hydra-access-controls 6.4.0.pre1 → 6.4.0.pre2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d58a98abb5fa51ab9dcc8d38a80475d6bc9310cb
4
- data.tar.gz: 23bc49074fa0715dc9515c1e9c7638484ba8040e
3
+ metadata.gz: 35f2c828c01a662e99c864d3a3188f83ffa0a2d3
4
+ data.tar.gz: 5b305407bd3d90d231c7c5098de035608dabb6d1
5
5
  SHA512:
6
- metadata.gz: 4b7e22c6d6e32dbdd5b39032af3d3caad5b3f6a885fbcf40b7852cc714ec1109aca94906b88f9044652375ca3ca81cb247fce852e58960ca728ab0678c06343c
7
- data.tar.gz: dd23a59d0a72cd311011244ccba077cd8964cf0a295f5dace58e6487081411b35bfac55e767767ee3c5380b3be0fdf8b8bff0721f32e59af36ccce98e2266f56
6
+ metadata.gz: 80c97916451cd6546514a2b18d36c8c6025696d5b09dfa0644eae31fb3c39770ccd1938423ebf9174daae3430e012386e9feec511a566d886541df56efd13d57
7
+ data.tar.gz: 11ae4e897b165e0c21bc29491179ef23907de5c6c5dc1da6639811c85dfb488cb0b41200dfa85b4510d51fbf11d6a67a13668778ba6110f036dd94c659aa1f8e
@@ -4,6 +4,7 @@ module Hydra
4
4
  autoload :AccessRight
5
5
  autoload :WithAccessRight
6
6
  autoload :Visibility
7
+ autoload :Permission
7
8
  autoload :Permissions
8
9
  end
9
10
  end
@@ -2,12 +2,276 @@ module Hydra
2
2
  module AccessControls
3
3
  module Permissions
4
4
  extend ActiveSupport::Concern
5
- include Hydra::ModelMixins::RightsMetadata
6
5
  include Hydra::AccessControls::Visibility
7
6
 
8
7
  included do
9
8
  has_metadata "rightsMetadata", type: Hydra::Datastream::RightsMetadata
10
9
  end
10
+
11
+
12
+ ## Updates those permissions that are provided to it. Does not replace any permissions unless they are provided
13
+ # @example
14
+ # obj.permissions_attributes= [{:name=>"group1", :access=>"discover", :type=>'group'},
15
+ # {:name=>"group2", :access=>"discover", :type=>'group'}]
16
+ def permissions_attributes= attributes_collection
17
+ perm_hash = {'person' => rightsMetadata.individuals, 'group'=> rightsMetadata.groups}
18
+
19
+ if attributes_collection.is_a? Hash
20
+ attributes_collection = attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
21
+ end
22
+
23
+ attributes_collection.each do |row|
24
+ row = row.with_indifferent_access
25
+ if row[:type] == 'user' || row[:type] == 'person'
26
+ if has_destroy_flag? row
27
+ perm_hash['person'].delete(row[:name])
28
+ else
29
+ perm_hash['person'][row[:name]] = row[:access]
30
+ end
31
+ elsif row[:type] == 'group'
32
+ perm_hash['group'][row[:name]] = row[:access]
33
+ if has_destroy_flag? row
34
+ perm_hash['group'].delete(row[:name])
35
+ else
36
+ perm_hash['group'][row[:name]] = row[:access]
37
+ end
38
+ else
39
+ raise ArgumentError, "Permission type must be 'user', 'person' (alias for 'user'), or 'group'"
40
+ end
41
+ end
42
+
43
+ rightsMetadata.permissions = perm_hash
44
+ end
45
+
46
+ ## Returns a list with all the permissions on the object.
47
+ def permissions
48
+ (rightsMetadata.groups.map {|x| Permission.new(type: 'group', access: x[1], name: x[0] )} +
49
+ rightsMetadata.individuals.map {|x| Permission.new(type: 'user', access: x[1], name: x[0] )})
50
+ end
51
+
52
+ # Return a list of groups that have discover permission
53
+ def read_groups
54
+ rightsMetadata.groups.map {|k, v| k if v == 'read'}.compact
55
+ end
56
+
57
+ # Grant read permissions to the groups specified. Revokes read permission for all other groups.
58
+ # @param[Array] groups a list of group names
59
+ # @example
60
+ # r.read_groups= ['one', 'two', 'three']
61
+ # r.read_groups
62
+ # => ['one', 'two', 'three']
63
+ #
64
+ def read_groups=(groups)
65
+ set_read_groups(groups, read_groups)
66
+ end
67
+
68
+ # Grant read permissions to the groups specified. Revokes read permission for all other groups.
69
+ # @param[String] groups a list of group names
70
+ # @example
71
+ # r.read_groups_string= 'one, two, three'
72
+ # r.read_groups
73
+ # => ['one', 'two', 'three']
74
+ #
75
+ def read_groups_string=(groups)
76
+ self.read_groups=groups.split(/[\s,]+/)
77
+ end
78
+
79
+ # Display the groups a comma delimeted string
80
+ def read_groups_string
81
+ self.read_groups.join(', ')
82
+ end
83
+
84
+ # Grant read permissions to the groups specified. Revokes read permission for
85
+ # any of the eligible_groups that are not in groups.
86
+ # This may be used when different users are responsible for setting different
87
+ # groups. Supply the groups the current user is responsible for as the
88
+ # 'eligible_groups'
89
+ # @param[Array] groups a list of groups
90
+ # @param[Array] eligible_groups the groups that are eligible to have their read permssion revoked.
91
+ # @example
92
+ # r.read_groups = ['one', 'two', 'three']
93
+ # r.read_groups
94
+ # => ['one', 'two', 'three']
95
+ # r.set_read_groups(['one'], ['three'])
96
+ # r.read_groups
97
+ # => ['one', 'two'] ## 'two' was not eligible to be removed
98
+ #
99
+ def set_read_groups(groups, eligible_groups)
100
+ set_entities(:read, :group, groups, eligible_groups)
101
+ end
102
+
103
+ def read_users
104
+ rightsMetadata.individuals.map {|k, v| k if v == 'read'}.compact
105
+ end
106
+
107
+ # Grant read permissions to the users specified. Revokes read permission for all other users.
108
+ # @param[Array] users a list of usernames
109
+ # @example
110
+ # r.read_users= ['one', 'two', 'three']
111
+ # r.read_users
112
+ # => ['one', 'two', 'three']
113
+ #
114
+ def read_users=(users)
115
+ set_read_users(users, read_users)
116
+ end
117
+
118
+ # Grant read permissions to the groups specified. Revokes read permission for all other users.
119
+ # @param[String] users a list of usernames
120
+ # @example
121
+ # r.read_users_string= 'one, two, three'
122
+ # r.read_users
123
+ # => ['one', 'two', 'three']
124
+ #
125
+ def read_users_string=(users)
126
+ self.read_users=users.split(/[\s,]+/)
127
+ end
128
+
129
+ # Display the users as a comma delimeted string
130
+ def read_users_string
131
+ self.read_users.join(', ')
132
+ end
133
+
134
+ # Grant read permissions to the users specified. Revokes read permission for
135
+ # any of the eligible_users that are not in users.
136
+ # This may be used when different users are responsible for setting different
137
+ # users. Supply the users the current user is responsible for as the
138
+ # 'eligible_users'
139
+ # @param[Array] users a list of users
140
+ # @param[Array] eligible_users the users that are eligible to have their read permssion revoked.
141
+ # @example
142
+ # r.read_users = ['one', 'two', 'three']
143
+ # r.read_users
144
+ # => ['one', 'two', 'three']
145
+ # r.set_read_users(['one'], ['three'])
146
+ # r.read_users
147
+ # => ['one', 'two'] ## 'two' was not eligible to be removed
148
+ #
149
+ def set_read_users(users, eligible_users)
150
+ set_entities(:read, :person, users, eligible_users)
151
+ end
152
+
153
+
154
+ # Return a list of groups that have edit permission
155
+ def edit_groups
156
+ rightsMetadata.groups.map {|k, v| k if v == 'edit'}.compact
157
+ end
158
+
159
+ # Grant edit permissions to the groups specified. Revokes edit permission for all other groups.
160
+ # @param[Array] groups a list of group names
161
+ # @example
162
+ # r.edit_groups= ['one', 'two', 'three']
163
+ # r.edit_groups
164
+ # => ['one', 'two', 'three']
165
+ #
166
+ def edit_groups=(groups)
167
+ set_edit_groups(groups, edit_groups)
168
+ end
169
+
170
+ # Grant edit permissions to the groups specified. Revokes edit permission for all other groups.
171
+ # @param[String] groups a list of group names
172
+ # @example
173
+ # r.edit_groups_string= 'one, two, three'
174
+ # r.edit_groups
175
+ # => ['one', 'two', 'three']
176
+ #
177
+ def edit_groups_string=(groups)
178
+ self.edit_groups=groups.split(/[\s,]+/)
179
+ end
180
+
181
+ # Display the groups a comma delimeted string
182
+ def edit_groups_string
183
+ self.edit_groups.join(', ')
184
+ end
185
+
186
+ # Grant edit permissions to the groups specified. Revokes edit permission for
187
+ # any of the eligible_groups that are not in groups.
188
+ # This may be used when different users are responsible for setting different
189
+ # groups. Supply the groups the current user is responsible for as the
190
+ # 'eligible_groups'
191
+ # @param[Array] groups a list of groups
192
+ # @param[Array] eligible_groups the groups that are eligible to have their edit permssion revoked.
193
+ # @example
194
+ # r.edit_groups = ['one', 'two', 'three']
195
+ # r.edit_groups
196
+ # => ['one', 'two', 'three']
197
+ # r.set_edit_groups(['one'], ['three'])
198
+ # r.edit_groups
199
+ # => ['one', 'two'] ## 'two' was not eligible to be removed
200
+ #
201
+ def set_edit_groups(groups, eligible_groups)
202
+ set_entities(:edit, :group, groups, eligible_groups)
203
+ end
204
+
205
+ def edit_users
206
+ rightsMetadata.individuals.map {|k, v| k if v == 'edit'}.compact
207
+ end
208
+
209
+ # Grant edit permissions to the groups specified. Revokes edit permission for all other groups.
210
+ # @param[Array] users a list of usernames
211
+ # @example
212
+ # r.edit_users= ['one', 'two', 'three']
213
+ # r.edit_users
214
+ # => ['one', 'two', 'three']
215
+ #
216
+ def edit_users=(users)
217
+ set_edit_users(users, edit_users)
218
+ end
219
+
220
+ # Grant edit permissions to the users specified. Revokes edit permission for
221
+ # any of the eligible_users that are not in users.
222
+ # This may be used when different users are responsible for setting different
223
+ # users. Supply the users the current user is responsible for as the
224
+ # 'eligible_users'
225
+ # @param[Array] users a list of users
226
+ # @param[Array] eligible_users the users that are eligible to have their edit permssion revoked.
227
+ # @example
228
+ # r.edit_users = ['one', 'two', 'three']
229
+ # r.edit_users
230
+ # => ['one', 'two', 'three']
231
+ # r.set_edit_users(['one'], ['three'])
232
+ # r.edit_users
233
+ # => ['one', 'two'] ## 'two' was not eligible to be removed
234
+ #
235
+ def set_edit_users(users, eligible_users)
236
+ set_entities(:edit, :person, users, eligible_users)
237
+ end
238
+
239
+ protected
240
+
241
+ def has_destroy_flag?(hash)
242
+ ["1", "true"].include?(hash['_destroy'].to_s)
243
+ end
244
+
245
+ private
246
+
247
+
248
+
249
+ # @param permission either :discover, :read or :edit
250
+ # @param type either :person or :group
251
+ # @param values Values to set
252
+ # @param changeable Values we are allowed to change
253
+ def set_entities(permission, type, values, changeable)
254
+ g = preserved(type, permission)
255
+ (changeable - values).each do |entity|
256
+ #Strip permissions from users not provided
257
+ g[entity] = 'none'
258
+ end
259
+ values.each { |name| g[name] = permission.to_s}
260
+ rightsMetadata.update_permissions(type.to_s=>g)
261
+ end
262
+
263
+ ## Get those permissions we don't want to change
264
+ def preserved(type, permission)
265
+ case permission
266
+ when :edit
267
+ g = {}
268
+ when :read
269
+ Hash[rightsMetadata.quick_search_by_type(type).select {|k, v| v == 'edit'}]
270
+ when :discover
271
+ Hash[rightsMetadata.quick_search_by_type(type).select {|k, v| v == 'discover'}]
272
+ end
273
+ end
274
+
11
275
  end
12
276
  end
13
277
  end
@@ -0,0 +1,36 @@
1
+ module Hydra::AccessControls
2
+ class Permission
3
+ def initialize(args)
4
+ @vals = {name: args[:name], access: args[:access], type: args[:type]}
5
+ end
6
+
7
+ def persisted?
8
+ false
9
+ end
10
+
11
+ def [] var
12
+ @vals[var]
13
+ end
14
+
15
+ def name
16
+ self[:name]
17
+ end
18
+
19
+ def access
20
+ self[:access]
21
+ end
22
+
23
+ def type
24
+ self[:type]
25
+ end
26
+
27
+ def _destroy
28
+ false
29
+ end
30
+
31
+ def == other
32
+ other.is_a?(Permission) && self.name == other.name && self.type == other.type && self.access == other.access
33
+ end
34
+
35
+ end
36
+ end
@@ -20,7 +20,7 @@ class Hydra::AdminPolicy < ActiveFedora::Base
20
20
  delegate :license_url, :to=>'rightsMetadata', :at=>[:license, :url], :unique=>true
21
21
 
22
22
  # easy access to edit_groups, etc
23
- include Hydra::ModelMixins::RightsMetadata
23
+ include Hydra::AccessControls::Permissions
24
24
 
25
25
  def self.readable_by_user(user)
26
26
  where_user_has_permissions(user, [:read, :edit])
@@ -136,7 +136,17 @@ module Hydra
136
136
  # Currently restricts actor type to group or person. Any others will be ignored
137
137
  def update_permissions(params)
138
138
  params.fetch("group", {}).each_pair {|group_id, access_level| self.permissions({"group"=>group_id}, access_level)}
139
- params.fetch("person", {}).each_pair {|group_id, access_level| self.permissions({"person"=>group_id}, access_level)}
139
+ params.fetch("person", {}).each_pair {|person_id, access_level| self.permissions({"person"=>person_id}, access_level)}
140
+ end
141
+
142
+ # Updates all permissions
143
+ # @param params ex. {"group"=>{"group1"=>"discover","group2"=>"edit"}, "person"=>{"person1"=>"read","person2"=>"discover"}}
144
+ # Restricts actor type to group or person. Any others will be ignored
145
+ def permissions= (params)
146
+ group_ids = groups.keys | params['group'].keys
147
+ group_ids.each {|group_id| self.permissions({"group"=>group_id}, params['group'].fetch(group_id, 'none'))}
148
+ user_ids = individuals.keys | params['person'].keys
149
+ user_ids.each {|person_id| self.permissions({"person"=>person_id}, params['person'].fetch(person_id, 'none'))}
140
150
  end
141
151
 
142
152
  # @param [Symbol] type (either :group or :person)
@@ -1,6 +1,13 @@
1
1
  module Hydra
2
2
  module ModelMixins
3
3
  module RightsMetadata
4
+ extend ActiveSupport::Concern
5
+ extend Deprecation
6
+
7
+ included do
8
+ Deprecation.warn(RightsMetadata, "Hydra::ModelMixins::RightsMetadata has been deprecated and will be removed in hydra-head 7.0. Use Hydra::AccessControls::Permissions instead", caller(3));
9
+ end
10
+
4
11
 
5
12
 
6
13
  ## Updates those permissions that are provided to it. Does not replace any permissions unless they are provided
@@ -0,0 +1,114 @@
1
+ require 'spec_helper'
2
+
3
+ describe Hydra::AccessControls::Permissions do
4
+ before do
5
+ class Foo < ActiveFedora::Base
6
+ include Hydra::AccessControls::Permissions
7
+ end
8
+ end
9
+
10
+ subject { Foo.new }
11
+
12
+
13
+ it "should have a set of permissions" do
14
+ subject.read_groups=['group1', 'group2']
15
+ subject.edit_users=['user1']
16
+ subject.read_users=['user2', 'user3']
17
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
18
+ Hydra::AccessControls::Permission.new({:type=>"group", :access=>"read", :name=>"group2"}),
19
+ Hydra::AccessControls::Permission.new({:type=>"user", :access=>"read", :name=>"user2"}),
20
+ Hydra::AccessControls::Permission.new({:type=>"user", :access=>"read", :name=>"user3"}),
21
+ Hydra::AccessControls::Permission.new({:type=>"user", :access=>"edit", :name=>"user1"})]
22
+ end
23
+ describe "updating permissions" do
24
+ before do
25
+ subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"jcoyne"}]
26
+ end
27
+ it "should handle a hash" do
28
+ subject.permissions_attributes = {'0' => {type: "group", access:"read", name:"group1"}, '1'=> {type: 'user', access: 'edit', name: 'user2'}}
29
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
30
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne"),
31
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"user2")]
32
+ end
33
+ it "should create new group permissions" do
34
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
35
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
36
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
37
+ end
38
+ it "should create new user permissions" do
39
+ subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
40
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user1"),
41
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
42
+ end
43
+ it "should not replace existing groups" do
44
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
45
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group2"}]
46
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
47
+ Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group2"),
48
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
49
+ end
50
+ it "should not replace existing users" do
51
+ subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
52
+ subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user2"}]
53
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user1"),
54
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user2"),
55
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
56
+ end
57
+ it "should update permissions on existing users" do
58
+ subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
59
+ subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"user1"}]
60
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"user1"),
61
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
62
+ end
63
+ it "should update permissions on existing groups" do
64
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
65
+ subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1"}]
66
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
67
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
68
+ end
69
+ it "should remove permissions on existing users" do
70
+ subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
71
+ subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"user1", _destroy: true}]
72
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
73
+ end
74
+ it "should remove permissions on existing groups" do
75
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
76
+ subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1", _destroy: '1'}]
77
+ subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
78
+ end
79
+ it "should not remove when destroy flag is falsy" do
80
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
81
+ subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1", _destroy: '0'}]
82
+ subject.permissions.should == [ Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
83
+ Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
84
+ end
85
+ end
86
+ context "with rightsMetadata" do
87
+ before do
88
+ subject.rightsMetadata.update_permissions("person"=>{"person1"=>"read","person2"=>"discover"}, "group"=>{'group-6' => 'read', "group-7"=>'read', 'group-8'=>'edit'})
89
+ end
90
+ it "should have read groups accessor" do
91
+ subject.read_groups.should == ['group-6', 'group-7']
92
+ end
93
+ it "should have read groups string accessor" do
94
+ subject.read_groups_string.should == 'group-6, group-7'
95
+ end
96
+ it "should have read groups writer" do
97
+ subject.read_groups = ['group-2', 'group-3']
98
+ subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
99
+ subject.rightsMetadata.individuals.should == {"person1"=>"read","person2"=>"discover"}
100
+ end
101
+
102
+ it "should have read groups string writer" do
103
+ subject.read_groups_string = 'umg/up.dlt.staff, group-3'
104
+ subject.rightsMetadata.groups.should == {'umg/up.dlt.staff' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
105
+ subject.rightsMetadata.individuals.should == {"person1"=>"read","person2"=>"discover"}
106
+ end
107
+ it "should only revoke eligible groups" do
108
+ subject.set_read_groups(['group-2', 'group-3'], ['group-6'])
109
+ # 'group-7' is not eligible to be revoked
110
+ subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-7' => 'read', 'group-8' => 'edit'}
111
+ subject.rightsMetadata.individuals.should == {"person1"=>"read","person2"=>"discover"}
112
+ end
113
+ end
114
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.4.0.pre1
4
+ version: 6.4.0.pre2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2013-09-27 00:00:00.000000000 Z
13
+ date: 2013-09-28 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -132,6 +132,7 @@ files:
132
132
  - hydra-access-controls.gemspec
133
133
  - lib/hydra-access-controls.rb
134
134
  - lib/hydra/ability.rb
135
+ - lib/hydra/access_controls/permission.rb
135
136
  - lib/hydra/access_controls_enforcement.rb
136
137
  - lib/hydra/access_controls_evaluation.rb
137
138
  - lib/hydra/admin_policy.rb
@@ -162,6 +163,7 @@ files:
162
163
  - spec/unit/hydra_rights_metadata_persistence_spec.rb
163
164
  - spec/unit/hydra_rights_metadata_spec.rb
164
165
  - spec/unit/inheritable_rights_metadata_spec.rb
166
+ - spec/unit/permissions_spec.rb
165
167
  - spec/unit/policy_aware_ability_spec.rb
166
168
  - spec/unit/policy_aware_access_controls_enforcement_spec.rb
167
169
  - spec/unit/rights_metadata_spec.rb
@@ -209,6 +211,7 @@ test_files:
209
211
  - spec/unit/hydra_rights_metadata_persistence_spec.rb
210
212
  - spec/unit/hydra_rights_metadata_spec.rb
211
213
  - spec/unit/inheritable_rights_metadata_spec.rb
214
+ - spec/unit/permissions_spec.rb
212
215
  - spec/unit/policy_aware_ability_spec.rb
213
216
  - spec/unit/policy_aware_access_controls_enforcement_spec.rb
214
217
  - spec/unit/rights_metadata_spec.rb