hydra-access-controls 7.0.0.pre2 → 7.0.0.pre3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 09fd4ea3ed17c112a26e56d05b6e4ce2d583fe30
4
- data.tar.gz: fe8d298a24f10b9f11b912e633800c3d954e39bc
3
+ metadata.gz: d2bf5df716ea14df4f98b4dd8c835a1da17f93f3
4
+ data.tar.gz: 0530e82237df459c058e6160453183968c46b567
5
5
  SHA512:
6
- metadata.gz: c223889dcf18c95a44ad594106a185a8bb364cb78d175b79cbcd0becadd51ca089ed0664d700a8a60ee5b8b07559aa6685c57c51ee86aa3bf02c022323e9b2b2
7
- data.tar.gz: 2819eb5e60c0f5328dc7fd0b1831df749dbb0eac83a04e6d7745192062645032a098d72aae2e7cbdb51a06b9d7ab09419f44b7d0ee0a817e1d0d382653d6925c
6
+ metadata.gz: ed246412fae1045432c805d1352772ea871e9eea5efd3a573bd4f654e86a070f9f622caa6d43f281bb9f8c4be9fba19717d49f53089103f7d15b2a53fc52c209
7
+ data.tar.gz: d1ae9981602cda988200b6b3080343e9ec234c2162097431810b27d00008b78da4e3e836934b7cff2df020c3a8c4c7142ede7bd9b9c68b9a5c182b10f7271370
@@ -19,10 +19,16 @@ Gem::Specification.new do |gem|
19
19
  gem.required_ruby_version = '>= 1.9.3'
20
20
 
21
21
  gem.add_dependency 'activesupport'
22
- gem.add_dependency "active-fedora", '~> 7.0.0.rc1'
23
- gem.add_dependency 'cancan'
22
+ gem.add_dependency "active-fedora", '~> 7.0.0.rc3'
23
+ gem.add_dependency 'cancancan'
24
24
  gem.add_dependency 'deprecation'
25
- gem.add_dependency 'blacklight', '~> 4.0'
25
+ gem.add_dependency "blacklight", '~> 5.0'
26
+
27
+ # sass-rails is typically generated into the app's gemfile by `rails new`
28
+ # In rails 3 it's put into the "assets" group and thus not available to the
29
+ # app. Blacklight 5.2 requires bootstrap-sass which requires (but does not
30
+ # declare a dependency on) sass-rails
31
+ gem.add_dependency 'sass-rails'
26
32
 
27
33
  gem.add_development_dependency "rake"
28
34
  gem.add_development_dependency 'rspec'
@@ -0,0 +1,20 @@
1
+ ActiveFedora::QueryMethods.module_eval do
2
+ extend ActiveSupport::Concern
3
+ included do
4
+ include Hydra::AccessControlsEnforcement
5
+ end
6
+
7
+ def accessible_by(ability, action = :index)
8
+ permission_types = case action
9
+ when :index then [:discover, :read, :edit]
10
+ when :show, :read then [:read, :edit]
11
+ when :update, :edit, :create, :new, :destroy then [:edit]
12
+ end
13
+
14
+ spawn.where!(gated_discovery_filters(permission_types, ability).join(" OR "))
15
+ end
16
+ end
17
+
18
+ ActiveFedora::Querying.module_eval do
19
+ delegate :accessible_by, :to=>:all
20
+ end
@@ -9,7 +9,6 @@ module Hydra
9
9
  autoload :User
10
10
  autoload :AccessControlsEnforcement
11
11
  autoload :PolicyAwareAccessControlsEnforcement
12
- autoload :AccessControlsEvaluation
13
12
  autoload :Ability
14
13
  autoload :Config
15
14
  autoload :Datastream
@@ -41,3 +40,5 @@ module Hydra
41
40
  # raised manually.
42
41
  class AccessDenied < ::CanCan::AccessDenied; end
43
42
  end
43
+
44
+ require 'active_fedora/accessible_by'
@@ -8,8 +8,12 @@ module Hydra::AccessControls
8
8
  false
9
9
  end
10
10
 
11
+ def to_hash
12
+ @vals
13
+ end
14
+
11
15
  def [] var
12
- @vals[var]
16
+ to_hash[var]
13
17
  end
14
18
 
15
19
  def name
@@ -2,7 +2,6 @@ module Hydra::AccessControlsEnforcement
2
2
  extend ActiveSupport::Concern
3
3
 
4
4
  included do
5
- include Hydra::AccessControlsEvaluation
6
5
  class_attribute :solr_access_filters_logic
7
6
 
8
7
  # Set defaults. Each symbol identifies a _method_ that must be in
@@ -17,14 +16,12 @@ module Hydra::AccessControlsEnforcement
17
16
 
18
17
  protected
19
18
 
20
- def gated_discovery_filters
21
- # Grant access to public content
22
- permission_types = discovery_permissions
19
+ def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
23
20
  user_access_filters = []
24
21
 
25
22
  # Grant access based on user id & group
26
23
  solr_access_filters_logic.each do |method_name|
27
- user_access_filters += send(method_name, permission_types)
24
+ user_access_filters += send(method_name, permission_types, ability)
28
25
  end
29
26
  user_access_filters
30
27
  end
@@ -102,10 +99,10 @@ module Hydra::AccessControlsEnforcement
102
99
  end
103
100
 
104
101
 
105
- def apply_group_permissions(permission_types)
102
+ def apply_group_permissions(permission_types, ability = current_ability)
106
103
  # for groups
107
104
  user_access_filters = []
108
- current_ability.user_groups.each_with_index do |group, i|
105
+ ability.user_groups.each_with_index do |group, i|
109
106
  permission_types.each do |type|
110
107
  user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer), group)
111
108
  end
@@ -117,19 +114,20 @@ module Hydra::AccessControlsEnforcement
117
114
  [key, value.gsub(/[ :\/]/, ' ' => '\ ', '/' => '\/', ':' => '\:')].join(':')
118
115
  end
119
116
 
120
- def apply_user_permissions(permission_types)
117
+ def apply_user_permissions(permission_types, ability = current_ability)
121
118
  # for individual user access
122
119
  user_access_filters = []
123
- if current_user && current_user.user_key.present?
120
+ user = ability.current_user
121
+ if user && user.user_key.present?
124
122
  permission_types.each do |type|
125
- user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer), current_user.user_key)
123
+ user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer), user.user_key)
126
124
  end
127
125
  end
128
126
  user_access_filters
129
127
  end
130
128
 
131
129
  # override to apply super user permissions
132
- def apply_superuser_permissions(permission_types)
130
+ def apply_superuser_permissions(permission_types, ability = current_ability)
133
131
  []
134
132
  end
135
133
 
@@ -24,10 +24,8 @@ module Hydra
24
24
  # @param [Hash] extra_controller_params (optional)
25
25
  def get_permissions_solr_response_for_doc_id(id=nil, extra_controller_params={})
26
26
  raise Blacklight::Exceptions::InvalidSolrID.new("The application is trying to retrieve permissions without specifying an asset id") if id.nil?
27
- #solr_response = Blacklight.solr.get permissions_solr_doc_params(id).merge(extra_controller_params)
28
- #path = blacklight_config.solr_path
29
27
  solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
30
- response = Blacklight.solr.get('select', :params=> solr_opts)
28
+ response = ActiveFedora::SolrService.instance.conn.get('select', :params=> solr_opts)
31
29
  solr_response = Blacklight::SolrResponse.new(force_to_utf8(response), solr_opts)
32
30
 
33
31
  raise Blacklight::Exceptions::InvalidSolrID.new("The solr permissions search handler didn't return anything for id \"#{id}\"") if solr_response.docs.empty?
@@ -0,0 +1,30 @@
1
+ require 'spec_helper'
2
+
3
+ describe "active_fedora/accessible_by" do
4
+ let(:user) {FactoryGirl.build(:ira_instructor)}
5
+ let(:ability) {Ability.new(user)}
6
+ let(:private_obj) {FactoryGirl.create(:default_access_asset)}
7
+ let(:public_obj) {FactoryGirl.create(:open_access_asset)}
8
+ let(:editable_obj) {FactoryGirl.create(:group_edit_asset)}
9
+
10
+ before do
11
+ user.should_receive(:groups).at_most(:once).and_return(user.roles)
12
+ ModsAsset.delete_all
13
+ end
14
+
15
+ after do
16
+ ModsAsset.delete_all
17
+ end
18
+
19
+ describe "#accsesible_by" do
20
+ it "should return objects readable by the ability" do
21
+ expect(ModsAsset.accessible_by(ability)).to eq [public_obj, editable_obj]
22
+ end
23
+ it "should return object editable by the ability" do
24
+ expect(ModsAsset.accessible_by(ability, :edit)).to eq [editable_obj]
25
+ end
26
+ it "should return only public objects for an anonymous user" do
27
+ expect(ModsAsset.accessible_by(Ability.new(nil))).to eq [public_obj]
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,28 @@
1
+ require 'spec_helper'
2
+
3
+ describe Hydra::AccessControls::Permission do
4
+ describe "hash-like key access" do
5
+ let(:perm) { described_class.new(type: 'user', name: 'bob', access: 'read') }
6
+ it "should return values" do
7
+ perm[:type].should == 'user'
8
+ perm[:name].should == 'bob'
9
+ perm[:access].should == 'read'
10
+ end
11
+ end
12
+ describe "#to_hash" do
13
+ subject { described_class.new(type: 'user', name: 'bob', access: 'read') }
14
+ its(:to_hash) { should == {type: 'user', name: 'bob', access: 'read'} }
15
+ end
16
+ describe "equality comparison" do
17
+ let(:perm1) { described_class.new(type: 'user', name: 'bob', access: 'read') }
18
+ let(:perm2) { described_class.new(type: 'user', name: 'bob', access: 'read') }
19
+ let(:perm3) { described_class.new(type: 'user', name: 'jane', access: 'read') }
20
+ it "should be equal if all values are equal" do
21
+ perm1.should == perm2
22
+ end
23
+ it "should be unequal if some values are unequal" do
24
+ perm1.should_not == perm3
25
+ perm2.should_not == perm3
26
+ end
27
+ end
28
+ end
@@ -113,7 +113,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
113
113
  context "Anonymous user" do
114
114
  before { subject.stub(:current_user).and_return(nil) }
115
115
  it "should return the policies that provide discover permissions" do
116
- subject.policies_with_access.should == ["test:policy7", "test:policy8"]
116
+ subject.policies_with_access.should match_array ["test:policy7", "test:policy8"]
117
117
  end
118
118
  end
119
119
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.0.pre2
4
+ version: 7.0.0.pre3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,104 +10,118 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2014-01-23 00:00:00.000000000 Z
13
+ date: 2014-03-18 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - '>='
19
+ - - ">="
20
20
  - !ruby/object:Gem::Version
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
- - - '>='
26
+ - - ">="
27
27
  - !ruby/object:Gem::Version
28
28
  version: '0'
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: active-fedora
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
- - - ~>
33
+ - - "~>"
34
34
  - !ruby/object:Gem::Version
35
- version: 7.0.0.rc1
35
+ version: 7.0.0.rc3
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
- - - ~>
40
+ - - "~>"
41
41
  - !ruby/object:Gem::Version
42
- version: 7.0.0.rc1
42
+ version: 7.0.0.rc3
43
43
  - !ruby/object:Gem::Dependency
44
- name: cancan
44
+ name: cancancan
45
45
  requirement: !ruby/object:Gem::Requirement
46
46
  requirements:
47
- - - '>='
47
+ - - ">="
48
48
  - !ruby/object:Gem::Version
49
49
  version: '0'
50
50
  type: :runtime
51
51
  prerelease: false
52
52
  version_requirements: !ruby/object:Gem::Requirement
53
53
  requirements:
54
- - - '>='
54
+ - - ">="
55
55
  - !ruby/object:Gem::Version
56
56
  version: '0'
57
57
  - !ruby/object:Gem::Dependency
58
58
  name: deprecation
59
59
  requirement: !ruby/object:Gem::Requirement
60
60
  requirements:
61
- - - '>='
61
+ - - ">="
62
62
  - !ruby/object:Gem::Version
63
63
  version: '0'
64
64
  type: :runtime
65
65
  prerelease: false
66
66
  version_requirements: !ruby/object:Gem::Requirement
67
67
  requirements:
68
- - - '>='
68
+ - - ">="
69
69
  - !ruby/object:Gem::Version
70
70
  version: '0'
71
71
  - !ruby/object:Gem::Dependency
72
72
  name: blacklight
73
73
  requirement: !ruby/object:Gem::Requirement
74
74
  requirements:
75
- - - ~>
75
+ - - "~>"
76
76
  - !ruby/object:Gem::Version
77
- version: '4.0'
77
+ version: '5.0'
78
78
  type: :runtime
79
79
  prerelease: false
80
80
  version_requirements: !ruby/object:Gem::Requirement
81
81
  requirements:
82
- - - ~>
82
+ - - "~>"
83
83
  - !ruby/object:Gem::Version
84
- version: '4.0'
84
+ version: '5.0'
85
+ - !ruby/object:Gem::Dependency
86
+ name: sass-rails
87
+ requirement: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - ">="
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ type: :runtime
93
+ prerelease: false
94
+ version_requirements: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
85
99
  - !ruby/object:Gem::Dependency
86
100
  name: rake
87
101
  requirement: !ruby/object:Gem::Requirement
88
102
  requirements:
89
- - - '>='
103
+ - - ">="
90
104
  - !ruby/object:Gem::Version
91
105
  version: '0'
92
106
  type: :development
93
107
  prerelease: false
94
108
  version_requirements: !ruby/object:Gem::Requirement
95
109
  requirements:
96
- - - '>='
110
+ - - ">="
97
111
  - !ruby/object:Gem::Version
98
112
  version: '0'
99
113
  - !ruby/object:Gem::Dependency
100
114
  name: rspec
101
115
  requirement: !ruby/object:Gem::Requirement
102
116
  requirements:
103
- - - '>='
117
+ - - ">="
104
118
  - !ruby/object:Gem::Version
105
119
  version: '0'
106
120
  type: :development
107
121
  prerelease: false
108
122
  version_requirements: !ruby/object:Gem::Requirement
109
123
  requirements:
110
- - - '>='
124
+ - - ">="
111
125
  - !ruby/object:Gem::Version
112
126
  version: '0'
113
127
  description: Access controls for project hydra
@@ -117,7 +131,7 @@ executables: []
117
131
  extensions: []
118
132
  extra_rdoc_files: []
119
133
  files:
120
- - .rspec
134
+ - ".rspec"
121
135
  - README.textile
122
136
  - Rakefile
123
137
  - app/models/ability.rb
@@ -130,11 +144,11 @@ files:
130
144
  - config/fedora.yml
131
145
  - config/solr.yml
132
146
  - hydra-access-controls.gemspec
147
+ - lib/active_fedora/accessible_by.rb
133
148
  - lib/hydra-access-controls.rb
134
149
  - lib/hydra/ability.rb
135
150
  - lib/hydra/access_controls/permission.rb
136
151
  - lib/hydra/access_controls_enforcement.rb
137
- - lib/hydra/access_controls_evaluation.rb
138
152
  - lib/hydra/admin_policy.rb
139
153
  - lib/hydra/config.rb
140
154
  - lib/hydra/datastream.rb
@@ -159,11 +173,13 @@ files:
159
173
  - spec/unit/ability_spec.rb
160
174
  - spec/unit/access_controls_enforcement_spec.rb
161
175
  - spec/unit/access_right_spec.rb
176
+ - spec/unit/accessible_by_spec.rb
162
177
  - spec/unit/admin_policy_spec.rb
163
178
  - spec/unit/config_spec.rb
164
179
  - spec/unit/hydra_rights_metadata_persistence_spec.rb
165
180
  - spec/unit/hydra_rights_metadata_spec.rb
166
181
  - spec/unit/inheritable_rights_metadata_spec.rb
182
+ - spec/unit/permission_spec.rb
167
183
  - spec/unit/permissions_spec.rb
168
184
  - spec/unit/policy_aware_ability_spec.rb
169
185
  - spec/unit/policy_aware_access_controls_enforcement_spec.rb
@@ -181,17 +197,17 @@ require_paths:
181
197
  - lib
182
198
  required_ruby_version: !ruby/object:Gem::Requirement
183
199
  requirements:
184
- - - '>='
200
+ - - ">="
185
201
  - !ruby/object:Gem::Version
186
202
  version: 1.9.3
187
203
  required_rubygems_version: !ruby/object:Gem::Requirement
188
204
  requirements:
189
- - - '>'
205
+ - - ">"
190
206
  - !ruby/object:Gem::Version
191
207
  version: 1.3.1
192
208
  requirements: []
193
209
  rubyforge_project:
194
- rubygems_version: 2.1.11
210
+ rubygems_version: 2.2.2
195
211
  signing_key:
196
212
  specification_version: 4
197
213
  summary: Access controls for project hydra
@@ -208,11 +224,13 @@ test_files:
208
224
  - spec/unit/ability_spec.rb
209
225
  - spec/unit/access_controls_enforcement_spec.rb
210
226
  - spec/unit/access_right_spec.rb
227
+ - spec/unit/accessible_by_spec.rb
211
228
  - spec/unit/admin_policy_spec.rb
212
229
  - spec/unit/config_spec.rb
213
230
  - spec/unit/hydra_rights_metadata_persistence_spec.rb
214
231
  - spec/unit/hydra_rights_metadata_spec.rb
215
232
  - spec/unit/inheritable_rights_metadata_spec.rb
233
+ - spec/unit/permission_spec.rb
216
234
  - spec/unit/permissions_spec.rb
217
235
  - spec/unit/policy_aware_ability_spec.rb
218
236
  - spec/unit/policy_aware_access_controls_enforcement_spec.rb
@@ -1,38 +0,0 @@
1
- # will move to lib/hydra/access_control folder/namespace in release 5.x
2
- # Provides methods for determining permissions
3
- # If you include this into a Controller, it will also make a number of these methods available as view helpers.
4
- module Hydra::AccessControlsEvaluation
5
-
6
- def self.included(klass)
7
- if klass.respond_to?(:helper_method)
8
- klass.helper_method(:editor?)
9
- klass.helper_method(:reader?)
10
- klass.helper_method(:test_permission?)
11
- end
12
- end
13
-
14
- # Test the current user's permissions. This method is used by the editor? and reader? methods
15
- # @param [Symbol] permission_type valid options: :edit, :read
16
- # This is available as a view helper method as well as within your controllers.
17
- # @example
18
- # test_permission(:edit)
19
- def test_permission(permission_type)
20
- ActiveSupport::Deprecation.warn("test_permission has been deprecated. Use can? instead")
21
- can? permission_type, @permissions_solr_document
22
- end
23
-
24
- # Test whether the the current user has edit permissions.
25
- # This is available as a view helper method as well as within your controllers.
26
- def editor?
27
- logger.warn("editor? has been deprecated. Use can? instead")
28
- can? :edit, @permissions_solr_document
29
- end
30
-
31
- # Test whether the the current user has read permissions.
32
- # This is available as a view helper method as well as within your controllers.
33
- def reader?
34
- logger.warn("reader? has been deprecated. Use can? instead")
35
- can? :read, @permissions_solr_document
36
- end
37
-
38
- end