ddr-models 2.4.14 → 2.4.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 89463db1599ed9a7f4707c36efed6b90edc54d43
-  data.tar.gz: ed8918d41b6176c00516bfadcc317593d0466255
+  metadata.gz: b36660eee0bd55bbbbbe5ec8ee9c0b69291bd46e
+  data.tar.gz: b0b5714f775e92d23fa50f1cfd2d0286dce8c17f
 SHA512:
-  metadata.gz: 19c5b9b657b4d755822ba5877016095264a6ee4c49751d87013d685571a5bf24d8568c2ebe75624aebfc3275f03fb180aa925451bae862832076a47692df0941
-  data.tar.gz: 499b13e8195943a1d4d9754a2ffe6965b275c14da27c47d9044f842ec9959e913335ee1b7b7b6b85173cf6c81d122728b41892bb1ea8a2b9539b3b592135f629
+  metadata.gz: 894ff0cff82bc9bb72102b741a4959e69d06bd3d8a0c62f8322d9ff5478834b95fdab8491eb2829230c9f466ec099e3c3f6d7d96bf923f62f5815ed149f750ec
+  data.tar.gz: 4656487fb2cce3c1c5a62150b0733a4ccb22ae0c19f38f2e7407b87762c995c6f17cd3fe56077452651509c916e61a225f9ba702eb62b8f0edbc8502f99fcbdb

data/lib/ddr/auth/ability_definitions/collection_ability_definitions.rb

@@ -6,6 +6,22 @@ module Ddr
         if member_of? Ddr::Auth.collection_creators_group
           can :create, ::Collection
         end
+        can :export, ::Collection do |obj|
+          has_policy_permission?(obj, Permissions::READ)
+        end
+      end
+
+      private
+
+      def policy_permissions(obj)
+        obj.roles
+          .in_policy_scope
+          .agent(agents)
+          .permissions
+      end
+
+      def has_policy_permission?(obj, perm)
+        policy_permissions(obj).include?(perm)
       end
 
     end

data/lib/ddr/models/version.rb

@@ -1,5 +1,5 @@
 module Ddr
   module Models
-    VERSION = "2.4.14"
+    VERSION = "2.4.15"
   end
 end

data/spec/auth/ability_spec.rb

@@ -57,21 +57,38 @@ module Ddr::Auth
     end
 
     describe "Collection abilities" do
-      before do
-        allow(Ddr::Auth).to receive(:collection_creators_group) { "collection_creators" }
-      end
-      describe "when the user is a collection creator" do
+      describe "create" do
         before do
-          allow(auth_context).to receive(:member_of?).with("collection_creators") { true }
+          allow(Ddr::Auth).to receive(:collection_creators_group) { "collection_creators" }
+        end
+        describe "when the user is a collection creator" do
+          before do
+            allow(auth_context).to receive(:member_of?).with("collection_creators") { true }
+          end
+          it { should be_able_to(:create, Collection) }
         end
-        it { should be_able_to(:create, Collection) }
-      end
 
-      describe "when the user is not a collection creator" do
-        before do
-          allow(auth_context).to receive(:member_of?).with("collection_creators") { false }
+        describe "when the user is not a collection creator" do
+          before do
+            allow(auth_context).to receive(:member_of?).with("collection_creators") { false }
+          end
+          it { should_not be_able_to(:create, Collection) }
+        end
+      end
+      describe "export" do
+        let(:collection) { FactoryGirl.build(:collection) }
+        describe "when the user has read permission via policy scope role" do
+          before {
+            collection.roles.grant role_type: "Viewer", agent: auth_context.user.to_s, scope: "policy"
+          }
+          it { is_expected.to be_able_to(:export, collection) }
+        end
+        describe "when the user does not have read permission via policy scope role" do
+          before {
+            collection.roles.grant role_type: "Viewer", agent: auth_context.user.to_s
+          }
+          it { is_expected.not_to be_able_to(:export, collection) }
         end
-        it { should_not be_able_to(:create, Collection) }
       end
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ddr-models
 version: !ruby/object:Gem::Version
-  version: 2.4.14
+  version: 2.4.15
 platform: ruby
 authors:
 - Jim Coble