ddr-models 3.0.0.alpha.3 → 3.0.0.alpha.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/collection.rb +1 -1
- data/ddr-models.gemspec +1 -1
- data/lib/ddr/auth/abstract_ability.rb +2 -0
- data/lib/ddr/auth/role_based_access_controls_enforcement.rb +15 -51
- data/lib/ddr/index/fields.rb +10 -1
- data/lib/ddr/models.rb +6 -5
- data/lib/ddr/models/base.rb +12 -3
- data/lib/ddr/models/governable.rb +3 -8
- data/lib/ddr/models/has_admin_metadata.rb +0 -7
- data/lib/ddr/models/has_attachments.rb +2 -1
- data/lib/ddr/models/has_content.rb +9 -0
- data/lib/ddr/models/indexing.rb +1 -0
- data/lib/ddr/models/licenses/license.rb +1 -1
- data/lib/ddr/models/search/catalog.rb +24 -0
- data/lib/ddr/models/search/search_builder.rb +54 -0
- data/lib/ddr/models/version.rb +1 -1
- data/spec/controllers/application_controller_spec.rb +37 -16
- data/spec/dummy/app/controllers/application_controller.rb +0 -2
- data/spec/dummy/app/models/solr_document.rb +2 -4
- data/spec/dummy/app/models/user.rb +0 -1
- data/spec/models/search_builder_spec.rb +51 -0
- metadata +20 -18
- data/spec/controllers/including_role_based_access_controls_enforcement_spec.rb +0 -48
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ed265d93ca6307ec23a3d9055d0f6965f8cb00cb
|
4
|
+
data.tar.gz: 48a3f01ac1cd908e49695d612be9737143102553
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5fb8f5bca78ed6874d69829f0555dd6b395e7133206494bc09cad31348dfdec131120acbb8f7b0c05b48a816006c68ab0bb46d4a5e5002dbdb4b112509512d39
|
7
|
+
data.tar.gz: 88f6ac010d23f70f07f36c4a0ffb7364abdbfa5e956d2b835ee11085c7de77010f15e4e6e8b65eaa209760951c0e5217e37aba32c5772158aaf2d985c343eaa0
|
data/app/models/collection.rb
CHANGED
data/ddr-models.gemspec
CHANGED
@@ -21,7 +21,6 @@ Gem::Specification.new do |s|
|
|
21
21
|
s.add_dependency "rails", "~> 4.1.13"
|
22
22
|
s.add_dependency "active-triples", "~> 0.7.2"
|
23
23
|
s.add_dependency "active-fedora", "~> 9.5"
|
24
|
-
s.add_dependency "hydra-core", "~> 9.3"
|
25
24
|
s.add_dependency "hydra-validations", "~> 0.5"
|
26
25
|
s.add_dependency "devise", "~> 3.4"
|
27
26
|
s.add_dependency "omniauth-shibboleth", "~> 1.2.0"
|
@@ -42,4 +41,5 @@ Gem::Specification.new do |s|
|
|
42
41
|
s.add_development_dependency "factory_girl_rails", "~> 4.4"
|
43
42
|
s.add_development_dependency "jettywrapper", "~> 2.0"
|
44
43
|
s.add_development_dependency "database_cleaner"
|
44
|
+
s.add_development_dependency "blacklight", "~> 5.15"
|
45
45
|
end
|
@@ -1,56 +1,20 @@
|
|
1
|
-
module Ddr
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
def self.included(controller)
|
12
|
-
controller.delegate :authorized_to_act_as_superuser?, to: :current_ability
|
13
|
-
controller.helper_method :authorized_to_act_as_superuser?
|
14
|
-
end
|
15
|
-
|
16
|
-
def current_ability
|
17
|
-
@current_ability ||= AbilityFactory.call(current_user, request.env)
|
18
|
-
end
|
19
|
-
|
20
|
-
# List of IDs for policies on which any of the current user's agent has a role in policy scope
|
21
|
-
def policy_role_policies
|
22
|
-
@policy_role_policies ||= Array.new.tap do |uris|
|
23
|
-
filters = current_ability.agents.map do |agent|
|
24
|
-
"#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\""
|
25
|
-
end.join(" OR ")
|
26
|
-
query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})"
|
27
|
-
results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::ID)
|
28
|
-
results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::ID] }
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
def policy_role_filters
|
33
|
-
if policy_role_policies.present?
|
34
|
-
rels = policy_role_policies.map { |pid| [:isGovernedBy, pid] }
|
35
|
-
ActiveFedora::SolrService.construct_query_for_rel(rels, " OR ")
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
def resource_role_filters
|
40
|
-
current_ability.agents.map do |agent|
|
41
|
-
ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent)
|
42
|
-
end.join(" OR ")
|
43
|
-
end
|
44
|
-
|
45
|
-
def gated_discovery_filters
|
46
|
-
[resource_role_filters, policy_role_filters].compact
|
47
|
-
end
|
1
|
+
module Ddr::Auth
|
2
|
+
#
|
3
|
+
# Controller mixin for role-based access control
|
4
|
+
#
|
5
|
+
module RoleBasedAccessControlsEnforcement
|
6
|
+
|
7
|
+
def self.included(controller)
|
8
|
+
controller.helper_method :authorized_to_act_as_superuser?
|
9
|
+
end
|
48
10
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
end
|
11
|
+
def current_ability
|
12
|
+
@current_ability ||= AbilityFactory.call(current_user, request.env)
|
13
|
+
end
|
53
14
|
|
15
|
+
def authorized_to_act_as_superuser?
|
16
|
+
current_ability.authorized_to_act_as_superuser?
|
54
17
|
end
|
18
|
+
|
55
19
|
end
|
56
20
|
end
|
data/lib/ddr/index/fields.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
module Ddr::Index
|
2
2
|
module Fields
|
3
|
+
extend Deprecation
|
3
4
|
|
4
5
|
def self.get(name)
|
5
6
|
const_get(name.to_s.upcase, false)
|
@@ -11,8 +12,15 @@ module Ddr::Index
|
|
11
12
|
.map { |c| const_get(c) }
|
12
13
|
end
|
13
14
|
|
15
|
+
def self.const_missing(name)
|
16
|
+
if name == :PID
|
17
|
+
Deprecation.warn(Fields, "The constant `:PID` is deprecated; use `:ID` instead.")
|
18
|
+
return ID
|
19
|
+
end
|
20
|
+
super
|
21
|
+
end
|
22
|
+
|
14
23
|
ID = UniqueKeyField.instance
|
15
|
-
PID = UniqueKeyField.instance
|
16
24
|
|
17
25
|
ACCESS_ROLE = Field.new :access_role, :stored_sortable
|
18
26
|
ACTIVE_FEDORA_MODEL = Field.new :active_fedora_model, :stored_sortable
|
@@ -54,6 +62,7 @@ module Ddr::Index
|
|
54
62
|
OBJECT_STATE = Field.new :object_state, :stored_sortable
|
55
63
|
OBJECT_CREATE_DATE = Field.new :system_create, :stored_sortable, type: :date
|
56
64
|
OBJECT_MODIFIED_DATE = Field.new :system_modified, :stored_sortable, type: :date
|
65
|
+
ORIGINAL_FILENAME = Field.new :original_filename, :stored_sortable
|
57
66
|
PERMANENT_ID = Field.new :permanent_id, :stored_sortable, type: :string
|
58
67
|
PERMANENT_URL = Field.new :permanent_url, :stored_sortable, type: :string
|
59
68
|
POLICY_ROLE = Field.new :policy_role, :symbol
|
data/lib/ddr/models.rb
CHANGED
@@ -1,12 +1,8 @@
|
|
1
1
|
require 'ddr/models/engine'
|
2
2
|
require 'ddr/models/version'
|
3
3
|
|
4
|
-
# Awful hack to make Hydra::AccessControls::Permissions accessible
|
5
|
-
# $: << Gem.loaded_specs['hydra-access-controls'].full_gem_path + "/app/models/concerns"
|
6
|
-
|
7
4
|
require 'active_record'
|
8
|
-
|
9
|
-
require 'hydra-core'
|
5
|
+
require 'active_fedora'
|
10
6
|
require 'hydra/validations'
|
11
7
|
|
12
8
|
module Ddr
|
@@ -77,6 +73,11 @@ module Ddr
|
|
77
73
|
autoload :MetadataVocabularies
|
78
74
|
end
|
79
75
|
|
76
|
+
autoload_under "search" do
|
77
|
+
autoload :Catalog
|
78
|
+
autoload :SearchBuilder
|
79
|
+
end
|
80
|
+
|
80
81
|
# Base directory of default external file store
|
81
82
|
mattr_accessor :external_file_store
|
82
83
|
|
data/lib/ddr/models/base.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
module Ddr::Models
|
2
2
|
class Base < ActiveFedora::Base
|
3
|
+
extend Deprecation
|
3
4
|
|
4
5
|
include ObjectApi
|
5
6
|
include Describable
|
@@ -16,21 +17,29 @@ module Ddr::Models
|
|
16
17
|
notify_event :deletion
|
17
18
|
end
|
18
19
|
|
20
|
+
def inspect
|
21
|
+
"#<#{model_and_id}, uri: \"#{uri}\">"
|
22
|
+
end
|
23
|
+
|
19
24
|
def attached_files_profile
|
20
25
|
AttachedFilesProfile.new(attached_files)
|
21
26
|
end
|
22
27
|
|
23
28
|
def copy_admin_policy_or_roles_from(other)
|
24
|
-
|
29
|
+
copy_admin_policy_from(other) || copy_resource_roles_from(other)
|
25
30
|
end
|
26
31
|
|
27
32
|
def association_query(association)
|
28
33
|
raise NotImplementedError, "The previous implementation does not work with ActiveFedora 9."
|
29
34
|
end
|
30
35
|
|
31
|
-
|
36
|
+
def model_and_id
|
37
|
+
"#{self.class} id: #{id.inspect || '[NEW]'}"
|
38
|
+
end
|
39
|
+
|
32
40
|
def model_pid
|
33
|
-
|
41
|
+
Deprecation.warn(Base, "`model_pid` is deprecated; use `model_and_id` instead.")
|
42
|
+
model_and_id
|
34
43
|
end
|
35
44
|
|
36
45
|
# @override ActiveFedora::Core
|
@@ -30,15 +30,10 @@ module Ddr
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def copy_admin_policy_from(other)
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
when other.has_admin_policy?
|
37
|
-
other.admin_policy_id
|
38
|
-
when other.is_a?(Collection)
|
39
|
-
other.id
|
33
|
+
if admin_policy = other.admin_policy
|
34
|
+
self.admin_policy = admin_policy
|
35
|
+
logger.debug "Copied admin policy from #{other.model_and_id} to #{model_and_id}"
|
40
36
|
end
|
41
|
-
# self.admin_policy_id = other.admin_policy_id if other.has_admin_policy?
|
42
37
|
end
|
43
38
|
|
44
39
|
end
|
@@ -35,13 +35,6 @@ module Ddr::Models
|
|
35
35
|
predicate: RDF::Vocab::Identifiers.local,
|
36
36
|
multiple: false
|
37
37
|
|
38
|
-
# XXX Is this admin metadata?
|
39
|
-
property :original_filename,
|
40
|
-
predicate: Ddr::Vocab::PREMIS.hasOriginalName,
|
41
|
-
multiple: false do |index|
|
42
|
-
index.as :stored_sortable
|
43
|
-
end
|
44
|
-
|
45
38
|
property :permanent_id,
|
46
39
|
predicate: Ddr::Vocab::Asset.permanentId,
|
47
40
|
multiple: false
|
@@ -4,6 +4,7 @@ module Ddr
|
|
4
4
|
module Models
|
5
5
|
module HasContent
|
6
6
|
extend ActiveSupport::Concern
|
7
|
+
extend Deprecation
|
7
8
|
|
8
9
|
MASTER_FILE_TYPES = [ "image/tiff" ]
|
9
10
|
|
@@ -40,6 +41,14 @@ module Ddr
|
|
40
41
|
save
|
41
42
|
end
|
42
43
|
|
44
|
+
def original_filename
|
45
|
+
content.original_name
|
46
|
+
end
|
47
|
+
|
48
|
+
def original_filename=(filename)
|
49
|
+
content.original_name = filename
|
50
|
+
end
|
51
|
+
|
43
52
|
def derivatives
|
44
53
|
@derivatives ||= Ddr::Managers::DerivativesManager.new(self)
|
45
54
|
end
|
data/lib/ddr/models/indexing.rb
CHANGED
@@ -47,6 +47,7 @@ module Ddr
|
|
47
47
|
fields.merge!(last_virus_check.to_solr) if last_virus_check
|
48
48
|
end
|
49
49
|
if has_content?
|
50
|
+
fields[ORIGINAL_FILENAME] = original_filename
|
50
51
|
fields[CONTENT_SIZE] = content_size
|
51
52
|
fields[CONTENT_SIZE_HUMAN] = content_human_size
|
52
53
|
fields[MEDIA_TYPE] = content_type
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Ddr::Models
|
2
|
+
#
|
3
|
+
# Blacklight CatalogController mixin that applies
|
4
|
+
# gated discovery.
|
5
|
+
#
|
6
|
+
# Assumes that the search builder class includes
|
7
|
+
# `Ddr::Models::SearchBuilder`.
|
8
|
+
#
|
9
|
+
module Catalog
|
10
|
+
|
11
|
+
def self.included(controller)
|
12
|
+
controller.search_params_logic += [:apply_gated_discovery]
|
13
|
+
|
14
|
+
controller.before_filter :enforce_show_permissions, only: :show
|
15
|
+
end
|
16
|
+
|
17
|
+
# @note Originally copied from Hydra::AccessControlsEnforcement
|
18
|
+
# and overridden.
|
19
|
+
def enforce_show_permissions
|
20
|
+
authorize! :read, params[:id]
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
module Ddr::Models
|
2
|
+
#
|
3
|
+
# Blacklight SearchBuilder methods.
|
4
|
+
#
|
5
|
+
# Include in controller search builder class:
|
6
|
+
#
|
7
|
+
# class SearchBuilder < Blacklight::Solr::SearchBuilder
|
8
|
+
# include Ddr::Models::SearchBuilder
|
9
|
+
# end
|
10
|
+
#
|
11
|
+
module SearchBuilder
|
12
|
+
|
13
|
+
# @note Copied from Hydra::AccessControlsEnforcement
|
14
|
+
def apply_gated_discovery(solr_parameters)
|
15
|
+
solr_parameters[:fq] ||= []
|
16
|
+
solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
|
17
|
+
end
|
18
|
+
|
19
|
+
def current_ability
|
20
|
+
# :scope is assumed here to be a controller which responds to :current_ability
|
21
|
+
scope.current_ability
|
22
|
+
end
|
23
|
+
|
24
|
+
def gated_discovery_filters
|
25
|
+
[resource_role_filters, policy_role_filters].compact
|
26
|
+
end
|
27
|
+
|
28
|
+
# List of IDs for policies on which any of the current user's agent has a role in policy scope
|
29
|
+
def policy_role_policies
|
30
|
+
@policy_role_policies ||= Array.new.tap do |uris|
|
31
|
+
filters = current_ability.agents.map do |agent|
|
32
|
+
"#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\""
|
33
|
+
end.join(" OR ")
|
34
|
+
query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})"
|
35
|
+
results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::ID)
|
36
|
+
results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::ID] }
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def policy_role_filters
|
41
|
+
if policy_role_policies.present?
|
42
|
+
rels = policy_role_policies.map { |pid| [:isGovernedBy, pid] }
|
43
|
+
ActiveFedora::SolrService.construct_query_for_rel(rels, " OR ")
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def resource_role_filters
|
48
|
+
current_ability.agents.map do |agent|
|
49
|
+
ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent)
|
50
|
+
end.join(" OR ")
|
51
|
+
end
|
52
|
+
|
53
|
+
end
|
54
|
+
end
|
data/lib/ddr/models/version.rb
CHANGED
@@ -1,22 +1,43 @@
|
|
1
1
|
RSpec.describe ApplicationController, type: :controller do
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
describe "when shibboleth user authentication is required" do
|
8
|
-
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
|
9
|
-
it "should redirect to the shib authn path" do
|
10
|
-
get :index
|
11
|
-
expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth))
|
12
|
-
end
|
2
|
+
|
3
|
+
describe "authentication" do
|
4
|
+
controller do
|
5
|
+
before_action :authenticate_user!
|
6
|
+
def index; end
|
13
7
|
end
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
8
|
+
|
9
|
+
describe "authentication failure handling" do
|
10
|
+
describe "when shibboleth user authentication is required" do
|
11
|
+
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { true } }
|
12
|
+
it "should redirect to the shib authn path" do
|
13
|
+
get :index
|
14
|
+
expect(response).to redirect_to(user_omniauth_authorize_path(:shibboleth))
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
describe "when shibboleth user authentication is not required" do
|
19
|
+
before { allow(Ddr::Auth).to receive(:require_shib_user_authn) { false } }
|
20
|
+
it "should redirect to the new user session path" do
|
21
|
+
get :index
|
22
|
+
expect(response).to redirect_to(new_user_session_path)
|
23
|
+
end
|
19
24
|
end
|
20
25
|
end
|
21
26
|
end
|
27
|
+
|
28
|
+
describe "including `Ddr::Auth::RoleBasedAccessControlsEnforcement`" do
|
29
|
+
controller do
|
30
|
+
include Ddr::Auth::RoleBasedAccessControlsEnforcement
|
31
|
+
end
|
32
|
+
|
33
|
+
let(:user) { FactoryGirl.create(:user) }
|
34
|
+
|
35
|
+
its(:current_ability) { is_expected.to be_a(Ddr::Auth::AbstractAbility) }
|
36
|
+
|
37
|
+
it "delegates `authorized_to_act_as_superuser?` to current_ability" do
|
38
|
+
expect(subject.current_ability).to receive(:authorized_to_act_as_superuser?)
|
39
|
+
subject.authorized_to_act_as_superuser?
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
22
43
|
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require 'blacklight'
|
2
|
+
|
3
|
+
module Ddr::Models
|
4
|
+
RSpec.describe SearchBuilder do
|
5
|
+
|
6
|
+
subject { search_builder_class.new(processor_chain, scope) }
|
7
|
+
|
8
|
+
let(:search_builder_class) do
|
9
|
+
Class.new(Blacklight::Solr::SearchBuilder) do
|
10
|
+
include Ddr::Models::SearchBuilder
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
let(:processor_chain) { [] }
|
15
|
+
let(:ability) { double(agents: ["foo", "bar"]) }
|
16
|
+
let(:scope) { double(current_ability: ability) }
|
17
|
+
|
18
|
+
describe "#resource_role_filters" do
|
19
|
+
it "returns a list of clauses for each agent for the current ability" do
|
20
|
+
expect(subject.resource_role_filters.split(" OR "))
|
21
|
+
.to contain_exactly("_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}foo\"",
|
22
|
+
"_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}bar\"")
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
describe "#policy_role_policies" do
|
27
|
+
let(:collections) { FactoryGirl.build_list(:collection, 3) }
|
28
|
+
before do
|
29
|
+
collections[0].roles.grant type: "Editor", agent: "foo", scope: "policy"
|
30
|
+
collections[0].save
|
31
|
+
collections[1].roles.grant type: "Contributor", agent: "bar", scope: "policy"
|
32
|
+
collections[1].save
|
33
|
+
collections[2].roles.grant type: "Viewer", agent: "foo:bar", scope: "policy"
|
34
|
+
collections[2].save
|
35
|
+
end
|
36
|
+
it "returns a list of IDs for collections on which the current ability has a role" do
|
37
|
+
expect(subject.policy_role_policies).to match_array([collections[0].id, collections[1].id])
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
describe "#policy_role_filters" do
|
42
|
+
before do
|
43
|
+
allow(subject).to receive(:policy_role_policies) { ["test-13", "test-45"] }
|
44
|
+
end
|
45
|
+
it "should include clauses for isGovernedBy relationships to the #policy_role_policies" do
|
46
|
+
expect(subject.policy_role_filters).to eq("_query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-13\" OR _query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-45\"")
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ddr-models
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.0.alpha.
|
4
|
+
version: 3.0.0.alpha.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jim Coble
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-
|
12
|
+
date: 2015-11-04 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -53,20 +53,6 @@ dependencies:
|
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
55
|
version: '9.5'
|
56
|
-
- !ruby/object:Gem::Dependency
|
57
|
-
name: hydra-core
|
58
|
-
requirement: !ruby/object:Gem::Requirement
|
59
|
-
requirements:
|
60
|
-
- - "~>"
|
61
|
-
- !ruby/object:Gem::Version
|
62
|
-
version: '9.3'
|
63
|
-
type: :runtime
|
64
|
-
prerelease: false
|
65
|
-
version_requirements: !ruby/object:Gem::Requirement
|
66
|
-
requirements:
|
67
|
-
- - "~>"
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '9.3'
|
70
56
|
- !ruby/object:Gem::Dependency
|
71
57
|
name: hydra-validations
|
72
58
|
requirement: !ruby/object:Gem::Requirement
|
@@ -345,6 +331,20 @@ dependencies:
|
|
345
331
|
- - ">="
|
346
332
|
- !ruby/object:Gem::Version
|
347
333
|
version: '0'
|
334
|
+
- !ruby/object:Gem::Dependency
|
335
|
+
name: blacklight
|
336
|
+
requirement: !ruby/object:Gem::Requirement
|
337
|
+
requirements:
|
338
|
+
- - "~>"
|
339
|
+
- !ruby/object:Gem::Version
|
340
|
+
version: '5.15'
|
341
|
+
type: :development
|
342
|
+
prerelease: false
|
343
|
+
version_requirements: !ruby/object:Gem::Requirement
|
344
|
+
requirements:
|
345
|
+
- - "~>"
|
346
|
+
- !ruby/object:Gem::Version
|
347
|
+
version: '5.15'
|
348
348
|
description: Models used in the Duke Digital Repository
|
349
349
|
email:
|
350
350
|
- lib-drs@duke.edu
|
@@ -525,6 +525,8 @@ files:
|
|
525
525
|
- lib/ddr/models/metadata/metadata_vocabularies.rb
|
526
526
|
- lib/ddr/models/metadata/metadata_vocabulary.rb
|
527
527
|
- lib/ddr/models/object_api.rb
|
528
|
+
- lib/ddr/models/search/catalog.rb
|
529
|
+
- lib/ddr/models/search/search_builder.rb
|
528
530
|
- lib/ddr/models/solr_document.rb
|
529
531
|
- lib/ddr/models/struct_div.rb
|
530
532
|
- lib/ddr/models/structure.rb
|
@@ -562,7 +564,6 @@ files:
|
|
562
564
|
- spec/auth/web_auth_context_spec.rb
|
563
565
|
- spec/contacts/contacts_spec.rb
|
564
566
|
- spec/controllers/application_controller_spec.rb
|
565
|
-
- spec/controllers/including_role_based_access_controls_enforcement_spec.rb
|
566
567
|
- spec/controllers/users/sessions_controller_spec.rb
|
567
568
|
- spec/datastreams/fits_datastream_spec.rb
|
568
569
|
- spec/derivatives/multires_image_spec.rb
|
@@ -660,6 +661,7 @@ files:
|
|
660
661
|
- spec/models/indexing_spec.rb
|
661
662
|
- spec/models/item_spec.rb
|
662
663
|
- spec/models/license_spec.rb
|
664
|
+
- spec/models/search_builder_spec.rb
|
663
665
|
- spec/models/solr_document_spec.rb
|
664
666
|
- spec/models/struct_div_spec.rb
|
665
667
|
- spec/models/structure_spec.rb
|
@@ -726,7 +728,6 @@ test_files:
|
|
726
728
|
- spec/auth/web_auth_context_spec.rb
|
727
729
|
- spec/contacts/contacts_spec.rb
|
728
730
|
- spec/controllers/application_controller_spec.rb
|
729
|
-
- spec/controllers/including_role_based_access_controls_enforcement_spec.rb
|
730
731
|
- spec/controllers/users/sessions_controller_spec.rb
|
731
732
|
- spec/datastreams/fits_datastream_spec.rb
|
732
733
|
- spec/derivatives/multires_image_spec.rb
|
@@ -824,6 +825,7 @@ test_files:
|
|
824
825
|
- spec/models/indexing_spec.rb
|
825
826
|
- spec/models/item_spec.rb
|
826
827
|
- spec/models/license_spec.rb
|
828
|
+
- spec/models/search_builder_spec.rb
|
827
829
|
- spec/models/solr_document_spec.rb
|
828
830
|
- spec/models/struct_div_spec.rb
|
829
831
|
- spec/models/structure_spec.rb
|
@@ -1,48 +0,0 @@
|
|
1
|
-
RSpec.describe ApplicationController, type: :controller do
|
2
|
-
|
3
|
-
controller do
|
4
|
-
include Hydra::AccessControlsEnforcement
|
5
|
-
include Ddr::Auth::RoleBasedAccessControlsEnforcement
|
6
|
-
end
|
7
|
-
|
8
|
-
let(:user) { FactoryGirl.create(:user) }
|
9
|
-
|
10
|
-
before do
|
11
|
-
allow(controller.current_ability).to receive(:agents) { [ user.agent, "foo", "bar" ] }
|
12
|
-
end
|
13
|
-
|
14
|
-
describe "#resource_role_filters" do
|
15
|
-
it "should include clauses for each agent for the current ability" do
|
16
|
-
expect(subject.resource_role_filters.split(" OR "))
|
17
|
-
.to contain_exactly("_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}foo\"",
|
18
|
-
"_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}bar\"",
|
19
|
-
"_query_:\"{!raw f=#{Ddr::Index::Fields::RESOURCE_ROLE}}#{user.agent}\"")
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
describe "#policy_role_policies" do
|
24
|
-
let(:collections) { FactoryGirl.build_list(:collection, 3) }
|
25
|
-
before do
|
26
|
-
collections[0].roles.grant type: "Curator", agent: user, scope: "policy"
|
27
|
-
collections[0].save
|
28
|
-
collections[1].roles.grant type: "Editor", agent: "foo", scope: "policy"
|
29
|
-
collections[1].roles.grant type: "Contributor", agent: "bar", scope: "policy"
|
30
|
-
collections[1].save
|
31
|
-
collections[2].roles.grant type: "Viewer", agent: "foo:bar", scope: "policy"
|
32
|
-
collections[2].save
|
33
|
-
end
|
34
|
-
it "should return a list of IDs for collections on which the current ability has a role" do
|
35
|
-
expect(subject.policy_role_policies).to match_array([collections[0].id, collections[1].id])
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
describe "#policy_role_filters" do
|
40
|
-
before do
|
41
|
-
allow(subject).to receive(:policy_role_policies) { ["test-13", "test-45"] }
|
42
|
-
end
|
43
|
-
it "should include clauses for isGovernedBy relationships to the #policy_role_policies" do
|
44
|
-
expect(subject.policy_role_filters).to eq("_query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-13\" OR _query_:\"{!raw f=#{Ddr::Index::Fields::IS_GOVERNED_BY}}test-45\"")
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
end
|