hydra-access-controls 6.0.0.pre3 → 6.0.0.pre4

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,7 +1,4 @@
1
1
  require 'active_support'
2
- # TODO would it be possible to put the require fedora in an after_initialize block like this?
3
- #ActiveSupport.on_load(:after_initialize) do
4
- # This would allow solrizer to load it's config files after the rails logger is up.
5
2
  require 'active-fedora'
6
3
  require 'cancan'
7
4
  require 'rails'
@@ -17,6 +14,8 @@ module Hydra
17
14
  autoload :PolicyAwareAbility
18
15
  autoload :AdminPolicy
19
16
  autoload :RoleMapperBehavior
17
+ autoload :PermissionsQuery
18
+ autoload :PermissionsSolrDocument
20
19
  class Engine < Rails::Engine
21
20
  end
22
21
 
data/lib/hydra/ability.rb CHANGED
@@ -9,7 +9,7 @@ module Hydra::Ability
9
9
 
10
10
  included do
11
11
  include CanCan::Ability
12
- include Hydra::AccessControlsEnforcement
12
+ include Hydra::PermissionsQuery
13
13
  include Blacklight::SolrHelper
14
14
  class_attribute :ability_logic
15
15
  self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :custom_permissions]
@@ -92,13 +92,6 @@ module Hydra::Ability
92
92
 
93
93
  protected
94
94
 
95
- def permissions_doc(pid)
96
- return @permissions_solr_document if @permissions_solr_document
97
- response, @permissions_solr_document = get_permissions_solr_response_for_doc_id(pid)
98
- @permissions_solr_document
99
- end
100
-
101
-
102
95
  def test_edit(pid)
103
96
  permissions_doc(pid)
104
97
  logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
@@ -116,7 +109,7 @@ module Hydra::Ability
116
109
  logger.debug("[CANCAN] decision: #{result}")
117
110
  result
118
111
  end
119
-
112
+
120
113
  def edit_groups
121
114
  edit_group_field = Hydra.config[:permissions][:edit][:group]
122
115
  eg = ((@permissions_solr_document == nil || @permissions_solr_document.fetch(edit_group_field,nil) == nil) ? [] : @permissions_solr_document.fetch(edit_group_field,nil))
@@ -1,11 +1,10 @@
1
1
  module Hydra::AccessControlsEnforcement
2
2
  extend ActiveSupport::Concern
3
- extend Deprecation
4
- self.deprecation_horizon = "hydra-access-controls 6.0"
5
3
 
6
4
  included do
7
5
  include Hydra::AccessControlsEvaluation
8
6
  include Blacklight::SolrHelper # for force_to_utf8
7
+ include Hydra::PermissionsQuery
9
8
  class_attribute :solr_access_filters_logic
10
9
 
11
10
  # Set defaults. Each symbol identifies a _method_ that must be in
@@ -18,99 +17,9 @@ module Hydra::AccessControlsEnforcement
18
17
 
19
18
  end
20
19
 
21
- #
22
- # Access Controls Enforcement Filters
23
- #
24
-
25
- # Controller "before" filter that delegates enforcement based on the controller action
26
- # Action-specific implementations are enforce_index_permissions, enforce_show_permissions, etc.
27
- # @param [Hash] opts (optional, not currently used)
28
- #
29
- # @example
30
- # class CatalogController < ApplicationController
31
- # before_filter :enforce_access_controls
32
- # end
33
- #
34
- # @deprecated HYDRA-886 Blacklight is now using Catalog#update to store pagination info, so we don't want to enforce_edit_permissions on it. Instead just call before_filter :enforce_show_permissions, :only=>:show. Move all Edit/Update/Delete methods into non-catalog backed controllers.
35
- def enforce_access_controls(opts={})
36
- controller_action = params[:action].to_s
37
- delegate_method = "enforce_#{controller_action}_permissions"
38
- if self.respond_to?(delegate_method.to_sym, true)
39
- self.send(delegate_method.to_sym)
40
- else
41
- true
42
- end
43
- end
44
- deprecation_deprecate :enforce_access_controls
45
-
46
-
47
- #
48
- # Solr integration
49
- #
50
-
51
- # returns a params hash with the permissions info for a single solr document
52
- # If the id arg is nil, then the value is fetched from params[:id]
53
- # This method is primary called by the get_permissions_solr_response_for_doc_id method.
54
- # Modeled on Blacklight::SolrHelper.solr_doc_params
55
- # @param [String] id of the documetn to retrieve
56
- def permissions_solr_doc_params(id=nil)
57
- id ||= params[:id]
58
- # just to be consistent with the other solr param methods:
59
- {
60
- :qt => :permissions,
61
- :id => id # this assumes the document request handler will map the 'id' param to the unique key field
62
- }
63
- end
64
-
65
- # a solr query method
66
- # retrieve a solr document, given the doc id
67
- # Modeled on Blacklight::SolrHelper.get_permissions_solr_response_for_doc_id
68
- # @param [String] id of the documetn to retrieve
69
- # @param [Hash] extra_controller_params (optional)
70
- def get_permissions_solr_response_for_doc_id(id=nil, extra_controller_params={})
71
- raise Blacklight::Exceptions::InvalidSolrID.new("The application is trying to retrieve permissions without specifying an asset id") if id.nil?
72
- #solr_response = Blacklight.solr.get permissions_solr_doc_params(id).merge(extra_controller_params)
73
- #path = blacklight_config.solr_path
74
- solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
75
- response = Blacklight.solr.get('select', :params=> solr_opts)
76
- solr_response = Blacklight::SolrResponse.new(force_to_utf8(response), solr_opts)
77
-
78
- raise Blacklight::Exceptions::InvalidSolrID.new("The solr permissions search handler didn't return anything for id \"#{id}\"") if solr_response.docs.empty?
79
- document = SolrDocument.new(solr_response.docs.first, solr_response)
80
- [solr_response, document]
81
- end
82
-
83
- # Loads permissions info into @permissions_solr_response and @permissions_solr_document
84
- def load_permissions_from_solr(id=params[:id], extra_controller_params={})
85
- unless !@permissions_solr_document.nil? && !@permissions_solr_response.nil?
86
- @permissions_solr_response, @permissions_solr_document = get_permissions_solr_response_for_doc_id(id, extra_controller_params)
87
- end
88
- end
89
-
90
20
  protected
91
21
 
92
- # If someone hits the show action while their session's viewing_context is in edit mode,
93
- # this will redirect them to the edit action.
94
- # If they do not have sufficient privileges to edit documents, it will silently switch their session to browse mode.
95
- # @deprecated this is a vestige of the old workflow, which is being removed from hydra-head
96
- def enforce_viewing_context_for_show_requests
97
- if params[:viewing_context] == "browse"
98
- session[:viewing_context] = params[:viewing_context]
99
- elsif session[:viewing_context] == "edit"
100
- if can? :edit, params[:id]
101
- logger.debug("enforce_viewing_context_for_show_requests redirecting to edit")
102
- if params[:files]
103
- redirect_to :action=>:edit, :files=>true
104
- else
105
- redirect_to :action=>:edit
106
- end
107
- else
108
- session[:viewing_context] = "browse"
109
- end
110
- end
111
- end
112
- deprecation_deprecate :enforce_viewing_context_for_show_requests
113
-
22
+
114
23
  #
115
24
  # Action-specific enforcement
116
25
  #
@@ -118,71 +27,18 @@ module Hydra::AccessControlsEnforcement
118
27
  # Controller "before" filter for enforcing access controls on show actions
119
28
  # @param [Hash] opts (optional, not currently used)
120
29
  def enforce_show_permissions(opts={})
121
- load_permissions_from_solr
122
- access_key = ActiveFedora::SolrService.solr_name("access", Hydra::Datastream::RightsMetadata.indexer)
123
- embargo_key = ActiveFedora::SolrService.solr_name("embargo_release_date", Hydra::Datastream::RightsMetadata.date_indexer)
124
- unless @permissions_solr_document[access_key] && (@permissions_solr_document[access_key].first == "public" || @permissions_solr_document[access_key].first == "Public")
125
- if @permissions_solr_document[embargo_key]
126
- embargo_date = Date.parse(@permissions_solr_document[embargo_key].split(/T/)[0])
127
- if embargo_date > Date.parse(Time.now.to_s)
128
- unless can?(:edit, params[:id])
129
- raise Hydra::AccessDenied.new("This item is under embargo. You do not have sufficient access privileges to read this document.", :edit, params[:id])
130
- end
131
- end
30
+ permissions = permissions_doc(params[:id])
31
+ unless permissions.is_public?
32
+ #its not 'public'
33
+ if permissions.under_embargo? && !can?(:edit, permissions)
34
+ raise Hydra::AccessDenied.new("This item is under embargo. You do not have sufficient access privileges to read this document.", :edit, params[:id])
132
35
  end
133
- unless can? :read, params[:id]
36
+ unless can? :read, permissions
134
37
  raise Hydra::AccessDenied.new("You do not have sufficient access privileges to read this document, which has been marked private.", :read, params[:id])
135
38
  end
136
39
  end
137
40
  end
138
41
 
139
- # Controller "before" filter for enforcing access controls on edit actions
140
- # @param [Hash] opts (optional, not currently used)
141
- def enforce_edit_permissions(opts={})
142
- logger.debug("Enforcing edit permissions")
143
- load_permissions_from_solr
144
- if !can? :edit, params[:id]
145
- session[:viewing_context] = "browse"
146
- raise Hydra::AccessDenied.new("You do not have sufficient privileges to edit this document. You have been redirected to the read-only view.", :edit, params[:id])
147
- else
148
- session[:viewing_context] = "edit"
149
- end
150
- end
151
- deprecation_deprecate :enforce_edit_permissions
152
-
153
- ## This method is here for you to override
154
- def enforce_create_permissions(opts={})
155
- logger.debug("Enforcing create permissions")
156
- if !can? :create, ActiveFedora::Base.new
157
- raise Hydra::AccessDenied.new "You do not have sufficient privileges to create a new document."
158
- end
159
- end
160
- deprecation_deprecate :enforce_create_permissions
161
-
162
- ## proxies to enforce_edit_permssions. This method is here for you to override
163
- def enforce_update_permissions(opts={})
164
- enforce_edit_permissions(opts)
165
- end
166
-
167
- ## proxies to enforce_edit_permssions. This method is here for you to override
168
- def enforce_destroy_permissions(opts={})
169
- enforce_edit_permissions(opts)
170
- end
171
-
172
- ## proxies to enforce_edit_permssions. This method is here for you to override
173
- def enforce_new_permissions(opts={})
174
- enforce_create_permissions(opts)
175
- end
176
-
177
- # Controller "before" filter for enforcing access controls on index actions
178
- # Currently does nothing, instead relies on
179
- # @param [Hash] opts (optional, not currently used)
180
- def enforce_index_permissions(opts={})
181
- # Do nothing. Relies on add_access_controls_to_solr_params being in the Controller's solr_search_params_logic
182
- return true
183
- end
184
-
185
- #
186
42
  # Solr query modifications
187
43
  #
188
44
 
@@ -261,16 +117,6 @@ module Hydra::AccessControlsEnforcement
261
117
  []
262
118
  end
263
119
 
264
- # proxy for {enforce_index_permissions}
265
- def enforce_search_permissions
266
- enforce_index_permissions
267
- end
268
-
269
- # proxy for {enforce_show_permissions}
270
- def enforce_read_permissions
271
- enforce_show_permissions
272
- end
273
-
274
120
  # This filters out objects that you want to exclude from search results. By default it only excludes FileAssets
275
121
  # @param solr_parameters the current solr parameters
276
122
  # @param user_parameters the current user-subitted parameters
@@ -0,0 +1,45 @@
1
+ module Hydra::PermissionsQuery
2
+
3
+ def permissions_doc(pid)
4
+ @permissions_solr_document ||= get_permissions_solr_response_for_doc_id(pid)
5
+ end
6
+
7
+
8
+ protected
9
+
10
+ # a solr query method
11
+ # retrieve a solr document, given the doc id
12
+ # Modeled on Blacklight::SolrHelper.get_permissions_solr_response_for_doc_id
13
+ # @param [String] id of the documetn to retrieve
14
+ # @param [Hash] extra_controller_params (optional)
15
+ def get_permissions_solr_response_for_doc_id(id=nil, extra_controller_params={})
16
+ raise Blacklight::Exceptions::InvalidSolrID.new("The application is trying to retrieve permissions without specifying an asset id") if id.nil?
17
+ #solr_response = Blacklight.solr.get permissions_solr_doc_params(id).merge(extra_controller_params)
18
+ #path = blacklight_config.solr_path
19
+ solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
20
+ response = Blacklight.solr.get('select', :params=> solr_opts)
21
+ solr_response = Blacklight::SolrResponse.new(force_to_utf8(response), solr_opts)
22
+
23
+ raise Blacklight::Exceptions::InvalidSolrID.new("The solr permissions search handler didn't return anything for id \"#{id}\"") if solr_response.docs.empty?
24
+ Hydra::PermissionsSolrDocument.new(solr_response.docs.first, solr_response)
25
+ end
26
+
27
+ #
28
+ # Solr integration
29
+ #
30
+
31
+ # returns a params hash with the permissions info for a single solr document
32
+ # If the id arg is nil, then the value is fetched from params[:id]
33
+ # This method is primary called by the get_permissions_solr_response_for_doc_id method.
34
+ # Modeled on Blacklight::SolrHelper.solr_doc_params
35
+ # @param [String] id of the documetn to retrieve
36
+ def permissions_solr_doc_params(id=nil)
37
+ id ||= params[:id]
38
+ # just to be consistent with the other solr param methods:
39
+ {
40
+ :qt => :permissions,
41
+ :id => id # this assumes the document request handler will map the 'id' param to the unique key field
42
+ }
43
+ end
44
+
45
+ end
@@ -0,0 +1,19 @@
1
+ class Hydra::PermissionsSolrDocument < SolrDocument
2
+ def under_embargo?
3
+ #permissions = permissions_doc(params[:id])
4
+ embargo_key = ActiveFedora::SolrService.solr_name("embargo_release_date", Hydra::Datastream::RightsMetadata.date_indexer)
5
+ if self[embargo_key]
6
+ embargo_date = Date.parse(self[embargo_key].split(/T/)[0])
7
+ return embargo_date > Date.parse(Time.now.to_s)
8
+ end
9
+ false
10
+ end
11
+
12
+ def is_public?
13
+ access_key = ActiveFedora::SolrService.solr_name("access", Hydra::Datastream::RightsMetadata.indexer)
14
+ self[access_key].present? && self[access_key].first.downcase == "public"
15
+ end
16
+
17
+
18
+ end
19
+
@@ -40,9 +40,7 @@ module Hydra::PolicyAwareAbility
40
40
  # The document is stored in an instance variable, so calling this multiple times will only query solr once.
41
41
  # To force reload, set @policy_permissions_solr_document to nil
42
42
  def policy_permissions_doc(policy_pid)
43
- return @policy_permissions_solr_document if @policy_permissions_solr_document
44
- response, @policy_permissions_solr_document = get_permissions_solr_response_for_doc_id(policy_pid)
45
- @policy_permissions_solr_document
43
+ @policy_permissions_solr_document ||= get_permissions_solr_response_for_doc_id(policy_pid)
46
44
  end
47
45
 
48
46
  # Tests whether the object's governing policy object grants edit access for the current user
@@ -67,44 +67,28 @@ describe Hydra::AccessControlsEnforcement do
67
67
  end
68
68
  end
69
69
 
70
- describe "enforce_access_controls" do
71
- describe "when the method exists" do
72
- it "should call the method" do
73
- Deprecation.stub(:warn)
74
- subject.params = {:action => :index}
75
- subject.enforce_access_controls.should be_true
76
- end
77
- end
78
- describe "when the method doesn't exist" do
79
- it "should not call the method, but should return true" do
80
- Deprecation.stub(:warn)
81
- subject.params = {:action => :facet}
82
- subject.enforce_access_controls.should be_true
83
- end
84
- end
85
- end
86
70
  describe "enforce_show_permissions" do
87
71
  it "should allow a user w/ edit permissions to view an embargoed object" do
88
72
  user = User.new :uid=>'testuser@example.com'
89
73
  RoleMapper.stub(:roles).with(user.user_key).and_return(["archivist"])
90
74
  subject.stub(:current_user).and_return(user)
91
- subject.should_receive(:can?).with(:edit, nil).and_return(true)
92
75
  subject.stub(:can?).with(:read, nil).and_return(true)
93
- subject.instance_variable_set :@permissions_solr_document, SolrDocument.new({"edit_access_person_tsim"=>["testuser@example.com"], "embargo_release_date_dtsi"=>(Date.parse(Time.now.to_s)+2).to_s})
76
+ stub_doc = Hydra::PermissionsSolrDocument.new({"edit_access_person_tsim"=>["testuser@example.com"], "embargo_release_date_dtsi"=>(Date.parse(Time.now.to_s)+2).to_s})
94
77
 
95
78
  subject.params = {}
96
- subject.should_receive(:load_permissions_from_solr) #This is what normally sets @permissions_solr_document
79
+ subject.should_receive(:can?).with(:edit, stub_doc).and_return(true)
80
+ subject.should_receive(:get_permissions_solr_response_for_doc_id).and_return(stub_doc)
97
81
  lambda {subject.send(:enforce_show_permissions, {}) }.should_not raise_error Hydra::AccessDenied
98
82
  end
99
83
  it "should prevent a user w/o edit permissions from viewing an embargoed object" do
100
84
  user = User.new :uid=>'testuser@example.com'
101
85
  RoleMapper.stub(:roles).with(user.user_key).and_return([])
102
86
  subject.stub(:current_user).and_return(user)
103
- subject.should_receive(:can?).with(:edit, nil).and_return(false)
104
87
  subject.stub(:can?).with(:read, nil).and_return(true)
105
88
  subject.params = {}
106
- subject.instance_variable_set :@permissions_solr_document, SolrDocument.new({"edit_access_person_tsim"=>["testuser@example.com"], "embargo_release_date_dtsi"=>(Date.parse(Time.now.to_s)+2).to_s})
107
- subject.should_receive(:load_permissions_from_solr) #This is what normally sets @permissions_solr_document
89
+ stub_doc = Hydra::PermissionsSolrDocument.new({"edit_access_person_tsim"=>["testuser@example.com"], "embargo_release_date_dtsi"=>(Date.parse(Time.now.to_s)+2).to_s})
90
+ subject.should_receive(:can?).with(:edit, stub_doc).and_return(false)
91
+ subject.should_receive(:get_permissions_solr_response_for_doc_id).and_return(stub_doc)
108
92
  lambda {subject.send(:enforce_show_permissions, {})}.should raise_error Hydra::AccessDenied, "This item is under embargo. You do not have sufficient access privileges to read this document."
109
93
  end
110
94
  end
@@ -51,7 +51,7 @@ describe Hydra::PolicyAwareAbility do
51
51
 
52
52
  describe "policy_permissions_doc" do
53
53
  it "should retrieve the permissions doc for the current object's policy and store for re-use" do
54
- subject.should_receive(:get_permissions_solr_response_for_doc_id).with(@policy.pid).once.and_return(["response", "mock solr doc"])
54
+ subject.should_receive(:get_permissions_solr_response_for_doc_id).with(@policy.pid).once.and_return("mock solr doc")
55
55
  subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
56
56
  subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
57
57
  subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.0.pre3
4
+ version: 6.0.0.pre4
5
5
  prerelease: 6
6
6
  platform: ruby
7
7
  authors:
@@ -11,14 +11,14 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2013-01-25 00:00:00.000000000 Z
14
+ date: 2013-01-30 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: activesupport
18
18
  requirement: !ruby/object:Gem::Requirement
19
19
  none: false
20
20
  requirements:
21
- - - ! '>='
21
+ - - ">="
22
22
  - !ruby/object:Gem::Version
23
23
  version: '0'
24
24
  type: :runtime
@@ -26,7 +26,7 @@ dependencies:
26
26
  version_requirements: !ruby/object:Gem::Requirement
27
27
  none: false
28
28
  requirements:
29
- - - ! '>='
29
+ - - ">="
30
30
  - !ruby/object:Gem::Version
31
31
  version: '0'
32
32
  - !ruby/object:Gem::Dependency
@@ -34,7 +34,7 @@ dependencies:
34
34
  requirement: !ruby/object:Gem::Requirement
35
35
  none: false
36
36
  requirements:
37
- - - ! '>='
37
+ - - ">="
38
38
  - !ruby/object:Gem::Version
39
39
  version: 6.0.0.pre3
40
40
  type: :runtime
@@ -42,7 +42,7 @@ dependencies:
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  none: false
44
44
  requirements:
45
- - - ! '>='
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: 6.0.0.pre3
48
48
  - !ruby/object:Gem::Dependency
@@ -50,7 +50,7 @@ dependencies:
50
50
  requirement: !ruby/object:Gem::Requirement
51
51
  none: false
52
52
  requirements:
53
- - - ! '>='
53
+ - - ">="
54
54
  - !ruby/object:Gem::Version
55
55
  version: '0'
56
56
  type: :runtime
@@ -58,7 +58,7 @@ dependencies:
58
58
  version_requirements: !ruby/object:Gem::Requirement
59
59
  none: false
60
60
  requirements:
61
- - - ! '>='
61
+ - - ">="
62
62
  - !ruby/object:Gem::Version
63
63
  version: '0'
64
64
  - !ruby/object:Gem::Dependency
@@ -66,7 +66,7 @@ dependencies:
66
66
  requirement: !ruby/object:Gem::Requirement
67
67
  none: false
68
68
  requirements:
69
- - - ! '>='
69
+ - - ">="
70
70
  - !ruby/object:Gem::Version
71
71
  version: '0'
72
72
  type: :runtime
@@ -74,7 +74,7 @@ dependencies:
74
74
  version_requirements: !ruby/object:Gem::Requirement
75
75
  none: false
76
76
  requirements:
77
- - - ! '>='
77
+ - - ">="
78
78
  - !ruby/object:Gem::Version
79
79
  version: '0'
80
80
  - !ruby/object:Gem::Dependency
@@ -82,7 +82,7 @@ dependencies:
82
82
  requirement: !ruby/object:Gem::Requirement
83
83
  none: false
84
84
  requirements:
85
- - - ! '>='
85
+ - - ">="
86
86
  - !ruby/object:Gem::Version
87
87
  version: '0'
88
88
  type: :runtime
@@ -90,7 +90,7 @@ dependencies:
90
90
  version_requirements: !ruby/object:Gem::Requirement
91
91
  none: false
92
92
  requirements:
93
- - - ! '>='
93
+ - - ">="
94
94
  - !ruby/object:Gem::Version
95
95
  version: '0'
96
96
  - !ruby/object:Gem::Dependency
@@ -98,7 +98,7 @@ dependencies:
98
98
  requirement: !ruby/object:Gem::Requirement
99
99
  none: false
100
100
  requirements:
101
- - - ! '>='
101
+ - - ">="
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0'
104
104
  type: :development
@@ -106,7 +106,7 @@ dependencies:
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  none: false
108
108
  requirements:
109
- - - ! '>='
109
+ - - ">="
110
110
  - !ruby/object:Gem::Version
111
111
  version: '0'
112
112
  - !ruby/object:Gem::Dependency
@@ -114,7 +114,7 @@ dependencies:
114
114
  requirement: !ruby/object:Gem::Requirement
115
115
  none: false
116
116
  requirements:
117
- - - ! '>='
117
+ - - ">="
118
118
  - !ruby/object:Gem::Version
119
119
  version: '0'
120
120
  type: :development
@@ -122,7 +122,7 @@ dependencies:
122
122
  version_requirements: !ruby/object:Gem::Requirement
123
123
  none: false
124
124
  requirements:
125
- - - ! '>='
125
+ - - ">="
126
126
  - !ruby/object:Gem::Version
127
127
  version: '0'
128
128
  description: Access controls for project hydra
@@ -148,6 +148,8 @@ files:
148
148
  - lib/hydra/datastream/inheritable_rights_metadata.rb
149
149
  - lib/hydra/datastream/rights_metadata.rb
150
150
  - lib/hydra/model_mixins/rights_metadata.rb
151
+ - lib/hydra/permissions_query.rb
152
+ - lib/hydra/permissions_solr_document.rb
151
153
  - lib/hydra/policy_aware_ability.rb
152
154
  - lib/hydra/policy_aware_access_controls_enforcement.rb
153
155
  - lib/hydra/role_mapper_behavior.rb
@@ -180,18 +182,18 @@ require_paths:
180
182
  required_ruby_version: !ruby/object:Gem::Requirement
181
183
  none: false
182
184
  requirements:
183
- - - ! '>='
185
+ - - ">="
184
186
  - !ruby/object:Gem::Version
185
187
  version: 1.9.3
186
188
  required_rubygems_version: !ruby/object:Gem::Requirement
187
189
  none: false
188
190
  requirements:
189
- - - ! '>'
191
+ - - ">"
190
192
  - !ruby/object:Gem::Version
191
193
  version: 1.3.1
192
194
  requirements: []
193
195
  rubyforge_project:
194
- rubygems_version: 1.8.24
196
+ rubygems_version: 1.8.25
195
197
  signing_key:
196
198
  specification_version: 3
197
199
  summary: Access controls for project hydra