ddr-models 3.0.0.alpha.3 → 3.0.0.alpha.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5ba4e9d42e6784bc59cf386c341006539ff072f1
-  data.tar.gz: 88c2d6e6589785a20228e615a287d8f334cc98f3
+  metadata.gz: ed265d93ca6307ec23a3d9055d0f6965f8cb00cb
+  data.tar.gz: 48a3f01ac1cd908e49695d612be9737143102553
 SHA512:
-  metadata.gz: 41e9ebf75006154ba347dd5fdbc91c44b835990eb46f920c004ce16aed1e9d8637c935d94a4bc1afb4f9924b6ada95da5da6be8e77606fb5bd0251caa69f08a5
-  data.tar.gz: 3959dc747ad83c854ef084b25843177e43601273fd6954aea81a7974730802662230f362e000ddfcc27ab80f75965fa238b932b444f377ca2f8d820d05944fb4
+  metadata.gz: 5fb8f5bca78ed6874d69829f0555dd6b395e7133206494bc09cad31348dfdec131120acbb8f7b0c05b48a816006c68ab0bb46d4a5e5002dbdb4b112509512d39
+  data.tar.gz: 88f6ac010d23f70f07f36c4a0ffb7364abdbfa5e956d2b835ee11085c7de77010f15e4e6e8b65eaa209760951c0e5217e37aba32c5772158aaf2d985c343eaa0

data/app/models/collection.rb

@@ -54,7 +54,7 @@ class Collection < Ddr::Models::Base
 
   def set_admin_policy
     self.admin_policy = self
-    self.save
+    save
   end
 
 end

data/ddr-models.gemspec

@@ -21,7 +21,6 @@ Gem::Specification.new do |s|
   s.add_dependency "rails", "~> 4.1.13"
   s.add_dependency "active-triples", "~> 0.7.2"
   s.add_dependency "active-fedora", "~> 9.5"
-  s.add_dependency "hydra-core", "~> 9.3"
   s.add_dependency "hydra-validations", "~> 0.5"
   s.add_dependency "devise", "~> 3.4"
   s.add_dependency "omniauth-shibboleth", "~> 1.2.0"
@@ -42,4 +41,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency "factory_girl_rails", "~> 4.4"
   s.add_development_dependency "jettywrapper", "~> 2.0"
   s.add_development_dependency "database_cleaner"
+  s.add_development_dependency "blacklight", "~> 5.15"
 end

data/lib/ddr/auth/abstract_ability.rb

@@ -1,3 +1,5 @@
+require 'cancancan'
+
 module Ddr::Auth
   # @abstract
   class AbstractAbility

data/lib/ddr/auth/role_based_access_controls_enforcement.rb

@@ -1,56 +1,20 @@
-module Ddr
-  module Auth
-    #
-    # Hydra controller mixin for role-based access control
-    #
-    # Overrides Hydra::AccessControlsEnforcement#gated_discovery_filters
-    # to apply role filters instead of permissions filters.
-    #
-    module RoleBasedAccessControlsEnforcement
-
-      def self.included(controller)
-        controller.delegate :authorized_to_act_as_superuser?, to: :current_ability
-        controller.helper_method :authorized_to_act_as_superuser?
-      end
-
-      def current_ability
-        @current_ability ||= AbilityFactory.call(current_user, request.env)
-      end
-
-      # List of IDs for policies on which any of the current user's agent has a role in policy scope
-      def policy_role_policies
-        @policy_role_policies ||= Array.new.tap do |uris|
-          filters = current_ability.agents.map do |agent|
-            "#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\""
-          end.join(" OR ")
-          query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})"
-          results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::ID)
-          results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::ID] }
-        end
-      end
-
-      def policy_role_filters
-        if policy_role_policies.present?
-          rels = policy_role_policies.map { |pid| [:isGovernedBy, pid] }
-          ActiveFedora::SolrService.construct_query_for_rel(rels, " OR ")
-        end
-      end
-
-      def resource_role_filters
-        current_ability.agents.map do |agent|
-          ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent)
-        end.join(" OR ")
-      end
-
-      def gated_discovery_filters
-        [resource_role_filters, policy_role_filters].compact
-      end
+module Ddr::Auth
+  #
+  # Controller mixin for role-based access control
+  #
+  module RoleBasedAccessControlsEnforcement
+
+    def self.included(controller)
+      controller.helper_method :authorized_to_act_as_superuser?
+    end
 
-      # Overrides Hydra::AccessControlsEnforcement
-      def enforce_show_permissions
-        authorize! :read, params[:id]
-      end
+    def current_ability
+      @current_ability ||= AbilityFactory.call(current_user, request.env)
+    end
 
+    def authorized_to_act_as_superuser?
+      current_ability.authorized_to_act_as_superuser?
     end
+
   end
 end

data/lib/ddr/index/fields.rb

@@ -1,5 +1,6 @@
 module Ddr::Index
   module Fields
+    extend Deprecation
 
     def self.get(name)
       const_get(name.to_s.upcase, false)
@@ -11,8 +12,15 @@ module Ddr::Index
         .map    { |c| const_get(c) }
     end
 
+    def self.const_missing(name)
+      if name == :PID
+        Deprecation.warn(Fields, "The constant `:PID` is deprecated; use `:ID` instead.")
+        return ID
+      end
+      super
+    end
+
     ID = UniqueKeyField.instance
-    PID = UniqueKeyField.instance
 
     ACCESS_ROLE                 = Field.new :access_role, :stored_sortable
     ACTIVE_FEDORA_MODEL         = Field.new :active_fedora_model, :stored_sortable
@@ -54,6 +62,7 @@ module Ddr::Index
     OBJECT_STATE                = Field.new :object_state, :stored_sortable
     OBJECT_CREATE_DATE          = Field.new :system_create, :stored_sortable, type: :date
     OBJECT_MODIFIED_DATE        = Field.new :system_modified, :stored_sortable, type: :date
+    ORIGINAL_FILENAME           = Field.new :original_filename, :stored_sortable
     PERMANENT_ID                = Field.new :permanent_id, :stored_sortable, type: :string
     PERMANENT_URL               = Field.new :permanent_url, :stored_sortable, type: :string
     POLICY_ROLE                 = Field.new :policy_role, :symbol

data/lib/ddr/models.rb

@@ -1,12 +1,8 @@
 require 'ddr/models/engine'
 require 'ddr/models/version'
 
-# Awful hack to make Hydra::AccessControls::Permissions accessible
-# $: << Gem.loaded_specs['hydra-access-controls'].full_gem_path + "/app/models/concerns"
-
 require 'active_record'
-
-require 'hydra-core'
+require 'active_fedora'
 require 'hydra/validations'
 
 module Ddr
@@ -77,6 +73,11 @@ module Ddr
       autoload :MetadataVocabularies
     end
 
+    autoload_under "search" do
+      autoload :Catalog
+      autoload :SearchBuilder
+    end
+
     # Base directory of default external file store
     mattr_accessor :external_file_store
 

data/lib/ddr/models/base.rb

@@ -1,5 +1,6 @@
 module Ddr::Models
   class Base < ActiveFedora::Base
+    extend Deprecation
 
     include ObjectApi
     include Describable
@@ -16,21 +17,29 @@ module Ddr::Models
       notify_event :deletion
     end
 
+    def inspect
+      "#<#{model_and_id}, uri: \"#{uri}\">"
+    end
+
     def attached_files_profile
       AttachedFilesProfile.new(attached_files)
     end
 
     def copy_admin_policy_or_roles_from(other)
-      copy_resource_roles_from(other) unless copy_admin_policy_from(other)
+      copy_admin_policy_from(other) || copy_resource_roles_from(other)
     end
 
     def association_query(association)
       raise NotImplementedError, "The previous implementation does not work with ActiveFedora 9."
     end
 
-    # e.g., "Collection duke:1"
+    def model_and_id
+      "#{self.class} id: #{id.inspect || '[NEW]'}"
+    end
+
     def model_pid
-      [self.class.to_s, pid].join(" ")
+      Deprecation.warn(Base, "`model_pid` is deprecated; use `model_and_id` instead.")
+      model_and_id
     end
 
     # @override ActiveFedora::Core

data/lib/ddr/models/governable.rb

@@ -30,15 +30,10 @@ module Ddr
       end
 
       def copy_admin_policy_from(other)
-        # XXX In active-fedora 7.0 can do
-        # self.admin_policy = other.admin_policy
-        self.admin_policy_id = case
-        when other.has_admin_policy?
-          other.admin_policy_id
-        when other.is_a?(Collection)
-          other.id
+        if admin_policy = other.admin_policy
+          self.admin_policy = admin_policy
+          logger.debug "Copied admin policy from #{other.model_and_id} to #{model_and_id}"
         end
-        # self.admin_policy_id = other.admin_policy_id if other.has_admin_policy?
       end
 
     end

data/lib/ddr/models/has_admin_metadata.rb

@@ -35,13 +35,6 @@ module Ddr::Models
                predicate: RDF::Vocab::Identifiers.local,
                multiple: false
 
-      # XXX Is this admin metadata?
-      property :original_filename,
-               predicate: Ddr::Vocab::PREMIS.hasOriginalName,
-               multiple: false do |index|
-        index.as :stored_sortable
-      end
-
       property :permanent_id,
                predicate: Ddr::Vocab::Asset.permanentId,
                multiple: false

data/lib/ddr/models/has_attachments.rb

@@ -6,7 +6,8 @@ module Ddr
       included do
         has_many :attachments,
                  predicate: ::RDF::URI("http://projecthydra.org/ns/relations#isAttachedTo"),
-                 class_name: 'Attachment'
+                 class_name: 'Attachment',
+                 as: :attached_to
       end
 
     end

data/lib/ddr/models/has_content.rb

@@ -4,6 +4,7 @@ module Ddr
   module Models
     module HasContent
       extend ActiveSupport::Concern
+      extend Deprecation
 
       MASTER_FILE_TYPES = [ "image/tiff" ]
 
@@ -40,6 +41,14 @@ module Ddr
         save
       end
 
+      def original_filename
+        content.original_name
+      end
+
+      def original_filename=(filename)
+        content.original_name = filename
+      end
+
       def derivatives
         @derivatives ||= Ddr::Managers::DerivativesManager.new(self)
       end

data/lib/ddr/models/indexing.rb

@@ -47,6 +47,7 @@ module Ddr
           fields.merge!(last_virus_check.to_solr) if last_virus_check
         end
         if has_content?
+          fields[ORIGINAL_FILENAME] = original_filename
           fields[CONTENT_SIZE] = content_size
           fields[CONTENT_SIZE_HUMAN] = content_human_size
           fields[MEDIA_TYPE] = content_type

data/lib/ddr/models/licenses/license.rb

@@ -15,7 +15,7 @@ module Ddr::Models
     end
 
     def pid
-      Deprecation.warn(License, "Use `object_id` instead.")
+      Deprecation.warn(License, "`pid` is deprecated; use `object_id` instead.")
       object_id
     end
 

data/lib/ddr/models/search/catalog.rb

@@ -0,0 +1,24 @@
+module Ddr::Models
+  #
+  # Blacklight CatalogController mixin that applies
+  # gated discovery.
+  #
+  # Assumes that the search builder class includes
+  # `Ddr::Models::SearchBuilder`.
+  #
+  module Catalog
+
+    def self.included(controller)
+      controller.search_params_logic += [:apply_gated_discovery]
+
+      controller.before_filter :enforce_show_permissions, only: :show
+    end
+
+    # @note Originally copied from Hydra::AccessControlsEnforcement
+    #   and overridden.
+    def enforce_show_permissions
+      authorize! :read, params[:id]
+    end
+
+  end
+end

data/lib/ddr/models/search/search_builder.rb

@@ -0,0 +1,54 @@
+module Ddr::Models
+  #
+  # Blacklight SearchBuilder methods.
+  #
+  # Include in controller search builder class:
+  #
+  #   class SearchBuilder < Blacklight::Solr::SearchBuilder
+  #     include Ddr::Models::SearchBuilder
+  #   end
+  #
+  module SearchBuilder
+
+    # @note Copied from Hydra::AccessControlsEnforcement
+    def apply_gated_discovery(solr_parameters)
+      solr_parameters[:fq] ||= []
+      solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
+    end
+
+    def current_ability
+      # :scope is assumed here to be a controller which responds to :current_ability
+      scope.current_ability
+    end
+
+    def gated_discovery_filters
+      [resource_role_filters, policy_role_filters].compact
+    end
+
+    # List of IDs for policies on which any of the current user's agent has a role in policy scope
+    def policy_role_policies
+      @policy_role_policies ||= Array.new.tap do |uris|
+        filters = current_ability.agents.map do |agent|
+          "#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\""
+        end.join(" OR ")
+        query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})"
+        results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::ID)
+        results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::ID] }
+      end
+    end
+
+    def policy_role_filters
+      if policy_role_policies.present?
+        rels = policy_role_policies.map { |pid| [:isGovernedBy, pid] }
+        ActiveFedora::SolrService.construct_query_for_rel(rels, " OR ")
+      end
+    end
+
+    def resource_role_filters
+      current_ability.agents.map do |agent|
+        ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent)
+      end.join(" OR ")
+    end
+
+  end
+end

data/lib/ddr/models/version.rb

@@ -1,5 +1,5 @@
 module Ddr
   module Models
-    VERSION = "3.0.0.alpha.3"
+    VERSION = "3.0.0.alpha.4"
   end
 end

data/spec/controllers/application_controller_spec.rb

@@ -1,22 +1,43 @@
 RSpec.describe ApplicationController, type: :controller do
-  controller do
-    before_action :authenticate_user!
-    def index; end
-  end
-  describe "authentication failure handling" do
-    describe "when shibboleth user authentication is required" do
-      before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
-      it "should redirect to the shib authn path" do
-        get :index
-        expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth))
-      end
+
+  describe "authentication" do
+    controller do
+      before_action :authenticate_user!
+      def index; end
     end
-    describe "when shibboleth user authentication is not required" do
-      before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { false } }
-      it "should redirect to the new user session path" do
-        get :index
-        expect(response).to redirect_to(new_user_session_path)
+
+    describe "authentication failure handling" do
+      describe "when shibboleth user authentication is required" do
+        before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
+        it "should redirect to the shib authn path" do
+          get :index
+          expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth))
+        end
+      end
+
+      describe "when shibboleth user authentication is not required" do
+        before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { false } }
+        it "should redirect to the new user session path" do
+          get :index
+          expect(response).to redirect_to(new_user_session_path)
+        end
       end
     end
   end
+
+  describe "including `Ddr::Auth::RoleBasedAccessControlsEnforcement`" do
+    controller do
+      include Ddr::Auth::RoleBasedAccessControlsEnforcement
+    end
+
+    let(:user) { FactoryGirl.create(:user) }
+
+    its(:current_ability) { is_expected.to be_a(Ddr::Auth::AbstractAbility) }
+
+    it "delegates `authorized_to_act_as_superuser?` to current_ability" do
+      expect(subject.current_ability).to receive(:authorized_to_act_as_superuser?)
+      subject.authorized_to_act_as_superuser?
+    end
+  end
+
 end

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,5 +1,3 @@
 class ApplicationController < ActionController::Base
-  # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 end

data/spec/dummy/app/models/solr_document.rb

@@ -1,7 +1,5 @@
-# -*- encoding : utf-8 -*-
-#
-# A SolrDocument is a wrapper of a raw Solr document result.
-#
+require 'blacklight'
+
 class SolrDocument
   include Blacklight::Solr::Document
   include Ddr::Models::SolrDocument

data/spec/dummy/app/models/user.rb

@@ -1,4 +1,3 @@
 class User < ActiveRecord::Base
   include Ddr::Auth::User
-  include Blacklight::User
 end

data/spec/models/search_builder_spec.rb

@@ -0,0 +1,51 @@
+require 'blacklight'
+
+module Ddr::Models
+  RSpec.describe SearchBuilder do
+
+    subject { search_builder_class.new(processor_chain, scope) }
+
+    let(:search_builder_class) do
+      Class.new(Blacklight::Solr::SearchBuilder) do
+        include Ddr::Models::SearchBuilder
+      end
+    end
+
+    let(:processor_chain) { [] }
+    let(:ability) { double(agents: ["foo", "bar"]) }
+    let(:scope) { double(current_ability: ability) }
+
+    describe "#resource_role_filters" do
+      it "returns a list of clauses for each agent for the current ability" do
+        expect(subject.resource_role_filters.split(" OR "))
+          .to contain_exactly("_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}foo\"",
+                              "_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}bar\"")
+      end
+    end
+
+    describe "#policy_role_policies" do
+      let(:collections) { FactoryGirl.build_list(:collection, 3) }
+      before do
+        collections[0].roles.grant type: "Editor", agent: "foo", scope: "policy"
+        collections[0].save
+        collections[1].roles.grant type: "Contributor", agent: "bar", scope: "policy"
+        collections[1].save
+        collections[2].roles.grant type: "Viewer", agent: "foo:bar", scope: "policy"
+        collections[2].save
+      end
+      it "returns a list of IDs for collections on which the current ability has a role" do
+        expect(subject.policy_role_policies).to match_array([collections[0].id, collections[1].id])
+      end
+    end
+
+    describe "#policy_role_filters" do
+      before do
+        allow(subject).to receive(:policy_role_policies) { ["test-13", "test-45"] }
+      end
+      it "should include clauses for isGovernedBy relationships to the #policy_role_policies" do
+        expect(subject.policy_role_filters).to eq("_query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-13\" OR _query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-45\"")
+      end
+    end
+
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ddr-models
 version: !ruby/object:Gem::Version
-  version: 3.0.0.alpha.3
+  version: 3.0.0.alpha.4
 platform: ruby
 authors:
 - Jim Coble
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-29 00:00:00.000000000 Z
+date: 2015-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -53,20 +53,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '9.5'
-- !ruby/object:Gem::Dependency
-  name: hydra-core
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '9.3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '9.3'
 - !ruby/object:Gem::Dependency
   name: hydra-validations
   requirement: !ruby/object:Gem::Requirement
@@ -345,6 +331,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: blacklight
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
 description: Models used in the Duke Digital Repository
 email:
 - lib-drs@duke.edu
@@ -525,6 +525,8 @@ files:
 - lib/ddr/models/metadata/metadata_vocabularies.rb
 - lib/ddr/models/metadata/metadata_vocabulary.rb
 - lib/ddr/models/object_api.rb
+- lib/ddr/models/search/catalog.rb
+- lib/ddr/models/search/search_builder.rb
 - lib/ddr/models/solr_document.rb
 - lib/ddr/models/struct_div.rb
 - lib/ddr/models/structure.rb
@@ -562,7 +564,6 @@ files:
 - spec/auth/web_auth_context_spec.rb
 - spec/contacts/contacts_spec.rb
 - spec/controllers/application_controller_spec.rb
-- spec/controllers/including_role_based_access_controls_enforcement_spec.rb
 - spec/controllers/users/sessions_controller_spec.rb
 - spec/datastreams/fits_datastream_spec.rb
 - spec/derivatives/multires_image_spec.rb
@@ -660,6 +661,7 @@ files:
 - spec/models/indexing_spec.rb
 - spec/models/item_spec.rb
 - spec/models/license_spec.rb
+- spec/models/search_builder_spec.rb
 - spec/models/solr_document_spec.rb
 - spec/models/struct_div_spec.rb
 - spec/models/structure_spec.rb
@@ -726,7 +728,6 @@ test_files:
 - spec/auth/web_auth_context_spec.rb
 - spec/contacts/contacts_spec.rb
 - spec/controllers/application_controller_spec.rb
-- spec/controllers/including_role_based_access_controls_enforcement_spec.rb
 - spec/controllers/users/sessions_controller_spec.rb
 - spec/datastreams/fits_datastream_spec.rb
 - spec/derivatives/multires_image_spec.rb
@@ -824,6 +825,7 @@ test_files:
 - spec/models/indexing_spec.rb
 - spec/models/item_spec.rb
 - spec/models/license_spec.rb
+- spec/models/search_builder_spec.rb
 - spec/models/solr_document_spec.rb
 - spec/models/struct_div_spec.rb
 - spec/models/structure_spec.rb

data/spec/controllers/including_role_based_access_controls_enforcement_spec.rb

@@ -1,48 +0,0 @@
-RSpec.describe ApplicationController, type: :controller do
-
-  controller do
-    include Hydra::AccessControlsEnforcement
-    include Ddr::Auth::RoleBasedAccessControlsEnforcement
-  end
-
-  let(:user) { FactoryGirl.create(:user) }
-
-  before do
-    allow(controller.current_ability).to receive(:agents) { [ user.agent, "foo", "bar" ] }
-  end
-
-  describe "#resource_role_filters" do
-    it "should include clauses for each agent for the current ability" do
-      expect(subject.resource_role_filters.split(" OR "))
-        .to contain_exactly("_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}foo\"",
-                            "_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}bar\"",
-                            "_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}#{user.agent}\"")
-    end
-  end
-
-  describe "#policy_role_policies" do
-    let(:collections) { FactoryGirl.build_list(:collection, 3) }
-    before do
-      collections[0].roles.grant type: "Curator", agent: user, scope: "policy"
-      collections[0].save
-      collections[1].roles.grant type: "Editor", agent: "foo", scope: "policy"
-      collections[1].roles.grant type: "Contributor", agent: "bar", scope: "policy"
-      collections[1].save
-      collections[2].roles.grant type: "Viewer", agent: "foo:bar", scope: "policy"
-      collections[2].save
-    end
-    it "should return a list of IDs for collections on which the current ability has a role" do
-      expect(subject.policy_role_policies).to match_array([collections[0].id, collections[1].id])
-    end
-  end
-
-  describe "#policy_role_filters" do
-    before do
-      allow(subject).to receive(:policy_role_policies) { ["test-13", "test-45"] }
-    end
-    it "should include clauses for isGovernedBy relationships to the #policy_role_policies" do
-      expect(subject.policy_role_filters).to eq("_query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-13\" OR _query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-45\"")
-    end
-  end
-
-end