hydra-access-controls 10.3.0 → 10.3.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 41551b5b4c585cf81dcf873b800b5699dc6c1b22
|
|
4
|
+
data.tar.gz: a81738e509b739baf6d816ad0ec58f68a1b880f9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4979abd13373922171646bd2bf6cbf79c8c016e3c45b145be961cf778a4818d71151345ed0bfa8defa41ab3f32cfbe7de2a1a0a5d3280d600c2377d4811575b
|
|
7
|
+
data.tar.gz: 25049f1bb1d157fa2512c045644543851c88020c60f8875ee2c4b993f5619a0f57394a01d5e84b56ff5f15d69ff35cb34f17987f0b4e8d5f0ded3e5dfcce2051
|
|
@@ -61,7 +61,9 @@ module Hydra
|
|
|
61
61
|
prop['id'] = selected.id if selected
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
-
|
|
64
|
+
clean_collection = remove_bad_deletes(attributes_collection)
|
|
65
|
+
|
|
66
|
+
self.permissions_attributes_without_uniqueness = clean_collection
|
|
65
67
|
end
|
|
66
68
|
|
|
67
69
|
# Return a list of groups that have discover permission
|
|
@@ -437,6 +439,19 @@ module Hydra
|
|
|
437
439
|
raise 'no agent' unless agent.present?
|
|
438
440
|
agent.first.rdf_subject.to_s.start_with?(PERSON_AGENT_URL_PREFIX)
|
|
439
441
|
end
|
|
442
|
+
|
|
443
|
+
# Removes any permissions if both a delete and an update are found for the same id
|
|
444
|
+
# or if a delete is present without an id.
|
|
445
|
+
def remove_bad_deletes(collection)
|
|
446
|
+
collection.delete_if { |permission| (has_destroy_flag?(permission) && !permission.has_key?(:id)) }
|
|
447
|
+
collection.each do |permission|
|
|
448
|
+
next unless has_destroy_flag?(permission)
|
|
449
|
+
delete_id = permission.fetch(:id, nil)
|
|
450
|
+
if collection.map { |c| c if c.fetch(:id, nil) == delete_id }.compact.count > 1
|
|
451
|
+
collection.delete_if { |permission| permission.fetch(:id, nil) == delete_id }
|
|
452
|
+
end
|
|
453
|
+
end
|
|
454
|
+
end
|
|
440
455
|
end
|
|
441
456
|
end
|
|
442
457
|
end
|
|
@@ -151,6 +151,55 @@ describe Hydra::AccessControls::Permissions do
|
|
|
151
151
|
expect(reloaded).to eq [{ type: "person", access: "edit", name: "jcoyne" }]
|
|
152
152
|
end
|
|
153
153
|
end
|
|
154
|
+
|
|
155
|
+
context "when destroy and update are simultaneously set for the same id" do
|
|
156
|
+
let(:simultaneous) do
|
|
157
|
+
[
|
|
158
|
+
{ id: permissions_id, type: "group", access: "read", name: "group1", _destroy: '1' },
|
|
159
|
+
{ id: permissions_id, type: "group", access: "read", name: "group1", }
|
|
160
|
+
]
|
|
161
|
+
end
|
|
162
|
+
before do
|
|
163
|
+
subject.update permissions_attributes: [{ type: "group", access: "read", name: "group1" }]
|
|
164
|
+
subject.update permissions_attributes: simultaneous
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
it "leaves the permissions unchanged" do
|
|
168
|
+
expect(reloaded).to contain_exactly({name: "jcoyne", type: "person", access: "edit"}, {name: "group1", type: "group", access: "read"})
|
|
169
|
+
end
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
context "when destroy is present without an id" do
|
|
173
|
+
let(:missing_id) do
|
|
174
|
+
[ { type: "group", access: "read", name: "group1", _destroy: '1' } ]
|
|
175
|
+
end
|
|
176
|
+
before do
|
|
177
|
+
subject.update permissions_attributes: missing_id
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
it "leaves the permissions unchanged" do
|
|
181
|
+
expect(reloaded).to contain_exactly({name: "jcoyne", type: "person", access: "edit"})
|
|
182
|
+
end
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
context "when updating multiple different permissions at the same time" do
|
|
186
|
+
before do
|
|
187
|
+
subject.update permissions_attributes: [{ type: "group", access: "read", name: "group1" }]
|
|
188
|
+
subject.update permissions_attributes: [
|
|
189
|
+
{ id: permissions_id, type: "group", access: "read", name: "group1", _destroy: '1' },
|
|
190
|
+
{ type: "group", access: "edit", name: "group2" },
|
|
191
|
+
{ type: "person", access: "read", name: "joebob" }
|
|
192
|
+
]
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
it "removes permissions on existing groups and updates the others" do
|
|
196
|
+
expect(reloaded).to contain_exactly(
|
|
197
|
+
{name: "jcoyne", type: "person", access: "edit"},
|
|
198
|
+
{name: "group2", type: "group", access: "edit"},
|
|
199
|
+
{name: "joebob", type: "person", access: "read"}
|
|
200
|
+
)
|
|
201
|
+
end
|
|
202
|
+
end
|
|
154
203
|
end
|
|
155
204
|
|
|
156
205
|
context "to a falsy value" do
|
|
@@ -126,23 +126,31 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
|
126
126
|
end
|
|
127
127
|
|
|
128
128
|
describe "apply_gated_discovery" do
|
|
129
|
-
before do
|
|
130
|
-
allow(RoleMapper).to receive(:roles).with(user).and_return(user.roles)
|
|
131
|
-
end
|
|
132
129
|
let(:governed_field) { ActiveFedora.index_field_mapper.solr_name('isGovernedBy', :symbol) }
|
|
130
|
+
let(:policy_queries) { @solr_parameters[:fq].first.split(" OR ") }
|
|
133
131
|
|
|
134
|
-
|
|
135
|
-
# stubbing out policies_with_access because solr doesn't always return them in the same order.
|
|
136
|
-
policy_ids = (1..8).map {|n| "policies/#{n}"}
|
|
137
|
-
expect(subject).to receive(:policies_with_access).and_return(policy_ids)
|
|
138
|
-
subject.apply_gated_discovery(@solr_parameters)
|
|
139
|
-
expect(@solr_parameters[:fq].first).to include(" OR (_query_:\"{!field f=#{governed_field}}policies/1\" OR _query_:\"{!field f=#{governed_field}}policies/2\" OR _query_:\"{!field f=#{governed_field}}policies/3\" OR _query_:\"{!field f=#{governed_field}}policies/4\" OR _query_:\"{!field f=#{governed_field}}policies/5\" OR _query_:\"{!field f=#{governed_field}}policies/6\" OR _query_:\"{!field f=#{governed_field}}policies/7\" OR _query_:\"{!field f=#{governed_field}}policies/8\")")
|
|
140
|
-
end
|
|
132
|
+
before { allow(RoleMapper).to receive(:roles).with(user).and_return(user.roles) }
|
|
141
133
|
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
134
|
+
context "when policies are included" do
|
|
135
|
+
before { subject.apply_gated_discovery(@solr_parameters) }
|
|
136
|
+
|
|
137
|
+
it "builds a query that includes all the policies" do
|
|
138
|
+
(1..11).each do |p|
|
|
139
|
+
expect(policy_queries).to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
context "when policies are not included" do
|
|
145
|
+
before do
|
|
146
|
+
allow(subject).to receive(:policy_clauses).and_return(nil)
|
|
147
|
+
subject.apply_gated_discovery(@solr_parameters)
|
|
148
|
+
end
|
|
149
|
+
it "does not include any policies in the query" do
|
|
150
|
+
(1..11).each do |p|
|
|
151
|
+
expect(policy_queries).not_to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
|
|
152
|
+
end
|
|
153
|
+
end
|
|
146
154
|
end
|
|
147
155
|
end
|
|
148
156
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 10.3.
|
|
4
|
+
version: 10.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2016-
|
|
13
|
+
date: 2016-10-28 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -236,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
236
236
|
version: '0'
|
|
237
237
|
requirements: []
|
|
238
238
|
rubyforge_project:
|
|
239
|
-
rubygems_version: 2.6.
|
|
239
|
+
rubygems_version: 2.6.4
|
|
240
240
|
signing_key:
|
|
241
241
|
specification_version: 4
|
|
242
242
|
summary: Access controls for project hydra
|