fcrepo_admin 0.2.3 → 0.2.4

data/Gemfile

@@ -2,4 +2,5 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'devise'
+gem 'active-fedora', github: 'projecthydra/active_fedora'
+gem 'devise'

data/HISTORY.rdoc

@@ -1,3 +1,7 @@
+=== 0.3.0
+
+* Feature: Added permissions and inherited permissions to object view.
+
 === 0.2.0
 
 * Feature: Datastream content editing.

data/README.rdoc

@@ -37,6 +37,12 @@ See https://github.com/projecthydra/hydra-head/wiki/Installation-Prerequisites.
   You may replace <code>'/admin'</code> with any mount point (except perhaps <code>'/catalog'</code>), 
   including <code>'/'</code>. All routes include <code>objects</code> as a subpath.
 
+* Add abilities to your Ability class
+
+  In app/models/ability.rb add this line after the Hydra abilities:
+
+    include FcrepoAdmin::DatastreamAbility
+
 * Extend the SolrDocument model
   
   In app/models/solr_document.rb add this line:

data/app/controllers/fcrepo_admin/objects_controller.rb

@@ -1,13 +1,50 @@
 module FcrepoAdmin
   class ObjectsController < ApplicationController
+
+    include FcrepoAdmin::ControllerBehavior
     
     PROPERTIES = [:owner_id, :state, :create_date, :modified_date, :label]
 
+    helper_method :apo_enforcement_enabled?
+    helper_method :object_properties
+
+    before_filter { |c| c.load_and_authz_object :id }
+    before_filter :load_apo_info   # depends on load_and_authz_object
+
     def show
-      @object = ActiveFedora::Base.find(params[:id], :cast => true)
-      authorize! :read, @object
-      @properties = {}
-      PROPERTIES.each { |p| @properties[p] = @object.send(p) }
+    end
+
+    protected
+
+    def apo_enforcement_enabled?
+      # Including Hydra::PolicyAwareAccessControlsEnforcement in ApplicationController 
+      # appears to be the only way that APO access control enforcement can be enabled.
+      self.class.ancestors.include?(Hydra::PolicyAwareAccessControlsEnforcement)    
+    end
+
+    def object_properties
+      properties = {}
+      PROPERTIES.each { |p| properties[p] = @object.send(p) }
+      properties
+    end
+
+    def load_apo_info
+      @apo_relationship_name = nil
+      @apo = nil
+      # XXX Ideally we would use Hydra::PolicyAwareAccessControlsEnforcement#policy_class,
+      # but it's only available if it's been included in the application controller, i.e.,
+      # if APO access control enforcement is enabled.  We want to know the name of the
+      # relationship regardless of whether policy enforcement is enabled.
+      apo_class = Hydra.config[:permissions].fetch(:policy_class, Hydra::AdminPolicy)
+      @object.reflections.each_value do |reflection|
+        if reflection.options[:property] == :is_governed_by \
+          && reflection.macro == :belongs_to #&& reflection.class_name == apo_class.to_s
+          @apo_relationship_name = reflection.name
+          @apo = @object.send(@apo_relationship_name)
+          break
+        end
+      end
+      
     end
 
   end

data/app/views/fcrepo_admin/objects/_permissions.html.erb

@@ -1,18 +1,12 @@
+<% if permissions.empty? %>
+<p>
+  <%= t("fcrepo_admin.object.permissions.no_permissions") %>
+</p>
+<% else %>
 <table class="table table-bordered table-condensed">
-  <thead>
-	<tr>
-	  <th scope="col"><%= t("fcrepo_admin.object.permissions.type") %></th>
-	  <th scope="col"><%= t("fcrepo_admin.object.permissions.name") %></th>
-	  <th scope="col"><%= t("fcrepo_admin.object.permissions.access") %></th>
-	</tr>
-  </thead>
+  <%= render :partial => "permissions_header" %>
   <tbody>
-	<% object.permissions.each do |p| %>
-    <tr>
-	  <td><%= p[:type] %></td>
-	  <td><%= p[:name] %></td>
-	  <td><%= p[:access] %></td>
-    </tr>
-	<% end %>
+	<%= render :partial => "permissions_row", :collection => permissions, :as => :permission %>
   </tbody>
 </table>
+<% end %>

data/app/views/fcrepo_admin/objects/_permissions_header.html.erb

@@ -0,0 +1,7 @@
+<thead>
+  <tr>
+	<th scope="col"><%= t("fcrepo_admin.object.permissions.header.type") %></th>
+	<th scope="col"><%= t("fcrepo_admin.object.permissions.header.name") %></th>
+	<th scope="col"><%= t("fcrepo_admin.object.permissions.header.access") %></th>
+  </tr>
+</thead>

data/app/views/fcrepo_admin/objects/_permissions_row.html.erb

@@ -0,0 +1,5 @@
+<tr>
+  <td><%= permission[:type] %></td>
+  <td><%= permission[:name] %></td>
+  <td><%= permission[:access] %></td>
+</tr>

data/app/views/fcrepo_admin/objects/show.html.erb

@@ -1,5 +1,9 @@
 <h1><%= @object.pid %></h1>
 
+<p>
+  Object Type: <%= @object.class.to_s %>
+</p>
+
 <div class="tabbable">
   <ul class="nav nav-tabs">
     <li class="active"><a href="#tab-datastreams" data-toggle="tab"><%= t("fcrepo_admin.object.tabs.datastreams") %></a></li>
@@ -11,10 +15,34 @@
 	  <%= render :partial => 'fcrepo_admin/datastreams/datastreams', :locals => {:datastreams => @object.datastreams} %>
     </div>
     <div class="tab-pane" id="tab-properties">
-	  <%= render :partial => 'properties', :locals => {:properties => @properties} %>
+	  <%= render :partial => 'properties', :locals => {:properties => object_properties} %>
     </div>
     <div class="tab-pane" id="tab-permissions">
-	  <%= render :partial => 'permissions', :locals => {:object => @object} %>
+      <h4>Direct Permissions</h4>
+	  <%= render :partial => 'permissions', :locals => {:permissions => @object.permissions} %>
+	  <h4>Inherited Permissions</h4>
+	  <% unless apo_enforcement_enabled? %>
+	    <p class="alert">
+		  <%= t("fcrepo_admin.object.apo.enforcement_disabled") %>
+	    </p>
+	  <% end %>
+	  <% if @apo_relationship_name %>
+	    <p>
+		  <%= t("fcrepo_admin.object.apo.governed_by") %>: 
+		  <% if @apo %>
+		    <%= link_to @apo.pid, fcrepo_admin.object_path(@apo.pid) %>
+	      <% else %>
+		    <span class="label"><%= t("fcrepo_admin.object.apo.not_assigned") %></span>
+		  <% end %>
+	    </p>
+		<% if @apo %>
+	      <%= render :partial => 'permissions', :locals => {:permissions => @apo.default_permissions} %>
+		<% end %>
+	  <% else %>
+	    <p class="alert alert-info">
+		  <%= t("fcrepo_admin.object.apo.relationship_undefined") %>
+	    </p>
+	  <% end %>
     </div>
   </div>
 </div>

data/config/locales/fcrepo_admin.en.yml

@@ -15,9 +15,16 @@ en:
           modified_date: 'Modified Date'
           label: 'Label'
       permissions:
-        type: 'Type'
-        name: 'Name'
-        access: 'Access'
+        no_permissions: 'No permissions.'
+        header:
+          type: 'Type'
+          name: 'Name'
+          access: 'Access'
+      apo:
+        governed_by: 'Governed By'
+        not_assigned: 'Not Assigned'
+        enforcement_disabled: 'Admin policy access control enforcement is disabled.'
+        relationship_undefined: 'This object type does not define an admin policy relationship.'
     audit_trail: 
       title: 'Audit Trail'
       download: 'Download'

data/lib/fcrepo_admin/controller_behavior.rb

@@ -1,17 +1,16 @@
 module FcrepoAdmin
   module ControllerBehavior
 
-    def load_and_authz_object
-      load_object
+    def load_and_authz_object(param = :object_id)
+      load_object param
       authorize_object
     end
 
-    def load_object
-      @object = ActiveFedora::Base.find(params[:object_id], :cast => true)
+    def load_object(param = :object_id)
+      @object = ActiveFedora::Base.find(params[param], :cast => true)
     end
 
     def authorize_object
-      #authorize_resource :instance_name => 'object'
       authorize! params[:action].to_sym, @object
     end
 
@@ -21,7 +20,7 @@ module FcrepoAdmin
     end
 
     def load_datastream
-      load_object
+      load_object unless @object
       @datastream = @object.datastreams[params[:id]]
     end
 

data/lib/fcrepo_admin/datastream_ability.rb

@@ -2,8 +2,13 @@ require 'cancan'
 
 module FcrepoAdmin
   module DatastreamAbility
+    extend ActiveSupport::Concern
+    
+    included do
+      self.ability_logic += [:datastream_permissions]
+    end
 
-    def custom_permissions
+    def datastream_permissions
       can :read, ActiveFedora::Datastream do |ds|
         test_read(ds.pid)
       end 

data/lib/fcrepo_admin/version.rb

@@ -1,3 +1,3 @@
 module FcrepoAdmin
-  VERSION = "0.2.3"
+  VERSION = "0.2.4"
 end

data/spec/controllers/objects_controller_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe FcrepoAdmin::ObjectsController do
+  context "#show" do
+    subject { get :show, :id => object, :use_route => 'fcrepo_admin' }
+    let(:object) { FactoryGirl.create(:content_model) }
+    after { object.delete }
+    it { should render_template(:show) }
+  end
+end

data/spec/factories/fcrepo_admin_factories.rb

@@ -11,7 +11,7 @@ FactoryGirl.define do
     permissions [{type: 'group', name: 'public', access: 'read'}]
 
     trait :has_apo do
-      admin_policy
+      admin_policy { create(:admin_policy) }
     end
 
     factory :content_model_has_apo, :traits => [:has_apo]

data/spec/features/objects/show.html.erb_spec.rb

@@ -23,8 +23,14 @@ describe "objects/show.html.erb" do
       page.should have_link(I18n.t("fcrepo_admin.audit_trail.title"), :href => fcrepo_admin.object_audit_trail_index_path(object))
     end
     it "should display the object's permissions"
-    context "object governed by an admin policy" do
-      it "should link to the APO"
+  end
+  context "object governed by an admin policy" do
+    let(:object) { FactoryGirl.create(:content_model_has_apo) }
+    after { object.admin_policy.delete }
+    it "should link to the APO" do
+      visit fcrepo_admin.object_path(object)
+      page.should have_link(object.admin_policy.pid, :href => fcrepo_admin.object_path(object.admin_policy.pid))
     end
+    it "should display the inherited permissions"
   end
 end

data/spec/internal/app/controllers/application_controller.rb

@@ -1,9 +1,12 @@
 class ApplicationController < ActionController::Base
 
-  # Adds a few additional behaviors into the application controller 
   include Blacklight::Controller
-  # Please be sure to impelement current_user and user_session. Blacklight depends on 
-  # these methods in order to perform user specific actions. 
+  include Hydra::Controller::ControllerBehavior
+  include Hydra::PolicyAwareAccessControlsEnforcement
+  
+  rescue_from CanCan::AccessDenied do |exception|
+    render :file => "#{Rails.root}/public/403", :formats => [:html], :status => 403, :layout => false
+  end
 
   layout 'blacklight'
 

data/spec/internal/app/models/admin_policy.rb

@@ -0,0 +1,2 @@
+class AdminPolicy < Hydra::AdminPolicy
+end

data/spec/internal/config/initializers/hydra_config.rb

@@ -30,5 +30,6 @@ if Hydra.respond_to?(:configure)
       :owner => ActiveFedora::SolrService.solr_name("inheritable_depositor", indexer),
       :embargo_release_date => ActiveFedora::SolrService.solr_name("inheritable_embargo_release_date", Solrizer::Descriptor.new(:date, :stored, :indexed))
     }
+    config[:permissions][:policy_class] = AdminPolicy
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fcrepo_admin
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.2.4
   prerelease: 
 platform: ruby
 authors:
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-12 00:00:00.000000000 Z
+date: 2013-04-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hydra-head
@@ -259,7 +259,6 @@ files:
 - app/controllers/fcrepo_admin/audit_trail_controller.rb
 - app/controllers/fcrepo_admin/datastreams_controller.rb
 - app/controllers/fcrepo_admin/objects_controller.rb
-- app/helpers/application_helper.rb
 - app/mailers/.gitkeep
 - app/models/.gitkeep
 - app/views/fcrepo_admin/audit_trail/index.html.erb
@@ -273,6 +272,8 @@ files:
 - app/views/fcrepo_admin/datastreams/show.html.erb
 - app/views/fcrepo_admin/objects/_more_info.html.erb
 - app/views/fcrepo_admin/objects/_permissions.html.erb
+- app/views/fcrepo_admin/objects/_permissions_header.html.erb
+- app/views/fcrepo_admin/objects/_permissions_row.html.erb
 - app/views/fcrepo_admin/objects/_properties.html.erb
 - app/views/fcrepo_admin/objects/show.html.erb
 - config/locales/fcrepo_admin.en.yml
@@ -291,6 +292,7 @@ files:
 - lib/tasks/fcrepo_admin.rake
 - spec/controllers/audit_trail_controller_spec.rb
 - spec/controllers/datastreams_controller_spec.rb
+- spec/controllers/objects_controller_spec.rb
 - spec/factories/fcrepo_admin_factories.rb
 - spec/factories/user_factories.rb
 - spec/features/audit_trail/index.html.erb_spec.rb
@@ -310,6 +312,7 @@ files:
 - spec/internal/app/mailers/.gitkeep
 - spec/internal/app/models/.gitkeep
 - spec/internal/app/models/ability.rb
+- spec/internal/app/models/admin_policy.rb
 - spec/internal/app/models/content_model.rb
 - spec/internal/app/models/solr_document.rb
 - spec/internal/app/models/user.rb
@@ -369,7 +372,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3240411754357515048
+      hash: -547145690877426491
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -379,6 +382,7 @@ summary: Hydra-based Fedora Commons repository admin tool.
 test_files:
 - spec/controllers/audit_trail_controller_spec.rb
 - spec/controllers/datastreams_controller_spec.rb
+- spec/controllers/objects_controller_spec.rb
 - spec/factories/fcrepo_admin_factories.rb
 - spec/factories/user_factories.rb
 - spec/features/audit_trail/index.html.erb_spec.rb
@@ -398,6 +402,7 @@ test_files:
 - spec/internal/app/mailers/.gitkeep
 - spec/internal/app/models/.gitkeep
 - spec/internal/app/models/ability.rb
+- spec/internal/app/models/admin_policy.rb
 - spec/internal/app/models/content_model.rb
 - spec/internal/app/models/solr_document.rb
 - spec/internal/app/models/user.rb

data/app/helpers/application_helper.rb

@@ -1,2 +0,0 @@
-module ApplicationHelper
-end