hydra-access-controls 11.0.0.rc2 → 12.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1c375e2d0865e3c30b810323eab035c5ecd19e058417c7bf1c486c360862df5
-  data.tar.gz: 209bdc9997eead2dac861e6c628555c3d1367a47ab2a79485d75d1634641e845
+  metadata.gz: cb6758e64e46375378c0ab402d42197ac1ed64af8f9ec87bda1ee603c2fa4e4e
+  data.tar.gz: 2e7f290acefb3924c5947e5ada34b54cdf0a64f3a127422c72cb5fdef8fe88c6
 SHA512:
-  metadata.gz: cccfdc0d8acf8d16fe0a78f7e953c7f2a9ee5760431ebca7f8c726b223faff8e9faffb89ebeaf77c0f3359f454170a64662b791743fe066915ece9412cdb808f
-  data.tar.gz: 24be0383b71eeac26a4517c49f6a11c4c19595bf8d788278f32f3c62d62cf94523a8bae5fa533a2cb941c9183497bdd701c4661691906c470da2916bf54ebcdf
+  metadata.gz: 80f663ea54a156cf6a5ded46a0aae98a1df9e8953ca0999fa56a8668b266cc855a4db8aa1933dd2989c4c5df9ea989146af1989089059640412a573417901d01
+  data.tar.gz: 299fffeb06237d336774894d209313e968173446276210821a42a896522c5a3d17ee0ae67c428c856405cab04a3246a820fc54bd7fce5b613ea328d27c69b6ff

data/app/models/concerns/hydra/access_controls/embargoable.rb

@@ -5,11 +5,11 @@ module Hydra
       include Hydra::AccessControls::WithAccessRight
 
       included do
-        validates :lease_expiration_date, :'hydra/future_date' => true, if: :enforce_future_date_for_lease?
-        validates :embargo_release_date, :'hydra/future_date' => true, if: :enforce_future_date_for_embargo?
+        validates :lease_expiration_date, :'hydra/future_date' => true, if: :enforce_future_date_for_lease?, on: :create
+        validates :embargo_release_date, :'hydra/future_date' => true, if: :enforce_future_date_for_embargo?, on: :create
 
-        belongs_to :embargo, predicate: Hydra::ACL.hasEmbargo, class_name: 'Hydra::AccessControls::Embargo'
-        belongs_to :lease, predicate: Hydra::ACL.hasLease, class_name: 'Hydra::AccessControls::Lease'
+        belongs_to :embargo, predicate: Hydra::ACL.hasEmbargo, class_name: 'Hydra::AccessControls::Embargo', autosave: true
+        belongs_to :lease, predicate: Hydra::ACL.hasLease, class_name: 'Hydra::AccessControls::Lease', autosave: true
 
         delegate :visibility_during_embargo, :visibility_during_embargo=, :visibility_after_embargo, :visibility_after_embargo=, :embargo_release_date, :embargo_release_date=, :embargo_history, :embargo_history=, to: :existing_or_new_embargo
         delegate :visibility_during_lease, :visibility_during_lease=, :visibility_after_lease, :visibility_after_lease=, :lease_expiration_date, :lease_expiration_date=, :lease_history, :lease_history=, to: :existing_or_new_lease

data/app/models/concerns/hydra/access_controls/visibility.rb

@@ -2,6 +2,14 @@ module Hydra::AccessControls
   module Visibility
     extend ActiveSupport::Concern
 
+    included do
+      # ActiveModel::Dirty requires defining the attribute method
+      # @see https://api.rubyonrails.org/classes/ActiveModel/Dirty.html
+      define_attribute_methods :visibility
+      # instance variable needs to be initialized here based upon what is in read_groups
+      after_initialize { @visibility = visibility }
+    end
+
     def visibility=(value)
       return if value.nil?
       # only set explicit permissions
@@ -15,6 +23,7 @@ module Hydra::AccessControls
       else
         raise ArgumentError, "Invalid visibility: #{value.inspect}"
       end
+      @visibility = value
     end
 
     def visibility
@@ -27,8 +36,14 @@ module Hydra::AccessControls
       end
     end
 
-    def visibility_changed?
-      !!@visibility_will_change
+    # Overridden for ActiveModel::Dirty tracking of visibility
+    # Required by ActiveModel::AttributeMethods
+    # @see https://api.rubyonrails.org/classes/ActiveModel/AttributeMethods.html
+    # An instance variable is used to avoid infinite recursion caused by calling #visibility
+    # Using this approach requires setting visibility read groups through #visibility=
+    # instead of manipulating them directly if #visibility_changed? is expected to work correctly.
+    def attributes
+      super.merge({ 'visibility' => @visibility })
     end
 
     private
@@ -41,10 +56,6 @@ module Hydra::AccessControls
          AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]
       end
 
-      def visibility_will_change!
-        @visibility_will_change = true
-      end
-
       def public_visibility!
         visibility_will_change! unless visibility == AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
         remove_groups = represented_visibility - [AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]

data/app/models/hydra/access_controls/permission.rb

@@ -41,7 +41,7 @@ module Hydra::AccessControls
     end
 
     def agent_name
-      URI.decode(parsed_agent.last)
+      decode(parsed_agent.last)
     end
 
     def update(*)
@@ -80,7 +80,7 @@ module Hydra::AccessControls
     end
 
     def build_agent_resource(prefix, name)
-      [Agent.new(::RDF::URI.new("#{prefix}##{URI.encode(name)}"))]
+      [Agent.new(::RDF::URI.new("#{prefix}##{encode(name)}"))]
     end
 
     def build_access(access)
@@ -96,5 +96,15 @@ module Hydra::AccessControls
                     raise ArgumentError, "Unknown access #{access.inspect}"
                   end
     end
+
+    private
+
+    def encode(str)
+      URI::RFC2396_Parser.new.escape(str)
+    end
+
+    def decode(str)
+      URI::RFC2396_Parser.new.unescape(str)
+    end
   end
 end

data/hydra-access-controls.gemspec

@@ -16,15 +16,14 @@ Gem::Specification.new do |gem|
   gem.version       = version
   gem.license       = "APACHE-2.0"
 
-  gem.required_ruby_version = '>= 1.9.3'
+  gem.required_ruby_version = '>= 2.4'
 
-  gem.add_dependency 'activesupport', '>= 4', '< 6'
-  gem.add_dependency "active-fedora", '>= 10.0.0'
-  gem.add_dependency "blacklight", '>= 5.16'
-  gem.add_dependency "blacklight-access_controls", '~> 0.6.0'
-  gem.add_dependency 'cancancan', '~> 1.8'
+  gem.add_dependency 'activesupport', '>= 5.2', '< 7'
+  gem.add_dependency 'active-fedora', '>= 10.0.0'
+  gem.add_dependency 'blacklight-access_controls', '~> 6.0'
+  gem.add_dependency 'cancancan', '>= 1.8', '< 4'
   gem.add_dependency 'deprecation', '~> 1.0'
 
-  gem.add_development_dependency "rake", '~> 10.1'
-  gem.add_development_dependency 'rspec', '~> 3.1'
+  gem.add_development_dependency 'rake', '>= 12.3.3'
+  gem.add_development_dependency 'rspec', '~> 4.0'
 end

data/lib/active_fedora/accessible_by.rb

@@ -1,8 +1,5 @@
 ActiveFedora::QueryMethods.module_eval do
   extend ActiveSupport::Concern
-  included do
-    include Hydra::AccessControlsEnforcement
-  end
 
   def accessible_by(ability, action = :index)
     permission_types = case action
@@ -11,7 +8,8 @@ ActiveFedora::QueryMethods.module_eval do
       when :update, :edit, :create, :new, :destroy then [:edit]
     end
 
-    filters = gated_discovery_filters(permission_types, ability).join(" OR ")
+    builder = Hydra::SearchBuilder.new(nil).with_ability(ability).with_discovery_permissions(permission_types)
+    filters = builder.send(:gated_discovery_filters).join(" OR ")
     spawn.where!(filters)
   end
 end

data/lib/hydra-access-controls.rb

@@ -29,7 +29,13 @@ module Hydra
     alias :config :configure
   end
 
-  class Engine < Rails::Engine; end
+  class Engine < Rails::Engine
+    config.before_configuration do
+      ActiveSupport::Inflector.inflections(:en) do |inflect|
+        inflect.acronym 'ACL'
+      end
+    end
+  end
 
   # This error is raised when a user isn't allowed to access a given controller action.
   # This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be

data/lib/hydra/ability.rb

@@ -12,7 +12,6 @@ module Hydra
 
     included do
       include Hydra::PermissionsQuery
-      include Blacklight::SearchHelper
 
       self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :discover_permissions, :download_permissions, :custom_permissions]
     end

data/lib/hydra/access_controls_enforcement.rb

@@ -2,6 +2,22 @@ module Hydra::AccessControlsEnforcement
   extend ActiveSupport::Concern
   include Blacklight::AccessControls::Enforcement
 
+  def current_ability
+    @current_ability || (scope.current_ability if scope&.respond_to?(:current_ability))
+  end
+
+  def with_ability(ability)
+    params_will_change!
+    @current_ability = ability
+    self
+  end
+
+  def with_discovery_permissions(permissions)
+    params_will_change!
+    @discovery_permissions = Array(permissions)
+    self
+  end
+
   protected
 
   def under_embargo?

data/spec/factories/objects.rb

@@ -0,0 +1,34 @@
+FactoryBot.define do
+
+  #
+  # Repository Objects
+  #
+
+  factory :asset, :class => ModsAsset do |o|
+  end
+
+  factory :admin_policy, :class => Hydra::AdminPolicy do |o|
+  end
+
+  factory :default_access_asset, :parent=>:asset do |a|
+    permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
+  end
+
+  factory :dept_access_asset, :parent=>:asset do |a|
+    permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
+  end
+
+  factory :group_edit_asset, :parent=>:asset do |a|
+    permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
+  end
+
+  factory :org_read_access_asset, :parent=>:asset do |a|
+    permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
+  end
+
+  factory :open_access_asset, :parent=>:asset do |a|
+    permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
+  end
+
+end
+

data/spec/{factories.rb → factories/user.rb}

@@ -1,7 +1,6 @@
 FactoryBot.define do
 
   # Users
-
   # Prototype user factory
   factory :user, :aliases => [:owner] do |u|
     sequence :uid do |n|
@@ -58,36 +57,5 @@ FactoryBot.define do
     uid { 'alice_admin' }
     password { 'alice_admin' }
   end
-
-  #
-  # Repository Objects
-  #
-
-  factory :asset, :class => ModsAsset do |o|
-  end
-
-  factory :admin_policy, :class => Hydra::AdminPolicy do |o|
-  end
-
-  factory :default_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
-  end
-
-  factory :dept_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
-  end
-
-  factory :group_edit_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
-  end
-
-  factory :org_read_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
-  end
-
-  factory :open_access_asset, :parent=>:asset do |a|
-    permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
-  end
-
 end
 

data/spec/spec_helper.rb

@@ -48,7 +48,8 @@ require "support/user"
 require "factory_bot"
 require 'rspec/mocks'
 require 'rspec/its'
-require "factories"
+require 'factories/user'
+require 'factories/objects'
 
 # HttpLogger.logger = Logger.new(STDOUT)
 # HttpLogger.ignore = [/localhost:8983\/solr/]

data/spec/unit/embargoable_spec.rb

@@ -19,6 +19,59 @@ describe Hydra::AccessControls::Embargoable do
   let(:model) { TestModel.new }
   subject { model }
 
+  describe 'an object under embargo/lease' do
+    before do
+      class ModelWithPersistence < ActiveFedora::Base
+        include Hydra::AccessControls::Embargoable
+      end
+    end
+    after { Object.send(:remove_const, :ModelWithPersistence) }
+    let(:original_date) { 7.days.from_now }
+    let(:updated_date) { 14.days.from_now }
+    subject { ModelWithPersistence.new }
+    context 'saved with a new embargo release date' do
+      it 'will persist the new date' do
+        subject.visibility_during_embargo = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
+        subject.visibility_after_embargo = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
+        subject.embargo_release_date = original_date
+        subject.save
+
+        # These next three lines are to verify the round-trip for saves.
+        persisted_object = subject.class.find(subject.id)
+        expect(persisted_object).to be_under_embargo
+        expect(persisted_object.embargo_release_date).to eq(original_date)
+
+        expect do
+          persisted_object.embargo_release_date = updated_date
+          persisted_object.save
+        end.to change { persisted_object.class.find(persisted_object.id).embargo_release_date }
+                 .from(original_date)
+                 .to(updated_date)
+      end
+    end
+
+    context 'saved with a new lease expiration date' do
+      it 'will persist the new date' do
+        subject.visibility_during_lease =  Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
+        subject.visibility_after_lease = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
+        subject.lease_expiration_date = original_date
+        subject.save
+
+        # These next three lines are to verify the round-trip for saves.
+        persisted_object = subject.class.find(subject.id)
+        expect(persisted_object).to be_active_lease
+        expect(persisted_object.lease_expiration_date).to eq(original_date)
+
+        expect do
+          persisted_object.lease_expiration_date = updated_date
+          persisted_object.save
+        end.to change { persisted_object.class.find(persisted_object.id).lease_expiration_date }
+                 .from(original_date)
+                 .to(updated_date)
+      end
+    end
+  end
+
   describe '#embargo_indexer_class' do
     subject { model.embargo_indexer_class }
     it { is_expected.to eq Hydra::AccessControls::EmbargoIndexer }
@@ -30,9 +83,9 @@ describe Hydra::AccessControls::Embargoable do
   end
 
   describe 'validations' do
-    context "with dates" do
+    context "with past dates" do
       subject { ModsAsset.new(lease_expiration_date: past_date, embargo_release_date: past_date) }
-      it "validates embargo_release_date and lease_expiration_date" do
+      it "validates embargo_release_date and lease_expiration_date on create" do
         expect(subject).to_not be_valid
         expect(subject.errors[:lease_expiration_date]).to eq ['Must be a future date']
         expect(subject.errors[:embargo_release_date]).to eq ['Must be a future date']
@@ -112,11 +165,7 @@ describe Hydra::AccessControls::Embargoable do
     context "when the same embargo is applied" do
       before do
         subject.apply_embargo(future_date.to_s)
-        if ActiveModel.version < Gem::Version.new('4.2.0')
-          subject.embargo.send(:reset_changes)
-        else
-          subject.embargo.send(:clear_changes_information)
-        end
+        subject.embargo.send(:clear_changes_information)
       end
 
       it "doesn't call visibility_will_change!" do
@@ -195,11 +244,7 @@ describe Hydra::AccessControls::Embargoable do
       context "when the same lease is applied" do
         before do
           subject.apply_lease(future_date.to_s)
-          if ActiveModel.version < Gem::Version.new('4.2.0')
-            subject.lease.send(:reset_changes)
-          else
-            subject.lease.send(:clear_changes_information)
-          end
+          subject.lease.send(:clear_changes_information)
         end
 
         it "doesn't call visibility_will_change!" do
@@ -213,7 +258,7 @@ describe Hydra::AccessControls::Embargoable do
       before do
         subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
         # reset the changed log
-        subject.send(:instance_variable_set, :@visibility_will_change, false)
+        subject.send(:clear_changes_information)
       end
 
       it "applies appropriate embargo_visibility settings" do

data/spec/unit/permission_spec.rb

@@ -47,17 +47,29 @@ describe Hydra::AccessControls::Permission do
   end
 
   describe "URI escaping" do
-    let(:permission) { described_class.new(type: 'person', name: 'john doe', access: 'read') }
-    let(:permission2) { described_class.new(type: 'group', name: 'hydra devs', access: 'read') }
+    let(:user_permission) { described_class.new(type: 'person', name: 'john doe', access: 'read') }
+    let(:user_permission2) { described_class.new(type: 'person', name: 'john%20doe', access: 'read') }
+    let(:user_permission3) { described_class.new(type: 'person', name: 'john+doe', access: 'read') }
+    let(:group_permission) { described_class.new(type: 'group', name: 'hydra devs', access: 'read') }
+    let(:group_permission2) { described_class.new(type: 'group', name: 'hydra%20devs', access: 'read') }
+    let(:group_permission3) { described_class.new(type: 'group', name: 'hydra+devs', access: 'read') }
 
     it "should escape agent when building" do
-      expect(permission.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#john%20doe'
-      expect(permission2.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra%20devs'
+      expect(user_permission.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#john%20doe'
+      expect(user_permission2.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#john%2520doe'
+      expect(user_permission3.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#john+doe'
+      expect(group_permission.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra%20devs'
+      expect(group_permission2.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra%2520devs'
+      expect(group_permission3.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra+devs'
     end
 
     it "should unescape agent when parsing" do
-      expect(permission.agent_name).to eq 'john doe'
-      expect(permission2.agent_name).to eq 'hydra devs'
+      expect(user_permission.agent_name).to eq 'john doe'
+      expect(user_permission2.agent_name).to eq 'john%20doe'
+      expect(user_permission3.agent_name).to eq 'john+doe'
+      expect(group_permission.agent_name).to eq 'hydra devs'
+      expect(group_permission2.agent_name).to eq 'hydra%20devs'
+      expect(group_permission3.agent_name).to eq 'hydra+devs'
     end
 
     context 'with a User instance passed as :name argument' do

data/spec/unit/policy_aware_access_controls_enforcement_spec.rb

@@ -1,28 +1,15 @@
 require 'spec_helper'
 
-describe Hydra::PolicyAwareAccessControlsEnforcement do
+RSpec.describe Hydra::PolicyAwareAccessControlsEnforcement do
   before do
     allow(Devise).to receive(:authentication_keys).and_return(['uid'])
 
-    class PolicyMockSearchBuilder < Blacklight::SearchBuilder
-      include Blacklight::Solr::SearchBuilderBehavior
-      include Hydra::AccessControlsEnforcement
+    class PolicyMockSearchBuilder < Hydra::SearchBuilder
       include Hydra::PolicyAwareAccessControlsEnforcement
-      attr_accessor :params
-
-      def initialize(current_ability)
-        @current_ability = current_ability
-      end
-
-      def current_ability
-        @current_ability
-      end
-
-      def session
-      end
 
       delegate :logger, to: :Rails
     end
+
     @sample_policies = []
     # user discover
     policy1 = Hydra::AdminPolicy.create(id: "test-policy1")
@@ -91,7 +78,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
   end
 
   let(:current_ability) { Ability.new(user) }
-  subject { PolicyMockSearchBuilder.new(current_ability) }
+  subject { PolicyMockSearchBuilder.new(nil).with_ability(current_ability) }
   let(:user) { FactoryBot.build(:sara_student) }
 
   before do
@@ -134,7 +121,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
 
     context "when policies are included" do
       before { subject.apply_gated_discovery(@solr_parameters) }
-      
+
       it "builds a query that includes all the policies" do
         skip if ActiveFedora.version.split('.').first.to_i < 11
         (1..11).each do |p|
@@ -142,7 +129,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
         end
       end
     end
-    
+
     context "when policies are not included" do
       before do
         allow(subject).to receive(:policy_clauses).and_return(nil)

data/spec/unit/visibility_spec.rb

@@ -100,4 +100,29 @@ describe Hydra::AccessControls::Visibility do
       expect(model.read_groups).to contain_exactly 'public', 'another'
     end
   end
+
+  context 'dirty tracking' do
+    let(:object_class) do
+      Class.new(ActiveFedora::Base) do
+        include Hydra::AccessControls::Permissions
+      end
+    end
+
+    before { stub_const("Foo", object_class) }
+
+    subject { Foo.new }
+
+    it 'responds to visibility_changed?' do
+      expect(subject).to respond_to(:visibility_changed?)
+    end
+
+    it 'tracks changes' do
+      expect(subject.visibility_changed?).to eq false
+      subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
+      expect(subject.visibility_changed?).to eq true
+      expect(subject.visibility_changed?(to: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC)).to eq true
+      expect(subject.visibility_changed?(from: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE)).to eq true
+      expect(subject.visibility_changed?(from: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE, to: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC)).to eq true
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 11.0.0.rc2
+  version: 12.0.1
 platform: ruby
 authors:
 - Chris Beer
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-29 00:00:00.000000000 Z
+date: 2021-05-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -18,20 +18,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '5.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '5.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '7'
 - !ruby/object:Gem::Dependency
   name: active-fedora
   requirement: !ruby/object:Gem::Requirement
@@ -46,48 +46,40 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 10.0.0
-- !ruby/object:Gem::Dependency
-  name: blacklight
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.16'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.16'
 - !ruby/object:Gem::Dependency
   name: blacklight-access_controls
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: cancancan
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4'
 - !ruby/object:Gem::Dependency
   name: deprecation
   requirement: !ruby/object:Gem::Requirement
@@ -106,30 +98,30 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '4.0'
 description: Access controls for project hydra
 email:
 - hydra-tech@googlegroups.com
@@ -182,7 +174,8 @@ files:
 - lib/hydra/role_mapper_behavior.rb
 - lib/hydra/shared_spec/group_service_interface.rb
 - lib/hydra/user.rb
-- spec/factories.rb
+- spec/factories/objects.rb
+- spec/factories/user.rb
 - spec/indexers/embargo_indexer_spec.rb
 - spec/indexers/lease_indexer_spec.rb
 - spec/services/embargo_service_spec.rb
@@ -223,19 +216,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Access controls for project hydra
 test_files:
-- spec/factories.rb
+- spec/factories/objects.rb
+- spec/factories/user.rb
 - spec/indexers/embargo_indexer_spec.rb
 - spec/indexers/lease_indexer_spec.rb
 - spec/services/embargo_service_spec.rb