hydra-access-controls 6.5.2 → 7.0.0.pre1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/models/concerns/hydra/access_controls/permissions.rb +18 -13
- data/hydra-access-controls.gemspec +2 -2
- data/lib/hydra-access-controls.rb +13 -7
- data/lib/hydra/ability.rb +35 -18
- data/lib/hydra/access_controls/permission.rb +1 -6
- data/lib/hydra/access_controls_enforcement.rb +8 -9
- data/lib/hydra/admin_policy.rb +3 -3
- data/lib/hydra/config.rb +152 -0
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +5 -7
- data/lib/hydra/datastream/rights_metadata.rb +17 -19
- data/lib/hydra/permissions_query.rb +3 -1
- data/lib/hydra/policy_aware_ability.rb +24 -13
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +19 -11
- data/spec/spec_helper.rb +0 -8
- data/spec/support/mods_asset.rb +1 -2
- data/spec/support/solr_document.rb +6 -1
- data/spec/unit/ability_spec.rb +67 -85
- data/spec/unit/access_controls_enforcement_spec.rb +3 -3
- data/spec/unit/admin_policy_spec.rb +0 -17
- data/spec/unit/config_spec.rb +48 -0
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +1 -1
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -5
- data/spec/unit/permissions_spec.rb +80 -72
- metadata +12 -14
- data/lib/hydra/model_mixins/rights_metadata.rb +0 -27
- data/spec/unit/permission_spec.rb +0 -28
- data/spec/unit/rights_metadata_spec.rb +0 -104
@@ -169,14 +169,14 @@ describe Hydra::AccessControlsEnforcement do
|
|
169
169
|
end
|
170
170
|
end
|
171
171
|
|
172
|
-
describe "
|
172
|
+
describe "apply_user_permissions" do
|
173
173
|
describe "when the user is a guest user (user key nil)" do
|
174
174
|
before do
|
175
175
|
stub_user = User.new
|
176
176
|
subject.stub(:current_user).and_return(stub_user)
|
177
177
|
end
|
178
178
|
it "should not create filters" do
|
179
|
-
subject.send(:
|
179
|
+
subject.send(:apply_user_permissions, ["edit","discover","read"]).should == []
|
180
180
|
end
|
181
181
|
end
|
182
182
|
describe "when the user is a guest user (user key empty string)" do
|
@@ -185,7 +185,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
185
185
|
subject.stub(:current_user).and_return(stub_user)
|
186
186
|
end
|
187
187
|
it "should not create filters" do
|
188
|
-
subject.send(:
|
188
|
+
subject.send(:apply_user_permissions, ["edit","discover","read"]).should == []
|
189
189
|
end
|
190
190
|
end
|
191
191
|
end
|
@@ -1,23 +1,6 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Hydra::AdminPolicy do
|
4
|
-
before do
|
5
|
-
Hydra.stub(:config).and_return({:permissions=>{
|
6
|
-
:discover => {:group =>"discover_access_group_ssim", :individual=>"discover_access_person_ssim"},
|
7
|
-
:read => {:group =>"read_access_group_ssim", :individual=>"read_access_person_ssim"},
|
8
|
-
:edit => {:group =>"edit_access_group_ssim", :individual=>"edit_access_person_ssim"},
|
9
|
-
:owner => "depositor_ssim",
|
10
|
-
:embargo_release_date => "embargo_release_date_dtsi",
|
11
|
-
|
12
|
-
:inheritable => {
|
13
|
-
:discover => {:group =>"inheritable_discover_access_group_ssim", :individual=>"inheritable_discover_access_person_ssim"},
|
14
|
-
:read => {:group =>"inheritable_read_access_group_ssim", :individual=>"inheritable_read_access_person_ssim"},
|
15
|
-
:edit => {:group =>"inheritable_edit_access_group_ssim", :individual=>"inheritable_edit_access_person_ssim"},
|
16
|
-
:owner => "inheritable_depositor_ssim",
|
17
|
-
:embargo_release_date => "inheritable_embargo_release_date_dtsi"
|
18
|
-
}
|
19
|
-
}})
|
20
|
-
end
|
21
4
|
its(:defaultRights) { should be_kind_of Hydra::Datastream::InheritableRightsMetadata}
|
22
5
|
its(:rightsMetadata) { should be_kind_of Hydra::Datastream::RightsMetadata}
|
23
6
|
its(:descMetadata) { should be_kind_of ActiveFedora::QualifiedDublinCoreDatastream}
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
describe Hydra::Config do
|
3
|
+
let (:config) { subject }
|
4
|
+
it "Should accept a hash based config" do
|
5
|
+
# This specifies the solr field names of permissions-related fields.
|
6
|
+
# You only need to change these values if you've indexed permissions by some means other than the Hydra's built-in tooling.
|
7
|
+
# If you change these, you must also update the permissions request handler in your solrconfig.xml to return those values
|
8
|
+
config[:permissions] = {
|
9
|
+
:discover => {:group =>ActiveFedora::SolrService.solr_name("discover_access_group", :symbol), :individual=>ActiveFedora::SolrService.solr_name("discover_access_person", :symbol)},
|
10
|
+
:read => {:group =>ActiveFedora::SolrService.solr_name("read_access_group", :symbol), :individual=>ActiveFedora::SolrService.solr_name("read_access_person", :symbol)},
|
11
|
+
:edit => {:group =>ActiveFedora::SolrService.solr_name("edit_access_group", :symbol), :individual=>ActiveFedora::SolrService.solr_name("edit_access_person", :symbol)},
|
12
|
+
:owner => ActiveFedora::SolrService.solr_name("depositor", :symbol),
|
13
|
+
:embargo_release_date => ActiveFedora::SolrService.solr_name("embargo_release_date", Solrizer::Descriptor.new(:date, :stored, :indexed))
|
14
|
+
}
|
15
|
+
|
16
|
+
# specify the user model
|
17
|
+
config[:user_model] = 'User'
|
18
|
+
|
19
|
+
config[:permissions][:edit][:individual].should == 'edit_access_person_ssim'
|
20
|
+
end
|
21
|
+
|
22
|
+
it "should accept a struct based config" do
|
23
|
+
# This specifies the solr field names of permissions-related fields.
|
24
|
+
# You only need to change these values if you've indexed permissions by some means other than the Hydra's built-in tooling.
|
25
|
+
# If you change these, you must also update the permissions request handler in your solrconfig.xml to return those values
|
26
|
+
config.permissions.discover.group = ActiveFedora::SolrService.solr_name("discover_access_group", :symbol)
|
27
|
+
|
28
|
+
# specify the user model
|
29
|
+
config.user_model = 'User'
|
30
|
+
|
31
|
+
config.permissions.discover.group.should == 'discover_access_group_ssim'
|
32
|
+
config.user_model.should == 'User'
|
33
|
+
end
|
34
|
+
|
35
|
+
it "should have inheritable attributes" do
|
36
|
+
config[:permissions][:inheritable][:edit][:individual].should == 'inheritable_edit_access_person_ssim'
|
37
|
+
end
|
38
|
+
it "should have a nil policy_class" do
|
39
|
+
config[:permissions][:policy_class].should be_nil
|
40
|
+
end
|
41
|
+
|
42
|
+
it "should have defaults" do
|
43
|
+
config.permissions.read.individual.should == 'read_access_person_ssim'
|
44
|
+
config.permissions.embargo_release_date.should == 'embargo_release_date_dtsi'
|
45
|
+
config.user_model.should == 'User'
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
@@ -14,7 +14,7 @@ describe Hydra::Datastream::RightsMetadata do
|
|
14
14
|
describe "rightsMetadata" do
|
15
15
|
let!(:thing) {RightsTest.new}
|
16
16
|
|
17
|
-
[:discover,:read
|
17
|
+
[:discover,:read, :edit].each do |mode|
|
18
18
|
describe "##{mode}_users" do
|
19
19
|
let(:get_method) {"#{mode}_users".to_sym}
|
20
20
|
let(:set_method) {"#{mode}_users=".to_sym}
|
@@ -176,11 +176,6 @@ describe Hydra::Datastream::RightsMetadata do
|
|
176
176
|
it "should only accept valid date values" do
|
177
177
|
|
178
178
|
end
|
179
|
-
it "should accept a nil value after having a date value" do
|
180
|
-
@sample.embargo_release_date=("2010-12-01")
|
181
|
-
@sample.embargo_release_date=(nil)
|
182
|
-
@sample.embargo_release_date.should == nil
|
183
|
-
end
|
184
179
|
end
|
185
180
|
describe "embargo_release_date" do
|
186
181
|
it "should return solr formatted date" do
|
@@ -21,66 +21,84 @@ describe Hydra::AccessControls::Permissions do
|
|
21
21
|
Hydra::AccessControls::Permission.new({:type=>"user", :access=>"edit", :name=>"user1"})]
|
22
22
|
end
|
23
23
|
describe "updating permissions" do
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
24
|
+
describe "with nested attributes" do
|
25
|
+
before do
|
26
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"jcoyne"}]
|
27
|
+
end
|
28
|
+
it "should handle a hash" do
|
29
|
+
subject.permissions_attributes = {'0' => {type: "group", access:"read", name:"group1"}, '1'=> {type: 'user', access: 'edit', name: 'user2'}}
|
30
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
|
31
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne"),
|
32
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"user2")]
|
33
|
+
end
|
34
|
+
it "should create new group permissions" do
|
35
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
36
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
|
37
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
38
|
+
end
|
39
|
+
it "should create new user permissions" do
|
40
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
|
41
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user1"),
|
42
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
43
|
+
end
|
44
|
+
it "should not replace existing groups" do
|
45
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
46
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group2"}]
|
47
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
|
48
|
+
Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group2"),
|
49
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
50
|
+
end
|
51
|
+
it "should not replace existing users" do
|
52
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
|
53
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user2"}]
|
54
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user1"),
|
55
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user2"),
|
56
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
57
|
+
end
|
58
|
+
it "should update permissions on existing users" do
|
59
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
|
60
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"user1"}]
|
61
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"user1"),
|
62
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
63
|
+
end
|
64
|
+
it "should update permissions on existing groups" do
|
65
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
66
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1"}]
|
67
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
|
68
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
69
|
+
end
|
70
|
+
it "should remove permissions on existing users" do
|
71
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
|
72
|
+
subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"user1", _destroy: true}]
|
73
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
74
|
+
end
|
75
|
+
it "should remove permissions on existing groups" do
|
76
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
77
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1", _destroy: '1'}]
|
78
|
+
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
79
|
+
end
|
80
|
+
it "should not remove when destroy flag is falsy" do
|
81
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
82
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1", _destroy: '0'}]
|
83
|
+
subject.permissions.should == [ Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
|
84
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
85
|
+
end
|
62
86
|
end
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
end
|
79
|
-
it "should not remove when destroy flag is falsy" do
|
80
|
-
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
81
|
-
subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1", _destroy: '0'}]
|
82
|
-
subject.permissions.should == [ Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
|
83
|
-
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
87
|
+
|
88
|
+
describe "with the setter" do
|
89
|
+
before do
|
90
|
+
subject.permissions = [
|
91
|
+
Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
|
92
|
+
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
93
|
+
end
|
94
|
+
it "should set the permissions" do
|
95
|
+
expect(subject.edit_users).to eq ['jcoyne']
|
96
|
+
expect(subject.edit_groups).to eq ['group1']
|
97
|
+
subject.permissions = []
|
98
|
+
expect(subject.edit_users).to be_empty
|
99
|
+
expect(subject.edit_groups).to be_empty
|
100
|
+
end
|
101
|
+
|
84
102
|
end
|
85
103
|
end
|
86
104
|
context "with rightsMetadata" do
|
@@ -96,29 +114,19 @@ describe Hydra::AccessControls::Permissions do
|
|
96
114
|
it "should have read groups writer" do
|
97
115
|
subject.read_groups = ['group-2', 'group-3']
|
98
116
|
subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
|
99
|
-
subject.rightsMetadata.
|
117
|
+
subject.rightsMetadata.users.should == {"person1"=>"read","person2"=>"discover"}
|
100
118
|
end
|
101
119
|
|
102
120
|
it "should have read groups string writer" do
|
103
121
|
subject.read_groups_string = 'umg/up.dlt.staff, group-3'
|
104
122
|
subject.rightsMetadata.groups.should == {'umg/up.dlt.staff' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
|
105
|
-
subject.rightsMetadata.
|
123
|
+
subject.rightsMetadata.users.should == {"person1"=>"read","person2"=>"discover"}
|
106
124
|
end
|
107
125
|
it "should only revoke eligible groups" do
|
108
126
|
subject.set_read_groups(['group-2', 'group-3'], ['group-6'])
|
109
127
|
# 'group-7' is not eligible to be revoked
|
110
128
|
subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-7' => 'read', 'group-8' => 'edit'}
|
111
|
-
subject.rightsMetadata.
|
112
|
-
end
|
113
|
-
end
|
114
|
-
describe "#permissions=" do
|
115
|
-
it "should behave like #permissions_attributes=" do
|
116
|
-
foo1 = Foo.new
|
117
|
-
foo2 = Foo.new
|
118
|
-
Deprecation.stub(:warn).and_return(nil)
|
119
|
-
foo1.permissions = [{type: "user", access: "edit", name: "editor"}]
|
120
|
-
foo2.permissions_attributes = [{type: "user", access: "edit", name: "editor"}]
|
121
|
-
foo1.permissions.should == foo2.permissions
|
129
|
+
subject.rightsMetadata.users.should == {"person1"=>"read","person2"=>"discover"}
|
122
130
|
end
|
123
131
|
end
|
124
132
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hydra-access-controls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 7.0.0.pre1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Beer
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2014-
|
13
|
+
date: 2014-01-15 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: activesupport
|
@@ -32,14 +32,14 @@ dependencies:
|
|
32
32
|
requirements:
|
33
33
|
- - ~>
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version:
|
35
|
+
version: 7.0.0.pre2
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - ~>
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version:
|
42
|
+
version: 7.0.0.pre2
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
44
|
name: cancan
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
@@ -74,14 +74,14 @@ dependencies:
|
|
74
74
|
requirements:
|
75
75
|
- - ~>
|
76
76
|
- !ruby/object:Gem::Version
|
77
|
-
version: '4.
|
77
|
+
version: '4.0'
|
78
78
|
type: :runtime
|
79
79
|
prerelease: false
|
80
80
|
version_requirements: !ruby/object:Gem::Requirement
|
81
81
|
requirements:
|
82
82
|
- - ~>
|
83
83
|
- !ruby/object:Gem::Version
|
84
|
-
version: '4.
|
84
|
+
version: '4.0'
|
85
85
|
- !ruby/object:Gem::Dependency
|
86
86
|
name: rake
|
87
87
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,10 +136,10 @@ files:
|
|
136
136
|
- lib/hydra/access_controls_enforcement.rb
|
137
137
|
- lib/hydra/access_controls_evaluation.rb
|
138
138
|
- lib/hydra/admin_policy.rb
|
139
|
+
- lib/hydra/config.rb
|
139
140
|
- lib/hydra/datastream.rb
|
140
141
|
- lib/hydra/datastream/inheritable_rights_metadata.rb
|
141
142
|
- lib/hydra/datastream/rights_metadata.rb
|
142
|
-
- lib/hydra/model_mixins/rights_metadata.rb
|
143
143
|
- lib/hydra/permissions_cache.rb
|
144
144
|
- lib/hydra/permissions_query.rb
|
145
145
|
- lib/hydra/permissions_solr_document.rb
|
@@ -160,14 +160,13 @@ files:
|
|
160
160
|
- spec/unit/access_controls_enforcement_spec.rb
|
161
161
|
- spec/unit/access_right_spec.rb
|
162
162
|
- spec/unit/admin_policy_spec.rb
|
163
|
+
- spec/unit/config_spec.rb
|
163
164
|
- spec/unit/hydra_rights_metadata_persistence_spec.rb
|
164
165
|
- spec/unit/hydra_rights_metadata_spec.rb
|
165
166
|
- spec/unit/inheritable_rights_metadata_spec.rb
|
166
|
-
- spec/unit/permission_spec.rb
|
167
167
|
- spec/unit/permissions_spec.rb
|
168
168
|
- spec/unit/policy_aware_ability_spec.rb
|
169
169
|
- spec/unit/policy_aware_access_controls_enforcement_spec.rb
|
170
|
-
- spec/unit/rights_metadata_spec.rb
|
171
170
|
- spec/unit/role_mapper_spec.rb
|
172
171
|
- spec/unit/visibility_spec.rb
|
173
172
|
- spec/unit/with_access_right_spec.rb
|
@@ -187,12 +186,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
187
186
|
version: 1.9.3
|
188
187
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
189
188
|
requirements:
|
190
|
-
- - '
|
189
|
+
- - '>'
|
191
190
|
- !ruby/object:Gem::Version
|
192
|
-
version:
|
191
|
+
version: 1.3.1
|
193
192
|
requirements: []
|
194
193
|
rubyforge_project:
|
195
|
-
rubygems_version: 2.
|
194
|
+
rubygems_version: 2.1.11
|
196
195
|
signing_key:
|
197
196
|
specification_version: 4
|
198
197
|
summary: Access controls for project hydra
|
@@ -210,14 +209,13 @@ test_files:
|
|
210
209
|
- spec/unit/access_controls_enforcement_spec.rb
|
211
210
|
- spec/unit/access_right_spec.rb
|
212
211
|
- spec/unit/admin_policy_spec.rb
|
212
|
+
- spec/unit/config_spec.rb
|
213
213
|
- spec/unit/hydra_rights_metadata_persistence_spec.rb
|
214
214
|
- spec/unit/hydra_rights_metadata_spec.rb
|
215
215
|
- spec/unit/inheritable_rights_metadata_spec.rb
|
216
|
-
- spec/unit/permission_spec.rb
|
217
216
|
- spec/unit/permissions_spec.rb
|
218
217
|
- spec/unit/policy_aware_ability_spec.rb
|
219
218
|
- spec/unit/policy_aware_access_controls_enforcement_spec.rb
|
220
|
-
- spec/unit/rights_metadata_spec.rb
|
221
219
|
- spec/unit/role_mapper_spec.rb
|
222
220
|
- spec/unit/visibility_spec.rb
|
223
221
|
- spec/unit/with_access_right_spec.rb
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Hydra
|
2
|
-
module ModelMixins
|
3
|
-
module RightsMetadata
|
4
|
-
extend ActiveSupport::Concern
|
5
|
-
extend Deprecation
|
6
|
-
include Hydra::AccessControls::Permissions
|
7
|
-
|
8
|
-
included do
|
9
|
-
Deprecation.warn(RightsMetadata, "Hydra::ModelMixins::RightsMetadata has been deprecated and will be removed in hydra-head 7.0. Use Hydra::AccessControls::Permissions instead", caller(3));
|
10
|
-
end
|
11
|
-
|
12
|
-
## Returns a list with all the permissions on the object.
|
13
|
-
# @example
|
14
|
-
# [{:name=>"group1", :access=>"discover", :type=>'group'},
|
15
|
-
# {:name=>"group2", :access=>"discover", :type=>'group'},
|
16
|
-
# {:name=>"user2", :access=>"read", :type=>'user'},
|
17
|
-
# {:name=>"user1", :access=>"edit", :type=>'user'},
|
18
|
-
# {:name=>"user3", :access=>"read", :type=>'user'}]
|
19
|
-
def permissions
|
20
|
-
(rightsMetadata.groups.map {|x| {:type=>'group', :access=>x[1], :name=>x[0] }} +
|
21
|
-
rightsMetadata.individuals.map {|x| {:type=>'user', :access=>x[1], :name=>x[0]}})
|
22
|
-
|
23
|
-
end
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe Hydra::AccessControls::Permission do
|
4
|
-
describe "hash-like key access" do
|
5
|
-
let(:perm) { described_class.new(type: 'user', name: 'bob', access: 'read') }
|
6
|
-
it "should return values" do
|
7
|
-
perm[:type].should == 'user'
|
8
|
-
perm[:name].should == 'bob'
|
9
|
-
perm[:access].should == 'read'
|
10
|
-
end
|
11
|
-
end
|
12
|
-
describe "#to_hash" do
|
13
|
-
subject { described_class.new(type: 'user', name: 'bob', access: 'read') }
|
14
|
-
its(:to_hash) { should == {type: 'user', name: 'bob', access: 'read'} }
|
15
|
-
end
|
16
|
-
describe "equality comparison" do
|
17
|
-
let(:perm1) { described_class.new(type: 'user', name: 'bob', access: 'read') }
|
18
|
-
let(:perm2) { described_class.new(type: 'user', name: 'bob', access: 'read') }
|
19
|
-
let(:perm3) { described_class.new(type: 'user', name: 'jane', access: 'read') }
|
20
|
-
it "should be equal if all values are equal" do
|
21
|
-
perm1.should == perm2
|
22
|
-
end
|
23
|
-
it "should be unequal if some values are unequal" do
|
24
|
-
perm1.should_not == perm3
|
25
|
-
perm2.should_not == perm3
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|