dor-rights-auth 1.1.0 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 81837a8bfa8d33081376601a6efeea90ecb80d3f
-  data.tar.gz: a2131d7af706414648f74399efc22cdda0f4cf27
+SHA256:
+  metadata.gz: 60b3d1ae87e3950792e247f96ea41245ef998ff8db8c17f081eb310faec851dd
+  data.tar.gz: 531ea2c07aff3cb9a9a87076123ac43be63f4e0a834c4c5677ad7f4c3756bba0
 SHA512:
-  metadata.gz: 1eddc3db3b13e12b7c20809622f28b4c088da471c08f2b0da4ea8a67e68583765c28cd3dd3a2c99f54b602af2e59a527d8875fd0649a0d4fd1c69c352f8745f3
-  data.tar.gz: 3adfce85f7b21e86f70d73f1eefce1c1f04968f50efb057d4f5bac18c3fe082126cb2f83e474fba1cdae90783256f9b96d19c84a31d691e70cc380d81b3c695c
+  metadata.gz: cc78bc626716818af2369ee0221de05418d1feaf65a87249594497b353b01010825c13bcc6a0ca4e6f26bfe1558bde6e49b8f8cc2fd6a28acd8dfaa8a1fb51cf
+  data.tar.gz: 5db61b24e0a5e24a46e264b610144d58af26bc0b5538799d8811e4aece667dcc30e23e6bd58efbc04958e4189048a514a7d5322d8f016811083685ba5c691029

data/lib/dor/rights/auth.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'dor/rights_auth'

data/lib/dor/rights_auth.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'nokogiri'
 require 'time'
 
@@ -8,7 +10,7 @@ module Dor
   Rights = Struct.new(:value, :rule)
 
   # Rights for an object or File
-  EntityRights = Struct.new(:world, :group, :agent, :location)
+  EntityRights = Struct.new(:world, :group, :agent, :location, :controlled_digital_lending)
   # class EntityRights
   #   @world = #Rights
   #   @group {
@@ -18,6 +20,7 @@ module Dor
   #     'app1' => #Rights,
   #     'app2' => #Rights
   #   }
+  #   @controlled_digital_lending = false
   # end
 
   # class Dor::RightsAuth
@@ -31,7 +34,8 @@ module Dor
   # read rights_xml only once and create query-able methods for rights info
   class RightsAuth
 
-    CONTAINS_STANFORD_XPATH = "contains(translate(text(), 'STANFORD', 'stanford'), 'stanford')".freeze
+    CONTAINS_STANFORD_XPATH = "contains(translate(text(), 'STANFORD', 'stanford'), 'stanford')"
+    NO_DOWNLOAD_RULE = 'no-download'
 
     attr_accessor :obj_lvl, :file, :embargoed, :index_elements
 
@@ -44,16 +48,40 @@ module Dor
 
     # Returns true if the object is under embargo.
     # @return [Boolean]
-    def embargoed? # rubocop:disable Style/TrivialAccessors
+    def embargoed?
       @embargoed
     end
 
+    # summary level rights info is mostly used for object-level indexing/faceting.
+    # thus, we currently only calculate it when parsing object rights for indexing.
+    # to keep from having to refactor or duplicate code right now, we'll just leverage
+    # what we've got, checking whether index_elements is populated, and raising an error
+    # if the object wasn't instantiated in a way that makes those calculations.
+    def check_index_elements_calculated!
+      unless index_elements.size > 0
+        raise "primary access rights not calculated.  instantiate by calling '.parse(xml, forindex = true)'."
+      end
+    end
+
+    # this is just a convenience method for asking whether an object's rights would
+    # classify it as 'dark'.
+    def dark?
+      check_index_elements_calculated!
+      index_elements[:primary] == 'dark'
+    end
+
+    # this is just a convenience method for asking whether an object's rights would
+    # classify it as 'citation only'.
+    def citation_only?
+      check_index_elements_calculated!
+      index_elements[:primary] == 'citation'
+    end
+
     # Returns true if the object is world readable AND has no rule attribute
     # @return [Boolean]
     def world_unrestricted?
       @obj_lvl.world.value && @obj_lvl.world.rule.nil?
     end
-
     alias_method :public_unrestricted?, :world_unrestricted?
 
     def readable?
@@ -61,20 +89,41 @@ module Dor
       public_unrestricted? || stanford_only_unrestricted?
     end
 
+    # Returns true if the object is readable AND allows download
+    # @return [Boolean]
+    def world_downloadable?
+      world_rule = @obj_lvl.world.rule
+      @obj_lvl.world.value && (world_rule.nil? || world_rule != NO_DOWNLOAD_RULE)
+    end
+    alias_method :public_downloadable?, :world_downloadable?
+
+    # Returns true if the object is enabled for controlled digital lending
+    # @return [Boolean]
+    def controlled_digital_lending?
+      @obj_lvl.controlled_digital_lending
+    end
+
     # Returns true if the object is stanford-only readable AND has no rule attribute
     # @return [Boolean]
     def stanford_only_unrestricted?
       @obj_lvl.group[:stanford].value && @obj_lvl.group[:stanford].rule.nil?
     end
 
+    # Returns true if the object is stanford-only readable AND allows download
+    # @return [Boolean]
+    def stanford_only_downloadable?
+      stanford_rule = @obj_lvl.group[:stanford].rule
+      @obj_lvl.group[:stanford].value && (stanford_rule.nil? || stanford_rule != NO_DOWNLOAD_RULE)
+    end
+
     # Returns true if the passed in agent (usually an application) is allowed access to the object without a rule
     # @param [String] agent_name Name of the agent that wants to access this object
     # @return [Boolean]
     def agent_unrestricted?(agent_name)
       return false unless @obj_lvl.agent.key? agent_name
+
       @obj_lvl.agent[agent_name].value && @obj_lvl.agent[agent_name].rule.nil?
     end
-
     alias_method :allowed_read_agent?, :agent_unrestricted?
 
     # Returns true if the file is stanford-only readable AND has no rule attribute
@@ -98,18 +147,44 @@ module Dor
 
       @file[file_name].world.value && @file[file_name].world.rule.nil?
     end
-
     alias_method :public_unrestricted_file?, :world_unrestricted_file?
 
+    # Returns true if the file is world readable AND either has no rule attribute or
+    # the rule attribute is not 'no-download'
+    #   If world rights do not exist for this file, then object level rights are returned
+    # @see #world_downloadable?
+    # @param [String] file_name name of the file being tested
+    # @return (see #world_rights)
+    def world_downloadable_file?(file_name)
+      return world_downloadable? if @file[file_name].nil? || @file[file_name].world.nil?
+
+      world_rule = @file[file_name].world.rule
+      @file[file_name].world.value && (world_rule.nil? || world_rule != NO_DOWNLOAD_RULE)
+    end
+    alias_method :public_downloadable_file?, :world_downloadable_file?
+
+    def stanford_only_downloadable_file?(file_name)
+      return stanford_only_downloadable? if @file[file_name].nil? || @file[file_name].group[:stanford].nil?
+
+      stanford_rule = @file[file_name].group[:stanford].rule
+      @file[file_name].group[:stanford].value && (stanford_rule.nil? || stanford_rule != NO_DOWNLOAD_RULE)
+    end
+
+    def cdl_rights_for_file(file_name)
+      return controlled_digital_lending? if @file[file_name].nil? || @file[file_name].controlled_digital_lending.nil?
+
+      @file[file_name].controlled_digital_lending.value
+    end
+
     # Returns whether an object-level world node exists, and the value of its rule attribute
-    # @return [Array<(Boolean, String)>] First value: existance of node. Second Value: rule attribute, nil otherwise
+    # @return [Array<(Boolean, String)>] First value: existence of node. Second Value: rule attribute, nil otherwise
     # @example Using multiple variable assignment to read both array elements
     #   world_exists, world_rule = rights.world_rights
     def world_rights
       [@obj_lvl.world.value, @obj_lvl.world.rule]
     end
 
-    # Returns whether and object-level group/stanford node exists, and the value of its rule attribute
+    # Returns whether an object-level group/stanford node exists, and the value of its rule attribute
     # @return (see #world_rights)
     # @example Using multiple variable assignment to read both array elements
     #   su_only_exists, su_only_rule = rights.stanford_only_rights
@@ -135,8 +210,8 @@ module Dor
     # @return [Boolean] whether any location restrictions exist on the file or the
     #   object itself (in the absence of file-level rights)
     def restricted_by_location?(file_name = nil)
-      any_file_location = @file[file_name] && @file[file_name].location.any?
-      any_object_location = @obj_lvl.location && @obj_lvl.location.any?
+      any_file_location = @file[file_name]&.location&.any?
+      any_object_location = @obj_lvl.location&.any?
 
       any_file_location || any_object_location
     end
@@ -149,6 +224,7 @@ module Dor
     # @note should be called after doing a check for world_unrestricted?
     def agent_rights(agent_name)
       return [false, nil] if @obj_lvl.agent[agent_name].nil?
+
       [@obj_lvl.agent[agent_name].value, @obj_lvl.agent[agent_name].rule]
     end
 
@@ -168,7 +244,7 @@ module Dor
     # Returns whether a file-level group/stanford node exists, and the value of its rule attribute
     #    If a group/stanford node does not exist for this file, then object-level group/stanford rights are returned
     # @see #stanford_only_rights
-    # @param (see #world_rights_for_file)
+    # @param [String] file_name name of the file being tested
     # @return (see #world_rights)
     # @example Using multiple variable assignment to read both array elements
     #   su_only_exists, su_only_rule = rights.stanford_only_rights_for_file('somefile')
@@ -215,6 +291,7 @@ module Dor
     # @return [Array]        list of things that are wrong with it
     def self.validate_lite(doc)
       return ['no_rightsMetadata'] if doc.nil? || doc.at_xpath('//rightsMetadata').nil?
+
       errors = []
       maindiscover = doc.at_xpath("//rightsMetadata/access[@type='discover' and not(file)]")
       mainread     = doc.at_xpath("//rightsMetadata/access[@type='read'     and not(file)]")
@@ -243,7 +320,10 @@ module Dor
     def self.extract_index_terms(doc)
       terms = []
       machine = doc.at_xpath("//rightsMetadata/access[@type='read' and not(file)]/machine")
-      terms.push 'none_discover'  if doc.at_xpath("//rightsMetadata/access[@type='discover']/machine/none")
+      if doc.at_xpath("//rightsMetadata/access[@type='discover']/machine/none") ||
+         doc.at_xpath("//rightsMetadata/access[@type='discover']/machine[not(*)]")
+        terms.push 'none_discover'
+      end
       terms.push 'world_discover' if doc.at_xpath("//rightsMetadata/access[@type='discover']/machine/world[not(@rule)]")
       return terms if machine.nil?
 
@@ -257,11 +337,22 @@ module Dor
         terms.push "group|#{machine.at_xpath('./group').value.downcase}"
       end
 
+      ['location', 'agent'].each do |access_type|
+        if machine.at_xpath("./#{access_type}")
+          terms.push access_type
+          terms.push "#{access_type}_with_rule" if machine.at_xpath("./#{access_type}")
+        end
+      end
+
+      terms.push 'none_read_file' if doc.at_xpath("//rightsMetadata/access[@type='read' and file]/machine/none")
+
       if machine.at_xpath('./none')
         terms.push 'none_read'
       elsif machine.at_xpath('./world')
         terms.push 'world_read'
         terms.push "world|#{machine.at_xpath('./world/@rule').value.downcase}" if machine.at_xpath('./world/@rule')
+      elsif machine.at_xpath('./cdl')
+        terms.push 'cdl_none'
       end
 
       # now some statistical generation
@@ -293,12 +384,26 @@ module Dor
     #   :errors  => [...],   # known error cases
     #   :terms   => [...]    # array of non-error characterizations and stats strings
     # }
-    def self.extract_access_rights(doc)
+    def self.init_index_elements(doc)
       errors = validate_lite(doc)
       stuff = {
         :primary => nil,
-        :errors  => errors,
-        :terms   => []
+        :errors => errors,
+        :terms => [],
+        :obj_groups => [],
+        :obj_locations => [],
+        :obj_agents => [],
+        :file_groups => [],
+        :file_locations => [],
+        :file_agents => [],
+        :obj_world_qualified => [],
+        :obj_groups_qualified => [],
+        :obj_locations_qualified => [],
+        :obj_agents_qualified => [],
+        :file_world_qualified => [],
+        :file_groups_qualified => [],
+        :file_locations_qualified => [],
+        :file_agents_qualified => []
       }
 
       if errors.include? 'no_rightsMetadata'
@@ -307,22 +412,33 @@ module Dor
       end
 
       stuff[:terms] = extract_index_terms(doc)
-      has_rule = stuff[:terms].include? 'has_rule'
+      stuff[:primary] = primary_access_rights stuff[:terms], errors
 
-      if stuff[:terms].include?('none_discover')
-        stuff[:primary] = 'dark'
+      stuff
+    end
+
+    # "primary" access is a somewhat crude way of summarizing a whole
+    # object (possibly with many disparate interacting rights types)
+    # using one rights label.  but it should still do a good job of capturing
+    # rights that make more sense at the object level (e.g. 'dark').
+    def self.primary_access_rights(index_terms, errors)
+      has_rule = index_terms.include? 'has_rule'
+      if index_terms.include?('none_discover')
+        'dark'
+      elsif index_terms.include?('cdl_none')
+        'controlled digital lending'
       elsif errors.include?('no_discover_access') || errors.include?('no_discover_machine')
-        stuff[:primary] = 'dark'
-      elsif errors.include?('no_read_machine') || stuff[:terms].include?('none_read')
-        stuff[:primary] = 'citation'
-      elsif stuff[:terms].include? 'world_read'
-        stuff[:primary] = has_rule ? 'world_qualified' : 'world'
-      elsif stuff[:terms].include? 'group|stanford'
-        stuff[:primary] = has_rule ? 'stanford_qualified' : 'stanford'
+        'dark'
+      elsif errors.include?('no_read_machine') || index_terms.include?('none_read')
+        'citation'
+      elsif index_terms.include? 'world_read'
+        has_rule ? 'world_qualified' : 'world'
+      elsif index_terms.include?('has_group_rights') ||
+            index_terms.include?('location') || index_terms.include?('agent')
+        has_rule ? 'access_restricted_qualified' : 'access_restricted'
       else # should never happen, but we might as well note it if it does
-        stuff[:primary] = has_rule ? 'UNKNOWN_qualified' : 'UNKNOWN'
+        has_rule ? 'UNKNOWN_qualified' : 'UNKNOWN'
       end
-      stuff
     end
 
     # Create a Dor::RightsAuth object from xml
@@ -335,22 +451,35 @@ module Dor
       rights.obj_lvl.world = Rights.new
 
       doc = xml.is_a?(Nokogiri::XML::Document) ? xml.clone : Nokogiri::XML(xml)
+
+      rights.index_elements = init_index_elements(doc) if forindex
+
       if doc.at_xpath("//rightsMetadata/access[@type='read' and not(file)]/machine/world")
         rights.obj_lvl.world.value = true
         rule = doc.at_xpath("//rightsMetadata/access[@type='read' and not(file)]/machine/world/@rule")
         rights.obj_lvl.world.rule = rule.value if rule
+        rights.index_elements[:obj_world_qualified] << { :rule => (rule ? rule.value : nil) } if forindex
       else
         rights.obj_lvl.world.value = false
       end
 
-      rights.obj_lvl.group  = { :stanford => Rights.new }
-      rights.index_elements = extract_access_rights(doc) if forindex
+      # TODO: we should also look for the <group rule="no-download">stanford</group> node and parse as needed
+      if doc.at_xpath("//rightsMetadata/access[@type='read' and not(file)]/machine/cdl")
+        rights.obj_lvl.controlled_digital_lending = true
+      else
+        rights.obj_lvl.controlled_digital_lending = false
+      end
 
+      rights.obj_lvl.group = { :stanford => Rights.new }
       xpath = "//rightsMetadata/access[@type='read' and not(file)]/machine/group[#{CONTAINS_STANFORD_XPATH}]"
       if doc.at_xpath(xpath)
         rights.obj_lvl.group[:stanford].value = true
         rule = doc.at_xpath("#{xpath}/@rule")
         rights.obj_lvl.group[:stanford].rule = rule.value if rule
+        if forindex
+          rights.index_elements[:obj_groups_qualified] << { :group => 'stanford', :rule => (rule ? rule.value : nil) }
+          rights.index_elements[:obj_groups] << 'stanford'
+        end
       else
         rights.obj_lvl.group[:stanford].value = false
       end
@@ -361,6 +490,10 @@ module Dor
         r.value = true
         r.rule = node['rule']
         rights.obj_lvl.location[node.content] = r
+        if forindex
+          rights.index_elements[:obj_locations_qualified] << { :location => node.content, :rule => node['rule'] }
+          rights.index_elements[:obj_locations] << node.content
+        end
       end
 
       rights.obj_lvl.agent = {}
@@ -369,6 +502,10 @@ module Dor
         r.value = true
         r.rule = node['rule']
         rights.obj_lvl.agent[node.content] = r
+        if forindex
+          rights.index_elements[:obj_agents_qualified] << { :agent => node.content, :rule => node['rule'] }
+          rights.index_elements[:obj_agents] << node.content
+        end
       end
 
       # Initialze embargo_status to false
@@ -383,18 +520,33 @@ module Dor
       access_with_files.each do |access_node|
         stanford_access = Rights.new
         world_access    = Rights.new
+        controlled_digital_lending = Rights.new
         if access_node.at_xpath("machine/group[#{CONTAINS_STANFORD_XPATH}]")
           stanford_access.value = true
           rule = access_node.at_xpath("machine/group[#{CONTAINS_STANFORD_XPATH}]/@rule")
           stanford_access.rule = rule.value if rule
+          if forindex
+            rights.index_elements[:file_groups_qualified] <<
+              { :group => 'stanford', :rule => (rule ? rule.value : nil) }
+            rights.index_elements[:file_groups] << 'stanford'
+          end
         else
           stanford_access.value = false
         end
 
+        if access_node.at_xpath('machine/cdl')
+          controlled_digital_lending.value = true
+          rule = access_node.at_xpath('machine/cdl/@rule')
+          controlled_digital_lending.rule = rule.value if rule
+        else
+          controlled_digital_lending.value = false
+        end
+
         if access_node.at_xpath('machine/world')
           world_access.value = true
           rule = access_node.at_xpath('machine/world/@rule')
           world_access.rule = rule.value if rule
+          rights.index_elements[:file_world_qualified] << { :rule => (rule ? rule.value : nil) } if forindex
         else
           world_access.value = false
         end
@@ -405,6 +557,10 @@ module Dor
           r.value = true
           r.rule = node['rule']
           file_locations[node.content] = r
+          if forindex
+            rights.index_elements[:file_locations_qualified] << { :location => node.content, :rule => node['rule'] }
+            rights.index_elements[:file_locations] << node.content
+          end
         end
 
         file_agents = {}
@@ -413,6 +569,10 @@ module Dor
           r.value = true
           r.rule = node['rule']
           file_agents[node.content] = r
+          if forindex
+            rights.index_elements[:file_agents_qualified] << { :agent => node.content, :rule => node['rule'] }
+            rights.index_elements[:file_agents] << node.content
+          end
         end
 
         access_node.xpath('file').each do |f|
@@ -421,11 +581,28 @@ module Dor
           file_rights.group = { :stanford => stanford_access }
           file_rights.agent = file_agents
           file_rights.location = file_locations
-
+          file_rights.controlled_digital_lending = controlled_digital_lending
           rights.file[f.content] = file_rights
         end
       end
 
+      if forindex
+        %i[obj_groups
+           obj_locations
+           obj_agents
+           file_groups
+           file_locations
+           file_agents
+           obj_world_qualified
+           obj_groups_qualified
+           obj_locations_qualified
+           obj_agents_qualified
+           file_world_qualified
+           file_groups_qualified
+           file_locations_qualified
+           file_agents_qualified].each { |index_elt| rights.index_elements[index_elt].uniq! }
+      end
+
       rights
     end
 

metadata

@@ -1,15 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: dor-rights-auth
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.6.0
 platform: ruby
 authors:
 - Willy Mene
 - Joe Atzberger
+- Johnathan Martin
+- Naomi Dushay
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-06 00:00:00.000000000 Z
+date: 2020-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -25,6 +27,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -54,7 +84,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: coveralls
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -68,7 +98,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -97,8 +127,7 @@ dependencies:
         version: '0'
 description: Parses rightsMetadata xml into a useable object
 email:
-- wmene@stanford.edu
-- atz@stanford.edu
+- dlss-infrastructure-team@lists.stanford.edu
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -121,19 +150,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Parses rightsMetadata xml into a useable object
 test_files: []
-has_rdoc: