hydra-access-controls 5.0.0.pre12 → 5.0.0.pre13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/lib/hydra/access_controls_enforcement.rb +7 -5
  2. data/lib/hydra/policy_aware_access_controls_enforcement.rb +3 -3
  3. data/spec/unit/access_controls_enforcement_spec.rb +20 -8
  4. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +2 -2
  5. metadata +2 -2
data/lib/hydra/access_controls_enforcement.rb CHANGED
@@ -72,7 +72,7 @@ module Hydra::AccessControlsEnforcement
72
72
  end
73
73
  end
74
74
 
75
- private
75
+ protected
76
76
 
77
77
  # If someone hits the show action while their session's viewing_context is in edit mode,
78
78
  # this will redirect them to the edit action.
@@ -106,7 +106,7 @@ module Hydra::AccessControlsEnforcement
106
106
  if @permissions_solr_document["embargo_release_date_dt"]
107
107
  embargo_date = Date.parse(@permissions_solr_document["embargo_release_date_dt"].split(/T/)[0])
108
108
  if embargo_date > Date.parse(Time.now.to_s)
109
- unless current_user && can?(:edit, params[:id])
109
+ unless current_or_guest_user && can?(:edit, params[:id])
110
110
  raise Hydra::AccessDenied.new("This item is under embargo. You do not have sufficient access privileges to read this document.", :edit, params[:id])
111
111
  end
112
112
  end
@@ -201,7 +201,7 @@ module Hydra::AccessControlsEnforcement
201
201
  end
202
202
 
203
203
  # Grant access based on user id & role
204
- unless current_user.nil?
204
+ unless current_or_guest_user.nil?
205
205
  user_access_filters += apply_role_permissions(permission_types)
206
206
  user_access_filters += apply_individual_permissions(permission_types)
207
207
  user_access_filters += apply_superuser_permissions(permission_types)
@@ -224,8 +224,10 @@ module Hydra::AccessControlsEnforcement
224
224
  def apply_individual_permissions(permission_types)
225
225
  # for individual person access
226
226
  user_access_filters = []
227
- permission_types.each do |type|
228
- user_access_filters << "#{type}_access_person_t:#{user_key}"
227
+ if user_key
228
+ permission_types.each do |type|
229
+ user_access_filters << "#{type}_access_person_t:#{user_key}"
230
+ end
229
231
  end
230
232
  user_access_filters
231
233
  end
data/lib/hydra/policy_aware_access_controls_enforcement.rb CHANGED
@@ -12,7 +12,7 @@ module Hydra::PolicyAwareAccessControlsEnforcement
12
12
  end
13
13
  end
14
14
 
15
- # returns solr query for finding all objects whose policies grant discover access to current_user
15
+ # returns solr query for finding all objects whose policies grant discover access to current_or_guest_user
16
16
  def policy_clauses
17
17
  policy_pids = policies_with_access
18
18
  return nil if policy_pids.empty?
@@ -23,10 +23,10 @@ module Hydra::PolicyAwareAccessControlsEnforcement
23
23
  # find all the policies that grant discover/read/edit permissions to this user or any of it's groups
24
24
  def policies_with_access
25
25
  #### TODO -- Memoize this and put it in the session?
26
- return [] unless current_user
26
+ return [] unless current_or_guest_user
27
27
  user_access_filters = []
28
28
  # Grant access based on user id & role
29
- unless current_user.nil?
29
+ unless current_or_guest_user.nil?
30
30
  user_access_filters += apply_policy_role_permissions(discovery_permissions)
31
31
  user_access_filters += apply_policy_individual_permissions(discovery_permissions)
32
32
  end
data/spec/unit/access_controls_enforcement_spec.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  require 'spec_helper'
2
- # Need way to find way to stub current_user and RoleMapper in order to run these tests
2
+ # Need way to find way to stub current_or_guest_user and RoleMapper in order to run these tests
3
3
 
4
4
  describe Hydra::AccessControlsEnforcement do
5
5
  before(:all) do
@@ -8,7 +8,7 @@ describe Hydra::AccessControlsEnforcement do
8
8
  attr_accessor :params
9
9
 
10
10
  def user_key
11
- current_user.user_key
11
+ current_or_guest_user.user_key
12
12
  end
13
13
 
14
14
  def session
@@ -24,7 +24,7 @@ describe Hydra::AccessControlsEnforcement do
24
24
  end
25
25
  context "Given I am not logged in" do
26
26
  before do
27
- subject.stub(:current_user).and_return(User.new)
27
+ subject.stub(:current_or_guest_user).and_return(User.new)
28
28
  subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
29
29
  end
30
30
  it "Then I should be treated as a member of the 'public' group" do
@@ -44,7 +44,7 @@ describe Hydra::AccessControlsEnforcement do
44
44
  User.stub(:find_by_user_key).and_return(@user)
45
45
  # This is a pretty fragile way to stub it...
46
46
  RoleMapper.stub(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
47
- subject.stub(:current_user).and_return(@user)
47
+ subject.stub(:current_or_guest_user).and_return(@user)
48
48
  subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
49
49
  end
50
50
  it "Then I should be treated as a member of the 'public' and 'registered' groups" do
@@ -86,7 +86,7 @@ describe Hydra::AccessControlsEnforcement do
86
86
  it "should allow a user w/ edit permissions to view an embargoed object" do
87
87
  user = User.new :uid=>'testuser@example.com'
88
88
  RoleMapper.stub(:roles).with(user.user_key).and_return(["archivist"])
89
- subject.stub(:current_user).and_return(user)
89
+ subject.stub(:current_or_guest_user).and_return(user)
90
90
  subject.should_receive(:can?).with(:edit, nil).and_return(true)
91
91
  subject.stub(:can?).with(:read, nil).and_return(true)
92
92
  subject.instance_variable_set :@permissions_solr_document, SolrDocument.new({"edit_access_person_t"=>["testuser@example.com"], "embargo_release_date_dt"=>(Date.parse(Time.now.to_s)+2).to_s})
@@ -98,7 +98,7 @@ describe Hydra::AccessControlsEnforcement do
98
98
  it "should prevent a user w/o edit permissions from viewing an embargoed object" do
99
99
  user = User.new :uid=>'testuser@example.com'
100
100
  RoleMapper.stub(:roles).with(user.user_key).and_return([])
101
- subject.stub(:current_user).and_return(user)
101
+ subject.stub(:current_or_guest_user).and_return(user)
102
102
  subject.should_receive(:can?).with(:edit, nil).and_return(false)
103
103
  subject.stub(:can?).with(:read, nil).and_return(true)
104
104
  subject.params = {}
@@ -111,7 +111,7 @@ describe Hydra::AccessControlsEnforcement do
111
111
  before(:each) do
112
112
  @stub_user = User.new :uid=>'archivist1@example.com'
113
113
  RoleMapper.stub(:roles).with(@stub_user.user_key).and_return(["archivist","researcher"])
114
- subject.stub(:current_user).and_return(@stub_user)
114
+ subject.stub(:current_or_guest_user).and_return(@stub_user)
115
115
  @solr_parameters = {}
116
116
  @user_parameters = {}
117
117
  end
@@ -133,7 +133,7 @@ describe Hydra::AccessControlsEnforcement do
133
133
  describe "exclude_unwanted_models" do
134
134
  before(:each) do
135
135
  stub_user = User.new :uid=>'archivist1@example.com'
136
- subject.stub(:current_user).and_return(stub_user)
136
+ subject.stub(:current_or_guest_user).and_return(stub_user)
137
137
  @solr_parameters = {}
138
138
  @user_parameters = {}
139
139
  end
@@ -142,6 +142,18 @@ describe Hydra::AccessControlsEnforcement do
142
142
  @solr_parameters[:fq].should include("-has_model_s:\"info:fedora/afmodel:FileAsset\"")
143
143
  end
144
144
  end
145
+
146
+ describe "apply_individual_permissions" do
147
+ describe "when the user is a guest user (user key nil)" do
148
+ before do
149
+ stub_user = User.new
150
+ subject.stub(:current_or_guest_user).and_return(stub_user)
151
+ end
152
+ it "should not create filters" do
153
+ subject.send(:apply_individual_permissions, ["edit","discover","read"]).should == []
154
+ end
155
+ end
156
+ end
145
157
  end
146
158
 
147
159
 
data/spec/unit/policy_aware_access_controls_enforcement_spec.rb CHANGED
@@ -8,7 +8,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
8
8
  attr_accessor :params
9
9
 
10
10
  def user_key
11
- current_user.user_key
11
+ current_or_guest_user.user_key
12
12
  end
13
13
 
14
14
  def session
@@ -71,7 +71,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
71
71
  @user_parameters = {}
72
72
  @user = FactoryGirl.build(:sara_student)
73
73
  RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
74
- subject.stub(:current_user).and_return(@user)
74
+ subject.stub(:current_or_guest_user).and_return(@user)
75
75
  end
76
76
 
77
77
  describe "policies_with_access" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.0.pre12
4
+ version: 5.0.0.pre13
5
5
  prerelease: 6
6
6
  platform: ruby
7
7
  authors:
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2012-11-15 00:00:00.000000000 Z
14
+ date: 2012-11-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: activesupport