hydra-access-controls 8.2.0 → 9.0.0.beta1

data/app/models/hydra/access_controls/lease.rb

@@ -0,0 +1,66 @@
+module Hydra::AccessControls
+  class Lease < ActiveFedora::Base
+    property :visibility_during_lease, predicate: Hydra::ACL.visibilityDuringLease
+    property :visibility_after_lease, predicate: Hydra::ACL.visibilityAfterLease
+    property :lease_expiration_date, predicate: Hydra::ACL.leaseExpirationDate
+    property :lease_history, predicate: Hydra::ACL.leaseHistory
+
+    # Hack until ActiveFedora supports activeTriples 0.3.0 (then we can just use super)
+    def visibility_during_lease_with_first
+      visibility_during_lease_without_first.first
+    end
+    alias_method_chain :visibility_during_lease, :first
+
+    # Hack until ActiveFedora supports activeTriples 0.3.0 (then we can just use super)
+    def visibility_after_lease_with_first
+      visibility_after_lease_without_first.first
+    end
+    alias_method_chain :visibility_after_lease, :first
+
+    # Hack until ActiveFedora supports activeTriples 0.3.0 (then we can just use super)
+    def lease_expiration_date_with_first
+      lease_expiration_date_without_first.first
+    end
+    alias_method_chain :lease_expiration_date, :first
+
+    # Hack until ActiveFedora supports activeTriples 0.3.0 (then we can just use super)
+    def lease_expiration_date_with_casting=(date)
+      date = DateTime.parse(date) if date && date.kind_of?(String)
+      self.lease_expiration_date_without_casting = date
+    end
+    alias_method_chain :lease_expiration_date=, :casting
+
+    def active?
+      lease_expiration_date.present? && Date.today < lease_expiration_date
+    end
+
+    def deactivate!
+      return unless lease_expiration_date
+      lease_state = active? ? "active" : "expired"
+      lease_record = lease_history_message(lease_state, Date.today, lease_expiration_date, visibility_during_lease, visibility_after_lease)
+      self.lease_expiration_date = nil
+      self.visibility_during_lease = nil
+      self.visibility_after_lease = nil
+      self.lease_history += [lease_record]
+    end
+
+    def to_hash
+      {}.tap do |doc|
+        date_field_name = Hydra.config.permissions.lease.expiration_date.sub(/_dtsi/, '')
+        Solrizer.insert_field(doc, date_field_name, lease_expiration_date, :stored_sortable)
+
+        doc[::Solrizer.solr_name("visibility_during_lease", :symbol)] = visibility_during_lease unless visibility_during_lease.nil?
+        doc[::Solrizer.solr_name("visibility_after_lease", :symbol)] = visibility_after_lease unless visibility_after_lease.nil?
+        doc[::Solrizer.solr_name("lease_history", :symbol)] = lease_history unless lease_history.nil?
+      end
+    end
+
+    protected
+      # Create the log message used when deactivating a lease
+      # This method may be overriden in order to transform the values of the passed parameters.
+      def lease_history_message(state, deactivate_date, expiration_date, visibility_during, visibility_after)
+        I18n.t 'hydra.lease.history_message', state: state, deactivate_date: deactivate_date, expiration_date: expiration_date,
+          visibility_during: visibility_during, visibility_after: visibility_after
+      end
+  end
+end

data/app/models/hydra/access_controls/permission.rb

@@ -0,0 +1,85 @@
+module Hydra::AccessControls
+  AGENT_URL_PREFIX = "http://projecthydra.org/ns/auth/".freeze
+  GROUP_AGENT_URL_PREFIX = "http://projecthydra.org/ns/auth/group".freeze
+  PERSON_AGENT_URL_PREFIX = 'http://projecthydra.org/ns/auth/person'.freeze
+  class Permission < AccessControlList
+    def initialize(args)
+      super()
+      build_agent(args[:name], args[:type].to_s)
+      build_access(args[:access])
+    end
+
+    def to_hash
+      { name: agent_name, type: type, access: access }
+    end
+
+    def inspect
+      agent_value = agent.first.rdf_subject.to_s.inspect if agent.first
+      mode_value = mode.first.rdf_subject.to_s.inspect if mode.first
+      "<#{self.class.name} id: #{id} agent: #{agent_value} mode: #{mode_value} access_to: #{access_to_id.inspect}>"
+    end
+
+    def == other
+      other.is_a?(Permission) && id == other.id && self.access_to_id == other.access_to_id &&
+        self.agent.first.rdf_subject == other.agent.first.rdf_subject && self.mode.first.rdf_subject == other.mode.first.rdf_subject
+    end
+
+    def attributes=(attributes)
+      attrs = attributes.dup
+      name = attrs.delete(:name)
+      type = attrs.delete(:type)
+      build_agent(name, type) if name && type
+      access = attrs.delete(:access)
+      build_access(access) if access
+      super(attrs)
+    end
+
+    def agent_name
+      parsed_agent.last
+    end
+
+    def access
+      @access ||= mode.first.rdf_subject.to_s.split('#').last.downcase.sub('write', 'edit')
+    end
+
+    def type
+      parsed_agent.first
+    end
+
+    protected
+
+      def parsed_agent
+        @parsed_agent ||= agent.first.rdf_subject.to_s.sub(AGENT_URL_PREFIX, '').split('#')
+      end
+
+      def build_agent(name, type)
+        raise "Can't build agent #{inspect}" unless name && type
+        self.agent = case type
+                     when "group"
+                       Agent.new(::RDF::URI.new("#{GROUP_AGENT_URL_PREFIX}##{name}"))
+                     when "person"
+                       Agent.new(::RDF::URI.new("#{PERSON_AGENT_URL_PREFIX}##{name}"))
+                     when "user"
+                       Deprecation.warn Permission, "Passing \"user\" as the type to Permission is deprecated. Use \"person\" instead. This will be an error in ActiveFedora 9."
+                       Agent.new(::RDF::URI.new("#{PERSON_AGENT_URL_PREFIX}##{name}"))
+                     else
+                       raise ArgumentError, "Unknown agent type #{type.inspect}"
+                     end
+      end
+
+      def build_access(access)
+        raise "Can't build access #{inspect}" unless access
+        self.mode = case access
+                    when "read"
+                      Mode.new(::ACL.Read)
+                    when "edit"
+                      Mode.new(::ACL.Write)
+                    when "discover"
+                      Mode.new(Hydra::ACL.Discover)
+                    else
+                      raise ArgumentError, "Unknown access #{access.inspect}"
+                    end
+      end
+
+  end
+end

data/app/vocabularies/acl.rb

@@ -0,0 +1,12 @@
+class ACL < RDF::StrictVocabulary('http://www.w3.org/ns/auth/acl#')
+  property :accessTo
+  property :mode
+  property :agent
+  property :agentClass
+
+  property :Agent
+  property :Read
+  property :Write
+  property :Append
+  property :Control
+end

data/app/vocabularies/hydra/acl.rb

@@ -0,0 +1,20 @@
+module Hydra
+  class ACL < RDF::StrictVocabulary('http://projecthydra.org/ns/auth/acl#')
+    property :Discover # extends http://www.w3.org/ns/auth/acl#Access
+
+    property :hasEmbargo
+    property :hasLease
+
+    property :visibilityDuringEmbargo
+    property :visibilityAfterEmbargo
+    property :embargoReleaseDate
+    property :visibilityDuringLease
+    property :visibilityAfterLease
+    property :leaseExpirationDate
+
+    property :embargoHistory
+    property :leaseHistory
+
+    property :defaultPermissions
+  end
+end

data/config/fedora.yml

@@ -1,8 +1,10 @@
 development:
   user: fedoraAdmin
   password: fedoraAdmin
-  url: http://127.0.0.1:<%= ENV['TEST_JETTY_PORT'] || 8983 %>/fedora
+  url: http://localhost:8983/fedora/rest
+  base_path: /dev
 test:
   user: fedoraAdmin
   password: fedoraAdmin
-  url: http://127.0.0.1:<%= ENV['TEST_JETTY_PORT'] || 8983 %>/fedora-test
+  url: http://localhost:8983/fedora/rest
+  base_path: /test

data/hydra-access-controls.gemspec

@@ -16,14 +16,13 @@ Gem::Specification.new do |gem|
   gem.version       = version
   gem.license       = "APACHE2"
 
-  gem.required_ruby_version = '>= 2.0.0'
+  gem.required_ruby_version = '>= 1.9.3'
 
-  gem.add_dependency 'activesupport', '~> 4.0'
-  gem.add_dependency "active-fedora", '~> 8.0'
-  gem.add_dependency "om", '~> 3.0', '>= 3.0.7'
-  gem.add_dependency 'cancancan', '~> 1.8'
-  gem.add_dependency 'deprecation', '~> 0.1'
-  gem.add_dependency "blacklight", '~> 5.10'
+  gem.add_dependency 'activesupport'
+  gem.add_dependency "active-fedora", '~> 9.0.0.beta3'
+  gem.add_dependency 'cancancan'
+  gem.add_dependency 'deprecation'
+  gem.add_dependency "blacklight", '~> 5.3'
 
   # sass-rails is typically generated into the app's gemfile by `rails new`
   # In rails 3 it's put into the "assets" group and thus not available to the

data/lib/hydra/ability.rb

@@ -3,15 +3,15 @@ require 'cancan'
 module Hydra
   module Ability
     extend ActiveSupport::Concern
-    
+
     # once you include Hydra::Ability you can add custom permission methods by appending to ability_logic like so:
     #
     # self.ability_logic +=[:setup_my_permissions]
-    
+
     included do
       include CanCan::Ability
       include Hydra::PermissionsQuery
-      include Blacklight::SearchHelper
+      include Blacklight::SolrHelper
       class_attribute :ability_logic
       self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :download_permissions, :custom_permissions]
     end
@@ -33,7 +33,7 @@ module Hydra
     ## You can override this method if you are using a different AuthZ (such as LDAP)
     def user_groups
       return @user_groups if @user_groups
-      
+
       @user_groups = default_user_groups
       @user_groups |= current_user.groups if current_user and current_user.respond_to? :groups
       @user_groups |= ['registered'] unless current_user.new_record?
@@ -44,7 +44,7 @@ module Hydra
       # # everyone is automatically a member of the group 'public'
       ['public']
     end
-    
+
 
     def hydra_default_permissions
       Rails.logger.debug("Usergroups are " + user_groups.inspect)
@@ -58,65 +58,67 @@ module Hydra
     end
 
     def edit_permissions
-      can [:edit, :update, :destroy], String do |pid|
-        test_edit(pid)
-      end 
+      can [:edit, :update, :destroy], String do |id|
+        test_edit(id)
+      end
 
       can [:edit, :update, :destroy], ActiveFedora::Base do |obj|
-        test_edit(obj.pid)
+        test_edit(obj.id)
       end
-   
+
       can [:edit, :update, :destroy], SolrDocument do |obj|
         cache.put(obj.id, obj)
         test_edit(obj.id)
-      end       
+      end
     end
 
     def read_permissions
-      can :read, String do |pid|
-        test_read(pid)
+      can :read, String do |id|
+        test_read(id)
       end
 
       can :read, ActiveFedora::Base do |obj|
-        test_read(obj.pid)
-      end 
-      
+        test_read(obj.id)
+      end
+
       can :read, SolrDocument do |obj|
         cache.put(obj.id, obj)
         test_read(obj.id)
-      end 
+      end
     end
 
     # Download permissions are exercised in Hydra::Controller::DownloadBehavior
     def download_permissions
-      can :download, ActiveFedora::Datastream do |ds|
-        can? :read, ds.pid # i.e, can download ds if can read object
+      can :download, ActiveFedora::File do |file|
+        parent_uri = file.uri.sub(/\/[^\/]*$/, '')
+        parent_id = ActiveFedora::Base.uri_to_id(parent_uri)
+        can? :read, parent_id # i.e, can download if can read parent resource
       end
     end
 
     ## Override custom permissions in your own app to add more permissions beyond what is defined by default.
     def custom_permissions
     end
-    
+
     protected
 
-    def test_edit(pid)
+    def test_edit(id)
       Rails.logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
-      group_intersection = user_groups & edit_groups(pid)
-      result = !group_intersection.empty? || edit_users(pid).include?(current_user.user_key)
+      group_intersection = user_groups & edit_groups(id)
+      result = !group_intersection.empty? || edit_users(id).include?(current_user.user_key)
       Rails.logger.debug("[CANCAN] decision: #{result}")
       result
-    end   
-    
-    def test_read(pid)
+    end
+
+    def test_read(id)
       Rails.logger.debug("[CANCAN] Checking read permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
-      group_intersection = user_groups & read_groups(pid)
-      result = !group_intersection.empty? || read_users(pid).include?(current_user.user_key)
+      group_intersection = user_groups & read_groups(id)
+      result = !group_intersection.empty? || read_users(id).include?(current_user.user_key)
       result
-    end 
-    
-    def edit_groups(pid)
-      doc = permissions_doc(pid)
+    end
+
+    def edit_groups(id)
+      doc = permissions_doc(id)
       return [] if doc.nil?
       eg = doc[self.class.edit_group_field] || []
       Rails.logger.debug("[CANCAN] edit_groups: #{eg.inspect}")
@@ -124,16 +126,16 @@ module Hydra
     end
 
     # edit implies read, so read_groups is the union of edit and read groups
-    def read_groups(pid)
-      doc = permissions_doc(pid)
+    def read_groups(id)
+      doc = permissions_doc(id)
       return [] if doc.nil?
-      rg = edit_groups(pid) | (doc[self.class.read_group_field] || [])
+      rg = edit_groups(id) | (doc[self.class.read_group_field] || [])
       Rails.logger.debug("[CANCAN] read_groups: #{rg.inspect}")
       return rg
     end
 
-    def edit_users(pid)
-      doc = permissions_doc(pid)
+    def edit_users(id)
+      doc = permissions_doc(id)
       return [] if doc.nil?
       ep = doc[self.class.edit_user_field] ||  []
       Rails.logger.debug("[CANCAN] edit_users: #{ep.inspect}")
@@ -141,24 +143,24 @@ module Hydra
     end
 
     # edit implies read, so read_users is the union of edit and read users
-    def read_users(pid)
-      doc = permissions_doc(pid)
+    def read_users(id)
+      doc = permissions_doc(id)
       return [] if doc.nil?
-      rp = edit_users(pid) | (doc[self.class.read_user_field] || [])
+      rp = edit_users(id) | (doc[self.class.read_user_field] || [])
       Rails.logger.debug("[CANCAN] read_users: #{rp.inspect}")
       return rp
     end
 
     module ClassMethods
-      def read_group_field 
+      def read_group_field
         Hydra.config.permissions.read.group
       end
 
-      def edit_user_field 
+      def edit_user_field
         Hydra.config.permissions.edit.individual
       end
 
-      def read_user_field 
+      def read_user_field
         Hydra.config.permissions.read.individual
       end
 

data/lib/hydra/access_controls_enforcement.rb

@@ -1,8 +1,7 @@
 module Hydra::AccessControlsEnforcement
   extend ActiveSupport::Concern
 
-  included do |klass|
-    attr_writer :current_ability
+  included do
     class_attribute :solr_access_filters_logic
 
     # Set defaults. Each symbol identifies a _method_ that must be in
@@ -15,15 +14,11 @@ module Hydra::AccessControlsEnforcement
 
   end
 
-  def current_ability
-    @current_ability || raise("current_ability has not been set on #{self}")
-  end
-  
   protected
 
   def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
     user_access_filters = []
-    
+
     # Grant access based on user id & group
     solr_access_filters_logic.each do |method_name|
       user_access_filters += send(method_name, permission_types, ability)
@@ -33,8 +28,8 @@ module Hydra::AccessControlsEnforcement
 
   def under_embargo?
     load_permissions_from_solr
-    embargo_key = ActiveFedora::SolrService.solr_name("embargo_release_date", Hydra::Datastream::RightsMetadata.date_indexer)
-    if @permissions_solr_document[embargo_key] 
+    embargo_key = Hydra.config.permissions.embargo.release_date
+    if @permissions_solr_document[embargo_key]
       embargo_date = Date.parse(@permissions_solr_document[embargo_key].split(/T/)[0])
       return embargo_date > Date.parse(Time.now.to_s)
     end
@@ -44,7 +39,7 @@ module Hydra::AccessControlsEnforcement
   #
   # Action-specific enforcement
   #
-  
+
   # Controller "before" filter for enforcing access controls on show actions
   # @param [Hash] opts (optional, not currently used)
   def enforce_show_permissions(opts={})
@@ -52,28 +47,30 @@ module Hydra::AccessControlsEnforcement
     if permissions.under_embargo? && !can?(:edit, permissions)
       raise Hydra::AccessDenied.new("This item is under embargo.  You do not have sufficient access privileges to read this document.", :edit, params[:id])
     end
-    unless can? :read, permissions 
+    unless can? :read, permissions
       raise Hydra::AccessDenied.new("You do not have sufficient access privileges to read this document, which has been marked private.", :read, params[:id])
     end
   end
-  
+
   # Solr query modifications
   #
-  
-  # Set solr_parameters to enforce appropriate permissions 
+
+  # Set solr_parameters to enforce appropriate permissions
   # * Applies a lucene query to the solr :q parameter for gated discovery
   # * Uses public_qt search handler if user does not have "read" permissions
   # @param solr_parameters the current solr parameters
+  # @param user_parameters the current user-subitted parameters
   #
-  # @example This method should be added to your CatalogController's search_params_logic
-  #   class CatalogController < ApplicationController 
-  #     CatalogController.search_params_logic += [:add_access_controls_to_solr_params]
+  # @example This method should be added to your Catalog Controller's solr_search_params_logic
+  #   class CatalogController < ApplicationController
+  #     include Hydra::Controller::ControllerBehavior
+  #     CatalogController.solr_search_params_logic << :add_access_controls_to_solr_params
   #   end
-  def add_access_controls_to_solr_params(solr_parameters)
-    apply_gated_discovery(solr_parameters)
+  def add_access_controls_to_solr_params(solr_parameters, user_parameters)
+    apply_gated_discovery(solr_parameters, user_parameters)
   end
 
-  
+
   # Which permission levels (logical OR) will grant you the ability to discover documents in a search.
 
   # Override this method if you want it to be something other than the default
@@ -86,19 +83,20 @@ module Hydra::AccessControlsEnforcement
 
   # Contrller before filter that sets up access-controlled lucene query in order to provide gated discovery behavior
   # @param solr_parameters the current solr parameters
-  def apply_gated_discovery(solr_parameters)
+  # @param user_parameters the current user-subitted parameters
+  def apply_gated_discovery(solr_parameters, user_parameters)
     solr_parameters[:fq] ||= []
     solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
-    Rails.logger.debug("Solr parameters: #{ solr_parameters.inspect }")
+    logger.debug("Solr parameters: #{ solr_parameters.inspect }")
   end
 
-  
+
   def apply_group_permissions(permission_types, ability = current_ability)
       # for groups
       user_access_filters = []
       ability.user_groups.each_with_index do |group, i|
         permission_types.each do |type|
-          user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer), group)
+          user_access_filters << escape_filter(Hydra.config.permissions[type.to_sym].group, group)
         end
       end
       user_access_filters
@@ -114,7 +112,7 @@ module Hydra::AccessControlsEnforcement
       user = ability.current_user
       if user && user.user_key.present?
         permission_types.each do |type|
-          user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer), user.user_key)
+          user_access_filters << escape_filter(Hydra.config.permissions[type.to_sym].individual, user.user_key)
         end
       end
       user_access_filters

data/lib/hydra/admin_policy.rb

@@ -1,15 +1,38 @@
-class Hydra::AdminPolicy < ActiveFedora::Base
-  
-  include Hydra::AdminPolicyBehavior
-  include Hydra::AccessControls::Permissions 
+module Hydra
+  class AdminPolicy < ActiveFedora::Base
 
-  has_metadata 'descMetadata', type: ActiveFedora::QualifiedDublinCoreDatastream do |m|
-    m.title :type=> :text, :index_as=>[:searchable]    
-  end
+    include Hydra::AdminPolicyBehavior
+    include Hydra::AccessControls::Permissions
+
+    property :title, predicate: ::RDF::DC.title do |index|
+      index.as :stored_searchable
+    end
+    property :description, predicate: ::RDF::DC.description do |index|
+      index.as :searchable
+    end
+
+    # Hack until ActiveFedora supports activeTriples 0.3.0 (then we can just use super)
+    def description_with_first
+      description_without_first.first
+    end
+    alias_method_chain :description, :first
 
-  has_attributes :title, :description, datastream: 'descMetadata', multiple: false
-  has_attributes :license_title, datastream: 'rightsMetadata', at: [:license, :title], multiple: false
-  has_attributes :license_description, datastream: 'rightsMetadata', at: [:license, :description], multiple: false
-  has_attributes :license_url, datastream: 'rightsMetadata', at: [:license, :url], multiple: false
+    # Hack until ActiveFedora supports activeTriples 0.3.0 (then we can just use super)
+    def title_with_first
+      title_without_first.first
+    end
+    alias_method_chain :title, :first
 
+    def license_title=(_)
+      Deprecation.warn AdminPolicy, "license_title= has been remove from AdminPolicy. Look at Hydra::Rights instead"
+    end
+
+    def license_description=(_)
+      Deprecation.warn AdminPolicy, "license_title= has been remove from AdminPolicy. Look at Hydra::Rights instead"
+    end
+
+    def license_url=(_)
+      Deprecation.warn AdminPolicy, "license_title= has been remove from AdminPolicy. Look at Hydra::Rights instead"
+    end
+  end
 end

data/lib/hydra/config.rb

@@ -47,11 +47,6 @@ module Hydra
         @lease = LeaseConfig.new({}, prefix: prefix)
       end
 
-      def embargo_release_date
-        Deprecation.warn PermissionsConfig, "embargo_release_date is deprecated, use embargo.release_date instead"
-        embargo.release_date
-      end
-
       def merge! values
         values.each {|k, v| self[k] = v }
       end
@@ -62,9 +57,6 @@ module Hydra
             self.assign_value key, value
           when :inheritable
             inheritable.merge! value
-          when :embargo_release_date
-            Deprecation.warn PermissionsConfig, "[:embargo_release_date]= is deprecated, use embargo.release_date= instead"
-            embargo.release_date = value
           when :policy_class
             self.policy_class = value
           when :owner
@@ -80,9 +72,6 @@ module Hydra
             @values[key]
           when :inheritable
             inheritable
-          when :embargo_release_date
-            Deprecation.warn PermissionsConfig, "[:embargo_release_date] is deprecated, use embargo.release_date= instead"
-            embargo.release_date
           when :policy_class
             @policy_class
           else
@@ -118,7 +107,7 @@ module Hydra
         assign_value :edit, val
       end
 
-      protected 
+      protected
 
       def prefix
       end
@@ -128,7 +117,7 @@ module Hydra
       end
 
       def solr_name(*args)
-        ActiveFedora::SolrService.solr_name(*args)
+        ActiveFedora::SolrQueryBuilder.solr_name(*args)
       end
 
       class EmbargoConfig
@@ -141,7 +130,7 @@ module Hydra
         end
 
         def solr_name(*args)
-          ActiveFedora::SolrService.solr_name(*args)
+          ActiveFedora::SolrQueryBuilder.solr_name(*args)
         end
       end
 
@@ -155,7 +144,7 @@ module Hydra
         end
 
         def solr_name(*args)
-          ActiveFedora::SolrService.solr_name(*args)
+          ActiveFedora::SolrQueryBuilder.solr_name(*args)
         end
       end
 

data/lib/hydra/permissions_query.rb

@@ -32,8 +32,8 @@ module Hydra
     #
     #  Solr integration
     #
-    
-    # returns a params hash with the permissions info for a single solr document 
+
+    # returns a params hash with the permissions info for a single solr document
     # If the id arg is nil, then the value is fetched from params[:id]
     # This method is primary called by the get_permissions_solr_response_for_doc_id method.
     # Modeled on Blacklight::SolrHelper.solr_doc_params

data/lib/hydra/permissions_solr_document.rb

@@ -1,13 +1,11 @@
 class Hydra::PermissionsSolrDocument < SolrDocument
-
   def under_embargo?
-    embargo_key = ActiveFedora::SolrService.solr_name("embargo_release_date", Hydra::Datastream::RightsMetadata.date_indexer)
-    if self[embargo_key] 
+    #permissions = permissions_doc(params[:id])
+    embargo_key = Hydra.config.permissions.embargo.release_date
+    if self[embargo_key]
       embargo_date = Date.parse(self[embargo_key].split(/T/)[0])
       return embargo_date > Date.parse(Time.now.to_s)
     end
     false
-  end  
-
+  end
 end
-