hydra-access-controls 5.4.1 → 6.0.0.pre1

data/lib/hydra/ability.rb

@@ -25,14 +25,11 @@ module Hydra::Ability
     @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
     @user = @current_user # just in case someone was using this in an override. Just don't.
     @session = session
-    @permission_doc_cache = {}
     hydra_default_permissions()
   end
 
   ## You can override this method if you are using a different AuthZ (such as LDAP)
-  def user_groups(deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to user_groups, use the instance_variables", caller()) if deprecated_user || deprecated_session
-
+  def user_groups
     return @user_groups if @user_groups
     
     @user_groups = default_user_groups
@@ -47,22 +44,18 @@ module Hydra::Ability
   end
   
 
-  # Requires no arguments, but accepts 2 arguments for backwards compatibility
-  def hydra_default_permissions(deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to hydra_default_permissions, use the instance_variables", caller()) if deprecated_user || deprecated_session
+  def hydra_default_permissions
     logger.debug("Usergroups are " + user_groups.inspect)
     self.ability_logic.each do |method|
       send(method)
     end
   end
 
-  def create_permissions(deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to create_permissions, use the instance_variables", caller()) if deprecated_user || deprecated_session
+  def create_permissions
     can :create, :all if user_groups.include? 'registered'
   end
 
-  def edit_permissions(deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to edit_permissions, use the instance_variables", caller()) if deprecated_user || deprecated_session
+  def edit_permissions
     can [:edit, :update, :destroy], String do |pid|
       test_edit(pid)
     end 
@@ -72,13 +65,12 @@ module Hydra::Ability
     end
  
     can :edit, SolrDocument do |obj|
-      @permission_doc_cache[obj.id] = obj
+      @permissions_solr_document = obj
       test_edit(obj.id)
     end       
   end
 
-  def read_permissions(deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to read_permissions, use the instance_variables", caller()) if deprecated_user || deprecated_session
+  def read_permissions
     can :read, String do |pid|
       test_read(pid)
     end
@@ -88,87 +80,71 @@ module Hydra::Ability
     end 
     
     can :read, SolrDocument do |obj|
-      @permission_doc_cache[obj.id] = obj
+      @permissions_solr_document = obj
       test_read(obj.id)
     end 
   end
 
 
   ## Override custom permissions in your own app to add more permissions beyond what is defined by default.
-  def custom_permissions(deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to custom_permissions, use the instance_variables", caller()) if deprecated_user || deprecated_session
+  def custom_permissions
   end
   
   protected
 
   def permissions_doc(pid)
-    return @permission_doc_cache[pid] if @permission_doc_cache[pid]
-    _, doc = get_permissions_solr_response_for_doc_id(pid)
-    #puts  "PERM: #{@permissions_solr_document.inspect}"
-    @permission_doc_cache[pid] = doc
+    return @permissions_solr_document if @permissions_solr_document
+    response, @permissions_solr_document = get_permissions_solr_response_for_doc_id(pid)
+    @permissions_solr_document
   end
 
 
-  def test_edit(pid, deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to test_edit, use the instance_variables", caller()) if deprecated_user || deprecated_session
+  def test_edit(pid)
+    permissions_doc(pid)
     logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
-    group_intersection = user_groups & edit_groups(pid)
-    result = !group_intersection.empty? || edit_persons(pid).include?(current_user.user_key)
+    group_intersection = user_groups & edit_groups
+    result = !group_intersection.empty? || edit_persons.include?(current_user.user_key)
     logger.debug("[CANCAN] decision: #{result}")
     result
   end   
   
-  def test_read(pid, deprecated_user=nil, deprecated_session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to test_read, use the instance_variables", caller()) if deprecated_user || deprecated_session
+  def test_read(pid)
     permissions_doc(pid)
-    logger.debug("[CANCAN] Checking read permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
-    group_intersection = user_groups & read_groups(pid)
-    result = !group_intersection.empty? || read_persons(pid).include?(current_user.user_key)
+    logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
+    group_intersection = user_groups & read_groups
+    result = !group_intersection.empty? || read_persons.include?(current_user.user_key)
     logger.debug("[CANCAN] decision: #{result}")
     result
   end 
   
-  def edit_groups(pid)
+  def edit_groups
     edit_group_field = Hydra.config[:permissions][:edit][:group]
-    doc = permissions_doc(pid)
-    eg = ((doc == nil || doc.fetch(edit_group_field,nil) == nil) ? [] : doc.fetch(edit_group_field,nil))
+    eg = ((@permissions_solr_document == nil || @permissions_solr_document.fetch(edit_group_field,nil) == nil) ? [] : @permissions_solr_document.fetch(edit_group_field,nil))
     logger.debug("[CANCAN] edit_groups: #{eg.inspect}")
     return eg
   end
 
   # edit implies read, so read_groups is the union of edit and read groups
-  def read_groups(pid)
+  def read_groups
     read_group_field = Hydra.config[:permissions][:read][:group]
-    doc = permissions_doc(pid)
-    rg = edit_groups(pid) | ((doc == nil || doc.fetch(read_group_field,nil) == nil) ? [] : doc.fetch(read_group_field,nil))
+    rg = edit_groups | ((@permissions_solr_document == nil || @permissions_solr_document.fetch(read_group_field,nil) == nil) ? [] : @permissions_solr_document.fetch(read_group_field,nil))
     logger.debug("[CANCAN] read_groups: #{rg.inspect}")
     return rg
   end
 
-  def edit_persons(pid)
+  def edit_persons
     edit_person_field = Hydra.config[:permissions][:edit][:individual]
-    doc = permissions_doc(pid)
-    ep = ((doc == nil || doc.fetch(edit_person_field,nil) == nil) ? [] : doc.fetch(edit_person_field,nil))
+    ep = ((@permissions_solr_document == nil || @permissions_solr_document.fetch(edit_person_field,nil) == nil) ? [] : @permissions_solr_document.fetch(edit_person_field,nil))
     logger.debug("[CANCAN] edit_persons: #{ep.inspect}")
     return ep
   end
 
   # edit implies read, so read_persons is the union of edit and read persons
-  def read_persons(pid)
+  def read_persons
     read_individual_field = Hydra.config[:permissions][:read][:individual]
-    doc = permissions_doc(pid)
-    rp = edit_persons(pid) | ((doc == nil || doc.fetch(read_individual_field,nil) == nil) ? [] : doc.fetch(read_individual_field,nil))
+    rp = edit_persons | ((@permissions_solr_document == nil || @permissions_solr_document.fetch(read_individual_field,nil) == nil) ? [] : @permissions_solr_document.fetch(read_individual_field,nil))
     logger.debug("[CANCAN] read_persons: #{rp.inspect}")
     return rp
   end
 
-  
-  # get the currently configured user identifier.  Can be overridden to return whatever (ie. login, email, etc)
-  # defaults to using whatever you have set as the Devise authentication_key
-  def user_key(user)
-    ActiveSupport::Deprecation.warn("Ability#user_key is deprecated, call user.user_key instead", caller(1))
-    user.send(Devise.authentication_keys.first)
-  end
-
-
 end

data/lib/hydra/access_controls_enforcement.rb

@@ -89,22 +89,6 @@ module Hydra::AccessControlsEnforcement
   
   protected
 
-  def gated_discovery_filters
-    # Grant access to public content
-    permission_types = discovery_permissions
-    user_access_filters = []
-    
-    permission_types.each do |type|
-      user_access_filters << "#{type}_access_group_t:public"
-    end
-    
-    # Grant access based on user id & role
-    solr_access_filters_logic.each do |method_name|
-      user_access_filters += send(method_name, permission_types)
-    end
-    user_access_filters
-  end
-
   # If someone hits the show action while their session's viewing_context is in edit mode, 
   # this will redirect them to the edit action.
   # If they do not have sufficient privileges to edit documents, it will silently switch their session to browse mode.
@@ -227,10 +211,21 @@ module Hydra::AccessControlsEnforcement
   # @param user_parameters the current user-subitted parameters
   def apply_gated_discovery(solr_parameters, user_parameters)
     solr_parameters[:fq] ||= []
-    solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
+    # Grant access to public content
+    permission_types = discovery_permissions
+    user_access_filters = []
+    
+    permission_types.each do |type|
+      user_access_filters << "#{type}_access_group_t:public"
+    end
+    
+    # Grant access based on user id & role
+    solr_access_filters_logic.each do |method_name|
+      user_access_filters += send(method_name, permission_types)
+    end
+    solr_parameters[:fq] << user_access_filters.join(" OR ")
     logger.debug("Solr parameters: #{ solr_parameters.inspect }")
   end
-
   
   def apply_role_permissions(permission_types)
       # for roles

data/lib/hydra/policy_aware_ability.rb

@@ -2,24 +2,22 @@
 module Hydra::PolicyAwareAbility
   
   # Extends Hydra::Ability.test_edit to try policy controls if object-level controls deny access
-  def test_edit(pid, user=nil, session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to test_edit, use the instance_variables", caller) if user || session
+  def test_edit(pid)
     result = super
     if result 
       return result
     else
-      return test_edit_from_policy(pid, user, session)
+      return test_edit_from_policy(pid)
     end
   end
   
   # Extends Hydra::Ability.test_read to try policy controls if object-level controls deny access
-  def test_read(pid, user=nil, session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to test_read, use the instance_variables", caller) if user || session
+  def test_read(pid)
     result = super
     if result 
       return result
     else
-      return test_read_from_policy(pid, user, session)
+      return test_read_from_policy(pid)
     end
   end
   
@@ -39,39 +37,36 @@ module Hydra::PolicyAwareAbility
   
   # Returns the permissions solr document for policy_pid
   # The document is stored in an instance variable, so calling this multiple times will only query solr once.
-  # To force reload, set @policy_permissions_solr_cache to {} 
+  # To force reload, set @policy_permissions_solr_document to nil
   def policy_permissions_doc(policy_pid)
-    @policy_permissions_solr_cache ||= {}
-    return @policy_permissions_solr_cache[policy_pid] if @policy_permissions_solr_cache[policy_pid]
-    _, doc = get_permissions_solr_response_for_doc_id(policy_pid)
-    @policy_permissions_solr_cache[policy_pid] = doc
+    return @policy_permissions_solr_document if @policy_permissions_solr_document
+    response, @policy_permissions_solr_document = get_permissions_solr_response_for_doc_id(policy_pid)
+    @policy_permissions_solr_document
   end
   
   # Tests whether the object's governing policy object grants edit access for the current user
-  def test_edit_from_policy(object_pid, user=nil, session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to test_edit_from_policy, use the instance_variables", caller) if user || session
+  def test_edit_from_policy(object_pid)
     policy_pid = policy_pid_for(object_pid)
     if policy_pid.nil?
       return false
     else
-      logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide EDIT permissions for #{@user.user_key}?")
+      logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide EDIT permissions for #{current_user.user_key}?")
       group_intersection = user_groups & edit_groups_from_policy( policy_pid )
-      result = !group_intersection.empty? || edit_persons_from_policy( policy_pid ).include?(@user.user_key)
+      result = !group_intersection.empty? || edit_persons_from_policy( policy_pid ).include?(current_user.user_key)
       logger.debug("[CANCAN] -policy- decision: #{result}")
       return result
     end
   end   
   
   # Tests whether the object's governing policy object grants read access for the current user
-  def test_read_from_policy(object_pid, user=nil, session=nil)
-    ActiveSupport::Deprecation.warn("No need to pass user or session to test_read_from_policy, use the instance_variables", caller) if user || session
+  def test_read_from_policy(object_pid)
     policy_pid = policy_pid_for(object_pid)
     if policy_pid.nil?
       return false
     else
-      logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide READ permissions for #{@user.user_key}?")
+      logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide READ permissions for #{current_user.user_key}?")
       group_intersection = user_groups & read_groups_from_policy( policy_pid )
-      result = !group_intersection.empty? || read_persons_from_policy( policy_pid ).include?(@user.user_key)
+      result = !group_intersection.empty? || read_persons_from_policy( policy_pid ).include?(current_user.user_key)
       logger.debug("[CANCAN] -policy- decision: #{result}")
       result
     end

data/lib/hydra/policy_aware_access_controls_enforcement.rb

@@ -3,15 +3,15 @@ module Hydra::PolicyAwareAccessControlsEnforcement
   
   # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access
   # appends the result of policy_clauses into the :fq
-  # @param solr_parameters the current solr parameters
-  # @param user_parameters the current user-subitted parameters
   def apply_gated_discovery(solr_parameters, user_parameters)
-    solr_parameters[:fq] ||= []
-    solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
-    logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }")
+    super
+    additional_clauses = policy_clauses
+    unless additional_clauses.nil? || additional_clauses.empty?
+      solr_parameters[:fq].first << " OR " + additional_clauses
+      logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }")
+    end
   end
-
-
+  
   # returns solr query for finding all objects whose policies grant discover access to current_user
   def policy_clauses 
     policy_pids = policies_with_access
@@ -64,16 +64,5 @@ module Hydra::PolicyAwareAccessControlsEnforcement
       return Hydra.config[:permissions][:policy_class]
     end
   end
-
-  protected 
-
-  def gated_discovery_filters
-    filters = super
-    additional_clauses = policy_clauses
-    unless additional_clauses.blank?
-      filters << additional_clauses
-    end
-    filters
-  end
   
 end

data/spec/unit/ability_spec.rb

@@ -269,18 +269,120 @@ describe Ability do
 
   end
 
-  describe "calling ability on two separate objects" do
+  #
+  # Policy-based Access Controls
+  #
+  describe "When accessing assets with Policies associated" do
     before do
-      @asset1 = FactoryGirl.create(:org_read_access_asset)
-      @asset2 = FactoryGirl.create(:asset)
-      @user = FactoryGirl.build(:calvin_collaborator) # has access to @asset1, but not @asset2
+      @user = FactoryGirl.build(:martia_morocco)
+      RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
     end
     subject { Ability.new(@user) }
-    it "should be readable in the first instance and not in the second instance" do
-      # We had a bug around this where it keeps returning the access for the first object queried
-      subject.can?(:edit, @asset1).should be_true  
-      subject.can?(:edit, @asset2).should be_false  
+    context "Given a policy grants read access to a group I belong to" do
+      before do
+        @policy = Hydra::AdminPolicy.new
+        @policy.default_permissions = [{:type=>"group", :access=>"read", :name=>"africana-faculty"}]
+        @policy.save
+      end
+      after { @policy.delete }
+    	context "And a subscribing asset does not grant access" do
+    	  before do
+          @asset = ModsAsset.new()
+          @asset.admin_policy = @policy
+          @asset.save
+        end
+        after { @asset.delete }
+    		it "Then I should be able to view the asset" do
+    		  subject.can?(:read, @asset).should be_true
+  		  end
+        it "Then I should not be able to edit, update and destroy the asset" do
+          subject.can?(:edit, @asset).should be_false
+          subject.can?(:update, @asset).should be_false
+          subject.can?(:destroy, @asset).should be_false
+        end
+      end
+    end
+    context "Given a policy grants edit access to a group I belong to" do
+      before do
+        @policy = Hydra::AdminPolicy.new
+        @policy.default_permissions = [{:type=>"group", :access=>"edit", :name=>"africana-faculty"}]
+        @policy.save
+      end
+      after { @policy.delete }
+    	context "And a subscribing asset does not grant access" do
+    	  before do
+          @asset = ModsAsset.new()
+          @asset.admin_policy = @policy
+          @asset.save
+        end
+        after { @asset.delete }
+    		it "Then I should be able to view the asset" do
+    		  subject.can?(:read, @asset).should be_true
+  		  end
+    		it "Then I should be able to edit/update/destroy the asset" do
+          subject.can?(:edit, @asset).should be_true
+          subject.can?(:update, @asset).should be_true
+          subject.can?(:destroy, @asset).should be_true
+        end
+  		end
+    	context "And a subscribing asset grants read access to me as an individual" do
+    	  before do
+          @asset = ModsAsset.new()
+          @asset.read_users = [@user.uid]
+          @asset.admin_policy = @policy
+          @asset.save
+        end
+        after { @asset.delete }
+    		it "Then I should be able to view the asset" do
+    		  subject.can?(:read, @asset).should be_true
+  		  end
+        it "Then I should be able to edit/update/destroy the asset" do
+          subject.can?(:edit, @asset).should be_true
+          subject.can?(:update, @asset).should be_true
+          subject.can?(:destroy, @asset).should be_true
+        end
+      end
     end
-  end
 
+    context "Given a policy does not grant access to any group I belong to" do
+      before do
+        @policy = Hydra::AdminPolicy.new
+        @policy.save
+      end
+      after { @policy.delete }
+      context "And a subscribing asset does not grant access" do
+        before do
+          @asset = ModsAsset.new()
+          @asset.admin_policy = @policy
+          @asset.save
+        end
+        after { @asset.delete }
+  		  it "Then I should not be able to view the asset" do
+    		  subject.can?(:read, @asset).should be_false
+  		  end
+        it "Then I should not be able to edit/update/destroy the asset" do
+          subject.can?(:edit, @asset).should be_false
+          subject.can?(:update, @asset).should be_false
+          subject.can?(:destroy, @asset).should be_false
+        end
+      end
+      context "And a subscribing asset grants read access to me as an individual" do
+        before do
+          @asset = ModsAsset.new()
+          @asset.read_users = [@user.uid]
+          @asset.admin_policy = @policy
+          @asset.save
+        end
+        after { @asset.delete }
+  		  it "Then I should be able to view the asset" do
+    		  subject.can?(:read, @asset).should be_true
+  		  end
+        it "Then I should not be able to edit/update/destroy the asset" do
+          subject.can?(:edit, @asset).should be_false
+          subject.can?(:update, @asset).should be_false
+          subject.can?(:destroy, @asset).should be_false
+        end
+      end
+    end
+  end
 end

data/spec/unit/admin_policy_spec.rb

@@ -124,121 +124,5 @@ describe Hydra::AdminPolicy do
 
   end
 
-  #
-  # Policy-based Access Controls
-  #
-  describe "When accessing assets with Policies associated" do
-    before do
-      @user = FactoryGirl.build(:martia_morocco)
-      RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
-    end
-    subject { Ability.new(@user) }
-    context "Given a policy grants read access to a group I belong to" do
-      before do
-        @policy = Hydra::AdminPolicy.new
-        @policy.default_permissions = [{:type=>"group", :access=>"read", :name=>"africana-faculty"}]
-        @policy.save
-      end
-      after { @policy.delete }
-    	context "And a subscribing asset does not grant access" do
-    	  before do
-          @asset = ModsAsset.new()
-          @asset.admin_policy = @policy
-          @asset.save
-        end
-        after { @asset.delete }
-    		it "Then I should be able to view the asset" do
-    		  subject.can?(:read, @asset).should be_true
-  		  end
-        it "Then I should not be able to edit, update and destroy the asset" do
-          subject.can?(:edit, @asset).should be_false
-          subject.can?(:update, @asset).should be_false
-          subject.can?(:destroy, @asset).should be_false
-        end
-      end
-    end
-    context "Given a policy grants edit access to a group I belong to" do
-      before do
-        @policy = Hydra::AdminPolicy.new
-        @policy.default_permissions = [{:type=>"group", :access=>"edit", :name=>"africana-faculty"}]
-        @policy.save
-      end
-      after { @policy.delete }
-    	context "And a subscribing asset does not grant access" do
-    	  before do
-          @asset = ModsAsset.new()
-          @asset.admin_policy = @policy
-          @asset.save
-        end
-        after { @asset.delete }
-    		it "Then I should be able to view the asset" do
-    		  subject.can?(:read, @asset).should be_true
-  		  end
-    		it "Then I should be able to edit/update/destroy the asset" do
-          subject.can?(:edit, @asset).should be_true
-          subject.can?(:update, @asset).should be_true
-          subject.can?(:destroy, @asset).should be_true
-        end
-  		end
-    	context "And a subscribing asset grants read access to me as an individual" do
-    	  before do
-          @asset = ModsAsset.new()
-          @asset.read_users = [@user.uid]
-          @asset.admin_policy = @policy
-          @asset.save
-        end
-        after { @asset.delete }
-    		it "Then I should be able to view the asset" do
-    		  subject.can?(:read, @asset).should be_true
-  		  end
-        it "Then I should be able to edit/update/destroy the asset" do
-          subject.can?(:edit, @asset).should be_true
-          subject.can?(:update, @asset).should be_true
-          subject.can?(:destroy, @asset).should be_true
-        end
-      end
-    end
-
-    context "Given a policy does not grant access to any group I belong to" do
-      before do
-        @policy = Hydra::AdminPolicy.new
-        @policy.save
-      end
-      after { @policy.delete }
-      context "And a subscribing asset does not grant access" do
-        before do
-          @asset = ModsAsset.new()
-          @asset.admin_policy = @policy
-          @asset.save
-        end
-        after { @asset.delete }
-  		  it "Then I should not be able to view the asset" do
-    		  subject.can?(:read, @asset).should be_false
-  		  end
-        it "Then I should not be able to edit/update/destroy the asset" do
-          subject.can?(:edit, @asset).should be_false
-          subject.can?(:update, @asset).should be_false
-          subject.can?(:destroy, @asset).should be_false
-        end
-      end
-      context "And a subscribing asset grants read access to me as an individual" do
-        before do
-          @asset = ModsAsset.new()
-          @asset.read_users = [@user.uid]
-          @asset.admin_policy = @policy
-          @asset.save
-        end
-        after { @asset.delete }
-  		  it "Then I should be able to view the asset" do
-    		  subject.can?(:read, @asset).should be_true
-  		  end
-        it "Then I should not be able to edit/update/destroy the asset" do
-          subject.can?(:edit, @asset).should be_false
-          subject.can?(:update, @asset).should be_false
-          subject.can?(:destroy, @asset).should be_false
-        end
-      end
-    end
-  end
 
 end

metadata

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 5.4.1
+  version: 6.0.0.pre1
+  prerelease: 6
 platform: ruby
 authors:
 - Chris Beer
@@ -10,104 +11,118 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-25 00:00:00.000000000 Z
+date: 2013-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: active-fedora
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: cancan
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: deprecation
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: blacklight
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Access controls for project hydra
@@ -158,26 +173,27 @@ files:
 - tasks/hydra-access-controls.rake
 homepage: http://projecthydra.org
 licenses: []
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 1.8.24
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Access controls for project hydra
 test_files:
 - spec/factories.rb

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: fb5798a1c238c4a1a8cdff7d57bf8e318788f5ce
-  data.tar.gz: ca2650d4190dceb65aa2c799ad831e4cba980d7b
-SHA512:
-  metadata.gz: 1584f38fd4cbc2f2c13e0f05e0a4904489c99cedfb85e7c07cca7c254c2760db9d2e2a3a737cef1ea3169e6e163144bf2a66c80c02d9c1eca573d00c32a4391c
-  data.tar.gz: e05a9e7648d05db52a44eb623fe41a93de39fbe75a2e342d7c872cec81153eb5f7842d6c4fc7daf3f1481b6d775778a2723cd05ce87b9adca71dc5c7f130266f