hydra-access-controls 11.0.6 → 12.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a286d397032ccf1ba4e2df1ea63470a75184cc7f7f98ed053663d33f593683c
4
- data.tar.gz: a4c7de8fa18771222b5710bb954ad59c3011420ed7f3b02bc241105559712962
3
+ metadata.gz: 399d12c5e3bbaf7a4f7f89b834803ba68bfa9f6a28d6e8ee95c0cb3d6a1d745b
4
+ data.tar.gz: ed68661ab7b6182930000473102723a6ad0e6f82c9fe671aac7c2f03a3597fd4
5
5
  SHA512:
6
- metadata.gz: 9647db12b9efdac6049bc6fd770e200b4e9f28e1a8d5e5f8e357f8a8020d5390bd68eb0cc03bda037dc0a4d1db89048dcba5c9db387086d98e0474d770302a81
7
- data.tar.gz: cffcd8456b9e636e4e4957fc02a1709c3fad8764658205ea851bebdc7109bb2f68a7ea8e56f8343bcce33301446dbe29daa02fe47582067291b3894a2108f0c4
6
+ metadata.gz: d0c2cf3c21d32ae7b5cf3aeb72116603cd614340f3409b9b69aaff4d8a09760bf18f01164775cd2ff628d522b53e8e8b530c6ea82159003e53dd107d48bfe109
7
+ data.tar.gz: bd228f09270e9a1b08c315db330413f42e530a1e6964e324ef56f86e504758ee7964edfca8a8504e09627e32d32127967e426b9c69699c968f25465d81e12449
@@ -2,6 +2,14 @@ module Hydra::AccessControls
2
2
  module Visibility
3
3
  extend ActiveSupport::Concern
4
4
 
5
+ included do
6
+ # ActiveModel::Dirty requires defining the attribute method
7
+ # @see https://api.rubyonrails.org/classes/ActiveModel/Dirty.html
8
+ define_attribute_methods :visibility
9
+ # instance variable needs to be initialized here based upon what is in read_groups
10
+ after_initialize { @visibility = visibility }
11
+ end
12
+
5
13
  def visibility=(value)
6
14
  return if value.nil?
7
15
  # only set explicit permissions
@@ -15,6 +23,7 @@ module Hydra::AccessControls
15
23
  else
16
24
  raise ArgumentError, "Invalid visibility: #{value.inspect}"
17
25
  end
26
+ @visibility = value
18
27
  end
19
28
 
20
29
  def visibility
@@ -27,8 +36,14 @@ module Hydra::AccessControls
27
36
  end
28
37
  end
29
38
 
30
- def visibility_changed?
31
- !!@visibility_will_change
39
+ # Overridden for ActiveModel::Dirty tracking of visibility
40
+ # Required by ActiveModel::AttributeMethods
41
+ # @see https://api.rubyonrails.org/classes/ActiveModel/AttributeMethods.html
42
+ # An instance variable is used to avoid infinite recursion caused by calling #visibility
43
+ # Using this approach requires setting visibility read groups through #visibility=
44
+ # instead of manipulating them directly if #visibility_changed? is expected to work correctly.
45
+ def attributes
46
+ super.merge({ 'visibility' => @visibility })
32
47
  end
33
48
 
34
49
  private
@@ -41,10 +56,6 @@ module Hydra::AccessControls
41
56
  AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]
42
57
  end
43
58
 
44
- def visibility_will_change!
45
- @visibility_will_change = true
46
- end
47
-
48
59
  def public_visibility!
49
60
  visibility_will_change! unless visibility == AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
50
61
  remove_groups = represented_visibility - [AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]
@@ -16,15 +16,14 @@ Gem::Specification.new do |gem|
16
16
  gem.version = version
17
17
  gem.license = "APACHE-2.0"
18
18
 
19
- gem.required_ruby_version = '>= 1.9.3'
19
+ gem.required_ruby_version = '>= 2.4'
20
20
 
21
- gem.add_dependency 'activesupport', '>= 4', '< 6'
22
- gem.add_dependency "active-fedora", '>= 10.0.0'
23
- gem.add_dependency "blacklight", '>= 5.16'
24
- gem.add_dependency "blacklight-access_controls", '~> 0.6.0'
25
- gem.add_dependency 'cancancan', '~> 1.8'
21
+ gem.add_dependency 'activesupport', '>= 5.2', '< 7'
22
+ gem.add_dependency 'active-fedora', '>= 10.0.0'
23
+ gem.add_dependency 'blacklight-access_controls', '~> 6.0'
24
+ gem.add_dependency 'cancancan', '>= 1.8', '< 4'
26
25
  gem.add_dependency 'deprecation', '~> 1.0'
27
26
 
28
- gem.add_development_dependency "rake", '~> 10.1'
29
- gem.add_development_dependency 'rspec', '~> 3.1'
27
+ gem.add_development_dependency 'rake', '>= 12.3.3'
28
+ gem.add_development_dependency 'rspec', '~> 4.0'
30
29
  end
@@ -1,8 +1,5 @@
1
1
  ActiveFedora::QueryMethods.module_eval do
2
2
  extend ActiveSupport::Concern
3
- included do
4
- include Hydra::AccessControlsEnforcement
5
- end
6
3
 
7
4
  def accessible_by(ability, action = :index)
8
5
  permission_types = case action
@@ -11,7 +8,8 @@ ActiveFedora::QueryMethods.module_eval do
11
8
  when :update, :edit, :create, :new, :destroy then [:edit]
12
9
  end
13
10
 
14
- filters = gated_discovery_filters(permission_types, ability).join(" OR ")
11
+ builder = Hydra::SearchBuilder.new(nil).with_ability(ability).with_discovery_permissions(permission_types)
12
+ filters = builder.send(:gated_discovery_filters).join(" OR ")
15
13
  spawn.where!(filters)
16
14
  end
17
15
  end
@@ -29,7 +29,13 @@ module Hydra
29
29
  alias :config :configure
30
30
  end
31
31
 
32
- class Engine < Rails::Engine; end
32
+ class Engine < Rails::Engine
33
+ config.before_configuration do
34
+ ActiveSupport::Inflector.inflections(:en) do |inflect|
35
+ inflect.acronym 'ACL'
36
+ end
37
+ end
38
+ end
33
39
 
34
40
  # This error is raised when a user isn't allowed to access a given controller action.
35
41
  # This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
data/lib/hydra/ability.rb CHANGED
@@ -12,7 +12,6 @@ module Hydra
12
12
 
13
13
  included do
14
14
  include Hydra::PermissionsQuery
15
- include Blacklight::SearchHelper
16
15
 
17
16
  self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :discover_permissions, :download_permissions, :custom_permissions]
18
17
  end
@@ -2,6 +2,22 @@ module Hydra::AccessControlsEnforcement
2
2
  extend ActiveSupport::Concern
3
3
  include Blacklight::AccessControls::Enforcement
4
4
 
5
+ def current_ability
6
+ @current_ability || (scope.current_ability if scope&.respond_to?(:current_ability))
7
+ end
8
+
9
+ def with_ability(ability)
10
+ params_will_change!
11
+ @current_ability = ability
12
+ self
13
+ end
14
+
15
+ def with_discovery_permissions(permissions)
16
+ params_will_change!
17
+ @discovery_permissions = Array(permissions)
18
+ self
19
+ end
20
+
5
21
  protected
6
22
 
7
23
  def under_embargo?
@@ -0,0 +1,34 @@
1
+ FactoryBot.define do
2
+
3
+ #
4
+ # Repository Objects
5
+ #
6
+
7
+ factory :asset, :class => ModsAsset do |o|
8
+ end
9
+
10
+ factory :admin_policy, :class => Hydra::AdminPolicy do |o|
11
+ end
12
+
13
+ factory :default_access_asset, :parent=>:asset do |a|
14
+ permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
15
+ end
16
+
17
+ factory :dept_access_asset, :parent=>:asset do |a|
18
+ permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
19
+ end
20
+
21
+ factory :group_edit_asset, :parent=>:asset do |a|
22
+ permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
23
+ end
24
+
25
+ factory :org_read_access_asset, :parent=>:asset do |a|
26
+ permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
27
+ end
28
+
29
+ factory :open_access_asset, :parent=>:asset do |a|
30
+ permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
31
+ end
32
+
33
+ end
34
+
@@ -1,7 +1,6 @@
1
1
  FactoryBot.define do
2
2
 
3
3
  # Users
4
-
5
4
  # Prototype user factory
6
5
  factory :user, :aliases => [:owner] do |u|
7
6
  sequence :uid do |n|
@@ -58,36 +57,5 @@ FactoryBot.define do
58
57
  uid { 'alice_admin' }
59
58
  password { 'alice_admin' }
60
59
  end
61
-
62
- #
63
- # Repository Objects
64
- #
65
-
66
- factory :asset, :class => ModsAsset do |o|
67
- end
68
-
69
- factory :admin_policy, :class => Hydra::AdminPolicy do |o|
70
- end
71
-
72
- factory :default_access_asset, :parent=>:asset do |a|
73
- permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
74
- end
75
-
76
- factory :dept_access_asset, :parent=>:asset do |a|
77
- permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
78
- end
79
-
80
- factory :group_edit_asset, :parent=>:asset do |a|
81
- permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
82
- end
83
-
84
- factory :org_read_access_asset, :parent=>:asset do |a|
85
- permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
86
- end
87
-
88
- factory :open_access_asset, :parent=>:asset do |a|
89
- permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
90
- end
91
-
92
60
  end
93
61
 
data/spec/spec_helper.rb CHANGED
@@ -48,7 +48,8 @@ require "support/user"
48
48
  require "factory_bot"
49
49
  require 'rspec/mocks'
50
50
  require 'rspec/its'
51
- require "factories"
51
+ require 'factories/user'
52
+ require 'factories/objects'
52
53
 
53
54
  # HttpLogger.logger = Logger.new(STDOUT)
54
55
  # HttpLogger.ignore = [/localhost:8983\/solr/]
@@ -165,11 +165,7 @@ describe Hydra::AccessControls::Embargoable do
165
165
  context "when the same embargo is applied" do
166
166
  before do
167
167
  subject.apply_embargo(future_date.to_s)
168
- if ActiveModel.version < Gem::Version.new('4.2.0')
169
- subject.embargo.send(:reset_changes)
170
- else
171
- subject.embargo.send(:clear_changes_information)
172
- end
168
+ subject.embargo.send(:clear_changes_information)
173
169
  end
174
170
 
175
171
  it "doesn't call visibility_will_change!" do
@@ -248,11 +244,7 @@ describe Hydra::AccessControls::Embargoable do
248
244
  context "when the same lease is applied" do
249
245
  before do
250
246
  subject.apply_lease(future_date.to_s)
251
- if ActiveModel.version < Gem::Version.new('4.2.0')
252
- subject.lease.send(:reset_changes)
253
- else
254
- subject.lease.send(:clear_changes_information)
255
- end
247
+ subject.lease.send(:clear_changes_information)
256
248
  end
257
249
 
258
250
  it "doesn't call visibility_will_change!" do
@@ -266,7 +258,7 @@ describe Hydra::AccessControls::Embargoable do
266
258
  before do
267
259
  subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
268
260
  # reset the changed log
269
- subject.send(:instance_variable_set, :@visibility_will_change, false)
261
+ subject.send(:clear_changes_information)
270
262
  end
271
263
 
272
264
  it "applies appropriate embargo_visibility settings" do
@@ -1,28 +1,15 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe Hydra::PolicyAwareAccessControlsEnforcement do
3
+ RSpec.describe Hydra::PolicyAwareAccessControlsEnforcement do
4
4
  before do
5
5
  allow(Devise).to receive(:authentication_keys).and_return(['uid'])
6
6
 
7
- class PolicyMockSearchBuilder < Blacklight::SearchBuilder
8
- include Blacklight::Solr::SearchBuilderBehavior
9
- include Hydra::AccessControlsEnforcement
7
+ class PolicyMockSearchBuilder < Hydra::SearchBuilder
10
8
  include Hydra::PolicyAwareAccessControlsEnforcement
11
- attr_accessor :params
12
-
13
- def initialize(current_ability)
14
- @current_ability = current_ability
15
- end
16
-
17
- def current_ability
18
- @current_ability
19
- end
20
-
21
- def session
22
- end
23
9
 
24
10
  delegate :logger, to: :Rails
25
11
  end
12
+
26
13
  @sample_policies = []
27
14
  # user discover
28
15
  policy1 = Hydra::AdminPolicy.create(id: "test-policy1")
@@ -91,7 +78,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
91
78
  end
92
79
 
93
80
  let(:current_ability) { Ability.new(user) }
94
- subject { PolicyMockSearchBuilder.new(current_ability) }
81
+ subject { PolicyMockSearchBuilder.new(nil).with_ability(current_ability) }
95
82
  let(:user) { FactoryBot.build(:sara_student) }
96
83
 
97
84
  before do
@@ -134,7 +121,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
134
121
 
135
122
  context "when policies are included" do
136
123
  before { subject.apply_gated_discovery(@solr_parameters) }
137
-
124
+
138
125
  it "builds a query that includes all the policies" do
139
126
  skip if ActiveFedora.version.split('.').first.to_i < 11
140
127
  (1..11).each do |p|
@@ -142,7 +129,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
142
129
  end
143
130
  end
144
131
  end
145
-
132
+
146
133
  context "when policies are not included" do
147
134
  before do
148
135
  allow(subject).to receive(:policy_clauses).and_return(nil)
@@ -100,4 +100,29 @@ describe Hydra::AccessControls::Visibility do
100
100
  expect(model.read_groups).to contain_exactly 'public', 'another'
101
101
  end
102
102
  end
103
+
104
+ context 'dirty tracking' do
105
+ let(:object_class) do
106
+ Class.new(ActiveFedora::Base) do
107
+ include Hydra::AccessControls::Permissions
108
+ end
109
+ end
110
+
111
+ before { stub_const("Foo", object_class) }
112
+
113
+ subject { Foo.new }
114
+
115
+ it 'responds to visibility_changed?' do
116
+ expect(subject).to respond_to(:visibility_changed?)
117
+ end
118
+
119
+ it 'tracks changes' do
120
+ expect(subject.visibility_changed?).to eq false
121
+ subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
122
+ expect(subject.visibility_changed?).to eq true
123
+ expect(subject.visibility_changed?(to: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC)).to eq true
124
+ expect(subject.visibility_changed?(from: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE)).to eq true
125
+ expect(subject.visibility_changed?(from: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE, to: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC)).to eq true
126
+ end
127
+ end
103
128
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.0.6
4
+ version: 12.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2021-03-31 00:00:00.000000000 Z
13
+ date: 2020-11-18 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -18,20 +18,20 @@ dependencies:
18
18
  requirements:
19
19
  - - ">="
20
20
  - !ruby/object:Gem::Version
21
- version: '4'
21
+ version: '5.2'
22
22
  - - "<"
23
23
  - !ruby/object:Gem::Version
24
- version: '6'
24
+ version: '7'
25
25
  type: :runtime
26
26
  prerelease: false
27
27
  version_requirements: !ruby/object:Gem::Requirement
28
28
  requirements:
29
29
  - - ">="
30
30
  - !ruby/object:Gem::Version
31
- version: '4'
31
+ version: '5.2'
32
32
  - - "<"
33
33
  - !ruby/object:Gem::Version
34
- version: '6'
34
+ version: '7'
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: active-fedora
37
37
  requirement: !ruby/object:Gem::Requirement
@@ -46,48 +46,40 @@ dependencies:
46
46
  - - ">="
47
47
  - !ruby/object:Gem::Version
48
48
  version: 10.0.0
49
- - !ruby/object:Gem::Dependency
50
- name: blacklight
51
- requirement: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - ">="
54
- - !ruby/object:Gem::Version
55
- version: '5.16'
56
- type: :runtime
57
- prerelease: false
58
- version_requirements: !ruby/object:Gem::Requirement
59
- requirements:
60
- - - ">="
61
- - !ruby/object:Gem::Version
62
- version: '5.16'
63
49
  - !ruby/object:Gem::Dependency
64
50
  name: blacklight-access_controls
65
51
  requirement: !ruby/object:Gem::Requirement
66
52
  requirements:
67
53
  - - "~>"
68
54
  - !ruby/object:Gem::Version
69
- version: 0.6.0
55
+ version: '6.0'
70
56
  type: :runtime
71
57
  prerelease: false
72
58
  version_requirements: !ruby/object:Gem::Requirement
73
59
  requirements:
74
60
  - - "~>"
75
61
  - !ruby/object:Gem::Version
76
- version: 0.6.0
62
+ version: '6.0'
77
63
  - !ruby/object:Gem::Dependency
78
64
  name: cancancan
79
65
  requirement: !ruby/object:Gem::Requirement
80
66
  requirements:
81
- - - "~>"
67
+ - - ">="
82
68
  - !ruby/object:Gem::Version
83
69
  version: '1.8'
70
+ - - "<"
71
+ - !ruby/object:Gem::Version
72
+ version: '4'
84
73
  type: :runtime
85
74
  prerelease: false
86
75
  version_requirements: !ruby/object:Gem::Requirement
87
76
  requirements:
88
- - - "~>"
77
+ - - ">="
89
78
  - !ruby/object:Gem::Version
90
79
  version: '1.8'
80
+ - - "<"
81
+ - !ruby/object:Gem::Version
82
+ version: '4'
91
83
  - !ruby/object:Gem::Dependency
92
84
  name: deprecation
93
85
  requirement: !ruby/object:Gem::Requirement
@@ -106,30 +98,30 @@ dependencies:
106
98
  name: rake
107
99
  requirement: !ruby/object:Gem::Requirement
108
100
  requirements:
109
- - - "~>"
101
+ - - ">="
110
102
  - !ruby/object:Gem::Version
111
- version: '10.1'
103
+ version: 12.3.3
112
104
  type: :development
113
105
  prerelease: false
114
106
  version_requirements: !ruby/object:Gem::Requirement
115
107
  requirements:
116
- - - "~>"
108
+ - - ">="
117
109
  - !ruby/object:Gem::Version
118
- version: '10.1'
110
+ version: 12.3.3
119
111
  - !ruby/object:Gem::Dependency
120
112
  name: rspec
121
113
  requirement: !ruby/object:Gem::Requirement
122
114
  requirements:
123
115
  - - "~>"
124
116
  - !ruby/object:Gem::Version
125
- version: '3.1'
117
+ version: '4.0'
126
118
  type: :development
127
119
  prerelease: false
128
120
  version_requirements: !ruby/object:Gem::Requirement
129
121
  requirements:
130
122
  - - "~>"
131
123
  - !ruby/object:Gem::Version
132
- version: '3.1'
124
+ version: '4.0'
133
125
  description: Access controls for project hydra
134
126
  email:
135
127
  - hydra-tech@googlegroups.com
@@ -182,7 +174,8 @@ files:
182
174
  - lib/hydra/role_mapper_behavior.rb
183
175
  - lib/hydra/shared_spec/group_service_interface.rb
184
176
  - lib/hydra/user.rb
185
- - spec/factories.rb
177
+ - spec/factories/objects.rb
178
+ - spec/factories/user.rb
186
179
  - spec/indexers/embargo_indexer_spec.rb
187
180
  - spec/indexers/lease_indexer_spec.rb
188
181
  - spec/services/embargo_service_spec.rb
@@ -223,19 +216,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
223
216
  requirements:
224
217
  - - ">="
225
218
  - !ruby/object:Gem::Version
226
- version: 1.9.3
219
+ version: '2.4'
227
220
  required_rubygems_version: !ruby/object:Gem::Requirement
228
221
  requirements:
229
222
  - - ">="
230
223
  - !ruby/object:Gem::Version
231
224
  version: '0'
232
225
  requirements: []
233
- rubygems_version: 3.1.4
226
+ rubygems_version: 3.1.2
234
227
  signing_key:
235
228
  specification_version: 4
236
229
  summary: Access controls for project hydra
237
230
  test_files:
238
- - spec/factories.rb
231
+ - spec/factories/objects.rb
232
+ - spec/factories/user.rb
239
233
  - spec/indexers/embargo_indexer_spec.rb
240
234
  - spec/indexers/lease_indexer_spec.rb
241
235
  - spec/services/embargo_service_spec.rb