hydra-access-controls 6.0.0.pre8 → 6.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/hydra-access-controls.gemspec +1 -1
- data/lib/hydra-access-controls.rb +1 -0
- data/lib/hydra/ability.rb +136 -135
- data/lib/hydra/datastream/rights_metadata.rb +1 -1
- data/lib/hydra/permissions_cache.rb +16 -0
- data/lib/hydra/permissions_query.rb +48 -43
- data/spec/unit/access_controls_enforcement_spec.rb +1 -0
- metadata +21 -20
@@ -18,7 +18,7 @@ Gem::Specification.new do |gem|
|
|
18
18
|
gem.required_ruby_version = '>= 1.9.3'
|
19
19
|
|
20
20
|
gem.add_dependency 'activesupport'
|
21
|
-
gem.add_dependency "active-fedora", '>= 6.0.0.
|
21
|
+
gem.add_dependency "active-fedora", '>= 6.0.0.rc2'
|
22
22
|
gem.add_dependency 'cancan'
|
23
23
|
gem.add_dependency 'deprecation'
|
24
24
|
gem.add_dependency 'blacklight'
|
data/lib/hydra/ability.rb
CHANGED
@@ -1,162 +1,163 @@
|
|
1
1
|
# Code for [CANCAN] access to Hydra models
|
2
2
|
require 'cancan'
|
3
|
-
module Hydra
|
4
|
-
|
5
|
-
|
6
|
-
# once you include Hydra::Ability you can add custom permission methods by appending to ability_logic like so:
|
7
|
-
#
|
8
|
-
# self.ability_logic +=[:setup_my_permissions]
|
9
|
-
|
10
|
-
included do
|
11
|
-
include CanCan::Ability
|
12
|
-
include Hydra::PermissionsQuery
|
13
|
-
include Blacklight::SolrHelper
|
14
|
-
class_attribute :ability_logic
|
15
|
-
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :custom_permissions]
|
16
|
-
end
|
17
|
-
|
18
|
-
def self.user_class
|
19
|
-
Hydra.config[:user_model] ? Hydra.config[:user_model].constantize : ::User
|
20
|
-
end
|
21
|
-
|
22
|
-
attr_reader :current_user, :session
|
23
|
-
|
24
|
-
def initialize(user, session=nil)
|
25
|
-
@current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
|
26
|
-
@user = @current_user # just in case someone was using this in an override. Just don't.
|
27
|
-
@session = session
|
28
|
-
hydra_default_permissions()
|
29
|
-
end
|
30
|
-
|
31
|
-
## You can override this method if you are using a different AuthZ (such as LDAP)
|
32
|
-
def user_groups
|
33
|
-
return @user_groups if @user_groups
|
3
|
+
module Hydra
|
4
|
+
module Ability
|
5
|
+
extend ActiveSupport::Concern
|
34
6
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
def hydra_default_permissions
|
48
|
-
logger.debug("Usergroups are " + user_groups.inspect)
|
49
|
-
self.ability_logic.each do |method|
|
50
|
-
send(method)
|
7
|
+
# once you include Hydra::Ability you can add custom permission methods by appending to ability_logic like so:
|
8
|
+
#
|
9
|
+
# self.ability_logic +=[:setup_my_permissions]
|
10
|
+
|
11
|
+
included do
|
12
|
+
include CanCan::Ability
|
13
|
+
include Hydra::PermissionsQuery
|
14
|
+
include Blacklight::SolrHelper
|
15
|
+
class_attribute :ability_logic
|
16
|
+
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :custom_permissions]
|
51
17
|
end
|
52
|
-
end
|
53
18
|
|
54
|
-
|
55
|
-
|
56
|
-
|
19
|
+
def self.user_class
|
20
|
+
Hydra.config[:user_model] ? Hydra.config[:user_model].constantize : ::User
|
21
|
+
end
|
57
22
|
|
58
|
-
|
59
|
-
can [:edit, :update, :destroy], String do |pid|
|
60
|
-
test_edit(pid)
|
61
|
-
end
|
23
|
+
attr_reader :current_user, :session
|
62
24
|
|
63
|
-
|
64
|
-
|
25
|
+
def initialize(user, session=nil)
|
26
|
+
@current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
|
27
|
+
@user = @current_user # just in case someone was using this in an override. Just don't.
|
28
|
+
@session = session
|
29
|
+
hydra_default_permissions()
|
65
30
|
end
|
66
|
-
|
67
|
-
can :edit, SolrDocument do |obj|
|
68
|
-
@permission_doc_cache[obj.id] = obj
|
69
|
-
test_edit(obj.id)
|
70
|
-
end
|
71
|
-
end
|
72
31
|
|
73
|
-
|
74
|
-
|
75
|
-
|
32
|
+
## You can override this method if you are using a different AuthZ (such as LDAP)
|
33
|
+
def user_groups
|
34
|
+
return @user_groups if @user_groups
|
35
|
+
|
36
|
+
@user_groups = default_user_groups
|
37
|
+
@user_groups |= current_user.groups if current_user and current_user.respond_to? :groups
|
38
|
+
@user_groups |= ['registered'] unless current_user.new_record?
|
39
|
+
@user_groups
|
76
40
|
end
|
77
41
|
|
78
|
-
|
79
|
-
|
80
|
-
|
42
|
+
def default_user_groups
|
43
|
+
# # everyone is automatically a member of the group 'public'
|
44
|
+
['public']
|
45
|
+
end
|
81
46
|
|
82
|
-
can :read, SolrDocument do |obj|
|
83
|
-
@permission_doc_cache[obj.id] = obj
|
84
|
-
test_read(obj.id)
|
85
|
-
end
|
86
|
-
end
|
87
47
|
|
48
|
+
def hydra_default_permissions
|
49
|
+
logger.debug("Usergroups are " + user_groups.inspect)
|
50
|
+
self.ability_logic.each do |method|
|
51
|
+
send(method)
|
52
|
+
end
|
53
|
+
end
|
88
54
|
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
protected
|
94
|
-
|
95
|
-
def test_edit(pid)
|
96
|
-
logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
|
97
|
-
group_intersection = user_groups & edit_groups(pid)
|
98
|
-
result = !group_intersection.empty? || edit_persons(pid).include?(current_user.user_key)
|
99
|
-
logger.debug("[CANCAN] decision: #{result}")
|
100
|
-
result
|
101
|
-
end
|
102
|
-
|
103
|
-
def test_read(pid)
|
104
|
-
logger.debug("[CANCAN] Checking read permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
|
105
|
-
group_intersection = user_groups & read_groups(pid)
|
106
|
-
result = !group_intersection.empty? || read_persons(pid).include?(current_user.user_key)
|
107
|
-
result
|
108
|
-
end
|
109
|
-
|
110
|
-
def edit_groups(pid)
|
111
|
-
doc = permissions_doc(pid)
|
112
|
-
return [] if doc.nil?
|
113
|
-
eg = doc[self.class.edit_group_field] || []
|
114
|
-
logger.debug("[CANCAN] edit_groups: #{eg.inspect}")
|
115
|
-
return eg
|
116
|
-
end
|
55
|
+
def create_permissions
|
56
|
+
can :create, :all if user_groups.include? 'registered'
|
57
|
+
end
|
117
58
|
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
59
|
+
def edit_permissions
|
60
|
+
can [:edit, :update, :destroy], String do |pid|
|
61
|
+
test_edit(pid)
|
62
|
+
end
|
63
|
+
|
64
|
+
can [:edit, :update, :destroy], ActiveFedora::Base do |obj|
|
65
|
+
test_edit(obj.pid)
|
66
|
+
end
|
67
|
+
|
68
|
+
can :edit, SolrDocument do |obj|
|
69
|
+
PermissionsCache.put(obj.id, obj)
|
70
|
+
test_edit(obj.id)
|
71
|
+
end
|
72
|
+
end
|
126
73
|
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
74
|
+
def read_permissions
|
75
|
+
can :read, String do |pid|
|
76
|
+
test_read(pid)
|
77
|
+
end
|
78
|
+
|
79
|
+
can :read, ActiveFedora::Base do |obj|
|
80
|
+
test_read(obj.pid)
|
81
|
+
end
|
82
|
+
|
83
|
+
can :read, SolrDocument do |obj|
|
84
|
+
PermissionsCache.put(obj.id, obj)
|
85
|
+
test_read(obj.id)
|
86
|
+
end
|
87
|
+
end
|
134
88
|
|
135
|
-
# edit implies read, so read_persons is the union of edit and read persons
|
136
|
-
def read_persons(pid)
|
137
|
-
doc = permissions_doc(pid)
|
138
|
-
return [] if doc.nil?
|
139
|
-
rp = edit_persons(pid) | (doc[self.class.read_person_field] || [])
|
140
|
-
logger.debug("[CANCAN] read_persons: #{rp.inspect}")
|
141
|
-
return rp
|
142
|
-
end
|
143
89
|
|
144
|
-
|
145
|
-
def
|
146
|
-
|
90
|
+
## Override custom permissions in your own app to add more permissions beyond what is defined by default.
|
91
|
+
def custom_permissions
|
92
|
+
end
|
93
|
+
|
94
|
+
protected
|
95
|
+
|
96
|
+
def test_edit(pid)
|
97
|
+
logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
|
98
|
+
group_intersection = user_groups & edit_groups(pid)
|
99
|
+
result = !group_intersection.empty? || edit_persons(pid).include?(current_user.user_key)
|
100
|
+
logger.debug("[CANCAN] decision: #{result}")
|
101
|
+
result
|
102
|
+
end
|
103
|
+
|
104
|
+
def test_read(pid)
|
105
|
+
logger.debug("[CANCAN] Checking read permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
|
106
|
+
group_intersection = user_groups & read_groups(pid)
|
107
|
+
result = !group_intersection.empty? || read_persons(pid).include?(current_user.user_key)
|
108
|
+
result
|
109
|
+
end
|
110
|
+
|
111
|
+
def edit_groups(pid)
|
112
|
+
doc = permissions_doc(pid)
|
113
|
+
return [] if doc.nil?
|
114
|
+
eg = doc[self.class.edit_group_field] || []
|
115
|
+
logger.debug("[CANCAN] edit_groups: #{eg.inspect}")
|
116
|
+
return eg
|
117
|
+
end
|
118
|
+
|
119
|
+
# edit implies read, so read_groups is the union of edit and read groups
|
120
|
+
def read_groups(pid)
|
121
|
+
doc = permissions_doc(pid)
|
122
|
+
return [] if doc.nil?
|
123
|
+
rg = edit_groups(pid) | (doc[self.class.read_group_field] || [])
|
124
|
+
logger.debug("[CANCAN] read_groups: #{rg.inspect}")
|
125
|
+
return rg
|
147
126
|
end
|
148
127
|
|
149
|
-
def
|
150
|
-
|
128
|
+
def edit_persons(pid)
|
129
|
+
doc = permissions_doc(pid)
|
130
|
+
return [] if doc.nil?
|
131
|
+
ep = doc[self.class.edit_person_field] || []
|
132
|
+
logger.debug("[CANCAN] edit_persons: #{ep.inspect}")
|
133
|
+
return ep
|
151
134
|
end
|
152
135
|
|
153
|
-
|
154
|
-
|
136
|
+
# edit implies read, so read_persons is the union of edit and read persons
|
137
|
+
def read_persons(pid)
|
138
|
+
doc = permissions_doc(pid)
|
139
|
+
return [] if doc.nil?
|
140
|
+
rp = edit_persons(pid) | (doc[self.class.read_person_field] || [])
|
141
|
+
logger.debug("[CANCAN] read_persons: #{rp.inspect}")
|
142
|
+
return rp
|
155
143
|
end
|
156
144
|
|
157
|
-
|
158
|
-
|
145
|
+
module ClassMethods
|
146
|
+
def read_group_field
|
147
|
+
Hydra.config[:permissions][:read][:group]
|
148
|
+
end
|
149
|
+
|
150
|
+
def edit_person_field
|
151
|
+
Hydra.config[:permissions][:edit][:individual]
|
152
|
+
end
|
153
|
+
|
154
|
+
def read_person_field
|
155
|
+
Hydra.config[:permissions][:read][:individual]
|
156
|
+
end
|
157
|
+
|
158
|
+
def edit_group_field
|
159
|
+
Hydra.config[:permissions][:edit][:group]
|
160
|
+
end
|
159
161
|
end
|
160
162
|
end
|
161
|
-
|
162
163
|
end
|
@@ -2,7 +2,7 @@ require 'active_support/core_ext/string'
|
|
2
2
|
module Hydra
|
3
3
|
module Datastream
|
4
4
|
# Implements Hydra RightsMetadata XML terminology for asserting access permissions
|
5
|
-
class RightsMetadata < ActiveFedora::
|
5
|
+
class RightsMetadata < ActiveFedora::OmDatastream
|
6
6
|
|
7
7
|
set_terminology do |t|
|
8
8
|
t.root(:path=>"rightsMetadata", :xmlns=>"http://hydra-collab.stanford.edu/schemas/rightsMetadata/v1", :schema=>"http://github.com/projecthydra/schemas/tree/v1/rightsMetadata.xsd")
|
@@ -1,50 +1,55 @@
|
|
1
|
-
module Hydra
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
1
|
+
module Hydra
|
2
|
+
module PermissionsQuery
|
3
|
+
extend ActiveSupport::Concern
|
4
|
+
included do
|
5
|
+
include Blacklight::SolrHelper # for force_to_utf8
|
6
|
+
end
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
def permissions_doc(pid)
|
9
|
+
doc = Hydra::PermissionsCache.get(pid)
|
10
|
+
unless doc
|
11
|
+
doc = get_permissions_solr_response_for_doc_id(pid)
|
12
|
+
Hydra::PermissionsCache.put(pid, doc)
|
13
|
+
end
|
14
|
+
doc
|
15
|
+
end
|
11
16
|
|
12
17
|
|
13
|
-
|
18
|
+
protected
|
14
19
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
20
|
+
# a solr query method
|
21
|
+
# retrieve a solr document, given the doc id
|
22
|
+
# Modeled on Blacklight::SolrHelper.get_permissions_solr_response_for_doc_id
|
23
|
+
# @param [String] id of the documetn to retrieve
|
24
|
+
# @param [Hash] extra_controller_params (optional)
|
25
|
+
def get_permissions_solr_response_for_doc_id(id=nil, extra_controller_params={})
|
26
|
+
raise Blacklight::Exceptions::InvalidSolrID.new("The application is trying to retrieve permissions without specifying an asset id") if id.nil?
|
27
|
+
#solr_response = Blacklight.solr.get permissions_solr_doc_params(id).merge(extra_controller_params)
|
28
|
+
#path = blacklight_config.solr_path
|
29
|
+
solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
|
30
|
+
response = Blacklight.solr.get('select', :params=> solr_opts)
|
31
|
+
solr_response = Blacklight::SolrResponse.new(force_to_utf8(response), solr_opts)
|
27
32
|
|
28
|
-
|
29
|
-
|
30
|
-
|
33
|
+
raise Blacklight::Exceptions::InvalidSolrID.new("The solr permissions search handler didn't return anything for id \"#{id}\"") if solr_response.docs.empty?
|
34
|
+
Hydra::PermissionsSolrDocument.new(solr_response.docs.first, solr_response)
|
35
|
+
end
|
31
36
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
37
|
+
#
|
38
|
+
# Solr integration
|
39
|
+
#
|
40
|
+
|
41
|
+
# returns a params hash with the permissions info for a single solr document
|
42
|
+
# If the id arg is nil, then the value is fetched from params[:id]
|
43
|
+
# This method is primary called by the get_permissions_solr_response_for_doc_id method.
|
44
|
+
# Modeled on Blacklight::SolrHelper.solr_doc_params
|
45
|
+
# @param [String] id of the documetn to retrieve
|
46
|
+
def permissions_solr_doc_params(id=nil)
|
47
|
+
id ||= params[:id]
|
48
|
+
# just to be consistent with the other solr param methods:
|
49
|
+
{
|
50
|
+
:qt => :permissions,
|
51
|
+
:id => id # this assumes the document request handler will map the 'id' param to the unique key field
|
52
|
+
}
|
53
|
+
end
|
54
|
+
end
|
50
55
|
end
|
@@ -81,6 +81,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
81
81
|
lambda {subject.send(:enforce_show_permissions, {}) }.should_not raise_error Hydra::AccessDenied
|
82
82
|
end
|
83
83
|
it "should prevent a user w/o edit permissions from viewing an embargoed object" do
|
84
|
+
Hydra::PermissionsCache.clear()
|
84
85
|
user = User.new :uid=>'testuser@example.com'
|
85
86
|
RoleMapper.stub(:roles).with(user.user_key).and_return([])
|
86
87
|
subject.stub(:current_user).and_return(user)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hydra-access-controls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.0.0.
|
4
|
+
version: 6.0.0.rc1
|
5
5
|
prerelease: 6
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -11,14 +11,14 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2013-02-
|
14
|
+
date: 2013-02-15 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: activesupport
|
18
18
|
requirement: !ruby/object:Gem::Requirement
|
19
19
|
none: false
|
20
20
|
requirements:
|
21
|
-
- -
|
21
|
+
- - ! '>='
|
22
22
|
- !ruby/object:Gem::Version
|
23
23
|
version: '0'
|
24
24
|
type: :runtime
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
27
27
|
none: false
|
28
28
|
requirements:
|
29
|
-
- -
|
29
|
+
- - ! '>='
|
30
30
|
- !ruby/object:Gem::Version
|
31
31
|
version: '0'
|
32
32
|
- !ruby/object:Gem::Dependency
|
@@ -34,23 +34,23 @@ dependencies:
|
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
35
35
|
none: false
|
36
36
|
requirements:
|
37
|
-
- -
|
37
|
+
- - ! '>='
|
38
38
|
- !ruby/object:Gem::Version
|
39
|
-
version: 6.0.0.
|
39
|
+
version: 6.0.0.rc2
|
40
40
|
type: :runtime
|
41
41
|
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
none: false
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - ! '>='
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 6.0.0.
|
47
|
+
version: 6.0.0.rc2
|
48
48
|
- !ruby/object:Gem::Dependency
|
49
49
|
name: cancan
|
50
50
|
requirement: !ruby/object:Gem::Requirement
|
51
51
|
none: false
|
52
52
|
requirements:
|
53
|
-
- -
|
53
|
+
- - ! '>='
|
54
54
|
- !ruby/object:Gem::Version
|
55
55
|
version: '0'
|
56
56
|
type: :runtime
|
@@ -58,7 +58,7 @@ dependencies:
|
|
58
58
|
version_requirements: !ruby/object:Gem::Requirement
|
59
59
|
none: false
|
60
60
|
requirements:
|
61
|
-
- -
|
61
|
+
- - ! '>='
|
62
62
|
- !ruby/object:Gem::Version
|
63
63
|
version: '0'
|
64
64
|
- !ruby/object:Gem::Dependency
|
@@ -66,7 +66,7 @@ dependencies:
|
|
66
66
|
requirement: !ruby/object:Gem::Requirement
|
67
67
|
none: false
|
68
68
|
requirements:
|
69
|
-
- -
|
69
|
+
- - ! '>='
|
70
70
|
- !ruby/object:Gem::Version
|
71
71
|
version: '0'
|
72
72
|
type: :runtime
|
@@ -74,7 +74,7 @@ dependencies:
|
|
74
74
|
version_requirements: !ruby/object:Gem::Requirement
|
75
75
|
none: false
|
76
76
|
requirements:
|
77
|
-
- -
|
77
|
+
- - ! '>='
|
78
78
|
- !ruby/object:Gem::Version
|
79
79
|
version: '0'
|
80
80
|
- !ruby/object:Gem::Dependency
|
@@ -82,7 +82,7 @@ dependencies:
|
|
82
82
|
requirement: !ruby/object:Gem::Requirement
|
83
83
|
none: false
|
84
84
|
requirements:
|
85
|
-
- -
|
85
|
+
- - ! '>='
|
86
86
|
- !ruby/object:Gem::Version
|
87
87
|
version: '0'
|
88
88
|
type: :runtime
|
@@ -90,7 +90,7 @@ dependencies:
|
|
90
90
|
version_requirements: !ruby/object:Gem::Requirement
|
91
91
|
none: false
|
92
92
|
requirements:
|
93
|
-
- -
|
93
|
+
- - ! '>='
|
94
94
|
- !ruby/object:Gem::Version
|
95
95
|
version: '0'
|
96
96
|
- !ruby/object:Gem::Dependency
|
@@ -98,7 +98,7 @@ dependencies:
|
|
98
98
|
requirement: !ruby/object:Gem::Requirement
|
99
99
|
none: false
|
100
100
|
requirements:
|
101
|
-
- -
|
101
|
+
- - ! '>='
|
102
102
|
- !ruby/object:Gem::Version
|
103
103
|
version: '0'
|
104
104
|
type: :development
|
@@ -106,7 +106,7 @@ dependencies:
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
none: false
|
108
108
|
requirements:
|
109
|
-
- -
|
109
|
+
- - ! '>='
|
110
110
|
- !ruby/object:Gem::Version
|
111
111
|
version: '0'
|
112
112
|
- !ruby/object:Gem::Dependency
|
@@ -114,7 +114,7 @@ dependencies:
|
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
115
115
|
none: false
|
116
116
|
requirements:
|
117
|
-
- -
|
117
|
+
- - ! '>='
|
118
118
|
- !ruby/object:Gem::Version
|
119
119
|
version: '0'
|
120
120
|
type: :development
|
@@ -122,7 +122,7 @@ dependencies:
|
|
122
122
|
version_requirements: !ruby/object:Gem::Requirement
|
123
123
|
none: false
|
124
124
|
requirements:
|
125
|
-
- -
|
125
|
+
- - ! '>='
|
126
126
|
- !ruby/object:Gem::Version
|
127
127
|
version: '0'
|
128
128
|
description: Access controls for project hydra
|
@@ -148,6 +148,7 @@ files:
|
|
148
148
|
- lib/hydra/datastream/inheritable_rights_metadata.rb
|
149
149
|
- lib/hydra/datastream/rights_metadata.rb
|
150
150
|
- lib/hydra/model_mixins/rights_metadata.rb
|
151
|
+
- lib/hydra/permissions_cache.rb
|
151
152
|
- lib/hydra/permissions_query.rb
|
152
153
|
- lib/hydra/permissions_solr_document.rb
|
153
154
|
- lib/hydra/policy_aware_ability.rb
|
@@ -182,13 +183,13 @@ require_paths:
|
|
182
183
|
required_ruby_version: !ruby/object:Gem::Requirement
|
183
184
|
none: false
|
184
185
|
requirements:
|
185
|
-
- -
|
186
|
+
- - ! '>='
|
186
187
|
- !ruby/object:Gem::Version
|
187
188
|
version: 1.9.3
|
188
189
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
189
190
|
none: false
|
190
191
|
requirements:
|
191
|
-
- -
|
192
|
+
- - ! '>'
|
192
193
|
- !ruby/object:Gem::Version
|
193
194
|
version: 1.3.1
|
194
195
|
requirements: []
|