hydra-access-controls 7.0.0.pre2 → 7.0.0.pre3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 09fd4ea3ed17c112a26e56d05b6e4ce2d583fe30
4
- data.tar.gz: fe8d298a24f10b9f11b912e633800c3d954e39bc
3
+ metadata.gz: d2bf5df716ea14df4f98b4dd8c835a1da17f93f3
4
+ data.tar.gz: 0530e82237df459c058e6160453183968c46b567
5
5
  SHA512:
6
- metadata.gz: c223889dcf18c95a44ad594106a185a8bb364cb78d175b79cbcd0becadd51ca089ed0664d700a8a60ee5b8b07559aa6685c57c51ee86aa3bf02c022323e9b2b2
7
- data.tar.gz: 2819eb5e60c0f5328dc7fd0b1831df749dbb0eac83a04e6d7745192062645032a098d72aae2e7cbdb51a06b9d7ab09419f44b7d0ee0a817e1d0d382653d6925c
6
+ metadata.gz: ed246412fae1045432c805d1352772ea871e9eea5efd3a573bd4f654e86a070f9f622caa6d43f281bb9f8c4be9fba19717d49f53089103f7d15b2a53fc52c209
7
+ data.tar.gz: d1ae9981602cda988200b6b3080343e9ec234c2162097431810b27d00008b78da4e3e836934b7cff2df020c3a8c4c7142ede7bd9b9c68b9a5c182b10f7271370
@@ -19,10 +19,16 @@ Gem::Specification.new do |gem|
19
19
  gem.required_ruby_version = '>= 1.9.3'
20
20
 
21
21
  gem.add_dependency 'activesupport'
22
- gem.add_dependency "active-fedora", '~> 7.0.0.rc1'
23
- gem.add_dependency 'cancan'
22
+ gem.add_dependency "active-fedora", '~> 7.0.0.rc3'
23
+ gem.add_dependency 'cancancan'
24
24
  gem.add_dependency 'deprecation'
25
- gem.add_dependency 'blacklight', '~> 4.0'
25
+ gem.add_dependency "blacklight", '~> 5.0'
26
+
27
+ # sass-rails is typically generated into the app's gemfile by `rails new`
28
+ # In rails 3 it's put into the "assets" group and thus not available to the
29
+ # app. Blacklight 5.2 requires bootstrap-sass which requires (but does not
30
+ # declare a dependency on) sass-rails
31
+ gem.add_dependency 'sass-rails'
26
32
 
27
33
  gem.add_development_dependency "rake"
28
34
  gem.add_development_dependency 'rspec'
@@ -0,0 +1,20 @@
1
+ ActiveFedora::QueryMethods.module_eval do
2
+ extend ActiveSupport::Concern
3
+ included do
4
+ include Hydra::AccessControlsEnforcement
5
+ end
6
+
7
+ def accessible_by(ability, action = :index)
8
+ permission_types = case action
9
+ when :index then [:discover, :read, :edit]
10
+ when :show, :read then [:read, :edit]
11
+ when :update, :edit, :create, :new, :destroy then [:edit]
12
+ end
13
+
14
+ spawn.where!(gated_discovery_filters(permission_types, ability).join(" OR "))
15
+ end
16
+ end
17
+
18
+ ActiveFedora::Querying.module_eval do
19
+ delegate :accessible_by, :to=>:all
20
+ end
@@ -9,7 +9,6 @@ module Hydra
9
9
  autoload :User
10
10
  autoload :AccessControlsEnforcement
11
11
  autoload :PolicyAwareAccessControlsEnforcement
12
- autoload :AccessControlsEvaluation
13
12
  autoload :Ability
14
13
  autoload :Config
15
14
  autoload :Datastream
@@ -41,3 +40,5 @@ module Hydra
41
40
  # raised manually.
42
41
  class AccessDenied < ::CanCan::AccessDenied; end
43
42
  end
43
+
44
+ require 'active_fedora/accessible_by'
@@ -8,8 +8,12 @@ module Hydra::AccessControls
8
8
  false
9
9
  end
10
10
 
11
+ def to_hash
12
+ @vals
13
+ end
14
+
11
15
  def [] var
12
- @vals[var]
16
+ to_hash[var]
13
17
  end
14
18
 
15
19
  def name
@@ -2,7 +2,6 @@ module Hydra::AccessControlsEnforcement
2
2
  extend ActiveSupport::Concern
3
3
 
4
4
  included do
5
- include Hydra::AccessControlsEvaluation
6
5
  class_attribute :solr_access_filters_logic
7
6
 
8
7
  # Set defaults. Each symbol identifies a _method_ that must be in
@@ -17,14 +16,12 @@ module Hydra::AccessControlsEnforcement
17
16
 
18
17
  protected
19
18
 
20
- def gated_discovery_filters
21
- # Grant access to public content
22
- permission_types = discovery_permissions
19
+ def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
23
20
  user_access_filters = []
24
21
 
25
22
  # Grant access based on user id & group
26
23
  solr_access_filters_logic.each do |method_name|
27
- user_access_filters += send(method_name, permission_types)
24
+ user_access_filters += send(method_name, permission_types, ability)
28
25
  end
29
26
  user_access_filters
30
27
  end
@@ -102,10 +99,10 @@ module Hydra::AccessControlsEnforcement
102
99
  end
103
100
 
104
101
 
105
- def apply_group_permissions(permission_types)
102
+ def apply_group_permissions(permission_types, ability = current_ability)
106
103
  # for groups
107
104
  user_access_filters = []
108
- current_ability.user_groups.each_with_index do |group, i|
105
+ ability.user_groups.each_with_index do |group, i|
109
106
  permission_types.each do |type|
110
107
  user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer), group)
111
108
  end
@@ -117,19 +114,20 @@ module Hydra::AccessControlsEnforcement
117
114
  [key, value.gsub(/[ :\/]/, ' ' => '\ ', '/' => '\/', ':' => '\:')].join(':')
118
115
  end
119
116
 
120
- def apply_user_permissions(permission_types)
117
+ def apply_user_permissions(permission_types, ability = current_ability)
121
118
  # for individual user access
122
119
  user_access_filters = []
123
- if current_user && current_user.user_key.present?
120
+ user = ability.current_user
121
+ if user && user.user_key.present?
124
122
  permission_types.each do |type|
125
- user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer), current_user.user_key)
123
+ user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer), user.user_key)
126
124
  end
127
125
  end
128
126
  user_access_filters
129
127
  end
130
128
 
131
129
  # override to apply super user permissions
132
- def apply_superuser_permissions(permission_types)
130
+ def apply_superuser_permissions(permission_types, ability = current_ability)
133
131
  []
134
132
  end
135
133
 
@@ -24,10 +24,8 @@ module Hydra
24
24
  # @param [Hash] extra_controller_params (optional)
25
25
  def get_permissions_solr_response_for_doc_id(id=nil, extra_controller_params={})
26
26
  raise Blacklight::Exceptions::InvalidSolrID.new("The application is trying to retrieve permissions without specifying an asset id") if id.nil?
27
- #solr_response = Blacklight.solr.get permissions_solr_doc_params(id).merge(extra_controller_params)
28
- #path = blacklight_config.solr_path
29
27
  solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
30
- response = Blacklight.solr.get('select', :params=> solr_opts)
28
+ response = ActiveFedora::SolrService.instance.conn.get('select', :params=> solr_opts)
31
29
  solr_response = Blacklight::SolrResponse.new(force_to_utf8(response), solr_opts)
32
30
 
33
31
  raise Blacklight::Exceptions::InvalidSolrID.new("The solr permissions search handler didn't return anything for id \"#{id}\"") if solr_response.docs.empty?
@@ -0,0 +1,30 @@
1
+ require 'spec_helper'
2
+
3
+ describe "active_fedora/accessible_by" do
4
+ let(:user) {FactoryGirl.build(:ira_instructor)}
5
+ let(:ability) {Ability.new(user)}
6
+ let(:private_obj) {FactoryGirl.create(:default_access_asset)}
7
+ let(:public_obj) {FactoryGirl.create(:open_access_asset)}
8
+ let(:editable_obj) {FactoryGirl.create(:group_edit_asset)}
9
+
10
+ before do
11
+ user.should_receive(:groups).at_most(:once).and_return(user.roles)
12
+ ModsAsset.delete_all
13
+ end
14
+
15
+ after do
16
+ ModsAsset.delete_all
17
+ end
18
+
19
+ describe "#accsesible_by" do
20
+ it "should return objects readable by the ability" do
21
+ expect(ModsAsset.accessible_by(ability)).to eq [public_obj, editable_obj]
22
+ end
23
+ it "should return object editable by the ability" do
24
+ expect(ModsAsset.accessible_by(ability, :edit)).to eq [editable_obj]
25
+ end
26
+ it "should return only public objects for an anonymous user" do
27
+ expect(ModsAsset.accessible_by(Ability.new(nil))).to eq [public_obj]
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,28 @@
1
+ require 'spec_helper'
2
+
3
+ describe Hydra::AccessControls::Permission do
4
+ describe "hash-like key access" do
5
+ let(:perm) { described_class.new(type: 'user', name: 'bob', access: 'read') }
6
+ it "should return values" do
7
+ perm[:type].should == 'user'
8
+ perm[:name].should == 'bob'
9
+ perm[:access].should == 'read'
10
+ end
11
+ end
12
+ describe "#to_hash" do
13
+ subject { described_class.new(type: 'user', name: 'bob', access: 'read') }
14
+ its(:to_hash) { should == {type: 'user', name: 'bob', access: 'read'} }
15
+ end
16
+ describe "equality comparison" do
17
+ let(:perm1) { described_class.new(type: 'user', name: 'bob', access: 'read') }
18
+ let(:perm2) { described_class.new(type: 'user', name: 'bob', access: 'read') }
19
+ let(:perm3) { described_class.new(type: 'user', name: 'jane', access: 'read') }
20
+ it "should be equal if all values are equal" do
21
+ perm1.should == perm2
22
+ end
23
+ it "should be unequal if some values are unequal" do
24
+ perm1.should_not == perm3
25
+ perm2.should_not == perm3
26
+ end
27
+ end
28
+ end
@@ -113,7 +113,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
113
113
  context "Anonymous user" do
114
114
  before { subject.stub(:current_user).and_return(nil) }
115
115
  it "should return the policies that provide discover permissions" do
116
- subject.policies_with_access.should == ["test:policy7", "test:policy8"]
116
+ subject.policies_with_access.should match_array ["test:policy7", "test:policy8"]
117
117
  end
118
118
  end
119
119
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.0.pre2
4
+ version: 7.0.0.pre3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,104 +10,118 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2014-01-23 00:00:00.000000000 Z
13
+ date: 2014-03-18 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - '>='
19
+ - - ">="
20
20
  - !ruby/object:Gem::Version
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
- - - '>='
26
+ - - ">="
27
27
  - !ruby/object:Gem::Version
28
28
  version: '0'
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: active-fedora
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
- - - ~>
33
+ - - "~>"
34
34
  - !ruby/object:Gem::Version
35
- version: 7.0.0.rc1
35
+ version: 7.0.0.rc3
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
- - - ~>
40
+ - - "~>"
41
41
  - !ruby/object:Gem::Version
42
- version: 7.0.0.rc1
42
+ version: 7.0.0.rc3
43
43
  - !ruby/object:Gem::Dependency
44
- name: cancan
44
+ name: cancancan
45
45
  requirement: !ruby/object:Gem::Requirement
46
46
  requirements:
47
- - - '>='
47
+ - - ">="
48
48
  - !ruby/object:Gem::Version
49
49
  version: '0'
50
50
  type: :runtime
51
51
  prerelease: false
52
52
  version_requirements: !ruby/object:Gem::Requirement
53
53
  requirements:
54
- - - '>='
54
+ - - ">="
55
55
  - !ruby/object:Gem::Version
56
56
  version: '0'
57
57
  - !ruby/object:Gem::Dependency
58
58
  name: deprecation
59
59
  requirement: !ruby/object:Gem::Requirement
60
60
  requirements:
61
- - - '>='
61
+ - - ">="
62
62
  - !ruby/object:Gem::Version
63
63
  version: '0'
64
64
  type: :runtime
65
65
  prerelease: false
66
66
  version_requirements: !ruby/object:Gem::Requirement
67
67
  requirements:
68
- - - '>='
68
+ - - ">="
69
69
  - !ruby/object:Gem::Version
70
70
  version: '0'
71
71
  - !ruby/object:Gem::Dependency
72
72
  name: blacklight
73
73
  requirement: !ruby/object:Gem::Requirement
74
74
  requirements:
75
- - - ~>
75
+ - - "~>"
76
76
  - !ruby/object:Gem::Version
77
- version: '4.0'
77
+ version: '5.0'
78
78
  type: :runtime
79
79
  prerelease: false
80
80
  version_requirements: !ruby/object:Gem::Requirement
81
81
  requirements:
82
- - - ~>
82
+ - - "~>"
83
83
  - !ruby/object:Gem::Version
84
- version: '4.0'
84
+ version: '5.0'
85
+ - !ruby/object:Gem::Dependency
86
+ name: sass-rails
87
+ requirement: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - ">="
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ type: :runtime
93
+ prerelease: false
94
+ version_requirements: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
85
99
  - !ruby/object:Gem::Dependency
86
100
  name: rake
87
101
  requirement: !ruby/object:Gem::Requirement
88
102
  requirements:
89
- - - '>='
103
+ - - ">="
90
104
  - !ruby/object:Gem::Version
91
105
  version: '0'
92
106
  type: :development
93
107
  prerelease: false
94
108
  version_requirements: !ruby/object:Gem::Requirement
95
109
  requirements:
96
- - - '>='
110
+ - - ">="
97
111
  - !ruby/object:Gem::Version
98
112
  version: '0'
99
113
  - !ruby/object:Gem::Dependency
100
114
  name: rspec
101
115
  requirement: !ruby/object:Gem::Requirement
102
116
  requirements:
103
- - - '>='
117
+ - - ">="
104
118
  - !ruby/object:Gem::Version
105
119
  version: '0'
106
120
  type: :development
107
121
  prerelease: false
108
122
  version_requirements: !ruby/object:Gem::Requirement
109
123
  requirements:
110
- - - '>='
124
+ - - ">="
111
125
  - !ruby/object:Gem::Version
112
126
  version: '0'
113
127
  description: Access controls for project hydra
@@ -117,7 +131,7 @@ executables: []
117
131
  extensions: []
118
132
  extra_rdoc_files: []
119
133
  files:
120
- - .rspec
134
+ - ".rspec"
121
135
  - README.textile
122
136
  - Rakefile
123
137
  - app/models/ability.rb
@@ -130,11 +144,11 @@ files:
130
144
  - config/fedora.yml
131
145
  - config/solr.yml
132
146
  - hydra-access-controls.gemspec
147
+ - lib/active_fedora/accessible_by.rb
133
148
  - lib/hydra-access-controls.rb
134
149
  - lib/hydra/ability.rb
135
150
  - lib/hydra/access_controls/permission.rb
136
151
  - lib/hydra/access_controls_enforcement.rb
137
- - lib/hydra/access_controls_evaluation.rb
138
152
  - lib/hydra/admin_policy.rb
139
153
  - lib/hydra/config.rb
140
154
  - lib/hydra/datastream.rb
@@ -159,11 +173,13 @@ files:
159
173
  - spec/unit/ability_spec.rb
160
174
  - spec/unit/access_controls_enforcement_spec.rb
161
175
  - spec/unit/access_right_spec.rb
176
+ - spec/unit/accessible_by_spec.rb
162
177
  - spec/unit/admin_policy_spec.rb
163
178
  - spec/unit/config_spec.rb
164
179
  - spec/unit/hydra_rights_metadata_persistence_spec.rb
165
180
  - spec/unit/hydra_rights_metadata_spec.rb
166
181
  - spec/unit/inheritable_rights_metadata_spec.rb
182
+ - spec/unit/permission_spec.rb
167
183
  - spec/unit/permissions_spec.rb
168
184
  - spec/unit/policy_aware_ability_spec.rb
169
185
  - spec/unit/policy_aware_access_controls_enforcement_spec.rb
@@ -181,17 +197,17 @@ require_paths:
181
197
  - lib
182
198
  required_ruby_version: !ruby/object:Gem::Requirement
183
199
  requirements:
184
- - - '>='
200
+ - - ">="
185
201
  - !ruby/object:Gem::Version
186
202
  version: 1.9.3
187
203
  required_rubygems_version: !ruby/object:Gem::Requirement
188
204
  requirements:
189
- - - '>'
205
+ - - ">"
190
206
  - !ruby/object:Gem::Version
191
207
  version: 1.3.1
192
208
  requirements: []
193
209
  rubyforge_project:
194
- rubygems_version: 2.1.11
210
+ rubygems_version: 2.2.2
195
211
  signing_key:
196
212
  specification_version: 4
197
213
  summary: Access controls for project hydra
@@ -208,11 +224,13 @@ test_files:
208
224
  - spec/unit/ability_spec.rb
209
225
  - spec/unit/access_controls_enforcement_spec.rb
210
226
  - spec/unit/access_right_spec.rb
227
+ - spec/unit/accessible_by_spec.rb
211
228
  - spec/unit/admin_policy_spec.rb
212
229
  - spec/unit/config_spec.rb
213
230
  - spec/unit/hydra_rights_metadata_persistence_spec.rb
214
231
  - spec/unit/hydra_rights_metadata_spec.rb
215
232
  - spec/unit/inheritable_rights_metadata_spec.rb
233
+ - spec/unit/permission_spec.rb
216
234
  - spec/unit/permissions_spec.rb
217
235
  - spec/unit/policy_aware_ability_spec.rb
218
236
  - spec/unit/policy_aware_access_controls_enforcement_spec.rb
@@ -1,38 +0,0 @@
1
- # will move to lib/hydra/access_control folder/namespace in release 5.x
2
- # Provides methods for determining permissions
3
- # If you include this into a Controller, it will also make a number of these methods available as view helpers.
4
- module Hydra::AccessControlsEvaluation
5
-
6
- def self.included(klass)
7
- if klass.respond_to?(:helper_method)
8
- klass.helper_method(:editor?)
9
- klass.helper_method(:reader?)
10
- klass.helper_method(:test_permission?)
11
- end
12
- end
13
-
14
- # Test the current user's permissions. This method is used by the editor? and reader? methods
15
- # @param [Symbol] permission_type valid options: :edit, :read
16
- # This is available as a view helper method as well as within your controllers.
17
- # @example
18
- # test_permission(:edit)
19
- def test_permission(permission_type)
20
- ActiveSupport::Deprecation.warn("test_permission has been deprecated. Use can? instead")
21
- can? permission_type, @permissions_solr_document
22
- end
23
-
24
- # Test whether the the current user has edit permissions.
25
- # This is available as a view helper method as well as within your controllers.
26
- def editor?
27
- logger.warn("editor? has been deprecated. Use can? instead")
28
- can? :edit, @permissions_solr_document
29
- end
30
-
31
- # Test whether the the current user has read permissions.
32
- # This is available as a view helper method as well as within your controllers.
33
- def reader?
34
- logger.warn("reader? has been deprecated. Use can? instead")
35
- can? :read, @permissions_solr_document
36
- end
37
-
38
- end