hydra-access-controls 10.5.1 → 10.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.textile +4 -4
- data/app/models/concerns/hydra/admin_policy_behavior.rb +1 -1
- data/app/models/hydra/access_controls/embargo.rb +4 -4
- data/app/models/hydra/access_controls/lease.rb +4 -4
- data/app/models/hydra/access_controls/permission.rb +4 -4
- data/hydra-access-controls.gemspec +2 -2
- data/lib/hydra-access-controls.rb +9 -6
- data/spec/unit/admin_policy_spec.rb +7 -4
- data/spec/unit/config_spec.rb +1 -1
- data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +1 -0
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 194c22619390bf832d9525d0560f36cf82c81591
|
|
4
|
+
data.tar.gz: 6dc606293605fa52c7347d99540c2761be4c4e22
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2fb11965a6ba204c99d8cc10ac9883d9c716e677d4cc407e365eb8da99834e5d796b704130a8889175d1edeb4b38e13925aed0c6a25e19f8c78970673bbdf73e
|
|
7
|
+
data.tar.gz: eec346cdd2746922f3e0b8e777555ad980b8853c156e9ff4787d666d16a6f4ca70a920380665ce97bd8bd34952c36b659e95fa030845e3bb4745c581994b9b3f
|
data/README.textile
CHANGED
|
@@ -56,21 +56,21 @@ In config/initializers/hydra_config.rb
|
|
|
56
56
|
<pre>
|
|
57
57
|
Hydra.configure(:shared) do |config|
|
|
58
58
|
# ... other stuff ...
|
|
59
|
-
indexer =
|
|
59
|
+
indexer = ActiveFedora::Indexing::Descriptor.new(:string, :stored, :indexed, :multivalued)
|
|
60
60
|
config[:permissions] = {
|
|
61
61
|
:discover => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("discover_access_group", indexer), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("discover_access_person", indexer)},
|
|
62
62
|
:read => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("read_access_group", indexer), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("read_access_person", indexer)},
|
|
63
63
|
:edit => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("edit_access_group", indexer), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("edit_access_person", indexer)},
|
|
64
64
|
:owner => ActiveFedora::SolrQueryBuilder.solr_name("depositor", indexer),
|
|
65
|
-
:embargo_release_date => ActiveFedora::SolrQueryBuilder.solr_name("embargo_release_date",
|
|
65
|
+
:embargo_release_date => ActiveFedora::SolrQueryBuilder.solr_name("embargo_release_date", ActiveFedora::Indexing::Descriptor.new(:date, :stored, :indexed))
|
|
66
66
|
}
|
|
67
|
-
indexer =
|
|
67
|
+
indexer = ActiveFedora::Indexing::Descriptor.new(:string, :stored, :indexed, :multivalued)
|
|
68
68
|
config[:permissions][:inheritable] = {
|
|
69
69
|
:discover => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("inheritable_discover_access_group", indexer), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("inheritable_discover_access_person", indexer)},
|
|
70
70
|
:read => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("inheritable_read_access_group", indexer), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("inheritable_read_access_person", indexer)},
|
|
71
71
|
:edit => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("inheritable_edit_access_group", indexer), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("inheritable_edit_access_person", indexer)},
|
|
72
72
|
:owner => ActiveFedora::SolrQueryBuilder.solr_name("inheritable_depositor", indexer),
|
|
73
|
-
:embargo_release_date => ActiveFedora::SolrQueryBuilder.solr_name("inheritable_embargo_release_date",
|
|
73
|
+
:embargo_release_date => ActiveFedora::SolrQueryBuilder.solr_name("inheritable_embargo_release_date", ActiveFedora::Indexing::Descriptor.new(:date, :stored, :indexed))
|
|
74
74
|
}
|
|
75
75
|
end
|
|
76
76
|
</pre>
|
|
@@ -16,7 +16,7 @@ module Hydra
|
|
|
16
16
|
end
|
|
17
17
|
if default_embargo
|
|
18
18
|
key = Hydra.config.permissions.inheritable.embargo.release_date.sub(/_[^_]+$/, '') #Strip off the suffix
|
|
19
|
-
::
|
|
19
|
+
ActiveFedora::Indexing::Inserter.insert_field(doc, key, default_embargo.embargo_release_date, :stored_sortable)
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
end
|
|
@@ -28,10 +28,10 @@ module Hydra::AccessControls
|
|
|
28
28
|
def to_hash
|
|
29
29
|
{}.tap do |doc|
|
|
30
30
|
date_field_name = Hydra.config.permissions.embargo.release_date.sub(/_dtsi/, '')
|
|
31
|
-
|
|
32
|
-
doc[
|
|
33
|
-
doc[
|
|
34
|
-
doc[
|
|
31
|
+
ActiveFedora::Indexing::Inserter.insert_field(doc, date_field_name, embargo_release_date, :stored_sortable)
|
|
32
|
+
doc[ActiveFedora.index_field_mapper.solr_name("visibility_during_embargo", :symbol)] = visibility_during_embargo unless visibility_during_embargo.nil?
|
|
33
|
+
doc[ActiveFedora.index_field_mapper.solr_name("visibility_after_embargo", :symbol)] = visibility_after_embargo unless visibility_after_embargo.nil?
|
|
34
|
+
doc[ActiveFedora.index_field_mapper.solr_name("embargo_history", :symbol)] = embargo_history unless embargo_history.nil?
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
protected
|
|
@@ -27,11 +27,11 @@ module Hydra::AccessControls
|
|
|
27
27
|
def to_hash
|
|
28
28
|
{}.tap do |doc|
|
|
29
29
|
date_field_name = Hydra.config.permissions.lease.expiration_date.sub(/_dtsi/, '')
|
|
30
|
-
|
|
30
|
+
ActiveFedora::Indexing::Inserter.insert_field(doc, date_field_name, lease_expiration_date, :stored_sortable)
|
|
31
31
|
|
|
32
|
-
doc[
|
|
33
|
-
doc[
|
|
34
|
-
doc[
|
|
32
|
+
doc[ActiveFedora.index_field_mapper.solr_name("visibility_during_lease", :symbol)] = visibility_during_lease unless visibility_during_lease.nil?
|
|
33
|
+
doc[ActiveFedora.index_field_mapper.solr_name("visibility_after_lease", :symbol)] = visibility_after_lease unless visibility_after_lease.nil?
|
|
34
|
+
doc[ActiveFedora.index_field_mapper.solr_name("lease_history", :symbol)] = lease_history unless lease_history.nil?
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
|
|
@@ -80,18 +80,18 @@ module Hydra::AccessControls
|
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
def build_agent_resource(prefix, name)
|
|
83
|
-
Agent.new(::RDF::URI.new("#{prefix}##{URI.encode(name)}"))
|
|
83
|
+
[Agent.new(::RDF::URI.new("#{prefix}##{URI.encode(name)}"))]
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
def build_access(access)
|
|
87
87
|
raise "Can't build access #{inspect}" unless access
|
|
88
88
|
self.mode = case access
|
|
89
89
|
when 'read'
|
|
90
|
-
Mode.new(::ACL.Read)
|
|
90
|
+
[Mode.new(::ACL.Read)]
|
|
91
91
|
when 'edit'
|
|
92
|
-
Mode.new(::ACL.Write)
|
|
92
|
+
[Mode.new(::ACL.Write)]
|
|
93
93
|
when 'discover'
|
|
94
|
-
Mode.new(Hydra::ACL.Discover)
|
|
94
|
+
[Mode.new(Hydra::ACL.Discover)]
|
|
95
95
|
else
|
|
96
96
|
raise ArgumentError, "Unknown access #{access.inspect}"
|
|
97
97
|
end
|
|
@@ -19,11 +19,11 @@ Gem::Specification.new do |gem|
|
|
|
19
19
|
gem.required_ruby_version = '>= 1.9.3'
|
|
20
20
|
|
|
21
21
|
gem.add_dependency 'activesupport', '>= 4', '< 6'
|
|
22
|
-
gem.add_dependency "active-fedora", '>= 10.0.0', '<
|
|
22
|
+
gem.add_dependency "active-fedora", '>= 10.0.0', '< 13'
|
|
23
23
|
gem.add_dependency 'cancancan', '~> 1.8'
|
|
24
24
|
gem.add_dependency 'deprecation', '~> 1.0'
|
|
25
25
|
gem.add_dependency "blacklight", '>= 5.16'
|
|
26
|
-
gem.add_dependency "blacklight-access_controls", '~> 0.6'
|
|
26
|
+
gem.add_dependency "blacklight-access_controls", '~> 0.6.0'
|
|
27
27
|
|
|
28
28
|
gem.add_development_dependency "rake", '~> 10.1'
|
|
29
29
|
gem.add_development_dependency 'rspec', '~> 3.1'
|
|
@@ -29,12 +29,7 @@ module Hydra
|
|
|
29
29
|
alias :config :configure
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
class Engine < Rails::Engine
|
|
33
|
-
# autoload_paths is only necessary for Rails 3
|
|
34
|
-
config.autoload_paths += %W(
|
|
35
|
-
#{config.root}/app/models/concerns
|
|
36
|
-
)
|
|
37
|
-
end
|
|
32
|
+
class Engine < Rails::Engine; end
|
|
38
33
|
|
|
39
34
|
# This error is raised when a user isn't allowed to access a given controller action.
|
|
40
35
|
# This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
|
|
@@ -43,3 +38,11 @@ module Hydra
|
|
|
43
38
|
end
|
|
44
39
|
|
|
45
40
|
require 'active_fedora/accessible_by'
|
|
41
|
+
|
|
42
|
+
# While we support ActiveFedora 10 and 11, alias ActiveFedora::Indexing and
|
|
43
|
+
# ActiveFedora::Indexing::Inserter to Solrizer
|
|
44
|
+
require 'active_fedora/version'
|
|
45
|
+
if ActiveFedora.version.split('.').first.to_i < 12
|
|
46
|
+
ActiveFedora::Indexing::Inserter = Solrizer
|
|
47
|
+
ActiveFedora::Indexing::Descriptor = Solrizer::Descriptor
|
|
48
|
+
end
|
|
@@ -43,16 +43,19 @@ describe Hydra::AdminPolicy do
|
|
|
43
43
|
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'},
|
|
44
44
|
{:type=>'person', :access=>'discover', :name=>'user2'}]
|
|
45
45
|
end
|
|
46
|
-
|
|
46
|
+
|
|
47
|
+
it "updates permissions on existing users" do
|
|
47
48
|
subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
|
|
48
|
-
subject.default_permissions.first.mode = Hydra::AccessControls::Mode.new(::ACL.Write)
|
|
49
|
+
subject.default_permissions.first.mode = [Hydra::AccessControls::Mode.new(::ACL.Write)]
|
|
49
50
|
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'edit', :name=>'user1'}]
|
|
50
51
|
end
|
|
51
|
-
|
|
52
|
+
|
|
53
|
+
it "updates permissions on existing groups" do
|
|
52
54
|
subject.default_permissions.build({:name=>'group1', :access=>'discover', :type=>'group'})
|
|
53
|
-
subject.default_permissions.first.mode = Hydra::AccessControls::Mode.new(::ACL.Write)
|
|
55
|
+
subject.default_permissions.first.mode = [Hydra::AccessControls::Mode.new(::ACL.Write)]
|
|
54
56
|
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'group', :access=>'edit', :name=>'group1'}]
|
|
55
57
|
end
|
|
58
|
+
|
|
56
59
|
it "should assign user permissions when :type == 'person'" do
|
|
57
60
|
subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
|
|
58
61
|
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'}]
|
data/spec/unit/config_spec.rb
CHANGED
|
@@ -14,7 +14,7 @@ describe Hydra::Config do
|
|
|
14
14
|
individual: ActiveFedora.index_field_mapper.solr_name("edit_access_person", :symbol)},
|
|
15
15
|
owner: ActiveFedora.index_field_mapper.solr_name("depositor", :symbol),
|
|
16
16
|
}
|
|
17
|
-
config.permissions.embargo.release_date = ActiveFedora.index_field_mapper.solr_name("embargo_release_date",
|
|
17
|
+
config.permissions.embargo.release_date = ActiveFedora.index_field_mapper.solr_name("embargo_release_date", ActiveFedora::Indexing::Descriptor.new(:date, :stored, :indexed))
|
|
18
18
|
|
|
19
19
|
# specify the user model
|
|
20
20
|
config[:user_model] = 'User'
|
|
@@ -136,6 +136,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
|
136
136
|
before { subject.apply_gated_discovery(@solr_parameters) }
|
|
137
137
|
|
|
138
138
|
it "builds a query that includes all the policies" do
|
|
139
|
+
skip if ActiveFedora.version.split('.').first.to_i < 11
|
|
139
140
|
(1..11).each do |p|
|
|
140
141
|
expect(policy_queries).to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
|
|
141
142
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 10.
|
|
4
|
+
version: 10.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2018-
|
|
13
|
+
date: 2018-10-15 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -41,7 +41,7 @@ dependencies:
|
|
|
41
41
|
version: 10.0.0
|
|
42
42
|
- - "<"
|
|
43
43
|
- !ruby/object:Gem::Version
|
|
44
|
-
version: '
|
|
44
|
+
version: '13'
|
|
45
45
|
type: :runtime
|
|
46
46
|
prerelease: false
|
|
47
47
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -51,7 +51,7 @@ dependencies:
|
|
|
51
51
|
version: 10.0.0
|
|
52
52
|
- - "<"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '13'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: cancancan
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
103
|
+
version: 0.6.0
|
|
104
104
|
type: :runtime
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
110
|
+
version: 0.6.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rake
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|