hydra-access-controls 10.4.0 → 10.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/hydra/ability.rb +1 -0
  3. data/lib/hydra/config.rb +10 -1
  4. data/lib/hydra/role_mapper_behavior.rb +3 -2
  5. data/lib/hydra/shared_spec/group_service_interface.rb +16 -0
  6. data/lib/hydra/user.rb +1 -1
  7. data/spec/unit/config_spec.rb +13 -1
  8. data/spec/unit/role_mapper_spec.rb +22 -3
  9. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6f40c134a095ee25028a636e05a76ff5b6b48536
4
- data.tar.gz: 1355f04637b5036f5fe70d2e85fae2d27be014b4
3
+ metadata.gz: ed94a3c77e4473df017f3e8d932af844b5bc4eda
4
+ data.tar.gz: 14bf723d584d15d01d35882b3be61fa4d2c14fa5
5
5
  SHA512:
6
- metadata.gz: 5b08e56a15a842c3319c1096898db5af1c8a7f7dbf852d33c4b2e7d1740f0be84c9b258d19692b4328684ad4ef447a21e7e736171f4c5b101bfa9f595d494d57
7
- data.tar.gz: 9d14bb58b1c249ad2ad6dc5b75a62fa14b0d54f957efa43f0c1ae8aa7fe651b8433587042ee054424cfd211607502efb6ba014fcbaee32c9d2df80250b4fe135
6
+ metadata.gz: ac4802b6ab1511152cef8d8f9c4c27194eb6e5f90e4439f35130497d17bb72ccd7676be420a1c80ea487b7bda2f60595dee9acec091e80fcf9a911d8dd8fece8
7
+ data.tar.gz: 0f3830cef55ada92f0d9cb4250e433ac56b331eba178e4cbaea785aa68748cfff57355dc2ded2a60d511255b65abc173332ff4179f971642a0d5c955845d2b59
data/lib/hydra/ability.rb CHANGED
@@ -38,6 +38,7 @@ module Hydra
38
38
  end
39
39
 
40
40
  def edit_permissions
41
+ # Loading an object from Fedora can be slow, so assume that if a string is passed, it's an object id
41
42
  can [:edit, :update, :destroy], String do |id|
42
43
  test_edit(id)
43
44
  end
data/lib/hydra/config.rb CHANGED
@@ -32,9 +32,18 @@ module Hydra
32
32
  end
33
33
 
34
34
  attr_reader :permissions
35
- attr_writer :id_to_resource_uri
35
+ attr_writer :id_to_resource_uri, :user_key_field
36
36
  attr_accessor :user_model
37
37
 
38
+ def user_key_field
39
+ @user_key_field || default_user_key_field
40
+ end
41
+
42
+ def default_user_key_field
43
+ Deprecation.warn(self, "You must set 'config.user_key_field = Devise.authentication_keys.first' in your config/initializer/hydra_config.rb file. The default value will be removed in hydra-access-controls 12")
44
+ Devise.authentication_keys.first
45
+ end
46
+
38
47
  # This is purely used for translating an ID to user-facing URIs not used for
39
48
  # persistence. Useful for storing RDF in Fedora but displaying their
40
49
  # subjects in content negotiation as local to the application.
data/lib/hydra/role_mapper_behavior.rb CHANGED
@@ -75,8 +75,9 @@ module Hydra::RoleMapperBehavior
75
75
  raise("#{filename} was found, but was blank or malformed.\n")
76
76
  end
77
77
 
78
- yml.fetch(Rails.env)
79
-
78
+ roles = yml.fetch(Rails.env)
79
+ raise "No roles were found for the #{Rails.env} environment in #{file}" unless roles
80
+ roles
80
81
  end
81
82
  end
82
83
  end
data/lib/hydra/shared_spec/group_service_interface.rb ADDED
@@ -0,0 +1,16 @@
1
+ RSpec.shared_examples 'a Hydra group_service interface' do
2
+ before do
3
+ raise 'adapter must be set with `let(:group_service)`' unless
4
+ defined? group_service
5
+ end
6
+
7
+ subject { group_service }
8
+
9
+ it { is_expected.to respond_to(:role_names).with(0).arguments }
10
+
11
+ describe '#fetch_groups' do
12
+ it 'requires a user: keyword arg' do
13
+ expect(group_service.method(:fetch_groups).parameters).to eq([[:keyreq, :user]])
14
+ end
15
+ end
16
+ end
data/lib/hydra/user.rb CHANGED
@@ -19,7 +19,7 @@ module Hydra::User
19
19
  # Devise authentication_keys configuration variable. This method encapsulates
20
20
  # whether we use email or username (or something else) as the identifing user attribute.
21
21
  def find_by_user_key(key)
22
- find_by(Devise.authentication_keys.first.to_sym => key)
22
+ find_by(Hydra.config.user_key_field => key)
23
23
  end
24
24
  end
25
25
  end
data/spec/unit/config_spec.rb CHANGED
@@ -42,10 +42,22 @@ describe Hydra::Config do
42
42
  expect(config[:permissions][:policy_class]).to be_nil
43
43
  end
44
44
 
45
- it "should have defaults" do
45
+ it "has defaults" do
46
46
  expect(config.permissions.read.individual).to eq 'read_access_person_ssim'
47
47
  expect(config.permissions.embargo.release_date).to eq 'embargo_release_date_dtsi'
48
48
  expect(config.user_model).to eq 'User'
49
+ expect(config.user_key_field).to eq :email
49
50
  end
50
51
 
52
+ describe "user_key_field" do
53
+ after do
54
+ # restore default
55
+ config.user_key_field = :email
56
+ end
57
+
58
+ it "is settable" do
59
+ config.user_key_field = :uid
60
+ expect(config.user_key_field).to eq :uid
61
+ end
62
+ end
51
63
  end
data/spec/unit/role_mapper_spec.rb CHANGED
@@ -1,10 +1,29 @@
1
1
  require 'spec_helper'
2
+ require 'hydra/shared_spec/group_service_interface'
2
3
 
3
- describe RoleMapper do
4
+ RSpec.describe RoleMapper do
4
5
  it "defines the 4 roles" do
5
6
  expect(RoleMapper.role_names.sort).to eq %w(admin_policy_object_editor archivist donor patron researcher)
6
7
  end
7
8
 
9
+ describe "map" do
10
+ subject { described_class.map }
11
+
12
+ context "when there are no roles defined for the current environment" do
13
+ before do
14
+ described_class.instance_variable_set :@map, nil
15
+ allow(Rails).to receive(:env).and_return('production')
16
+ end
17
+
18
+ it "raises an error" do
19
+ expect { subject }.to raise_error RuntimeError, %r{^No roles were found for the production environment in .*config/role_map\.yml$}
20
+ end
21
+ end
22
+ end
23
+
24
+ let(:group_service) { described_class }
25
+ it_behaves_like 'a Hydra group_service interface'
26
+
8
27
  describe "#whois" do
9
28
  it "knows who is what" do
10
29
  expect(RoleMapper.whois('archivist').sort).to eq %w(archivist1@example.com archivist2@example.com leland_himself@example.com)
@@ -14,7 +33,7 @@ describe RoleMapper do
14
33
  end
15
34
 
16
35
  describe "fetch_groups" do
17
- let(:user) { instance_double(User, user_key: email, new_record?: false) }
36
+ let(:user) { instance_double(User, user_key: email, new_record?: false) }
18
37
  subject { RoleMapper.fetch_groups(user: user) }
19
38
 
20
39
  context "for a user with multiple roles" do
@@ -26,7 +45,7 @@ describe RoleMapper do
26
45
  expect(RoleMapper.fetch_groups(user: user)).to match_array ['archivist', 'donor', 'patron']
27
46
  end
28
47
  end
29
-
48
+
30
49
  context "for a user with a single role" do
31
50
  let(:email) { 'archivist2@example.com' }
32
51
  it { is_expected.to match_array ['archivist'] }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 10.4.0
4
+ version: 10.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2017-01-25 00:00:00.000000000 Z
13
+ date: 2017-06-09 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -186,6 +186,7 @@ files:
186
186
  - lib/hydra/policy_aware_ability.rb
187
187
  - lib/hydra/policy_aware_access_controls_enforcement.rb
188
188
  - lib/hydra/role_mapper_behavior.rb
189
+ - lib/hydra/shared_spec/group_service_interface.rb
189
190
  - lib/hydra/user.rb
190
191
  - spec/factories.rb
191
192
  - spec/indexers/embargo_indexer_spec.rb
@@ -236,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
236
237
  version: '0'
237
238
  requirements: []
238
239
  rubyforge_project:
239
- rubygems_version: 2.6.8
240
+ rubygems_version: 2.6.12
240
241
  signing_key:
241
242
  specification_version: 4
242
243
  summary: Access controls for project hydra