dor-rights-auth 1.0.2 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dor/rights_auth.rb +67 -6
- metadata +31 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81837a8bfa8d33081376601a6efeea90ecb80d3f
|
|
4
|
+
data.tar.gz: a2131d7af706414648f74399efc22cdda0f4cf27
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1eddc3db3b13e12b7c20809622f28b4c088da471c08f2b0da4ea8a67e68583765c28cd3dd3a2c99f54b602af2e59a527d8875fd0649a0d4fd1c69c352f8745f3
|
|
7
|
+
data.tar.gz: 3adfce85f7b21e86f70d73f1eefce1c1f04968f50efb057d4f5bac18c3fe082126cb2f83e474fba1cdae90783256f9b96d19c84a31d691e70cc380d81b3c695c
|
data/lib/dor/rights_auth.rb
CHANGED
|
@@ -8,7 +8,7 @@ module Dor
|
|
|
8
8
|
Rights = Struct.new(:value, :rule)
|
|
9
9
|
|
|
10
10
|
# Rights for an object or File
|
|
11
|
-
EntityRights = Struct.new(:world, :group, :agent)
|
|
11
|
+
EntityRights = Struct.new(:world, :group, :agent, :location)
|
|
12
12
|
# class EntityRights
|
|
13
13
|
# @world = #Rights
|
|
14
14
|
# @group {
|
|
@@ -28,9 +28,10 @@ module Dor
|
|
|
28
28
|
# }
|
|
29
29
|
# end
|
|
30
30
|
|
|
31
|
+
# read rights_xml only once and create query-able methods for rights info
|
|
31
32
|
class RightsAuth
|
|
32
33
|
|
|
33
|
-
CONTAINS_STANFORD_XPATH = "contains(translate(text(), 'STANFORD', 'stanford'), 'stanford')"
|
|
34
|
+
CONTAINS_STANFORD_XPATH = "contains(translate(text(), 'STANFORD', 'stanford'), 'stanford')".freeze
|
|
34
35
|
|
|
35
36
|
attr_accessor :obj_lvl, :file, :embargoed, :index_elements
|
|
36
37
|
|
|
@@ -56,7 +57,8 @@ module Dor
|
|
|
56
57
|
alias_method :public_unrestricted?, :world_unrestricted?
|
|
57
58
|
|
|
58
59
|
def readable?
|
|
59
|
-
|
|
60
|
+
# TODO: stanford_only or public with rule, figure out if this is still a legit method
|
|
61
|
+
public_unrestricted? || stanford_only_unrestricted?
|
|
60
62
|
end
|
|
61
63
|
|
|
62
64
|
# Returns true if the object is stanford-only readable AND has no rule attribute
|
|
@@ -115,6 +117,30 @@ module Dor
|
|
|
115
117
|
[@obj_lvl.group[:stanford].value, @obj_lvl.group[:stanford].rule]
|
|
116
118
|
end
|
|
117
119
|
|
|
120
|
+
# Returns whether an object-level location node exists for the passed in location, and the
|
|
121
|
+
# value of its rule attribute
|
|
122
|
+
# @param [String] location_name name of the location that is tested for access
|
|
123
|
+
# @return (see #world_rights)
|
|
124
|
+
# @example Using multiple variable assignment to read both array elements
|
|
125
|
+
# location_exists, location_rule = rights.location_rights('spec_coll_reading_room')
|
|
126
|
+
def location_rights(location_name)
|
|
127
|
+
return [false, nil] if @obj_lvl.location[location_name].nil?
|
|
128
|
+
|
|
129
|
+
[@obj_lvl.location[location_name].value, @obj_lvl.location[location_name].rule]
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
# Returns whether a given file has any location restrictions and falls back to
|
|
133
|
+
# the object behavior in the absence of the file.
|
|
134
|
+
# @param [String] file_name name of the file being tested
|
|
135
|
+
# @return [Boolean] whether any location restrictions exist on the file or the
|
|
136
|
+
# object itself (in the absence of file-level rights)
|
|
137
|
+
def restricted_by_location?(file_name = nil)
|
|
138
|
+
any_file_location = @file[file_name] && @file[file_name].location.any?
|
|
139
|
+
any_object_location = @obj_lvl.location && @obj_lvl.location.any?
|
|
140
|
+
|
|
141
|
+
any_file_location || any_object_location
|
|
142
|
+
end
|
|
143
|
+
|
|
118
144
|
# Returns whether an object-level agent node exists for the passed in agent, and the value of its rule attribute
|
|
119
145
|
# @param [String] agent_name name of the app or thing that is tested for access
|
|
120
146
|
# @return (see #world_rights)
|
|
@@ -152,6 +178,22 @@ module Dor
|
|
|
152
178
|
[@file[file_name].group[:stanford].value, @file[file_name].group[:stanford].rule]
|
|
153
179
|
end
|
|
154
180
|
|
|
181
|
+
# Returns whether a file-level location-node exists, and the value of its rule attribute
|
|
182
|
+
# If a location-node does not exist for this file, then object-level location rights are returned
|
|
183
|
+
# @param [String] file_name name of the file being tested
|
|
184
|
+
# @param [String] location_name name of the location being tested
|
|
185
|
+
# @return (see #world_rights)
|
|
186
|
+
# @example Using multiple variable assignment to read both array elements
|
|
187
|
+
# location_exists, location_rule = rightslocation_rights_for_file('filex', 'spec_coll_reading_room')
|
|
188
|
+
def location_rights_for_file(file_name, location_name)
|
|
189
|
+
file_rights = @file[file_name]
|
|
190
|
+
return location_rights(location_name) if file_rights.nil?
|
|
191
|
+
|
|
192
|
+
return [false, nil] if file_rights.location[location_name].nil?
|
|
193
|
+
|
|
194
|
+
[file_rights.location[location_name].value, file_rights.location[location_name].rule]
|
|
195
|
+
end
|
|
196
|
+
|
|
155
197
|
# Returns whether a file-level agent-node exists, and the value of its rule attribute
|
|
156
198
|
# If an agent-node does not exist for this file, then object-level agent rights are returned
|
|
157
199
|
# @param [String] file_name name of the file being tested
|
|
@@ -160,7 +202,8 @@ module Dor
|
|
|
160
202
|
# @example Using multiple variable assignment to read both array elements
|
|
161
203
|
# agent_exists, agent_rule = rights.agent_rights_for_file('filex', 'someapp')
|
|
162
204
|
def agent_rights_for_file(file_name, agent_name)
|
|
163
|
-
|
|
205
|
+
# look at object level agent rights if the file-name is not stored
|
|
206
|
+
return agent_rights(agent_name) if @file[file_name].nil?
|
|
164
207
|
|
|
165
208
|
return [false, nil] if @file[file_name].agent[agent_name].nil? # file rules exist, but not for this agent
|
|
166
209
|
|
|
@@ -303,14 +346,23 @@ module Dor
|
|
|
303
346
|
rights.obj_lvl.group = { :stanford => Rights.new }
|
|
304
347
|
rights.index_elements = extract_access_rights(doc) if forindex
|
|
305
348
|
|
|
306
|
-
|
|
349
|
+
xpath = "//rightsMetadata/access[@type='read' and not(file)]/machine/group[#{CONTAINS_STANFORD_XPATH}]"
|
|
350
|
+
if doc.at_xpath(xpath)
|
|
307
351
|
rights.obj_lvl.group[:stanford].value = true
|
|
308
|
-
rule = doc.at_xpath("
|
|
352
|
+
rule = doc.at_xpath("#{xpath}/@rule")
|
|
309
353
|
rights.obj_lvl.group[:stanford].rule = rule.value if rule
|
|
310
354
|
else
|
|
311
355
|
rights.obj_lvl.group[:stanford].value = false
|
|
312
356
|
end
|
|
313
357
|
|
|
358
|
+
rights.obj_lvl.location = {}
|
|
359
|
+
doc.xpath("//rightsMetadata/access[@type='read' and not(file)]/machine/location").each do |node|
|
|
360
|
+
r = Rights.new
|
|
361
|
+
r.value = true
|
|
362
|
+
r.rule = node['rule']
|
|
363
|
+
rights.obj_lvl.location[node.content] = r
|
|
364
|
+
end
|
|
365
|
+
|
|
314
366
|
rights.obj_lvl.agent = {}
|
|
315
367
|
doc.xpath("//rightsMetadata/access[@type='read' and not(file)]/machine/agent").each do |node|
|
|
316
368
|
r = Rights.new
|
|
@@ -347,6 +399,14 @@ module Dor
|
|
|
347
399
|
world_access.value = false
|
|
348
400
|
end
|
|
349
401
|
|
|
402
|
+
file_locations = {}
|
|
403
|
+
access_node.xpath('machine/location').each do |node|
|
|
404
|
+
r = Rights.new
|
|
405
|
+
r.value = true
|
|
406
|
+
r.rule = node['rule']
|
|
407
|
+
file_locations[node.content] = r
|
|
408
|
+
end
|
|
409
|
+
|
|
350
410
|
file_agents = {}
|
|
351
411
|
access_node.xpath('machine/agent').each do |node|
|
|
352
412
|
r = Rights.new
|
|
@@ -360,6 +420,7 @@ module Dor
|
|
|
360
420
|
file_rights.world = world_access
|
|
361
421
|
file_rights.group = { :stanford => stanford_access }
|
|
362
422
|
file_rights.agent = file_agents
|
|
423
|
+
file_rights.location = file_locations
|
|
363
424
|
|
|
364
425
|
rights.file[f.content] = file_rights
|
|
365
426
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dor-rights-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Willy Mene
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2016-06-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: nokogiri
|
|
@@ -53,6 +53,34 @@ dependencies:
|
|
|
53
53
|
- - "~>"
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
55
|
version: '3.0'
|
|
56
|
+
- !ruby/object:Gem::Dependency
|
|
57
|
+
name: coveralls
|
|
58
|
+
requirement: !ruby/object:Gem::Requirement
|
|
59
|
+
requirements:
|
|
60
|
+
- - ">="
|
|
61
|
+
- !ruby/object:Gem::Version
|
|
62
|
+
version: '0'
|
|
63
|
+
type: :development
|
|
64
|
+
prerelease: false
|
|
65
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
66
|
+
requirements:
|
|
67
|
+
- - ">="
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: '0'
|
|
70
|
+
- !ruby/object:Gem::Dependency
|
|
71
|
+
name: codeclimate-test-reporter
|
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
|
73
|
+
requirements:
|
|
74
|
+
- - ">="
|
|
75
|
+
- !ruby/object:Gem::Version
|
|
76
|
+
version: '0'
|
|
77
|
+
type: :development
|
|
78
|
+
prerelease: false
|
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
80
|
+
requirements:
|
|
81
|
+
- - ">="
|
|
82
|
+
- !ruby/object:Gem::Version
|
|
83
|
+
version: '0'
|
|
56
84
|
- !ruby/object:Gem::Dependency
|
|
57
85
|
name: yard
|
|
58
86
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -103,7 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
103
131
|
version: 1.3.6
|
|
104
132
|
requirements: []
|
|
105
133
|
rubyforge_project:
|
|
106
|
-
rubygems_version: 2.4.
|
|
134
|
+
rubygems_version: 2.4.5.1
|
|
107
135
|
signing_key:
|
|
108
136
|
specification_version: 4
|
|
109
137
|
summary: Parses rightsMetadata xml into a useable object
|