hydra-access-controls 6.5.2 → 7.0.0.pre1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/models/concerns/hydra/access_controls/permissions.rb +18 -13
- data/hydra-access-controls.gemspec +2 -2
- data/lib/hydra-access-controls.rb +13 -7
- data/lib/hydra/ability.rb +35 -18
- data/lib/hydra/access_controls/permission.rb +1 -6
- data/lib/hydra/access_controls_enforcement.rb +8 -9
- data/lib/hydra/admin_policy.rb +3 -3
- data/lib/hydra/config.rb +152 -0
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +5 -7
- data/lib/hydra/datastream/rights_metadata.rb +17 -19
- data/lib/hydra/permissions_query.rb +3 -1
- data/lib/hydra/policy_aware_ability.rb +24 -13
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +19 -11
- data/spec/spec_helper.rb +0 -8
- data/spec/support/mods_asset.rb +1 -2
- data/spec/support/solr_document.rb +6 -1
- data/spec/unit/ability_spec.rb +67 -85
- data/spec/unit/access_controls_enforcement_spec.rb +3 -3
- data/spec/unit/admin_policy_spec.rb +0 -17
- data/spec/unit/config_spec.rb +48 -0
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +1 -1
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -5
- data/spec/unit/permissions_spec.rb +80 -72
- metadata +12 -14
- data/lib/hydra/model_mixins/rights_metadata.rb +0 -27
- data/spec/unit/permission_spec.rb +0 -28
- data/spec/unit/rights_metadata_spec.rb +0 -104
@@ -1,104 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe Hydra::ModelMixins::RightsMetadata do
|
4
|
-
subject { ModsAsset.new }
|
5
|
-
it "should have a set of permissions" do
|
6
|
-
subject.discover_groups=['group1', 'group2']
|
7
|
-
subject.edit_users=['user1']
|
8
|
-
subject.read_users=['user2', 'user3']
|
9
|
-
subject.permissions.should include(Hydra::AccessControls::Permission.new({:type=>"group", :access=>"discover", :name=>"group1"}),
|
10
|
-
Hydra::AccessControls::Permission.new({:type=>"group", :access=>"discover", :name=>"group2"}),
|
11
|
-
Hydra::AccessControls::Permission.new({:type=>"user", :access=>"read", :name=>"user2"}),
|
12
|
-
Hydra::AccessControls::Permission.new({:type=>"user", :access=>"read", :name=>"user3"}),
|
13
|
-
Hydra::AccessControls::Permission.new({:type=>"user", :access=>"edit", :name=>"user1"}))
|
14
|
-
end
|
15
|
-
|
16
|
-
describe "updating permissions" do
|
17
|
-
it "should create new group permissions" do
|
18
|
-
subject.permissions_attributes = [{:name=>'group1', :access=>'discover', :type=>'group'}]
|
19
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new({:type=>'group', :access=>'discover', :name=>'group1'})]
|
20
|
-
end
|
21
|
-
it "should create new user permissions" do
|
22
|
-
subject.permissions_attributes = [{:name=>'user1', :access=>'discover', :type=>'user'}]
|
23
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new({:type=>'user', :access=>'discover', :name=>'user1'})]
|
24
|
-
end
|
25
|
-
it "should not replace existing groups" do
|
26
|
-
subject.permissions_attributes = [{:name=>'group1', :access=>'discover', :type=>'group'}]
|
27
|
-
subject.permissions_attributes = [{:name=>'group2', :access=>'discover', :type=>'group'}]
|
28
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new({:type=>'group', :access=>'discover', :name=>'group1'}),
|
29
|
-
Hydra::AccessControls::Permission.new({:type=>'group', :access=>'discover', :name=>'group2'})]
|
30
|
-
end
|
31
|
-
it "should not replace existing users" do
|
32
|
-
subject.permissions_attributes = [{:name=>'user1', :access=>'discover', :type=>'user'}]
|
33
|
-
subject.permissions_attributes = [{:name=>'user2', :access=>'discover', :type=>'user'}]
|
34
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new({:type=>'user', :access=>'discover', :name=>'user1'}),
|
35
|
-
Hydra::AccessControls::Permission.new({:type=>'user', :access=>'discover', :name=>'user2'})]
|
36
|
-
end
|
37
|
-
it "should update permissions on existing users" do
|
38
|
-
subject.permissions_attributes = [{:name=>'user1', :access=>'discover', :type=>'user'}]
|
39
|
-
subject.permissions_attributes = [{:name=>'user1', :access=>'edit', :type=>'user'}]
|
40
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new({:type=>'user', :access=>'edit', :name=>'user1'})]
|
41
|
-
end
|
42
|
-
it "should update permissions on existing groups" do
|
43
|
-
subject.permissions_attributes = [{:name=>'group1', :access=>'discover', :type=>'group'}]
|
44
|
-
subject.permissions_attributes = [{:name=>'group1', :access=>'edit', :type=>'group'}]
|
45
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new({:type=>'group', :access=>'edit', :name=>'group1'})]
|
46
|
-
end
|
47
|
-
it "should assign user permissions when :type == 'person'" do
|
48
|
-
subject.permissions_attributes = [{:name=>'user1', :access=>'discover', :type=>'person'}]
|
49
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new({:type=>'user', :access=>'discover', :name=>'user1'})]
|
50
|
-
end
|
51
|
-
it "should raise an ArgumentError when the :type hashkey is invalid" do
|
52
|
-
expect{subject.permissions_attributes = [{:name=>'user1', :access=>'read', :type=>'foo'}]}.to raise_error(ArgumentError)
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
context "to_solr" do
|
57
|
-
let(:embargo_release_date) { "2010-12-01" }
|
58
|
-
before do
|
59
|
-
subject.rightsMetadata.embargo_release_date = embargo_release_date
|
60
|
-
subject.rightsMetadata.update_permissions("person"=>{"person1"=>"read","person2"=>"discover"}, "group"=>{'group-6' => 'read', "group-7"=>'read', 'group-8'=>'edit'})
|
61
|
-
end
|
62
|
-
it "should produce a solr document" do
|
63
|
-
result = subject.rightsMetadata.to_solr
|
64
|
-
result.size.should == 5
|
65
|
-
## Wrote the test in this way, because the implementation uses a hash, and the hash order is not deterministic (especially in ruby 1.8.7)
|
66
|
-
result['read_access_group_ssim'].size.should == 2
|
67
|
-
result['read_access_group_ssim'].should include('group-6', 'group-7')
|
68
|
-
result['edit_access_group_ssim'].should == ['group-8']
|
69
|
-
result['discover_access_person_ssim'].should == ['person2']
|
70
|
-
result['read_access_person_ssim'].should == ['person1']
|
71
|
-
result['embargo_release_date_dtsi'].should == subject.rightsMetadata.embargo_release_date(:format => :solr_date)
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
context "with rightsMetadata" do
|
76
|
-
before do
|
77
|
-
subject.rightsMetadata.update_permissions("person"=>{"person1"=>"read","person2"=>"discover"}, "group"=>{'group-6' => 'read', "group-7"=>'read', 'group-8'=>'edit'})
|
78
|
-
end
|
79
|
-
it "should have read groups accessor" do
|
80
|
-
subject.read_groups.should == ['group-6', 'group-7']
|
81
|
-
end
|
82
|
-
it "should have read groups string accessor" do
|
83
|
-
subject.read_groups_string.should == 'group-6, group-7'
|
84
|
-
end
|
85
|
-
it "should have read groups writer" do
|
86
|
-
subject.read_groups = ['group-2', 'group-3']
|
87
|
-
subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
|
88
|
-
subject.rightsMetadata.individuals.should == {"person1"=>"read","person2"=>"discover"}
|
89
|
-
end
|
90
|
-
|
91
|
-
it "should have read groups string writer" do
|
92
|
-
subject.read_groups_string = 'umg/up.dlt.staff, group-3'
|
93
|
-
subject.rightsMetadata.groups.should == {'umg/up.dlt.staff' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
|
94
|
-
subject.rightsMetadata.individuals.should == {"person1"=>"read","person2"=>"discover"}
|
95
|
-
end
|
96
|
-
it "should only revoke eligible groups" do
|
97
|
-
subject.set_read_groups(['group-2', 'group-3'], ['group-6'])
|
98
|
-
# 'group-7' is not eligible to be revoked
|
99
|
-
subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-7' => 'read', 'group-8' => 'edit'}
|
100
|
-
subject.rightsMetadata.individuals.should == {"person1"=>"read","person2"=>"discover"}
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
|
-
end
|