hydra-access-controls 7.0.0.rc1 → 7.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/hydra-access-controls.gemspec +3 -3
- data/lib/hydra/access_controls_enforcement.rb +0 -8
- data/lib/hydra/role_mapper_behavior.rb +32 -10
- data/spec/spec_helper.rb +0 -1
- data/spec/support/config/role_map.yml +15 -0
- data/spec/unit/access_controls_enforcement_spec.rb +0 -13
- metadata +10 -12
- data/spec/support/blacklight.rb +0 -7
- data/spec/support/config/role_map_test.yml +0 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eca7a77f8cb4ea32d7c4915e35a9da69cb3e109b
|
|
4
|
+
data.tar.gz: 27f3c6ae86554fffe20aa0befd33b5850cfb5391
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 16d9138368be86ed0307539b68f935d3dfb9533c050e78a13b2c8f90f9eb29f16e04bd3d33d01e29b3265648f5ef8959cd398bb1fa134d59f281d543fef308e9
|
|
7
|
+
data.tar.gz: a86f237e7f52ad1e88187ebb463db7e6c4daaf77f43421f7f8113a3fed8eb20e50cf6984a9fe2d2eba64e1e6a0621903130081aa0d9bde66dec1be181a312814
|
|
@@ -19,14 +19,14 @@ Gem::Specification.new do |gem|
|
|
|
19
19
|
gem.required_ruby_version = '>= 1.9.3'
|
|
20
20
|
|
|
21
21
|
gem.add_dependency 'activesupport'
|
|
22
|
-
gem.add_dependency "active-fedora", '~> 7.0.0
|
|
22
|
+
gem.add_dependency "active-fedora", '~> 7.0.0'
|
|
23
23
|
gem.add_dependency 'cancancan'
|
|
24
24
|
gem.add_dependency 'deprecation'
|
|
25
|
-
gem.add_dependency "blacklight", '~> 5.
|
|
25
|
+
gem.add_dependency "blacklight", '~> 5.3'
|
|
26
26
|
|
|
27
27
|
# sass-rails is typically generated into the app's gemfile by `rails new`
|
|
28
28
|
# In rails 3 it's put into the "assets" group and thus not available to the
|
|
29
|
-
# app. Blacklight 5.
|
|
29
|
+
# app. Blacklight 5.3 requires bootstrap-sass which requires (but does not
|
|
30
30
|
# declare a dependency on) sass-rails
|
|
31
31
|
gem.add_dependency 'sass-rails'
|
|
32
32
|
|
|
@@ -130,12 +130,4 @@ module Hydra::AccessControlsEnforcement
|
|
|
130
130
|
def apply_superuser_permissions(permission_types, ability = current_ability)
|
|
131
131
|
[]
|
|
132
132
|
end
|
|
133
|
-
|
|
134
|
-
# This filters out objects that you want to exclude from search results. By default it only excludes FileAssets
|
|
135
|
-
# @param solr_parameters the current solr parameters
|
|
136
|
-
# @param user_parameters the current user-subitted parameters
|
|
137
|
-
def exclude_unwanted_models(solr_parameters, user_parameters)
|
|
138
|
-
solr_parameters[:fq] ||= []
|
|
139
|
-
solr_parameters[:fq] << "-#{ActiveFedora::SolrService.solr_name("has_model", :symbol)}:\"info:fedora/afmodel:FileAsset\""
|
|
140
|
-
end
|
|
141
133
|
end
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
# this code will be moved/renamed to Hydra::AccessControl::RoleMapperBehavior (with the appropriate namespace changes) in Hydra 5.0
|
|
2
|
-
require 'yaml'
|
|
3
1
|
module Hydra::RoleMapperBehavior
|
|
4
2
|
extend ActiveSupport::Concern
|
|
5
3
|
|
|
@@ -25,23 +23,47 @@ module Hydra::RoleMapperBehavior
|
|
|
25
23
|
end
|
|
26
24
|
|
|
27
25
|
def whois(r)
|
|
28
|
-
map[r]||[]
|
|
26
|
+
map[r] || []
|
|
29
27
|
end
|
|
30
28
|
|
|
31
29
|
def map
|
|
32
|
-
@map ||=
|
|
30
|
+
@map ||= load_role_map
|
|
33
31
|
end
|
|
34
32
|
|
|
35
33
|
|
|
36
34
|
def byname
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
@byname = map.inject(m) do|memo, (role,usernames)|
|
|
40
|
-
((usernames if usernames.respond_to?(:each)) || [usernames]).each { |x| memo[x]<<role}
|
|
41
|
-
memo
|
|
35
|
+
@byname ||= map.each_with_object(Hash.new{ |h,k| h[k] = [] }) do |(role, usernames), memo|
|
|
36
|
+
Array(usernames).each { |x| memo[x] << role}
|
|
42
37
|
end
|
|
43
38
|
end
|
|
44
|
-
|
|
39
|
+
|
|
40
|
+
private
|
|
41
|
+
def load_role_map
|
|
42
|
+
require 'erb'
|
|
43
|
+
require 'yaml'
|
|
44
|
+
|
|
45
|
+
filename = 'config/role_map.yml'
|
|
46
|
+
file = File.join(Rails.root, filename)
|
|
47
|
+
|
|
48
|
+
unless File.exists?(file)
|
|
49
|
+
raise "You are missing a role map configuration file: #{filename}. Have you run \"rails generate hydra:head\"?"
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
begin
|
|
53
|
+
erb = ERB.new(IO.read(file)).result(binding)
|
|
54
|
+
rescue
|
|
55
|
+
raise("#{file} was found, but could not be parsed with ERB. \n#{$!.inspect}")
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
begin
|
|
59
|
+
yml = YAML::load(erb)
|
|
60
|
+
rescue
|
|
61
|
+
raise("#{filename} was found, but could not be parsed.\n")
|
|
62
|
+
end
|
|
63
|
+
return yml[Rails.env] if yml.is_a? Hash
|
|
64
|
+
|
|
65
|
+
raise("#{filename} was found, but was blank or malformed.\n")
|
|
66
|
+
end
|
|
45
67
|
end
|
|
46
68
|
end
|
|
47
69
|
|
data/spec/spec_helper.rb
CHANGED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
test:
|
|
2
|
+
archivist:
|
|
3
|
+
- archivist1@example.com
|
|
4
|
+
- archivist2@example.com
|
|
5
|
+
- leland_himself@example.com
|
|
6
|
+
admin_policy_object_editor:
|
|
7
|
+
- archivist1@example.com
|
|
8
|
+
donor:
|
|
9
|
+
- donor1@example.com
|
|
10
|
+
- leland_himself@example.com
|
|
11
|
+
researcher:
|
|
12
|
+
- researcher1@example.com
|
|
13
|
+
patron:
|
|
14
|
+
- patron1@example.com
|
|
15
|
+
- leland_himself@example.com
|
|
@@ -155,19 +155,6 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
155
155
|
end
|
|
156
156
|
end
|
|
157
157
|
end
|
|
158
|
-
|
|
159
|
-
describe "exclude_unwanted_models" do
|
|
160
|
-
before(:each) do
|
|
161
|
-
stub_user = User.new :uid=>'archivist1@example.com'
|
|
162
|
-
subject.stub(:current_user).and_return(stub_user)
|
|
163
|
-
@solr_parameters = {}
|
|
164
|
-
@user_parameters = {}
|
|
165
|
-
end
|
|
166
|
-
it "should set solr query parameters to filter out FileAssets" do
|
|
167
|
-
subject.send(:exclude_unwanted_models, @solr_parameters, @user_parameters)
|
|
168
|
-
@solr_parameters[:fq].should include("-#{ActiveFedora::SolrService.solr_name("has_model", :symbol)}:\"info:fedora/afmodel:FileAsset\"")
|
|
169
|
-
end
|
|
170
|
-
end
|
|
171
158
|
|
|
172
159
|
describe "apply_user_permissions" do
|
|
173
160
|
describe "when the user is a guest user (user key nil)" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0.0
|
|
4
|
+
version: 7.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2014-03-
|
|
13
|
+
date: 2014-03-31 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -32,14 +32,14 @@ dependencies:
|
|
|
32
32
|
requirements:
|
|
33
33
|
- - "~>"
|
|
34
34
|
- !ruby/object:Gem::Version
|
|
35
|
-
version: 7.0.0
|
|
35
|
+
version: 7.0.0
|
|
36
36
|
type: :runtime
|
|
37
37
|
prerelease: false
|
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
|
39
39
|
requirements:
|
|
40
40
|
- - "~>"
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
|
-
version: 7.0.0
|
|
42
|
+
version: 7.0.0
|
|
43
43
|
- !ruby/object:Gem::Dependency
|
|
44
44
|
name: cancancan
|
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -74,14 +74,14 @@ dependencies:
|
|
|
74
74
|
requirements:
|
|
75
75
|
- - "~>"
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: '5.
|
|
77
|
+
version: '5.3'
|
|
78
78
|
type: :runtime
|
|
79
79
|
prerelease: false
|
|
80
80
|
version_requirements: !ruby/object:Gem::Requirement
|
|
81
81
|
requirements:
|
|
82
82
|
- - "~>"
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
|
-
version: '5.
|
|
84
|
+
version: '5.3'
|
|
85
85
|
- !ruby/object:Gem::Dependency
|
|
86
86
|
name: sass-rails
|
|
87
87
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -163,8 +163,7 @@ files:
|
|
|
163
163
|
- lib/hydra/user.rb
|
|
164
164
|
- spec/factories.rb
|
|
165
165
|
- spec/spec_helper.rb
|
|
166
|
-
- spec/support/
|
|
167
|
-
- spec/support/config/role_map_test.yml
|
|
166
|
+
- spec/support/config/role_map.yml
|
|
168
167
|
- spec/support/config/solr.yml
|
|
169
168
|
- spec/support/mods_asset.rb
|
|
170
169
|
- spec/support/rails.rb
|
|
@@ -202,9 +201,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
202
201
|
version: 1.9.3
|
|
203
202
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
204
203
|
requirements:
|
|
205
|
-
- - "
|
|
204
|
+
- - ">="
|
|
206
205
|
- !ruby/object:Gem::Version
|
|
207
|
-
version:
|
|
206
|
+
version: '0'
|
|
208
207
|
requirements: []
|
|
209
208
|
rubyforge_project:
|
|
210
209
|
rubygems_version: 2.2.2
|
|
@@ -214,8 +213,7 @@ summary: Access controls for project hydra
|
|
|
214
213
|
test_files:
|
|
215
214
|
- spec/factories.rb
|
|
216
215
|
- spec/spec_helper.rb
|
|
217
|
-
- spec/support/
|
|
218
|
-
- spec/support/config/role_map_test.yml
|
|
216
|
+
- spec/support/config/role_map.yml
|
|
219
217
|
- spec/support/config/solr.yml
|
|
220
218
|
- spec/support/mods_asset.rb
|
|
221
219
|
- spec/support/rails.rb
|
data/spec/support/blacklight.rb
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
archivist:
|
|
2
|
-
- archivist1@example.com
|
|
3
|
-
- archivist2@example.com
|
|
4
|
-
- leland_himself@example.com
|
|
5
|
-
admin_policy_object_editor:
|
|
6
|
-
- archivist1@example.com
|
|
7
|
-
donor:
|
|
8
|
-
- donor1@example.com
|
|
9
|
-
- leland_himself@example.com
|
|
10
|
-
researcher:
|
|
11
|
-
- researcher1@example.com
|
|
12
|
-
patron:
|
|
13
|
-
- patron1@example.com
|
|
14
|
-
- leland_himself@example.com
|