hydra-access-controls 5.0.0.pre12 → 5.0.0.pre13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -72,7 +72,7 @@ module Hydra::AccessControlsEnforcement
|
|
72
72
|
end
|
73
73
|
end
|
74
74
|
|
75
|
-
|
75
|
+
protected
|
76
76
|
|
77
77
|
# If someone hits the show action while their session's viewing_context is in edit mode,
|
78
78
|
# this will redirect them to the edit action.
|
@@ -106,7 +106,7 @@ module Hydra::AccessControlsEnforcement
|
|
106
106
|
if @permissions_solr_document["embargo_release_date_dt"]
|
107
107
|
embargo_date = Date.parse(@permissions_solr_document["embargo_release_date_dt"].split(/T/)[0])
|
108
108
|
if embargo_date > Date.parse(Time.now.to_s)
|
109
|
-
unless
|
109
|
+
unless current_or_guest_user && can?(:edit, params[:id])
|
110
110
|
raise Hydra::AccessDenied.new("This item is under embargo. You do not have sufficient access privileges to read this document.", :edit, params[:id])
|
111
111
|
end
|
112
112
|
end
|
@@ -201,7 +201,7 @@ module Hydra::AccessControlsEnforcement
|
|
201
201
|
end
|
202
202
|
|
203
203
|
# Grant access based on user id & role
|
204
|
-
unless
|
204
|
+
unless current_or_guest_user.nil?
|
205
205
|
user_access_filters += apply_role_permissions(permission_types)
|
206
206
|
user_access_filters += apply_individual_permissions(permission_types)
|
207
207
|
user_access_filters += apply_superuser_permissions(permission_types)
|
@@ -224,8 +224,10 @@ module Hydra::AccessControlsEnforcement
|
|
224
224
|
def apply_individual_permissions(permission_types)
|
225
225
|
# for individual person access
|
226
226
|
user_access_filters = []
|
227
|
-
|
228
|
-
|
227
|
+
if user_key
|
228
|
+
permission_types.each do |type|
|
229
|
+
user_access_filters << "#{type}_access_person_t:#{user_key}"
|
230
|
+
end
|
229
231
|
end
|
230
232
|
user_access_filters
|
231
233
|
end
|
@@ -12,7 +12,7 @@ module Hydra::PolicyAwareAccessControlsEnforcement
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
-
# returns solr query for finding all objects whose policies grant discover access to
|
15
|
+
# returns solr query for finding all objects whose policies grant discover access to current_or_guest_user
|
16
16
|
def policy_clauses
|
17
17
|
policy_pids = policies_with_access
|
18
18
|
return nil if policy_pids.empty?
|
@@ -23,10 +23,10 @@ module Hydra::PolicyAwareAccessControlsEnforcement
|
|
23
23
|
# find all the policies that grant discover/read/edit permissions to this user or any of it's groups
|
24
24
|
def policies_with_access
|
25
25
|
#### TODO -- Memoize this and put it in the session?
|
26
|
-
return [] unless
|
26
|
+
return [] unless current_or_guest_user
|
27
27
|
user_access_filters = []
|
28
28
|
# Grant access based on user id & role
|
29
|
-
unless
|
29
|
+
unless current_or_guest_user.nil?
|
30
30
|
user_access_filters += apply_policy_role_permissions(discovery_permissions)
|
31
31
|
user_access_filters += apply_policy_individual_permissions(discovery_permissions)
|
32
32
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
# Need way to find way to stub
|
2
|
+
# Need way to find way to stub current_or_guest_user and RoleMapper in order to run these tests
|
3
3
|
|
4
4
|
describe Hydra::AccessControlsEnforcement do
|
5
5
|
before(:all) do
|
@@ -8,7 +8,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
8
8
|
attr_accessor :params
|
9
9
|
|
10
10
|
def user_key
|
11
|
-
|
11
|
+
current_or_guest_user.user_key
|
12
12
|
end
|
13
13
|
|
14
14
|
def session
|
@@ -24,7 +24,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
24
24
|
end
|
25
25
|
context "Given I am not logged in" do
|
26
26
|
before do
|
27
|
-
subject.stub(:
|
27
|
+
subject.stub(:current_or_guest_user).and_return(User.new)
|
28
28
|
subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
|
29
29
|
end
|
30
30
|
it "Then I should be treated as a member of the 'public' group" do
|
@@ -44,7 +44,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
44
44
|
User.stub(:find_by_user_key).and_return(@user)
|
45
45
|
# This is a pretty fragile way to stub it...
|
46
46
|
RoleMapper.stub(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
|
47
|
-
subject.stub(:
|
47
|
+
subject.stub(:current_or_guest_user).and_return(@user)
|
48
48
|
subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
|
49
49
|
end
|
50
50
|
it "Then I should be treated as a member of the 'public' and 'registered' groups" do
|
@@ -86,7 +86,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
86
86
|
it "should allow a user w/ edit permissions to view an embargoed object" do
|
87
87
|
user = User.new :uid=>'testuser@example.com'
|
88
88
|
RoleMapper.stub(:roles).with(user.user_key).and_return(["archivist"])
|
89
|
-
subject.stub(:
|
89
|
+
subject.stub(:current_or_guest_user).and_return(user)
|
90
90
|
subject.should_receive(:can?).with(:edit, nil).and_return(true)
|
91
91
|
subject.stub(:can?).with(:read, nil).and_return(true)
|
92
92
|
subject.instance_variable_set :@permissions_solr_document, SolrDocument.new({"edit_access_person_t"=>["testuser@example.com"], "embargo_release_date_dt"=>(Date.parse(Time.now.to_s)+2).to_s})
|
@@ -98,7 +98,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
98
98
|
it "should prevent a user w/o edit permissions from viewing an embargoed object" do
|
99
99
|
user = User.new :uid=>'testuser@example.com'
|
100
100
|
RoleMapper.stub(:roles).with(user.user_key).and_return([])
|
101
|
-
subject.stub(:
|
101
|
+
subject.stub(:current_or_guest_user).and_return(user)
|
102
102
|
subject.should_receive(:can?).with(:edit, nil).and_return(false)
|
103
103
|
subject.stub(:can?).with(:read, nil).and_return(true)
|
104
104
|
subject.params = {}
|
@@ -111,7 +111,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
111
111
|
before(:each) do
|
112
112
|
@stub_user = User.new :uid=>'archivist1@example.com'
|
113
113
|
RoleMapper.stub(:roles).with(@stub_user.user_key).and_return(["archivist","researcher"])
|
114
|
-
subject.stub(:
|
114
|
+
subject.stub(:current_or_guest_user).and_return(@stub_user)
|
115
115
|
@solr_parameters = {}
|
116
116
|
@user_parameters = {}
|
117
117
|
end
|
@@ -133,7 +133,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
133
133
|
describe "exclude_unwanted_models" do
|
134
134
|
before(:each) do
|
135
135
|
stub_user = User.new :uid=>'archivist1@example.com'
|
136
|
-
subject.stub(:
|
136
|
+
subject.stub(:current_or_guest_user).and_return(stub_user)
|
137
137
|
@solr_parameters = {}
|
138
138
|
@user_parameters = {}
|
139
139
|
end
|
@@ -142,6 +142,18 @@ describe Hydra::AccessControlsEnforcement do
|
|
142
142
|
@solr_parameters[:fq].should include("-has_model_s:\"info:fedora/afmodel:FileAsset\"")
|
143
143
|
end
|
144
144
|
end
|
145
|
+
|
146
|
+
describe "apply_individual_permissions" do
|
147
|
+
describe "when the user is a guest user (user key nil)" do
|
148
|
+
before do
|
149
|
+
stub_user = User.new
|
150
|
+
subject.stub(:current_or_guest_user).and_return(stub_user)
|
151
|
+
end
|
152
|
+
it "should not create filters" do
|
153
|
+
subject.send(:apply_individual_permissions, ["edit","discover","read"]).should == []
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
145
157
|
end
|
146
158
|
|
147
159
|
|
@@ -8,7 +8,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
8
8
|
attr_accessor :params
|
9
9
|
|
10
10
|
def user_key
|
11
|
-
|
11
|
+
current_or_guest_user.user_key
|
12
12
|
end
|
13
13
|
|
14
14
|
def session
|
@@ -71,7 +71,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
71
71
|
@user_parameters = {}
|
72
72
|
@user = FactoryGirl.build(:sara_student)
|
73
73
|
RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
|
74
|
-
subject.stub(:
|
74
|
+
subject.stub(:current_or_guest_user).and_return(@user)
|
75
75
|
end
|
76
76
|
|
77
77
|
describe "policies_with_access" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hydra-access-controls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0.0.
|
4
|
+
version: 5.0.0.pre13
|
5
5
|
prerelease: 6
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2012-11-
|
14
|
+
date: 2012-11-28 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: activesupport
|