hydra-access-controls 0.0.2 → 0.0.3

data/spec/unit/access_controls_enforcement_spec.rb

@@ -0,0 +1,180 @@
+require 'spec_helper'
+# Need way to find way to stub current_user and RoleMapper in order to run these tests
+
+describe Hydra::AccessControlsEnforcement do
+  before do
+    class Rails; end
+    Rails.stub(:root).and_return('spec/support')
+    Rails.stub(:env).and_return('test')
+  end
+  before(:all) do
+    class MockController
+      include Hydra::AccessControlsEnforcement
+      attr_accessor :params
+      
+      def user_key
+        current_user.user_key
+      end
+
+      def session
+      end
+    end
+  end
+  subject { MockController.new }
+  
+  describe "When I am searching for content" do
+    before do
+      @solr_parameters = {}
+      @user_parameters = {}
+    end
+    context "Given I am not logged in" do
+      before do
+        subject.stub(:current_user).and_return(User.new)
+        subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
+      end
+      it "Then I should be treated as a member of the 'public' group" do
+        ["discover","edit","read"].each do |type|
+          @solr_parameters[:fq].first.should match(/#{type}_access_group_t\:public/)      
+        end
+      end
+      it "Then I should not be treated as a member of the 'registered' group" do
+        @solr_parameters[:fq].first.should_not match(/registered/) 
+      end
+      it "Then I should not have individual or group permissions"
+    end
+    context "Given I am a registered user" do
+      before do
+        @user = FactoryGirl.build(:martia_morocco)
+        @user.new_record = false
+        User.stub(:find_by_user_key).and_return(@user)
+        # This is a pretty fragile way to stub it...
+        RoleMapper.stub(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
+        subject.stub(:current_user).and_return(@user)
+        subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
+      end
+      it "Then I should be treated as a member of the 'public' and 'registered' groups" do
+        ["discover","edit","read"].each do |type|
+          @solr_parameters[:fq].first.should match(/#{type}_access_group_t\:public/)  
+          @solr_parameters[:fq].first.should match(/#{type}_access_group_t\:registered/)      
+        end
+      end
+      it "Then I should see assets that I have discover, read, or edit access to" do
+        ["discover","edit","read"].each do |type|
+          @solr_parameters[:fq].first.should match(/#{type}_access_person_t\:#{@user.user_key}/)      
+        end
+      end
+      it "Then I should see assets that my groups have discover, read, or edit access to" do
+        ["faculty", "africana-faculty"].each do |group_id|
+          ["discover","edit","read"].each do |type|
+            @solr_parameters[:fq].first.should match(/#{type}_access_group_t\:#{group_id}/)      
+          end
+        end
+      end
+    end
+  end
+  
+  describe "enforce_access_controls" do
+    describe "when the method exists" do
+      it "should call the method" do
+        subject.params = {:action => :index}
+        subject.enforce_access_controls.should be_true
+      end
+    end
+    describe "when the method doesn't exist" do
+      it "should not call the method, but should return true" do
+        subject.params = {:action => :facet}
+        subject.enforce_access_controls.should be_true
+      end
+    end
+  end
+  describe "enforce_show_permissions" do
+    it "should allow a user w/ edit permissions to view an embargoed object" do
+      user = User.new :uid=>'testuser@example.com'
+      user.stub(:is_being_superuser?).and_return false
+      RoleMapper.stub(:roles).with(user.user_key).and_return(["archivist"])
+      subject.stub(:current_user).and_return(user)
+      subject.should_receive(:can?).with(:edit, nil).and_return(true)
+      subject.stub(:can?).with(:read, nil).and_return(true)
+      subject.instance_variable_set :@permissions_solr_document, SolrDocument.new({"edit_access_person_t"=>["testuser@example.com"], "embargo_release_date_dt"=>(Date.parse(Time.now.to_s)+2).to_s})
+
+      subject.params = {}
+      subject.should_receive(:load_permissions_from_solr) #This is what normally sets @permissions_solr_document
+      lambda {subject.send(:enforce_show_permissions, {}) }.should_not raise_error Hydra::AccessDenied
+    end
+    it "should prevent a user w/o edit permissions from viewing an embargoed object" do
+      user = User.new :uid=>'testuser@example.com'
+      user.stub(:is_being_superuser?).and_return false
+      RoleMapper.stub(:roles).with(user.user_key).and_return([])
+      subject.stub(:current_user).and_return(user)
+      subject.should_receive(:can?).with(:edit, nil).and_return(false)
+      subject.stub(:can?).with(:read, nil).and_return(true)
+      subject.params = {}
+      subject.instance_variable_set :@permissions_solr_document, SolrDocument.new({"edit_access_person_t"=>["testuser@example.com"], "embargo_release_date_dt"=>(Date.parse(Time.now.to_s)+2).to_s})
+      subject.should_receive(:load_permissions_from_solr) #This is what normally sets @permissions_solr_document
+      lambda {subject.send(:enforce_show_permissions, {})}.should raise_error Hydra::AccessDenied, "This item is under embargo.  You do not have sufficient access privileges to read this document."
+    end
+  end
+  describe "apply_gated_discovery" do
+    before(:each) do
+      @stub_user = User.new :uid=>'archivist1@example.com'
+      @stub_user.stub(:is_being_superuser?).and_return false
+      RoleMapper.stub(:roles).with(@stub_user.user_key).and_return(["archivist","researcher"])
+      subject.stub(:current_user).and_return(@stub_user)
+      @solr_parameters = {}
+      @user_parameters = {}
+    end
+    it "should set query fields for the user id checking against the discover, access, read fields" do
+      subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
+      ["discover","edit","read"].each do |type|
+        @solr_parameters[:fq].first.should match(/#{type}_access_person_t\:#{@stub_user.user_key}/)      
+      end
+    end
+    it "should set query fields for all roles the user is a member of checking against the discover, access, read fields" do
+      subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
+      ["discover","edit","read"].each do |type|
+        @solr_parameters[:fq].first.should match(/#{type}_access_group_t\:archivist/)        
+        @solr_parameters[:fq].first.should match(/#{type}_access_group_t\:researcher/)        
+      end
+    end
+    
+    describe "(DEPRECATED) for superusers" do
+      it "should return superuser access level" do
+        stub_user = User.new(:uid=>'suzie@example.com')
+        stub_user.stub(:is_being_superuser?).and_return true
+        RoleMapper.stub(:roles).with(stub_user.user_key).and_return(["archivist","researcher"])
+        subject.stub(:current_user).and_return(stub_user)
+        subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
+        ["discover","edit","read"].each do |type|    
+          @solr_parameters[:fq].first.should match(/#{type}_access_person_t\:\[\* TO \*\]/)          
+        end
+      end
+      it "should not return superuser access to non-superusers" do
+        stub_user = User.new(:uid=>'suzie@example.com')
+        stub_user.stub(:is_being_superuser?).and_return false
+        RoleMapper.stub(:roles).with(stub_user.user_key).and_return(["archivist","researcher"])
+        subject.stub(:current_user).and_return(stub_user)
+        subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
+        ["discover","edit","read"].each do |type|
+          @solr_parameters[:fq].should_not include("#{type}_access_person_t\:\[\* TO \*\]")              
+        end
+      end
+    end
+
+  end
+  
+  describe "exclude_unwanted_models" do
+    before(:each) do
+      stub_user = User.new :uid=>'archivist1@example.com'
+      stub_user.stub(:is_being_superuser?).and_return false
+      subject.stub(:current_user).and_return(stub_user)
+      @solr_parameters = {}
+      @user_parameters = {}
+    end
+    it "should set solr query parameters to filter out FileAssets" do
+      subject.send(:exclude_unwanted_models, @solr_parameters, @user_parameters)
+      @solr_parameters[:fq].should include("-has_model_s:\"info:fedora/afmodel:FileAsset\"")  
+    end
+  end
+end
+
+

data/spec/unit/admin_policy_spec.rb

@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe Hydra::AdminPolicy do
+  before do
+    Hydra.stub(:config).and_return({:permissions=>{
+      :catchall => "access_t",
+      :discover => {:group =>"discover_access_group_t", :individual=>"discover_access_person_t"},
+      :read => {:group =>"read_access_group_t", :individual=>"read_access_person_t"},
+      :edit => {:group =>"edit_access_group_t", :individual=>"edit_access_person_t"},
+      :owner => "depositor_t",
+      :embargo_release_date => "embargo_release_date_dt",
+      
+      :inheritable => {
+        :catchall => "inheritable_access_t",
+        :discover => {:group =>"inheritable_discover_access_group_t", :individual=>"inheritable_discover_access_person_t"},
+        :read => {:group =>"inheritable_read_access_group_t", :individual=>"inheritable_read_access_person_t"},
+        :edit => {:group =>"inheritable_edit_access_group_t", :individual=>"inheritable_edit_access_person_t"},
+        :owner => "inheritable_depositor_t",
+        :embargo_release_date => "inheritable_embargo_release_date_dt"
+      }
+    }})
+  end
+  its(:defaultRights) { should be_kind_of Hydra::Datastream::InheritableRightsMetadata}
+  its(:rightsMetadata) { should be_kind_of Hydra::Datastream::RightsMetadata}
+  its(:descMetadata) { should be_kind_of ActiveFedora::QualifiedDublinCoreDatastream}
+
+  describe "when setting attributes" do
+    before do
+      subject.title = "My title" 
+      subject.description = "My description" 
+      subject.license_title = "My license" 
+      subject.license_description = "My license desc" 
+      subject.license_url = "My url" 
+    end
+    its(:title) { should == "My title"}
+    its(:description) { should == "My description"}
+    its(:license_title) { should == "My license"}
+    its(:license_description) { should == "My license desc"}
+    its(:license_url) { should == "My url"}
+  end
+    
+
+  describe "to_solr" do
+    subject { Hydra::AdminPolicy.new(:title=>"Foobar").to_solr }
+    it "should have title_t" do
+      subject["title_t"].should == ['Foobar']
+    end
+    it "should have title_display" do
+      subject["title_display"].should == 'Foobar'
+    end
+  end
+  
+  describe "Inheritable rights" do
+    before do
+      @policy = Hydra::AdminPolicy.new
+      @policy.default_permissions = [{:name=>"africana-faculty", :access=>"edit", :type=>"group"}, {:name=>"cool-kids", :access=>"edit", :type=>"group"}, {:name=>"julius_caesar", :access=>"edit", :type=>"user"}]
+      @policy.default_permissions = [{:name=>"slightlycoolkids", :access=>"read", :type=>"group"}, {:name=>"nero", :access=>"read", :type=>"user"}]
+      @policy.default_permissions = [{:name=>"posers", :access=>"discover", :type=>"group"}, {:name=>"constantine", :access=>"discover", :type=>"user"}]
+      @policy.defaultRights.embargo_release_date = "2102-10-01"
+    end
+
+    describe "to_solr" do
+      subject {@policy.to_solr}
+      it "should not affect normal solr permissions fields" do    
+        subject.should_not have_key( Hydra.config[:permissions][:catchall] )
+        subject.should_not have_key( Hydra.config[:permissions][:discover][:group] ) 
+        subject.should_not have_key( Hydra.config[:permissions][:discover][:individual] )
+        subject.should_not have_key( Hydra.config[:permissions][:read][:group] )
+        subject.should_not have_key( Hydra.config[:permissions][:read][:individual] )
+        subject.should_not have_key( Hydra.config[:permissions][:edit][:group] )
+        subject.should_not have_key( Hydra.config[:permissions][:edit][:individual] )
+        subject.should_not have_key( Hydra.config[:permissions][:embargo_release_date] )
+      end
+      it "should provide prefixed/inherited solr permissions fields" do
+        subject[Hydra.config[:permissions][:inheritable][:catchall] ].should == ["posers", "slightlycoolkids", "africana-faculty", "cool-kids", "constantine", "nero", "julius_caesar"] 
+        subject[Hydra.config[:permissions][:inheritable][:discover][:group] ].should == ["posers"]
+        subject[Hydra.config[:permissions][:inheritable][:discover][:individual] ].should == ["constantine"]
+        subject[Hydra.config[:permissions][:inheritable][:read][:group] ].should == ["slightlycoolkids"]
+        subject[Hydra.config[:permissions][:inheritable][:read][:individual] ].should == ["nero"]
+        subject[Hydra.config[:permissions][:inheritable][:edit][:group] ].should == ["africana-faculty", "cool-kids"]
+        subject[Hydra.config[:permissions][:inheritable][:edit][:individual] ].should == ["julius_caesar"]
+        subject[Hydra.config[:permissions][:inheritable][:embargo_release_date] ].should == "2102-10-01"
+      end
+    end
+
+  end
+
+
+end

data/spec/unit/inheritable_rights_metadata_spec.rb

@@ -0,0 +1,66 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+require "nokogiri"
+
+describe Hydra::Datastream::InheritableRightsMetadata do
+  before do
+    Hydra.stub(:config).and_return({:permissions=>{
+      :catchall => "access_t",
+      :discover => {:group =>"discover_access_group_t", :individual=>"discover_access_person_t"},
+      :read => {:group =>"read_access_group_t", :individual=>"read_access_person_t"},
+      :edit => {:group =>"edit_access_group_t", :individual=>"edit_access_person_t"},
+      :owner => "depositor_t",
+      :embargo_release_date => "embargo_release_date_dt",
+      
+      :inheritable => {
+        :catchall => "inheritable_access_t",
+        :discover => {:group =>"inheritable_discover_access_group_t", :individual=>"inheritable_discover_access_person_t"},
+        :read => {:group =>"inheritable_read_access_group_t", :individual=>"inheritable_read_access_person_t"},
+        :edit => {:group =>"inheritable_edit_access_group_t", :individual=>"inheritable_edit_access_person_t"},
+        :owner => "inheritable_depositor_t",
+        :embargo_release_date => "inheritable_embargo_release_date_dt"
+      }
+    }})
+  end
+  
+  before(:each) do
+    # The way RubyDora loads objects prevents us from stubbing the fedora connection :(
+    # ActiveFedora::RubydoraConnection.stubs(:instance).returns(stub_everything())
+    obj = ActiveFedora::Base.new
+    @sample = Hydra::Datastream::InheritableRightsMetadata.new(obj.inner_object, nil)
+    @sample.stub(:content).and_return('')
+
+    @sample.permissions({:group=>"africana-faculty"}, "edit")
+    @sample.permissions({:group=>"cool-kids"}, "edit")
+    @sample.permissions({:group=>"slightly-cool-kids"}, "read")
+    @sample.permissions({:group=>"posers"}, "discover")
+    @sample.permissions({:person=>"julius_caesar"}, "edit") 
+    @sample.permissions({:person=>"nero"}, "read") 
+    @sample.permissions({:person=>"constantine"}, "discover") 
+    @sample.embargo_release_date = "2102-10-01"
+  end
+
+  describe "to_solr" do
+    subject {@sample.to_solr}
+    it "should NOT provide normal solr permissions fields" do    
+      subject.should_not have_key( Hydra.config[:permissions][:catchall] )
+      subject.should_not have_key( Hydra.config[:permissions][:discover][:group] ) 
+      subject.should_not have_key( Hydra.config[:permissions][:discover][:individual] )
+      subject.should_not have_key( Hydra.config[:permissions][:read][:group] )
+      subject.should_not have_key( Hydra.config[:permissions][:read][:individual] )
+      subject.should_not have_key( Hydra.config[:permissions][:edit][:group] )
+      subject.should_not have_key( Hydra.config[:permissions][:edit][:individual] )
+      subject.should_not have_key( Hydra.config[:permissions][:embargo_release_date] )
+    end
+    it "should provide prefixed/inherited solr permissions fields" do
+      subject[Hydra.config[:permissions][:inheritable][:catchall] ].should == ["posers", "slightly-cool-kids", "africana-faculty", "cool-kids", "constantine", "nero", "julius_caesar"] 
+      subject[Hydra.config[:permissions][:inheritable][:discover][:group] ].should == ["posers"]
+      subject[Hydra.config[:permissions][:inheritable][:discover][:individual] ].should == ["constantine"]
+      subject[Hydra.config[:permissions][:inheritable][:read][:group] ].should == ["slightly-cool-kids"]
+      subject[Hydra.config[:permissions][:inheritable][:read][:individual] ].should == ["nero"]
+      subject[Hydra.config[:permissions][:inheritable][:edit][:group] ].should == ["africana-faculty", "cool-kids"]
+      subject[Hydra.config[:permissions][:inheritable][:edit][:individual] ].should == ["julius_caesar"]
+      subject[Hydra.config[:permissions][:inheritable][:embargo_release_date] ].should == "2102-10-01"
+    end
+  end
+
+end

data/spec/unit/policy_aware_ability_spec.rb

@@ -0,0 +1,92 @@
+require 'spec_helper'
+
+describe Hydra::PolicyAwareAbility do
+  before do
+    class Rails; end
+    Rails.stub(:root).and_return('spec/support')
+    Rails.stub(:env).and_return('test')
+
+    Hydra.stub(:config).and_return({
+      :permissions=>{
+        :catchall => "access_t",
+        :discover => {:group =>"discover_access_group_t", :individual=>"discover_access_person_t"},
+        :read => {:group =>"read_access_group_t", :individual=>"read_access_person_t"},
+        :edit => {:group =>"edit_access_group_t", :individual=>"edit_access_person_t"},
+        :owner => "depositor_t",
+        :embargo_release_date => "embargo_release_date_dt",
+      
+        :inheritable => {
+          :catchall => "inheritable_access_t",
+          :discover => {:group =>"inheritable_discover_access_group_t", :individual=>"inheritable_discover_access_person_t"},
+          :read => {:group =>"inheritable_read_access_group_t", :individual=>"inheritable_read_access_person_t"},
+          :edit => {:group =>"inheritable_edit_access_group_t", :individual=>"inheritable_edit_access_person_t"},
+          :owner => "inheritable_depositor_t",
+          :embargo_release_date => "inheritable_embargo_release_date_dt"
+        }
+    }})
+  end
+  before(:all) do
+    class PolicyAwareClass
+      include CanCan::Ability
+      include Hydra::Ability
+      include Hydra::PolicyAwareAbility
+    end
+    @policy = Hydra::AdminPolicy.new
+    # Set the inheritable permissions
+    @policy.default_permissions = [
+        {:type=>"group", :access=>"read", :name=>"africana-faculty"},
+        {:type=>"group", :access=>"edit", :name=>"cool_kids"},
+        {:type=>"group", :access=>"edit", :name=>"in_crowd"},
+        {:type=>"user", :access=>"read", :name=>"nero"},
+        {:type=>"user", :access=>"edit", :name=>"julius_caesar"}
+      ]
+      
+    @policy.save
+    @asset = ModsAsset.new()
+    @asset.admin_policy = @policy
+    @asset.save
+  end
+  after(:all) { @policy.delete; @asset.delete }
+  subject { PolicyAwareClass.new( User.new ) }
+  
+  describe "policy_pid_for" do
+    it "should retrieve the pid doc for the current object's governing policy" do
+      subject.policy_pid_for(@asset.pid).should == @policy.pid
+    end
+  end
+
+  describe "policy_permissions_doc" do
+    it "should retrieve the permissions doc for the current object's policy and store for re-use" do
+      subject.should_receive(:get_permissions_solr_response_for_doc_id).with(@policy.pid).once.and_return(["response", "mock solr doc"])
+      subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
+      subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
+      subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
+    end
+  end
+  describe "test_edit_from_policy" do
+    it "should test_edit_from_policy"
+  end
+  describe "test_read_from_policy" do
+    it "should test_read_from_policy"
+  end
+  describe "edit_groups_from_policy" do
+    it "should retrieve the list of groups with edit access from the policy" do
+      subject.edit_groups_from_policy(@policy.pid).should == ["cool_kids","in_crowd"]
+    end
+  end
+  describe "edit_persons_from_policy" do
+    it "should retrieve the list of individuals with edit access from the policy" do
+      subject.edit_persons_from_policy(@policy.pid).should == ["julius_caesar"]
+    end
+  end
+  describe "read_groups_from_policy" do
+    it "should retrieve the list of groups with read access from the policy" do
+      subject.read_groups_from_policy(@policy.pid).should == ["cool_kids", "in_crowd", "africana-faculty"]
+    end
+  end
+  describe "read_persons_from_policy" do
+    it "should retrieve the list of individuals with read access from the policy" do
+      subject.read_persons_from_policy(@policy.pid).should == ["julius_caesar","nero"]
+    end
+  end
+end

data/spec/unit/policy_aware_access_controls_enforcement_spec.rb

@@ -0,0 +1,109 @@
+require 'spec_helper'
+
+describe Hydra::PolicyAwareAccessControlsEnforcement do
+  before do
+    class Rails; end
+    Rails.stub(:root).and_return('spec/support')
+    Rails.stub(:env).and_return('test')
+  end
+  before(:all) do
+    class MockController
+      include Hydra::AccessControlsEnforcement
+      include Hydra::PolicyAwareAccessControlsEnforcement
+      attr_accessor :params
+      
+      def user_key
+        current_user.user_key
+      end
+
+      def session
+      end
+    end
+    
+    @sample_policies = []
+    # user discover
+    policy1 = Hydra::AdminPolicy.new(:pid=>"test:policy1")
+    policy1.default_permissions = [{:type=>"user", :access=>"discover", :name=>"sara_student"}]
+    policy1.save
+    @sample_policies << policy1
+    
+    # user read
+    policy2 = Hydra::AdminPolicy.new(:pid=>"test:policy2")
+    policy2.default_permissions = [{:type=>"user", :access=>"read", :name=>"sara_student"}]
+    policy2.save
+    @sample_policies << policy2
+    
+    # user edit
+    policy3 = Hydra::AdminPolicy.new(:pid=>"test:policy3")
+    policy3.default_permissions = [{:type=>"user", :access=>"edit", :name=>"sara_student"}]
+    policy3.save
+    @sample_policies << policy3
+    
+    
+    # group discover
+    policy4 = Hydra::AdminPolicy.new(:pid=>"test:policy4")
+    policy4.default_permissions = [{:type=>"group", :access=>"discover", :name=>"africana-104-students"}]
+    policy4.save
+    @sample_policies << policy4
+    
+    # group read
+    policy5 = Hydra::AdminPolicy.new(:pid=>"test:policy5")
+    policy5.default_permissions = [{:type=>"group", :access=>"read", :name=>"africana-104-students"}]
+    policy5.save
+    @sample_policies << policy5
+    
+    # group edit
+    policy6 = Hydra::AdminPolicy.new(:pid=>"test:policy6")
+    policy6.default_permissions = [{:type=>"group", :access=>"edit", :name=>"africana-104-students"}]
+    policy6.save
+    @sample_policies << policy6
+    
+    # no access 
+    policy7 = Hydra::AdminPolicy.create(:pid=>"test:policy7")
+    @sample_policies << policy7
+  
+    @policies_with_access = @sample_policies.select { |p| p.pid != policy7.pid }
+  end
+  
+  after(:all) do
+    @policies.access.each {|p| p.delete }
+  end
+  
+  subject { MockController.new }
+  
+  before do
+    @solr_parameters = {}
+    @user_parameters = {}
+    @user = FactoryGirl.build(:sara_student)
+    RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
+    subject.stub(:current_user).and_return(@user)
+  end
+  
+  describe "policies_with_access" do
+    it "should return the policies that provide discover permissions" do
+      @policies_with_access.map {|p| p.pid }.each do |p|
+        subject.policies_with_access.should include(p)
+      end
+    end
+    it "should return the policies that provide discover permissions" do
+        subject.policies_with_access.should_not include("test:policy7")
+    end
+    it "should allow you to configure which model to use for policies" do
+      Hydra.stub(:config).and_return( {:permissions=>{:policy_class => ModsAsset}} )
+      ModsAsset.should_receive(:find_with_conditions).and_return([])
+      subject.policies_with_access
+    end
+  end
+  
+  describe "apply_gated_discovery" do
+    it "should include policy-aware query" do
+      subject.apply_gated_discovery(@solr_parameters, @user_parameters)
+      @solr_parameters[:fq].first.should include(" OR (is_governed_by_s:info\\:fedora/test\\:policy1 OR is_governed_by_s:info\\:fedora/test\\:policy2 OR is_governed_by_s:info\\:fedora/test\\:policy3 OR is_governed_by_s:info\\:fedora/test\\:policy4 OR is_governed_by_s:info\\:fedora/test\\:policy5 OR is_governed_by_s:info\\:fedora/test\\:policy6)")
+    end
+    it "should not change anything if there are no clauses to add" do
+      subject.stub(:policy_clauses).and_return(nil)
+      subject.apply_gated_discovery(@solr_parameters, @user_parameters)
+      @solr_parameters[:fq].first.should_not include(" OR (is_governed_by_s:info\\:fedora/test\\:policy1 OR is_governed_by_s:info\\:fedora/test\\:policy2 OR is_governed_by_s:info\\:fedora/test\\:policy3 OR is_governed_by_s:info\\:fedora/test\\:policy4 OR is_governed_by_s:info\\:fedora/test\\:policy5 OR is_governed_by_s:info\\:fedora/test\\:policy6)")
+    end
+  end
+end