hydra-access-controls 10.4.0 → 10.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/hydra/ability.rb +1 -0
  3. data/lib/hydra/config.rb +10 -1
  4. data/lib/hydra/role_mapper_behavior.rb +3 -2
  5. data/lib/hydra/shared_spec/group_service_interface.rb +16 -0
  6. data/lib/hydra/user.rb +1 -1
  7. data/spec/unit/config_spec.rb +13 -1
  8. data/spec/unit/role_mapper_spec.rb +22 -3
  9. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6f40c134a095ee25028a636e05a76ff5b6b48536
4
- data.tar.gz: 1355f04637b5036f5fe70d2e85fae2d27be014b4
3
+ metadata.gz: ed94a3c77e4473df017f3e8d932af844b5bc4eda
4
+ data.tar.gz: 14bf723d584d15d01d35882b3be61fa4d2c14fa5
5
5
  SHA512:
6
- metadata.gz: 5b08e56a15a842c3319c1096898db5af1c8a7f7dbf852d33c4b2e7d1740f0be84c9b258d19692b4328684ad4ef447a21e7e736171f4c5b101bfa9f595d494d57
7
- data.tar.gz: 9d14bb58b1c249ad2ad6dc5b75a62fa14b0d54f957efa43f0c1ae8aa7fe651b8433587042ee054424cfd211607502efb6ba014fcbaee32c9d2df80250b4fe135
6
+ metadata.gz: ac4802b6ab1511152cef8d8f9c4c27194eb6e5f90e4439f35130497d17bb72ccd7676be420a1c80ea487b7bda2f60595dee9acec091e80fcf9a911d8dd8fece8
7
+ data.tar.gz: 0f3830cef55ada92f0d9cb4250e433ac56b331eba178e4cbaea785aa68748cfff57355dc2ded2a60d511255b65abc173332ff4179f971642a0d5c955845d2b59
data/lib/hydra/ability.rb CHANGED
@@ -38,6 +38,7 @@ module Hydra
38
38
  end
39
39
 
40
40
  def edit_permissions
41
+ # Loading an object from Fedora can be slow, so assume that if a string is passed, it's an object id
41
42
  can [:edit, :update, :destroy], String do |id|
42
43
  test_edit(id)
43
44
  end
data/lib/hydra/config.rb CHANGED
@@ -32,9 +32,18 @@ module Hydra
32
32
  end
33
33
 
34
34
  attr_reader :permissions
35
- attr_writer :id_to_resource_uri
35
+ attr_writer :id_to_resource_uri, :user_key_field
36
36
  attr_accessor :user_model
37
37
 
38
+ def user_key_field
39
+ @user_key_field || default_user_key_field
40
+ end
41
+
42
+ def default_user_key_field
43
+ Deprecation.warn(self, "You must set 'config.user_key_field = Devise.authentication_keys.first' in your config/initializer/hydra_config.rb file. The default value will be removed in hydra-access-controls 12")
44
+ Devise.authentication_keys.first
45
+ end
46
+
38
47
  # This is purely used for translating an ID to user-facing URIs not used for
39
48
  # persistence. Useful for storing RDF in Fedora but displaying their
40
49
  # subjects in content negotiation as local to the application.
data/lib/hydra/role_mapper_behavior.rb CHANGED
@@ -75,8 +75,9 @@ module Hydra::RoleMapperBehavior
75
75
  raise("#{filename} was found, but was blank or malformed.\n")
76
76
  end
77
77
 
78
- yml.fetch(Rails.env)
79
-
78
+ roles = yml.fetch(Rails.env)
79
+ raise "No roles were found for the #{Rails.env} environment in #{file}" unless roles
80
+ roles
80
81
  end
81
82
  end
82
83
  end
data/lib/hydra/shared_spec/group_service_interface.rb ADDED
@@ -0,0 +1,16 @@
1
+ RSpec.shared_examples 'a Hydra group_service interface' do
2
+ before do
3
+ raise 'adapter must be set with `let(:group_service)`' unless
4
+ defined? group_service
5
+ end
6
+
7
+ subject { group_service }
8
+
9
+ it { is_expected.to respond_to(:role_names).with(0).arguments }
10
+
11
+ describe '#fetch_groups' do
12
+ it 'requires a user: keyword arg' do
13
+ expect(group_service.method(:fetch_groups).parameters).to eq([[:keyreq, :user]])
14
+ end
15
+ end
16
+ end
data/lib/hydra/user.rb CHANGED
@@ -19,7 +19,7 @@ module Hydra::User
19
19
  # Devise authentication_keys configuration variable. This method encapsulates
20
20
  # whether we use email or username (or something else) as the identifing user attribute.
21
21
  def find_by_user_key(key)
22
- find_by(Devise.authentication_keys.first.to_sym => key)
22
+ find_by(Hydra.config.user_key_field => key)
23
23
  end
24
24
  end
25
25
  end
data/spec/unit/config_spec.rb CHANGED
@@ -42,10 +42,22 @@ describe Hydra::Config do
42
42
  expect(config[:permissions][:policy_class]).to be_nil
43
43
  end
44
44
 
45
- it "should have defaults" do
45
+ it "has defaults" do
46
46
  expect(config.permissions.read.individual).to eq 'read_access_person_ssim'
47
47
  expect(config.permissions.embargo.release_date).to eq 'embargo_release_date_dtsi'
48
48
  expect(config.user_model).to eq 'User'
49
+ expect(config.user_key_field).to eq :email
49
50
  end
50
51
 
52
+ describe "user_key_field" do
53
+ after do
54
+ # restore default
55
+ config.user_key_field = :email
56
+ end
57
+
58
+ it "is settable" do
59
+ config.user_key_field = :uid
60
+ expect(config.user_key_field).to eq :uid
61
+ end
62
+ end
51
63
  end
data/spec/unit/role_mapper_spec.rb CHANGED
@@ -1,10 +1,29 @@
1
1
  require 'spec_helper'
2
+ require 'hydra/shared_spec/group_service_interface'
2
3
 
3
- describe RoleMapper do
4
+ RSpec.describe RoleMapper do
4
5
  it "defines the 4 roles" do
5
6
  expect(RoleMapper.role_names.sort).to eq %w(admin_policy_object_editor archivist donor patron researcher)
6
7
  end
7
8
 
9
+ describe "map" do
10
+ subject { described_class.map }
11
+
12
+ context "when there are no roles defined for the current environment" do
13
+ before do
14
+ described_class.instance_variable_set :@map, nil
15
+ allow(Rails).to receive(:env).and_return('production')
16
+ end
17
+
18
+ it "raises an error" do
19
+ expect { subject }.to raise_error RuntimeError, %r{^No roles were found for the production environment in .*config/role_map\.yml$}
20
+ end
21
+ end
22
+ end
23
+
24
+ let(:group_service) { described_class }
25
+ it_behaves_like 'a Hydra group_service interface'
26
+
8
27
  describe "#whois" do
9
28
  it "knows who is what" do
10
29
  expect(RoleMapper.whois('archivist').sort).to eq %w(archivist1@example.com archivist2@example.com leland_himself@example.com)
@@ -14,7 +33,7 @@ describe RoleMapper do
14
33
  end
15
34
 
16
35
  describe "fetch_groups" do
17
- let(:user) { instance_double(User, user_key: email, new_record?: false) }
36
+ let(:user) { instance_double(User, user_key: email, new_record?: false) }
18
37
  subject { RoleMapper.fetch_groups(user: user) }
19
38
 
20
39
  context "for a user with multiple roles" do
@@ -26,7 +45,7 @@ describe RoleMapper do
26
45
  expect(RoleMapper.fetch_groups(user: user)).to match_array ['archivist', 'donor', 'patron']
27
46
  end
28
47
  end
29
-
48
+
30
49
  context "for a user with a single role" do
31
50
  let(:email) { 'archivist2@example.com' }
32
51
  it { is_expected.to match_array ['archivist'] }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 10.4.0
4
+ version: 10.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2017-01-25 00:00:00.000000000 Z
13
+ date: 2017-06-09 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -186,6 +186,7 @@ files:
186
186
  - lib/hydra/policy_aware_ability.rb
187
187
  - lib/hydra/policy_aware_access_controls_enforcement.rb
188
188
  - lib/hydra/role_mapper_behavior.rb
189
+ - lib/hydra/shared_spec/group_service_interface.rb
189
190
  - lib/hydra/user.rb
190
191
  - spec/factories.rb
191
192
  - spec/indexers/embargo_indexer_spec.rb
@@ -236,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
236
237
  version: '0'
237
238
  requirements: []
238
239
  rubyforge_project:
239
- rubygems_version: 2.6.8
240
+ rubygems_version: 2.6.12
240
241
  signing_key:
241
242
  specification_version: 4
242
243
  summary: Access controls for project hydra