",\"dsState\":\"A\",\"dsMIME\":\"text/xml\",\"dsFormatURI\":null,\"dsControlGroup\":\"M\",\"dsSize\":634,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+defaultRights+defaultRights.0\",\"dsLocationType\":\"INTERNAL_ID\",\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"1a2d9e665228d5e3cbf5f8ddd0d641172c20f98b4e05d62f741b7b9010696ad0\"}},\"objLabel\":null,\"objOwnerId\":\"fedoraAdmin\",\"objModels\":[\"info:fedora/afmodel:Collection\",\"info:fedora/fedora-system:FedoraObject-3.0\"],\"objCreateDate\":\"2015-03-10T15:20:16Z\",\"objLastModDate\":\"2015-03-10T15:20:18Z\",\"objDissIndexViewURL\":\"http://localhost:8983/fedora/objects/changeme%3A224/methods/fedora-system%3A3/viewMethodIndex\",\"objItemIndexViewURL\":\"http://localhost:8983/fedora/objects/changeme%3A224/methods/fedora-system%3A3/viewItemIndex\",\"objState\":\"A\"}"], "title_tesim"=>["Test Collection"], "edit_access_person_ssim"=>["coblej@duke.edu"], "inheritable_read_access_group_ssim"=>["public"], "is_governed_by_ssim"=>["info:fedora/changeme:224"], "has_model_ssim"=>["info:fedora/afmodel:Collection"], "title_ssi"=>"Test Collection", "internal_uri_ssi"=>"info:fedora/changeme:224", Ddr::IndexFields::RESEARCH_HELP_CONTACT=>
|
118
|
+
let(:apo_solr_response) { [{"system_create_dtsi"=>"2015-03-10T15:20:16Z", "system_modified_dtsi"=>"2015-03-10T15:21:50Z", "object_state_ssi"=>"A", "active_fedora_model_ssi"=>"Collection", "id"=>"changeme:224", "object_profile_ssm"=>["{\"datastreams\":{\"DC\":{\"dsLabel\":\"Dublin Core Record for this object\",\"dsVersionID\":\"DC1.0\",\"dsCreateDate\":\"2015-03-10T15:20:16Z\",\"dsState\":\"A\",\"dsMIME\":\"text/xml\",\"dsFormatURI\":\"http://www.openarchives.org/OAI/2.0/oai_dc/\",\"dsControlGroup\":\"X\",\"dsSize\":341,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+DC+DC1.0\",\"dsLocationType\":null,\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"0555f020bbfc94c07745f530af4195fed9cf4e4ba539a30727f2d2d5743627be\"},\"RELS-EXT\":{\"dsLabel\":\"Fedora Object-to-Object Relationship Metadata\",\"dsVersionID\":\"RELS-EXT.1\",\"dsCreateDate\":\"2015-03-10T15:20:18Z\",\"dsState\":\"A\",\"dsMIME\":\"application/rdf+xml\",\"dsFormatURI\":null,\"dsControlGroup\":\"X\",\"dsSize\":417,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+RELS-EXT+RELS-EXT.1\",\"dsLocationType\":null,\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"6a7c2621534cd1cb28d9cfa7e45bb128a1f3c05028e29def4dea479be9596d7d\"},\"descMetadata\":{\"dsLabel\":\"Descriptive Metadata for this object\",\"dsVersionID\":\"descMetadata.1\",\"dsCreateDate\":\"2015-03-10T15:20:18Z\",\"dsState\":\"A\",\"dsMIME\":\"application/n-triples\",\"dsFormatURI\":null,\"dsControlGroup\":\"M\",\"dsSize\":80,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+descMetadata+descMetadata.1\",\"dsLocationType\":\"INTERNAL_ID\",\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"bbba526a1ca47f19dfe110f25a0a721bda481dc414f7ec89e3f02c5562eaa9a2\"},\"rightsMetadata\":{\"dsLabel\":null,\"dsVersionID\":\"rightsMetadata.0\",\"dsCreateDate\":\"2015-03-10T15:20:17Z\",\"dsState\":\"A\",\"dsMIME\":\"text/xml\",\"dsFormatURI\":null,\"dsControlGroup\":\"M\",\"dsSize\":550,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+rightsMetadata+rightsMetadata.0\",\"dsLocationType\":\"INTERNAL_ID\",\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"210d5a228bd96e22b20723de1dd20ea8d897252063713d0815369c49045c5c05\"},\"properties\":{},\"thumbnail\":{},\"adminMetadata\":{},\"defaultRights\":{\"dsLabel\":null,\"dsVersionID\":\"defaultRights.0\",\"dsCreateDate\":\"2015-03-10T15:21:50Z\",\"dsState\":\"A\",\"dsMIME\":\"text/xml\",\"dsFormatURI\":null,\"dsControlGroup\":\"M\",\"dsSize\":634,\"dsVersionable\":true,\"dsInfoType\":null,\"dsLocation\":\"changeme:224+defaultRights+defaultRights.0\",\"dsLocationType\":\"INTERNAL_ID\",\"dsChecksumType\":\"SHA-256\",\"dsChecksum\":\"1a2d9e665228d5e3cbf5f8ddd0d641172c20f98b4e05d62f741b7b9010696ad0\"}},\"objLabel\":null,\"objOwnerId\":\"fedoraAdmin\",\"objModels\":[\"info:fedora/afmodel:Collection\",\"info:fedora/fedora-system:FedoraObject-3.0\"],\"objCreateDate\":\"2015-03-10T15:20:16Z\",\"objLastModDate\":\"2015-03-10T15:20:18Z\",\"objDissIndexViewURL\":\"http://localhost:8983/fedora/objects/changeme%3A224/methods/fedora-system%3A3/viewMethodIndex\",\"objItemIndexViewURL\":\"http://localhost:8983/fedora/objects/changeme%3A224/methods/fedora-system%3A3/viewItemIndex\",\"objState\":\"A\"}"], "title_tesim"=>["Test Collection"], "edit_access_person_ssim"=>["coblej@duke.edu"], "inheritable_read_access_group_ssim"=>["public"], "is_governed_by_ssim"=>["info:fedora/changeme:224"], "has_model_ssim"=>["info:fedora/afmodel:Collection"], "title_ssi"=>"Test Collection", "internal_uri_ssi"=>"info:fedora/changeme:224", Ddr::IndexFields::RESEARCH_HELP_CONTACT=>"xa", "_version_"=>1495270331036729344, "timestamp"=>"2015-03-10T15:21:50.793Z"}] }
|
119
119
|
before do
|
120
120
|
allow(subject).to receive(:admin_policy_pid).and_return('changeme:224')
|
121
121
|
allow(ActiveFedora::SolrService).to receive(:query).and_return(apo_solr_response)
|
122
122
|
end
|
123
123
|
it "should return the collection's research help contact" do
|
124
|
-
expect(subject.research_help.slug).to eq("
|
124
|
+
expect(subject.research_help.slug).to eq("xa")
|
125
125
|
end
|
126
126
|
end
|
127
127
|
context "collection does not have research help contact" do
|
@@ -61,18 +61,26 @@ module Ddr::Auth
|
|
61
61
|
expect(subject.member_of?(group2)).to be false
|
62
62
|
end
|
63
63
|
end
|
64
|
+
describe "when given nil" do
|
65
|
+
it "should be false" do
|
66
|
+
expect(subject.member_of?(nil)).to be false
|
67
|
+
end
|
68
|
+
end
|
64
69
|
end
|
65
70
|
|
66
71
|
describe "#authorized_to_act_as_superuser?" do
|
72
|
+
before do
|
73
|
+
allow(Ddr::Auth).to receive(:superuser_group) { "superusers" }
|
74
|
+
end
|
67
75
|
describe "when a member of the superusers group" do
|
68
76
|
before do
|
69
|
-
allow(subject).to receive(:
|
77
|
+
allow(subject).to receive(:member_of?).with("superusers") { true }
|
70
78
|
end
|
71
79
|
its(:authorized_to_act_as_superuser?) { should be true }
|
72
80
|
end
|
73
81
|
describe "when not a member of the superusers group" do
|
74
82
|
before do
|
75
|
-
allow(subject).to receive(:
|
83
|
+
allow(subject).to receive(:member_of?).with("superusers") { false }
|
76
84
|
end
|
77
85
|
its(:authorized_to_act_as_superuser?) { should be false }
|
78
86
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ddr-models
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.0.
|
4
|
+
version: 2.0.0.rc2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jim Coble
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-07-
|
12
|
+
date: 2015-07-23 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|