hydra-access-controls 11.0.0.rc1 → 11.0.0.rc2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/app/models/concerns/hydra/access_controls/permissions.rb +1 -1
  3. data/app/models/hydra/access_control.rb +2 -2
  4. data/app/models/role_mapper.rb +3 -5
  5. data/app/services/hydra/embargo_service.rb +1 -1
  6. data/app/services/hydra/lease_service.rb +1 -2
  7. data/hydra-access-controls.gemspec +4 -4
  8. data/lib/active_fedora/accessible_by.rb +3 -9
  9. data/lib/hydra-access-controls.rb +9 -6
  10. data/lib/hydra/access_controls_enforcement.rb +0 -6
  11. data/lib/hydra/policy_aware_access_controls_enforcement.rb +0 -6
  12. data/spec/factories.rb +29 -29
  13. data/spec/services/embargo_service_spec.rb +0 -1
  14. data/spec/spec_helper.rb +14 -5
  15. data/spec/support/user.rb +1 -1
  16. data/spec/unit/accessible_by_spec.rb +1 -1
  17. data/spec/unit/permissions_spec.rb +7 -4
  18. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +5 -6
  19. data/tasks/hydra-access-controls.rake +1 -1
  20. metadata +24 -27
  21. data/app/search_builders/hydra/access_controls/policy_aware_search_builder.rb +0 -97
  22. data/app/search_builders/hydra/access_controls/search_builder.rb +0 -13
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 61225eacc0eb1ffe2facc00ac42aa082567c42835cb4d5b05f69e2fa0ee6fd37
4
- data.tar.gz: 426e99adcb97802d370833f95112b48be577745fc195ceb4fccfed0c97f6276d
3
+ metadata.gz: c1c375e2d0865e3c30b810323eab035c5ecd19e058417c7bf1c486c360862df5
4
+ data.tar.gz: 209bdc9997eead2dac861e6c628555c3d1367a47ab2a79485d75d1634641e845
5
5
  SHA512:
6
- metadata.gz: a3744e8f64c8b98d2a5a2e1d1a7c8b1f941937f2041f8698e11068cc0d934b3d9f227054ce8feacd185b6ec1e8a9c57835684aa868676210f387cbda503165e8
7
- data.tar.gz: e5b37637f6fd11f5bc9c1f85ebde7227b93ceb434281437b9a410992ec5abaefb8e648ff945d59c1e8382ea142860d0cfb1f24fffb3bb4e4a20aa4b7952c52fd
6
+ metadata.gz: cccfdc0d8acf8d16fe0a78f7e953c7f2a9ee5760431ebca7f8c726b223faff8e9faffb89ebeaf77c0f3359f454170a64662b791743fe066915ece9412cdb808f
7
+ data.tar.gz: 24be0383b71eeac26a4517c49f6a11c4c19595bf8d788278f32f3c62d62cf94523a8bae5fa533a2cb941c9183497bdd701c4661691906c470da2916bf54ebcdf
data/app/models/concerns/hydra/access_controls/permissions.rb CHANGED
@@ -22,7 +22,7 @@ module Hydra
22
22
  end
23
23
 
24
24
  def permission_delegate
25
- (access_control || create_access_control).tap { |d| d.owner = self }
25
+ (access_control || build_access_control).tap { |d| d.owner = self }
26
26
  end
27
27
 
28
28
  def to_solr(solr_doc = {})
data/app/models/hydra/access_control.rb CHANGED
@@ -31,11 +31,11 @@ module Hydra
31
31
  obj.update(attributes.except(:id, '_destroy'))
32
32
  end
33
33
  else
34
- relationship.create(attributes)
34
+ relationship.build(attributes)
35
35
  end
36
36
  end
37
37
  # Poison the cache
38
- relationship.reset if any_destroyed
38
+ save! && relationship.reset if any_destroyed
39
39
  end
40
40
 
41
41
  def relationship
data/app/models/role_mapper.rb CHANGED
@@ -1,8 +1,6 @@
1
- # RoleMapper This is used by AccessControls::SearchBuilder to get users' Roles
2
- # (used in access permissions) If you are using something like Shibboleth or
3
- # LDAP to get users' Roles, you should override this Class. Your override
4
- # should include a Module that implements the same behaviors as
5
- # Hydra::RoleMapperBehavior
1
+ # RoleMapper This is used by AccessControlsEnforcement to get users' Roles (used in access permissions)
2
+ # If you are using something like Shibboleth or LDAP to get users' Roles, you should override this Class.
3
+ # Your override should include a Module that implements the same behaviors as Hydra::RoleMapperBehavior
6
4
  class RoleMapper
7
5
  include Hydra::RoleMapperBehavior
8
6
  end
data/app/services/hydra/embargo_service.rb CHANGED
@@ -14,7 +14,7 @@ module Hydra
14
14
  # (assumes that when lease visibility is applied to assets
15
15
  # whose leases have expired, the lease expiration date will be removed from its metadata)
16
16
  def assets_under_embargo
17
- ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:*")
17
+ ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:[* TO *]")
18
18
  end
19
19
 
20
20
  # Returns all assets that have had embargoes deactivated in the past.
data/app/services/hydra/lease_service.rb CHANGED
@@ -10,7 +10,7 @@ module Hydra
10
10
  # (assumes that when lease visibility is applied to assets
11
11
  # whose leases have expired, the lease expiration date will be removed from its metadata)
12
12
  def assets_under_lease
13
- ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:*")
13
+ ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:[* TO *]")
14
14
  end
15
15
 
16
16
  # Returns all assets that have had embargoes deactivated in the past.
@@ -20,4 +20,3 @@ module Hydra
20
20
  end
21
21
  end
22
22
  end
23
-
data/hydra-access-controls.gemspec CHANGED
@@ -6,7 +6,7 @@ Gem::Specification.new do |gem|
6
6
  gem.email = ["hydra-tech@googlegroups.com"]
7
7
  gem.description = %q{Access controls for project hydra}
8
8
  gem.summary = %q{Access controls for project hydra}
9
- gem.homepage = "http://projecthydra.org"
9
+ gem.homepage = "https://github.com/samvera/hydra-head/tree/master/hydra-access-controls"
10
10
 
11
11
  gem.files = `git ls-files`.split($\)
12
12
  gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -19,11 +19,11 @@ Gem::Specification.new do |gem|
19
19
  gem.required_ruby_version = '>= 1.9.3'
20
20
 
21
21
  gem.add_dependency 'activesupport', '>= 4', '< 6'
22
- gem.add_dependency "active-fedora", '~> 12.0'
22
+ gem.add_dependency "active-fedora", '>= 10.0.0'
23
+ gem.add_dependency "blacklight", '>= 5.16'
24
+ gem.add_dependency "blacklight-access_controls", '~> 0.6.0'
23
25
  gem.add_dependency 'cancancan', '~> 1.8'
24
26
  gem.add_dependency 'deprecation', '~> 1.0'
25
- gem.add_dependency "blacklight", '>= 5.16'
26
- gem.add_dependency "blacklight-access_controls", '~> 0.7.0.rc1'
27
27
 
28
28
  gem.add_development_dependency "rake", '~> 10.1'
29
29
  gem.add_development_dependency 'rspec', '~> 3.1'
data/lib/active_fedora/accessible_by.rb CHANGED
@@ -1,5 +1,8 @@
1
1
  ActiveFedora::QueryMethods.module_eval do
2
2
  extend ActiveSupport::Concern
3
+ included do
4
+ include Hydra::AccessControlsEnforcement
5
+ end
3
6
 
4
7
  def accessible_by(ability, action = :index)
5
8
  permission_types = case action
@@ -11,15 +14,6 @@ ActiveFedora::QueryMethods.module_eval do
11
14
  filters = gated_discovery_filters(permission_types, ability).join(" OR ")
12
15
  spawn.where!(filters)
13
16
  end
14
-
15
- private
16
-
17
- def gated_discovery_filters(types, ability)
18
- search_builder = Hydra::AccessControls::SearchBuilder.new(self,
19
- ability: ability,
20
- permission_types: types)
21
- search_builder.send(:gated_discovery_filters)
22
- end
23
17
  end
24
18
 
25
19
  ActiveFedora::Querying.module_eval do
data/lib/hydra-access-controls.rb CHANGED
@@ -29,12 +29,7 @@ module Hydra
29
29
  alias :config :configure
30
30
  end
31
31
 
32
- class Engine < Rails::Engine
33
- # autoload_paths is only necessary for Rails 3
34
- config.autoload_paths += %W(
35
- #{config.root}/app/models/concerns
36
- )
37
- end
32
+ class Engine < Rails::Engine; end
38
33
 
39
34
  # This error is raised when a user isn't allowed to access a given controller action.
40
35
  # This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
@@ -43,3 +38,11 @@ module Hydra
43
38
  end
44
39
 
45
40
  require 'active_fedora/accessible_by'
41
+
42
+ # While we support ActiveFedora 10 and 11, alias ActiveFedora::Indexing and
43
+ # ActiveFedora::Indexing::Inserter to Solrizer
44
+ require 'active_fedora/version'
45
+ if ActiveFedora.version.split('.').first.to_i < 12
46
+ ActiveFedora::Indexing::Inserter = Solrizer
47
+ ActiveFedora::Indexing::Descriptor = Solrizer::Descriptor
48
+ end
data/lib/hydra/access_controls_enforcement.rb CHANGED
@@ -2,12 +2,6 @@ module Hydra::AccessControlsEnforcement
2
2
  extend ActiveSupport::Concern
3
3
  include Blacklight::AccessControls::Enforcement
4
4
 
5
- included do
6
- Deprecation.warn(self, 'Hydra::AccessControlsEnforcement is deprecated ' \
7
- 'and will be removed in version 11. Use ' \
8
- 'Hydra::AccessControls::SearchBuilder instead.')
9
- end
10
-
11
5
  protected
12
6
 
13
7
  def under_embargo?
data/lib/hydra/policy_aware_access_controls_enforcement.rb CHANGED
@@ -1,11 +1,5 @@
1
1
  # Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
2
2
  module Hydra::PolicyAwareAccessControlsEnforcement
3
- extend ActiveSupport::Concern
4
- included do
5
- Deprecation.warn(self, 'Hydra::PolicyAwareAccessControlsEnforcement is deprecated ' \
6
- 'and will be removed in version 11. Use ' \
7
- 'Hydra::AccessControls::PolicyAwareSearchBuilder instead.')
8
- end
9
3
 
10
4
  # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access.
11
5
  # Appends the result of policy_clauses into the :fq
data/spec/factories.rb CHANGED
@@ -11,52 +11,52 @@ FactoryBot.define do
11
11
  end
12
12
 
13
13
  factory :archivist, :parent=>:user do |u|
14
- uid 'archivist1'
15
- password 'archivist1'
14
+ uid { 'archivist1' }
15
+ password { 'archivist1' }
16
16
  end
17
17
  factory :registered_user, :parent=>:user do |u|
18
- uid 'registered_user'
19
- password 'registered_user'
18
+ uid { 'registered_user' }
19
+ password { 'registered_user' }
20
20
  end
21
21
  factory :staff, :parent=>:user do |u|
22
- uid 'staff1'
23
- password 'staff1'
22
+ uid { 'staff1' }
23
+ password { 'staff1' }
24
24
  end
25
25
  factory :student, :parent=>:user do |u|
26
- uid 'student1'
27
- password 'student1'
26
+ uid { 'student1' }
27
+ password { 'student1' }
28
28
  end
29
29
  factory :joe_creator, :parent=>:user do |u|
30
- uid 'joe_creator'
31
- password 'joe_creator'
30
+ uid { 'joe_creator' }
31
+ password { 'joe_creator' }
32
32
  end
33
33
  factory :martia_morocco, :parent=>:user do |u|
34
- uid 'martia_morocco'
35
- password 'martia_morocco'
34
+ uid { 'martia_morocco' }
35
+ password { 'martia_morocco' }
36
36
  end
37
37
  factory :ira_instructor, :parent=>:user do |u|
38
- uid 'ira_instructor'
39
- password 'ira_instructor'
38
+ uid { 'ira_instructor' }
39
+ password { 'ira_instructor' }
40
40
  end
41
41
  factory :calvin_collaborator, :parent=>:user do |u|
42
- uid 'calvin_collaborator'
43
- password 'calvin_collaborator'
42
+ uid { 'calvin_collaborator' }
43
+ password { 'calvin_collaborator' }
44
44
  end
45
45
  factory :sara_student, :parent=>:user do |u|
46
- uid 'sara_student'
47
- password 'sara_student'
46
+ uid { 'sara_student' }
47
+ password { 'sara_student' }
48
48
  end
49
49
  factory :louis_librarian, :parent=>:user do |u|
50
- uid 'louis_librarian'
51
- password 'louis_librarian'
50
+ uid { 'louis_librarian' }
51
+ password { 'louis_librarian' }
52
52
  end
53
53
  factory :carol_curator, :parent=>:user do |u|
54
- uid 'carol_curator'
55
- password 'carol_curator'
54
+ uid { 'carol_curator' }
55
+ password { 'carol_curator' }
56
56
  end
57
57
  factory :alice_admin, :parent=>:user do |u|
58
- uid 'alice_admin'
59
- password 'alice_admin'
58
+ uid { 'alice_admin' }
59
+ password { 'alice_admin' }
60
60
  end
61
61
 
62
62
  #
@@ -70,23 +70,23 @@ FactoryBot.define do
70
70
  end
71
71
 
72
72
  factory :default_access_asset, :parent=>:asset do |a|
73
- permissions_attributes [{ name: "joe_creator", access: "edit", type: "person" }]
73
+ permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
74
74
  end
75
75
 
76
76
  factory :dept_access_asset, :parent=>:asset do |a|
77
- permissions_attributes [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
77
+ permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
78
78
  end
79
79
 
80
80
  factory :group_edit_asset, :parent=>:asset do |a|
81
- permissions_attributes [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
81
+ permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
82
82
  end
83
83
 
84
84
  factory :org_read_access_asset, :parent=>:asset do |a|
85
- permissions_attributes [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
85
+ permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
86
86
  end
87
87
 
88
88
  factory :open_access_asset, :parent=>:asset do |a|
89
- permissions_attributes [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
89
+ permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
90
90
  end
91
91
 
92
92
  end
data/spec/services/embargo_service_spec.rb CHANGED
@@ -29,7 +29,6 @@ describe Hydra::EmbargoService do
29
29
 
30
30
  describe "#assets_under_embargo" do
31
31
  it "returns all assets with embargo release date set" do
32
- result = subject.assets_under_embargo
33
32
  returned_ids = subject.assets_under_embargo.map {|a| a.id}
34
33
  expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id, work_with_embargo_in_effect.id
35
34
  expect(returned_ids).to_not include work_without_embargo.id
data/spec/spec_helper.rb CHANGED
@@ -11,12 +11,22 @@ Hydra::Engine.config.autoload_paths.each { |path| $LOAD_PATH.unshift path }
11
11
 
12
12
  require 'byebug' unless ENV['CI']
13
13
 
14
- if ENV['COVERAGE'] and RUBY_VERSION =~ /^1.9/
14
+ def coverage_needed?
15
+ ENV['COVERAGE'] || ENV['CI']
16
+ end
17
+
18
+ if RUBY_VERSION =~ /^1.9/ && coverage_needed?
15
19
  require 'simplecov'
16
- require 'simplecov-rcov'
20
+ require 'coveralls'
17
21
 
18
- SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
19
- SimpleCov.start
22
+ SimpleCov.root(File.expand_path('../../../', __FILE__))
23
+ SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
24
+ [
25
+ SimpleCov::Formatter::HTMLFormatter,
26
+ Coveralls::SimpleCov::Formatter
27
+ ]
28
+ )
29
+ SimpleCov.start('rails')
20
30
  end
21
31
 
22
32
  # Since we're not doing a Rails Engine test, we have to load these classes manually:
@@ -52,4 +62,3 @@ RSpec.configure do |config|
52
62
  ActiveFedora::Cleaner.clean!
53
63
  end
54
64
  end
55
-
data/spec/support/user.rb CHANGED
@@ -5,7 +5,7 @@ class User
5
5
  attr_accessor :uid
6
6
 
7
7
  def initialize(params={})
8
- self.uid = params.delete(:uid) if params[:uid]
8
+ self.uid = params.delete(:uid) if params && params[:uid]
9
9
  super
10
10
  end
11
11
 
data/spec/unit/accessible_by_spec.rb CHANGED
@@ -23,7 +23,7 @@ describe "active_fedora/accessible_by" do
23
23
 
24
24
  describe "#accsesible_by" do
25
25
  it "should return objects readable by the ability" do
26
- expect(ModsAsset.accessible_by(ability)).to eq [public_obj, editable_obj]
26
+ expect(ModsAsset.accessible_by(ability)).to contain_exactly(public_obj, editable_obj)
27
27
  end
28
28
  it "should return object editable by the ability" do
29
29
  expect(ModsAsset.accessible_by(ability, :edit)).to eq [editable_obj]
data/spec/unit/permissions_spec.rb CHANGED
@@ -28,9 +28,8 @@ describe Hydra::AccessControls::Permissions do
28
28
  end
29
29
 
30
30
  describe "building a new permission" do
31
- before { subject.save! }
32
-
33
31
  it "sets the accessTo association" do
32
+ subject.save!
34
33
  perm = subject.permissions.build(name: 'user1', type: 'person', access: 'read')
35
34
  expect(perm.access_to_id).to eq subject.id
36
35
  end
@@ -38,9 +37,13 @@ describe Hydra::AccessControls::Permissions do
38
37
  it "autosaves the permissions" do
39
38
  subject.permissions.build(name: 'user1', type: 'person', access: 'read')
40
39
  subject.save!
41
- subject.reload
42
40
  foo = Foo.find(subject.id)
43
- expect(foo.permissions.to_a).not_to eq []
41
+
42
+ expect(foo.permissions)
43
+ .to contain_exactly(have_attributes(access: 'read',
44
+ access_to_id: subject.id,
45
+ agent_name: 'user1',
46
+ type: 'person'))
44
47
  end
45
48
  end
46
49
 
data/spec/unit/policy_aware_access_controls_enforcement_spec.rb CHANGED
@@ -6,10 +6,8 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
6
6
 
7
7
  class PolicyMockSearchBuilder < Blacklight::SearchBuilder
8
8
  include Blacklight::Solr::SearchBuilderBehavior
9
- Deprecation.silence(PolicyMockSearchBuilder) do
10
- include Hydra::AccessControlsEnforcement
11
- include Hydra::PolicyAwareAccessControlsEnforcement
12
- end
9
+ include Hydra::AccessControlsEnforcement
10
+ include Hydra::PolicyAwareAccessControlsEnforcement
13
11
  attr_accessor :params
14
12
 
15
13
  def initialize(current_ability)
@@ -136,14 +134,15 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
136
134
 
137
135
  context "when policies are included" do
138
136
  before { subject.apply_gated_discovery(@solr_parameters) }
139
-
137
+
140
138
  it "builds a query that includes all the policies" do
139
+ skip if ActiveFedora.version.split('.').first.to_i < 11
141
140
  (1..11).each do |p|
142
141
  expect(policy_queries).to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
143
142
  end
144
143
  end
145
144
  end
146
-
145
+
147
146
  context "when policies are not included" do
148
147
  before do
149
148
  allow(subject).to receive(:policy_clauses).and_return(nil)
data/tasks/hydra-access-controls.rake CHANGED
@@ -6,7 +6,7 @@ namespace "hydra-access" do
6
6
  fcrepo_params = { port: 8986, verbose: true, managed: true,
7
7
  no_jms: true, fcrepo_home_dir: 'fcrepo4-test-data' }
8
8
  SolrWrapper.wrap(solr_params) do |solr|
9
- solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "config")) do
9
+ solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "conf")) do
10
10
  FcrepoWrapper.wrap(fcrepo_params) do
11
11
  Rake::Task['spec'].invoke
12
12
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.0.0.rc1
4
+ version: 11.0.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2018-01-17 00:00:00.000000000 Z
13
+ date: 2020-01-29 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -36,72 +36,72 @@ dependencies:
36
36
  name: active-fedora
37
37
  requirement: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - "~>"
39
+ - - ">="
40
40
  - !ruby/object:Gem::Version
41
- version: '12.0'
41
+ version: 10.0.0
42
42
  type: :runtime
43
43
  prerelease: false
44
44
  version_requirements: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - "~>"
46
+ - - ">="
47
47
  - !ruby/object:Gem::Version
48
- version: '12.0'
48
+ version: 10.0.0
49
49
  - !ruby/object:Gem::Dependency
50
- name: cancancan
50
+ name: blacklight
51
51
  requirement: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - "~>"
53
+ - - ">="
54
54
  - !ruby/object:Gem::Version
55
- version: '1.8'
55
+ version: '5.16'
56
56
  type: :runtime
57
57
  prerelease: false
58
58
  version_requirements: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - "~>"
60
+ - - ">="
61
61
  - !ruby/object:Gem::Version
62
- version: '1.8'
62
+ version: '5.16'
63
63
  - !ruby/object:Gem::Dependency
64
- name: deprecation
64
+ name: blacklight-access_controls
65
65
  requirement: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - "~>"
68
68
  - !ruby/object:Gem::Version
69
- version: '1.0'
69
+ version: 0.6.0
70
70
  type: :runtime
71
71
  prerelease: false
72
72
  version_requirements: !ruby/object:Gem::Requirement
73
73
  requirements:
74
74
  - - "~>"
75
75
  - !ruby/object:Gem::Version
76
- version: '1.0'
76
+ version: 0.6.0
77
77
  - !ruby/object:Gem::Dependency
78
- name: blacklight
78
+ name: cancancan
79
79
  requirement: !ruby/object:Gem::Requirement
80
80
  requirements:
81
- - - ">="
81
+ - - "~>"
82
82
  - !ruby/object:Gem::Version
83
- version: '5.16'
83
+ version: '1.8'
84
84
  type: :runtime
85
85
  prerelease: false
86
86
  version_requirements: !ruby/object:Gem::Requirement
87
87
  requirements:
88
- - - ">="
88
+ - - "~>"
89
89
  - !ruby/object:Gem::Version
90
- version: '5.16'
90
+ version: '1.8'
91
91
  - !ruby/object:Gem::Dependency
92
- name: blacklight-access_controls
92
+ name: deprecation
93
93
  requirement: !ruby/object:Gem::Requirement
94
94
  requirements:
95
95
  - - "~>"
96
96
  - !ruby/object:Gem::Version
97
- version: 0.7.0.rc1
97
+ version: '1.0'
98
98
  type: :runtime
99
99
  prerelease: false
100
100
  version_requirements: !ruby/object:Gem::Requirement
101
101
  requirements:
102
102
  - - "~>"
103
103
  - !ruby/object:Gem::Version
104
- version: 0.7.0.rc1
104
+ version: '1.0'
105
105
  - !ruby/object:Gem::Dependency
106
106
  name: rake
107
107
  requirement: !ruby/object:Gem::Requirement
@@ -160,8 +160,6 @@ files:
160
160
  - app/models/hydra/access_controls/permission.rb
161
161
  - app/models/hydra/permissions_solr_document.rb
162
162
  - app/models/role_mapper.rb
163
- - app/search_builders/hydra/access_controls/policy_aware_search_builder.rb
164
- - app/search_builders/hydra/access_controls/search_builder.rb
165
163
  - app/services/hydra/embargo_service.rb
166
164
  - app/services/hydra/lease_service.rb
167
165
  - app/validators/hydra/future_date_validator.rb
@@ -213,7 +211,7 @@ files:
213
211
  - spec/unit/with_depositor_spec.rb
214
212
  - spec/validators/future_date_validator_spec.rb
215
213
  - tasks/hydra-access-controls.rake
216
- homepage: http://projecthydra.org
214
+ homepage: https://github.com/samvera/hydra-head/tree/master/hydra-access-controls
217
215
  licenses:
218
216
  - APACHE-2.0
219
217
  metadata: {}
@@ -232,8 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
232
230
  - !ruby/object:Gem::Version
233
231
  version: 1.3.1
234
232
  requirements: []
235
- rubyforge_project:
236
- rubygems_version: 2.7.1
233
+ rubygems_version: 3.0.4
237
234
  signing_key:
238
235
  specification_version: 4
239
236
  summary: Access controls for project hydra
data/app/search_builders/hydra/access_controls/policy_aware_search_builder.rb DELETED
@@ -1,97 +0,0 @@
1
- module Hydra
2
- module AccessControls
3
- # A SearchBuilder that applies filters that are expressed within policies.
4
- # The permissions on the policy are inherited by the objects goverend by the
5
- # policy.
6
- class PolicyAwareSearchBuilder < Hydra::AccessControls::SearchBuilder
7
- # Extends Blacklight::AccessControls::SearchBuilder.apply_gated_discovery
8
- # to reflect policy-provided access.
9
- # Appends the result of policy_clauses into the :fq
10
- # @param [Hash] solr_parameters the current solr parameters, to be
11
- # modified herein!
12
- def apply_gated_discovery(solr_parameters)
13
- super
14
- logger.debug("POLICY-aware Solr parameters: #{solr_parameters.inspect}")
15
- end
16
-
17
- # @return [String,nil] solr query for finding all objects whose policies
18
- # grant discover access to current_user
19
- def policy_clauses
20
- policy_ids = policies_with_access
21
- return nil if policy_ids.empty?
22
- clauses = policy_ids.map do |id|
23
- ActiveFedora::SolrQueryBuilder
24
- .construct_query_for_rel(isGovernedBy: id)
25
- end
26
- '(' + clauses.join(' OR '.freeze) + ')'
27
- end
28
-
29
- # Find all the policies that grant discover/read/edit permissions to this user or any of its groups.
30
- # Grant access based on user id & group
31
- def policies_with_access
32
- #### TODO -- Memoize this and put it in the session?
33
- user_access_filters = []
34
- user_access_filters += apply_policy_group_permissions(discovery_permissions)
35
- user_access_filters += apply_policy_user_permissions(discovery_permissions)
36
- where = user_access_filters.join(' OR ')
37
- result = policy_class.search_with_conditions(where,
38
- fl: 'id',
39
- rows: policy_class.count)
40
- logger.debug "get policies: #{result}\n\n"
41
- result.map { |h| h['id'] }
42
- end
43
-
44
- # for groups
45
- # @param [Array{String,#to_sym}] permission_types symbols (or equivalent) from Hydra.config.permissions.inheritable
46
- def apply_policy_group_permissions(permission_types = discovery_permissions)
47
- user_access_filters = []
48
- current_ability.user_groups.each do |group|
49
- permission_types.each do |type|
50
- user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].group, group)
51
- end
52
- end
53
- user_access_filters
54
- end
55
-
56
- # for individual user access
57
- # @param [Array{String,#to_sym}] permission_types
58
- def apply_policy_user_permissions(permission_types = discovery_permissions)
59
- user = current_ability.current_user
60
- return [] unless user && user.user_key.present?
61
- permission_types.map do |type|
62
- escape_filter(Hydra.config.permissions.inheritable[type.to_sym].individual, user.user_key)
63
- end
64
- end
65
-
66
- # Override method from blacklight-access_controls
67
- def discovery_permissions
68
- @discovery_permissions ||= %w[edit discover read]
69
- end
70
-
71
- # Returns the Model used for AdminPolicy objects.
72
- # You can set this by overriding this method or setting
73
- # Hydra.config[:permissions][:policy_class]
74
- # Defults to Hydra::AdminPolicy
75
- def policy_class
76
- Hydra.config.permissions.policy_class || Hydra::AdminPolicy
77
- end
78
-
79
- private
80
-
81
- def gated_discovery_filters
82
- filters = super
83
- additional_clauses = policy_clauses
84
- filters << additional_clauses unless additional_clauses.blank?
85
- filters
86
- end
87
-
88
- # Find the name of the solr field for this type of permission.
89
- # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
90
- # Used by blacklight-access_controls gem.
91
- def solr_field_for(permission_type, permission_category)
92
- permissions = Hydra.config.permissions[permission_type.to_sym]
93
- permission_category == 'group' ? permissions.group : permissions.individual
94
- end
95
- end
96
- end
97
- end
data/app/search_builders/hydra/access_controls/search_builder.rb DELETED
@@ -1,13 +0,0 @@
1
- module Hydra
2
- module AccessControls
3
- class SearchBuilder < Blacklight::AccessControls::SearchBuilder
4
- # Find the name of the solr field for this type of permission.
5
- # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
6
- # Used by blacklight-access_controls.
7
- def solr_field_for(permission_type, permission_category)
8
- permissions = Hydra.config.permissions[permission_type.to_sym]
9
- permission_category == 'group' ? permissions.group : permissions.individual
10
- end
11
- end
12
- end
13
- end