hydra-access-controls 10.7.0 → 11.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7c79ec6fe837de0f50c227d4645733a374171b2320b2dfe5a164b1df4c6e958
-  data.tar.gz: 01caa2ad2384cf886227747097eeb48abc631383058454fff6b8d61255577eb0
+  metadata.gz: 61225eacc0eb1ffe2facc00ac42aa082567c42835cb4d5b05f69e2fa0ee6fd37
+  data.tar.gz: 426e99adcb97802d370833f95112b48be577745fc195ceb4fccfed0c97f6276d
 SHA512:
-  metadata.gz: c7ebf08abc586fd649c11375017b593518c22b290eb1f09e9b34fdd1a9f76e6b4614c319dd931780f7582aae53e8a4710d29dff6538c63e32b6582393c10b762
-  data.tar.gz: ad1e0a0095e83ed18a036f98ee37369ceebe8161917f4a591d011ca7e2e94c6aebd398f4fec23a54607f206ec771f0c4c609222b8451b61b2fb84b7e24e6c5c5
+  metadata.gz: a3744e8f64c8b98d2a5a2e1d1a7c8b1f941937f2041f8698e11068cc0d934b3d9f227054ce8feacd185b6ec1e8a9c57835684aa868676210f387cbda503165e8
+  data.tar.gz: e5b37637f6fd11f5bc9c1f85ebde7227b93ceb434281437b9a410992ec5abaefb8e648ff945d59c1e8382ea142860d0cfb1f24fffb3bb4e4a20aa4b7952c52fd

data/app/models/concerns/hydra/access_controls/permissions.rb

@@ -22,7 +22,7 @@ module Hydra
       end
 
       def permission_delegate
-        (access_control || build_access_control).tap { |d| d.owner = self }
+        (access_control || create_access_control).tap { |d| d.owner = self }
       end
 
       def to_solr(solr_doc = {})

data/app/models/role_mapper.rb

@@ -1,6 +1,8 @@
-# RoleMapper This is used by AccessControlsEnforcement to get users' Roles (used in access permissions)
-# If you are using something like Shibboleth or LDAP to get users' Roles, you should override this Class.  
-# Your override should include a Module that implements the same behaviors as Hydra::RoleMapperBehavior 
+# RoleMapper This is used by AccessControls::SearchBuilder to get users' Roles
+# (used in access permissions) If you are using something like Shibboleth or
+# LDAP to get users' Roles, you should override this Class.  Your override
+# should include a Module that implements the same behaviors as
+# Hydra::RoleMapperBehavior
 class RoleMapper
   include Hydra::RoleMapperBehavior
 end

data/app/search_builders/hydra/access_controls/policy_aware_search_builder.rb

@@ -0,0 +1,97 @@
+module Hydra
+  module AccessControls
+    # A SearchBuilder that applies filters that are expressed within policies.
+    # The permissions on the policy are inherited by the objects goverend by the
+    # policy.
+    class PolicyAwareSearchBuilder < Hydra::AccessControls::SearchBuilder
+      # Extends Blacklight::AccessControls::SearchBuilder.apply_gated_discovery
+      # to reflect policy-provided access.
+      # Appends the result of policy_clauses into the :fq
+      # @param [Hash] solr_parameters the current solr parameters, to be
+      #               modified herein!
+      def apply_gated_discovery(solr_parameters)
+        super
+        logger.debug("POLICY-aware Solr parameters: #{solr_parameters.inspect}")
+      end
+
+      # @return [String,nil] solr query for finding all objects whose policies
+      #                      grant discover access to current_user
+      def policy_clauses
+        policy_ids = policies_with_access
+        return nil if policy_ids.empty?
+        clauses = policy_ids.map do |id|
+          ActiveFedora::SolrQueryBuilder
+            .construct_query_for_rel(isGovernedBy: id)
+        end
+        '(' + clauses.join(' OR '.freeze) + ')'
+      end
+
+      # Find all the policies that grant discover/read/edit permissions to this user or any of its groups.
+      # Grant access based on user id & group
+      def policies_with_access
+        #### TODO -- Memoize this and put it in the session?
+        user_access_filters = []
+        user_access_filters += apply_policy_group_permissions(discovery_permissions)
+        user_access_filters += apply_policy_user_permissions(discovery_permissions)
+        where = user_access_filters.join(' OR ')
+        result = policy_class.search_with_conditions(where,
+                                                     fl: 'id',
+                                                     rows: policy_class.count)
+        logger.debug "get policies: #{result}\n\n"
+        result.map { |h| h['id'] }
+      end
+
+      # for groups
+      # @param [Array{String,#to_sym}] permission_types symbols (or equivalent) from Hydra.config.permissions.inheritable
+      def apply_policy_group_permissions(permission_types = discovery_permissions)
+        user_access_filters = []
+        current_ability.user_groups.each do |group|
+          permission_types.each do |type|
+            user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].group, group)
+          end
+        end
+        user_access_filters
+      end
+
+      # for individual user access
+      # @param [Array{String,#to_sym}] permission_types
+      def apply_policy_user_permissions(permission_types = discovery_permissions)
+        user = current_ability.current_user
+        return [] unless user && user.user_key.present?
+        permission_types.map do |type|
+          escape_filter(Hydra.config.permissions.inheritable[type.to_sym].individual, user.user_key)
+        end
+      end
+
+      # Override method from blacklight-access_controls
+      def discovery_permissions
+        @discovery_permissions ||= %w[edit discover read]
+      end
+
+      # Returns the Model used for AdminPolicy objects.
+      # You can set this by overriding this method or setting
+      # Hydra.config[:permissions][:policy_class]
+      # Defults to Hydra::AdminPolicy
+      def policy_class
+        Hydra.config.permissions.policy_class || Hydra::AdminPolicy
+      end
+
+      private
+
+      def gated_discovery_filters
+        filters = super
+        additional_clauses = policy_clauses
+        filters << additional_clauses unless additional_clauses.blank?
+        filters
+      end
+
+      # Find the name of the solr field for this type of permission.
+      # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
+      # Used by blacklight-access_controls gem.
+      def solr_field_for(permission_type, permission_category)
+        permissions = Hydra.config.permissions[permission_type.to_sym]
+        permission_category == 'group' ? permissions.group : permissions.individual
+      end
+    end
+  end
+end

data/app/search_builders/hydra/access_controls/search_builder.rb

@@ -0,0 +1,13 @@
+module Hydra
+  module AccessControls
+    class SearchBuilder < Blacklight::AccessControls::SearchBuilder
+      # Find the name of the solr field for this type of permission.
+      # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
+      # Used by blacklight-access_controls.
+      def solr_field_for(permission_type, permission_category)
+        permissions = Hydra.config.permissions[permission_type.to_sym]
+        permission_category == 'group' ? permissions.group : permissions.individual
+      end
+    end
+  end
+end

data/app/services/hydra/embargo_service.rb

@@ -14,7 +14,7 @@ module Hydra
       #   (assumes that when lease visibility is applied to assets
       #    whose leases have expired, the lease expiration date will be removed from its metadata)
       def assets_under_embargo
-        ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:[* TO *]")
+        ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:*")
       end
 
       # Returns all assets that have had embargoes deactivated in the past.

data/app/services/hydra/lease_service.rb

@@ -10,7 +10,7 @@ module Hydra
       #   (assumes that when lease visibility is applied to assets
       #    whose leases have expired, the lease expiration date will be removed from its metadata)
       def assets_under_lease
-        ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:[* TO *]")
+        ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:*")
       end
 
       # Returns all assets that have had embargoes deactivated in the past.
@@ -20,3 +20,4 @@ module Hydra
     end
   end
 end
+

data/hydra-access-controls.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |gem|
   gem.email         = ["hydra-tech@googlegroups.com"]
   gem.description   = %q{Access controls for project hydra}
   gem.summary       = %q{Access controls for project hydra}
-  gem.homepage      = "https://github.com/samvera/hydra-head/tree/master/hydra-access-controls"
+  gem.homepage      = "http://projecthydra.org"
 
   gem.files         = `git ls-files`.split($\)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -19,11 +19,11 @@ Gem::Specification.new do |gem|
   gem.required_ruby_version = '>= 1.9.3'
 
   gem.add_dependency 'activesupport', '>= 4', '< 6'
-  gem.add_dependency "active-fedora", '>= 10.0.0'
-  gem.add_dependency "blacklight", '>= 5.16'
-  gem.add_dependency "blacklight-access_controls", '~> 0.6.0'
+  gem.add_dependency "active-fedora", '~> 12.0'
   gem.add_dependency 'cancancan', '~> 1.8'
   gem.add_dependency 'deprecation', '~> 1.0'
+  gem.add_dependency "blacklight", '>= 5.16'
+  gem.add_dependency "blacklight-access_controls", '~> 0.7.0.rc1'
 
   gem.add_development_dependency "rake", '~> 10.1'
   gem.add_development_dependency 'rspec', '~> 3.1'

data/lib/active_fedora/accessible_by.rb

@@ -1,8 +1,5 @@
 ActiveFedora::QueryMethods.module_eval do
   extend ActiveSupport::Concern
-  included do
-    include Hydra::AccessControlsEnforcement
-  end
 
   def accessible_by(ability, action = :index)
     permission_types = case action
@@ -14,6 +11,15 @@ ActiveFedora::QueryMethods.module_eval do
     filters = gated_discovery_filters(permission_types, ability).join(" OR ")
     spawn.where!(filters)
   end
+
+  private
+
+    def gated_discovery_filters(types, ability)
+      search_builder = Hydra::AccessControls::SearchBuilder.new(self,
+                                                                ability: ability,
+                                                                permission_types: types)
+      search_builder.send(:gated_discovery_filters)
+    end
 end
 
 ActiveFedora::Querying.module_eval do

data/lib/hydra-access-controls.rb

@@ -29,7 +29,12 @@ module Hydra
     alias :config :configure
   end
 
-  class Engine < Rails::Engine; end
+  class Engine < Rails::Engine
+    # autoload_paths is only necessary for Rails 3
+    config.autoload_paths += %W(
+      #{config.root}/app/models/concerns
+    )
+  end
 
   # This error is raised when a user isn't allowed to access a given controller action.
   # This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
@@ -38,11 +43,3 @@ module Hydra
 end
 
 require 'active_fedora/accessible_by'
-
-# While we support ActiveFedora 10 and 11, alias ActiveFedora::Indexing and
-# ActiveFedora::Indexing::Inserter to Solrizer
-require 'active_fedora/version'
-if ActiveFedora.version.split('.').first.to_i < 12
-  ActiveFedora::Indexing::Inserter   = Solrizer
-  ActiveFedora::Indexing::Descriptor = Solrizer::Descriptor
-end

data/lib/hydra/access_controls_enforcement.rb

@@ -2,6 +2,12 @@ module Hydra::AccessControlsEnforcement
   extend ActiveSupport::Concern
   include Blacklight::AccessControls::Enforcement
 
+  included do
+    Deprecation.warn(self, 'Hydra::AccessControlsEnforcement is deprecated ' \
+      'and will be removed in version 11. Use ' \
+      'Hydra::AccessControls::SearchBuilder instead.')
+  end
+
   protected
 
   def under_embargo?

data/lib/hydra/policy_aware_access_controls_enforcement.rb

@@ -1,5 +1,11 @@
 # Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
 module Hydra::PolicyAwareAccessControlsEnforcement
+  extend ActiveSupport::Concern
+  included do
+    Deprecation.warn(self, 'Hydra::PolicyAwareAccessControlsEnforcement is deprecated ' \
+      'and will be removed in version 11. Use ' \
+      'Hydra::AccessControls::PolicyAwareSearchBuilder instead.')
+  end
 
   # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access.
   # Appends the result of policy_clauses into the :fq

data/spec/factories.rb

@@ -11,52 +11,52 @@ FactoryBot.define do
   end
 
   factory :archivist, :parent=>:user do |u|
-    uid { 'archivist1' }
-    password { 'archivist1' }
+    uid 'archivist1'
+    password 'archivist1'
   end
   factory :registered_user, :parent=>:user do |u|
-    uid { 'registered_user' }
-    password { 'registered_user' }
+    uid 'registered_user'
+    password 'registered_user'
   end
   factory :staff, :parent=>:user do |u|
-    uid { 'staff1' }
-    password { 'staff1' }
+    uid 'staff1'
+    password 'staff1'
   end
   factory :student, :parent=>:user do |u|
-    uid { 'student1' }
-    password { 'student1' }
+    uid 'student1'
+    password 'student1'
   end
   factory :joe_creator, :parent=>:user do |u|
-    uid { 'joe_creator' }
-    password { 'joe_creator' }
+    uid 'joe_creator'
+    password 'joe_creator'
   end
   factory :martia_morocco, :parent=>:user do |u|
-    uid { 'martia_morocco' }
-    password { 'martia_morocco' }
+    uid 'martia_morocco'
+    password 'martia_morocco'
   end
   factory :ira_instructor, :parent=>:user do |u|
-    uid { 'ira_instructor' }
-    password { 'ira_instructor' }
+    uid 'ira_instructor'
+    password 'ira_instructor'
   end
   factory :calvin_collaborator, :parent=>:user do |u|
-    uid { 'calvin_collaborator' }
-    password { 'calvin_collaborator' }
+    uid 'calvin_collaborator'
+    password 'calvin_collaborator'
   end
   factory :sara_student, :parent=>:user do |u|
-    uid { 'sara_student' }
-    password { 'sara_student' }
+    uid 'sara_student'
+    password 'sara_student'
   end
   factory :louis_librarian, :parent=>:user do |u|
-    uid { 'louis_librarian' }
-    password { 'louis_librarian' }
+    uid 'louis_librarian'
+    password 'louis_librarian'
   end
   factory :carol_curator, :parent=>:user do |u|
-    uid { 'carol_curator' }
-    password { 'carol_curator' }
+    uid 'carol_curator'
+    password 'carol_curator'
   end
   factory :alice_admin, :parent=>:user do |u|
-    uid { 'alice_admin' }
-    password { 'alice_admin' }
+    uid 'alice_admin'
+    password 'alice_admin'
   end
 
   #
@@ -70,23 +70,23 @@ FactoryBot.define do
   end
 
   factory :default_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
+    permissions_attributes [{ name: "joe_creator", access: "edit", type: "person" }]
   end
 
   factory :dept_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
+    permissions_attributes [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
   end
 
   factory :group_edit_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
+    permissions_attributes [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
   end
 
   factory :org_read_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
+    permissions_attributes [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
   end
 
   factory :open_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
+    permissions_attributes [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
   end
 
 end

data/spec/services/embargo_service_spec.rb

@@ -29,6 +29,7 @@ describe Hydra::EmbargoService do
 
   describe "#assets_under_embargo" do
     it "returns all assets with embargo release date set" do
+      result = subject.assets_under_embargo
       returned_ids = subject.assets_under_embargo.map {|a| a.id}
       expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id, work_with_embargo_in_effect.id
       expect(returned_ids).to_not include work_without_embargo.id

data/spec/spec_helper.rb

@@ -11,22 +11,12 @@ Hydra::Engine.config.autoload_paths.each { |path| $LOAD_PATH.unshift path }
 
 require 'byebug' unless ENV['CI']
 
-def coverage_needed?
-  ENV['COVERAGE'] || ENV['CI']
-end
-
-if RUBY_VERSION =~ /^1.9/ && coverage_needed?
+if ENV['COVERAGE'] and RUBY_VERSION =~ /^1.9/
   require 'simplecov'
-  require 'coveralls'
+  require 'simplecov-rcov'
 
-  SimpleCov.root(File.expand_path('../../../', __FILE__))
-  SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
-    [
-      SimpleCov::Formatter::HTMLFormatter,
-      Coveralls::SimpleCov::Formatter
-    ]
-  )
-  SimpleCov.start('rails')
+  SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
+  SimpleCov.start
 end
 
 # Since we're not doing a Rails Engine test, we have to load these classes manually:
@@ -62,3 +52,4 @@ RSpec.configure do |config|
     ActiveFedora::Cleaner.clean!
   end
 end
+

data/spec/support/user.rb

@@ -5,7 +5,7 @@ class User
   attr_accessor :uid
 
   def initialize(params={})
-    self.uid = params.delete(:uid) if params && params[:uid]
+    self.uid = params.delete(:uid) if params[:uid]
     super
   end
   

data/spec/unit/permissions_spec.rb

@@ -28,8 +28,9 @@ describe Hydra::AccessControls::Permissions do
   end
 
   describe "building a new permission" do
+    before { subject.save! }
+
     it "sets the accessTo association" do
-      subject.save!
       perm = subject.permissions.build(name: 'user1', type: 'person', access: 'read')
       expect(perm.access_to_id).to eq subject.id
     end
@@ -37,13 +38,9 @@ describe Hydra::AccessControls::Permissions do
     it "autosaves the permissions" do
       subject.permissions.build(name: 'user1', type: 'person', access: 'read')
       subject.save!
+      subject.reload
       foo = Foo.find(subject.id)
-
-      expect(foo.permissions)
-        .to contain_exactly(have_attributes(access:       'read',
-                                            access_to_id: subject.id,
-                                            agent_name:   'user1',
-                                            type:         'person'))
+      expect(foo.permissions.to_a).not_to eq []
     end
   end
 

data/spec/unit/policy_aware_access_controls_enforcement_spec.rb

@@ -6,8 +6,10 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
 
     class PolicyMockSearchBuilder < Blacklight::SearchBuilder
       include Blacklight::Solr::SearchBuilderBehavior
-      include Hydra::AccessControlsEnforcement
-      include Hydra::PolicyAwareAccessControlsEnforcement
+      Deprecation.silence(PolicyMockSearchBuilder) do
+        include Hydra::AccessControlsEnforcement
+        include Hydra::PolicyAwareAccessControlsEnforcement
+      end
       attr_accessor :params
 
       def initialize(current_ability)
@@ -134,15 +136,14 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
 
     context "when policies are included" do
       before { subject.apply_gated_discovery(@solr_parameters) }
-      
+
       it "builds a query that includes all the policies" do
-        skip if ActiveFedora.version.split('.').first.to_i < 11
         (1..11).each do |p|
           expect(policy_queries).to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
         end
       end
     end
-    
+
     context "when policies are not included" do
       before do
         allow(subject).to receive(:policy_clauses).and_return(nil)

data/tasks/hydra-access-controls.rake

@@ -6,7 +6,7 @@ namespace "hydra-access" do
     fcrepo_params = { port: 8986, verbose: true, managed: true,
                       no_jms: true, fcrepo_home_dir: 'fcrepo4-test-data' }
     SolrWrapper.wrap(solr_params) do |solr|
-      solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "conf")) do
+      solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "config")) do
         FcrepoWrapper.wrap(fcrepo_params) do
           Rake::Task['spec'].invoke
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 10.7.0
+  version: 11.0.0.rc1
 platform: ruby
 authors:
 - Chris Beer
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-21 00:00:00.000000000 Z
+date: 2018-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -36,72 +36,72 @@ dependencies:
   name: active-fedora
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: '12.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: '12.0'
 - !ruby/object:Gem::Dependency
-  name: blacklight
+  name: cancancan
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.16'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.16'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
-  name: blacklight-access_controls
+  name: deprecation
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: cancancan
+  name: blacklight
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '5.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '5.16'
 - !ruby/object:Gem::Dependency
-  name: deprecation
+  name: blacklight-access_controls
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.7.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.7.0.rc1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -160,6 +160,8 @@ files:
 - app/models/hydra/access_controls/permission.rb
 - app/models/hydra/permissions_solr_document.rb
 - app/models/role_mapper.rb
+- app/search_builders/hydra/access_controls/policy_aware_search_builder.rb
+- app/search_builders/hydra/access_controls/search_builder.rb
 - app/services/hydra/embargo_service.rb
 - app/services/hydra/lease_service.rb
 - app/validators/hydra/future_date_validator.rb
@@ -211,7 +213,7 @@ files:
 - spec/unit/with_depositor_spec.rb
 - spec/validators/future_date_validator_spec.rb
 - tasks/hydra-access-controls.rake
-homepage: https://github.com/samvera/hydra-head/tree/master/hydra-access-controls
+homepage: http://projecthydra.org
 licenses:
 - APACHE-2.0
 metadata: {}
@@ -226,11 +228,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.0.1
+rubyforge_project: 
+rubygems_version: 2.7.1
 signing_key: 
 specification_version: 4
 summary: Access controls for project hydra