hydra-access-controls 10.4.0 → 10.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/hydra/ability.rb +1 -0
- data/lib/hydra/config.rb +10 -1
- data/lib/hydra/role_mapper_behavior.rb +3 -2
- data/lib/hydra/shared_spec/group_service_interface.rb +16 -0
- data/lib/hydra/user.rb +1 -1
- data/spec/unit/config_spec.rb +13 -1
- data/spec/unit/role_mapper_spec.rb +22 -3
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ed94a3c77e4473df017f3e8d932af844b5bc4eda
|
4
|
+
data.tar.gz: 14bf723d584d15d01d35882b3be61fa4d2c14fa5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac4802b6ab1511152cef8d8f9c4c27194eb6e5f90e4439f35130497d17bb72ccd7676be420a1c80ea487b7bda2f60595dee9acec091e80fcf9a911d8dd8fece8
|
7
|
+
data.tar.gz: 0f3830cef55ada92f0d9cb4250e433ac56b331eba178e4cbaea785aa68748cfff57355dc2ded2a60d511255b65abc173332ff4179f971642a0d5c955845d2b59
|
data/lib/hydra/ability.rb
CHANGED
data/lib/hydra/config.rb
CHANGED
@@ -32,9 +32,18 @@ module Hydra
|
|
32
32
|
end
|
33
33
|
|
34
34
|
attr_reader :permissions
|
35
|
-
attr_writer :id_to_resource_uri
|
35
|
+
attr_writer :id_to_resource_uri, :user_key_field
|
36
36
|
attr_accessor :user_model
|
37
37
|
|
38
|
+
def user_key_field
|
39
|
+
@user_key_field || default_user_key_field
|
40
|
+
end
|
41
|
+
|
42
|
+
def default_user_key_field
|
43
|
+
Deprecation.warn(self, "You must set 'config.user_key_field = Devise.authentication_keys.first' in your config/initializer/hydra_config.rb file. The default value will be removed in hydra-access-controls 12")
|
44
|
+
Devise.authentication_keys.first
|
45
|
+
end
|
46
|
+
|
38
47
|
# This is purely used for translating an ID to user-facing URIs not used for
|
39
48
|
# persistence. Useful for storing RDF in Fedora but displaying their
|
40
49
|
# subjects in content negotiation as local to the application.
|
@@ -75,8 +75,9 @@ module Hydra::RoleMapperBehavior
|
|
75
75
|
raise("#{filename} was found, but was blank or malformed.\n")
|
76
76
|
end
|
77
77
|
|
78
|
-
yml.fetch(Rails.env)
|
79
|
-
|
78
|
+
roles = yml.fetch(Rails.env)
|
79
|
+
raise "No roles were found for the #{Rails.env} environment in #{file}" unless roles
|
80
|
+
roles
|
80
81
|
end
|
81
82
|
end
|
82
83
|
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
RSpec.shared_examples 'a Hydra group_service interface' do
|
2
|
+
before do
|
3
|
+
raise 'adapter must be set with `let(:group_service)`' unless
|
4
|
+
defined? group_service
|
5
|
+
end
|
6
|
+
|
7
|
+
subject { group_service }
|
8
|
+
|
9
|
+
it { is_expected.to respond_to(:role_names).with(0).arguments }
|
10
|
+
|
11
|
+
describe '#fetch_groups' do
|
12
|
+
it 'requires a user: keyword arg' do
|
13
|
+
expect(group_service.method(:fetch_groups).parameters).to eq([[:keyreq, :user]])
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
data/lib/hydra/user.rb
CHANGED
@@ -19,7 +19,7 @@ module Hydra::User
|
|
19
19
|
# Devise authentication_keys configuration variable. This method encapsulates
|
20
20
|
# whether we use email or username (or something else) as the identifing user attribute.
|
21
21
|
def find_by_user_key(key)
|
22
|
-
find_by(
|
22
|
+
find_by(Hydra.config.user_key_field => key)
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
data/spec/unit/config_spec.rb
CHANGED
@@ -42,10 +42,22 @@ describe Hydra::Config do
|
|
42
42
|
expect(config[:permissions][:policy_class]).to be_nil
|
43
43
|
end
|
44
44
|
|
45
|
-
it "
|
45
|
+
it "has defaults" do
|
46
46
|
expect(config.permissions.read.individual).to eq 'read_access_person_ssim'
|
47
47
|
expect(config.permissions.embargo.release_date).to eq 'embargo_release_date_dtsi'
|
48
48
|
expect(config.user_model).to eq 'User'
|
49
|
+
expect(config.user_key_field).to eq :email
|
49
50
|
end
|
50
51
|
|
52
|
+
describe "user_key_field" do
|
53
|
+
after do
|
54
|
+
# restore default
|
55
|
+
config.user_key_field = :email
|
56
|
+
end
|
57
|
+
|
58
|
+
it "is settable" do
|
59
|
+
config.user_key_field = :uid
|
60
|
+
expect(config.user_key_field).to eq :uid
|
61
|
+
end
|
62
|
+
end
|
51
63
|
end
|
@@ -1,10 +1,29 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'hydra/shared_spec/group_service_interface'
|
2
3
|
|
3
|
-
describe RoleMapper do
|
4
|
+
RSpec.describe RoleMapper do
|
4
5
|
it "defines the 4 roles" do
|
5
6
|
expect(RoleMapper.role_names.sort).to eq %w(admin_policy_object_editor archivist donor patron researcher)
|
6
7
|
end
|
7
8
|
|
9
|
+
describe "map" do
|
10
|
+
subject { described_class.map }
|
11
|
+
|
12
|
+
context "when there are no roles defined for the current environment" do
|
13
|
+
before do
|
14
|
+
described_class.instance_variable_set :@map, nil
|
15
|
+
allow(Rails).to receive(:env).and_return('production')
|
16
|
+
end
|
17
|
+
|
18
|
+
it "raises an error" do
|
19
|
+
expect { subject }.to raise_error RuntimeError, %r{^No roles were found for the production environment in .*config/role_map\.yml$}
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
let(:group_service) { described_class }
|
25
|
+
it_behaves_like 'a Hydra group_service interface'
|
26
|
+
|
8
27
|
describe "#whois" do
|
9
28
|
it "knows who is what" do
|
10
29
|
expect(RoleMapper.whois('archivist').sort).to eq %w(archivist1@example.com archivist2@example.com leland_himself@example.com)
|
@@ -14,7 +33,7 @@ describe RoleMapper do
|
|
14
33
|
end
|
15
34
|
|
16
35
|
describe "fetch_groups" do
|
17
|
-
let(:user) { instance_double(User, user_key: email, new_record?: false) }
|
36
|
+
let(:user) { instance_double(User, user_key: email, new_record?: false) }
|
18
37
|
subject { RoleMapper.fetch_groups(user: user) }
|
19
38
|
|
20
39
|
context "for a user with multiple roles" do
|
@@ -26,7 +45,7 @@ describe RoleMapper do
|
|
26
45
|
expect(RoleMapper.fetch_groups(user: user)).to match_array ['archivist', 'donor', 'patron']
|
27
46
|
end
|
28
47
|
end
|
29
|
-
|
48
|
+
|
30
49
|
context "for a user with a single role" do
|
31
50
|
let(:email) { 'archivist2@example.com' }
|
32
51
|
it { is_expected.to match_array ['archivist'] }
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hydra-access-controls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 10.
|
4
|
+
version: 10.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Beer
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2017-
|
13
|
+
date: 2017-06-09 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: activesupport
|
@@ -186,6 +186,7 @@ files:
|
|
186
186
|
- lib/hydra/policy_aware_ability.rb
|
187
187
|
- lib/hydra/policy_aware_access_controls_enforcement.rb
|
188
188
|
- lib/hydra/role_mapper_behavior.rb
|
189
|
+
- lib/hydra/shared_spec/group_service_interface.rb
|
189
190
|
- lib/hydra/user.rb
|
190
191
|
- spec/factories.rb
|
191
192
|
- spec/indexers/embargo_indexer_spec.rb
|
@@ -236,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
236
237
|
version: '0'
|
237
238
|
requirements: []
|
238
239
|
rubyforge_project:
|
239
|
-
rubygems_version: 2.6.
|
240
|
+
rubygems_version: 2.6.12
|
240
241
|
signing_key:
|
241
242
|
specification_version: 4
|
242
243
|
summary: Access controls for project hydra
|