hydra-access-controls 8.2.0 → 9.0.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.textile +10 -10
- data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
- data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
- data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
- data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
- data/app/models/concerns/hydra/access_controls.rb +0 -1
- data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
- data/app/models/concerns/hydra/rights.rb +15 -0
- data/app/models/hydra/access_controls/access_control_list.rb +17 -0
- data/app/models/hydra/access_controls/embargo.rb +65 -0
- data/app/models/hydra/access_controls/lease.rb +66 -0
- data/app/models/hydra/access_controls/permission.rb +85 -0
- data/app/vocabularies/acl.rb +12 -0
- data/app/vocabularies/hydra/acl.rb +20 -0
- data/config/fedora.yml +4 -2
- data/hydra-access-controls.gemspec +6 -7
- data/lib/hydra/ability.rb +45 -43
- data/lib/hydra/access_controls_enforcement.rb +23 -25
- data/lib/hydra/admin_policy.rb +34 -11
- data/lib/hydra/config.rb +4 -15
- data/lib/hydra/permissions_query.rb +2 -2
- data/lib/hydra/permissions_solr_document.rb +4 -6
- data/lib/hydra/policy_aware_ability.rb +56 -53
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
- data/lib/hydra-access-controls.rb +1 -1
- data/spec/factories.rb +15 -15
- data/spec/services/embargo_service_spec.rb +6 -6
- data/spec/services/lease_service_spec.rb +6 -6
- data/spec/spec_helper.rb +20 -13
- data/spec/support/mods_asset.rb +3 -3
- data/spec/unit/ability_spec.rb +96 -121
- data/spec/unit/access_controls_enforcement_spec.rb +29 -27
- data/spec/unit/access_right_spec.rb +6 -1
- data/spec/unit/accessible_by_spec.rb +14 -5
- data/spec/unit/admin_policy_spec.rb +99 -92
- data/spec/unit/config_spec.rb +14 -15
- data/spec/unit/embargoable_spec.rb +26 -28
- data/spec/unit/permission_spec.rb +36 -16
- data/spec/unit/permissions_spec.rb +121 -65
- data/spec/unit/policy_aware_ability_spec.rb +64 -78
- data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
- data/spec/unit/role_mapper_spec.rb +10 -10
- data/spec/unit/with_access_right_spec.rb +1 -1
- metadata +29 -51
- data/lib/hydra/access_controls/permission.rb +0 -40
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
- data/lib/hydra/datastream/rights_metadata.rb +0 -276
- data/lib/hydra/datastream.rb +0 -7
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
- data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
|
@@ -1,83 +1,76 @@
|
|
|
1
1
|
# Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
|
|
2
2
|
module Hydra::PolicyAwareAbility
|
|
3
3
|
extend ActiveSupport::Concern
|
|
4
|
+
extend Deprecation
|
|
4
5
|
include Hydra::Ability
|
|
5
|
-
|
|
6
|
+
|
|
7
|
+
IS_GOVERNED_BY_SOLR_FIELD = "isGovernedBy_ssim".freeze
|
|
8
|
+
|
|
6
9
|
# Extends Hydra::Ability.test_edit to try policy controls if object-level controls deny access
|
|
7
10
|
def test_edit(pid)
|
|
8
|
-
|
|
9
|
-
if result
|
|
10
|
-
return result
|
|
11
|
-
else
|
|
12
|
-
return test_edit_from_policy(pid)
|
|
13
|
-
end
|
|
11
|
+
super || test_edit_from_policy(pid)
|
|
14
12
|
end
|
|
15
|
-
|
|
13
|
+
|
|
16
14
|
# Extends Hydra::Ability.test_read to try policy controls if object-level controls deny access
|
|
17
15
|
def test_read(pid)
|
|
18
|
-
|
|
19
|
-
if result
|
|
20
|
-
return result
|
|
21
|
-
else
|
|
22
|
-
return test_read_from_policy(pid)
|
|
23
|
-
end
|
|
16
|
+
super || test_read_from_policy(pid)
|
|
24
17
|
end
|
|
25
|
-
|
|
18
|
+
|
|
26
19
|
# Returns the pid of policy object (is_governed_by) for the specified object
|
|
27
|
-
# Assumes that the policy object is associated by an is_governed_by relationship
|
|
20
|
+
# Assumes that the policy object is associated by an is_governed_by relationship
|
|
28
21
|
# (which is stored as "is_governed_by_ssim" in object's solr document)
|
|
29
22
|
# Returns nil if no policy associated with the object
|
|
30
23
|
def policy_pid_for(object_pid)
|
|
31
24
|
policy_pid = policy_pid_cache[object_pid]
|
|
32
25
|
return policy_pid if policy_pid
|
|
33
|
-
solr_result = ActiveFedora::Base.find_with_conditions({:
|
|
26
|
+
solr_result = ActiveFedora::Base.find_with_conditions({id: object_pid}, fl: governed_by_solr_field)
|
|
34
27
|
begin
|
|
35
|
-
policy_pid_cache[object_pid] = policy_pid = value_from_solr_field(solr_result,
|
|
28
|
+
policy_pid_cache[object_pid] = policy_pid = value_from_solr_field(solr_result, governed_by_solr_field).first.gsub("info:fedora/", "")
|
|
36
29
|
rescue NoMethodError
|
|
37
30
|
end
|
|
38
31
|
return policy_pid
|
|
39
32
|
end
|
|
40
|
-
|
|
33
|
+
|
|
34
|
+
def governed_by_solr_field
|
|
35
|
+
# TODO the solr key could be derived if we knew the class of the object:
|
|
36
|
+
# ModsAsset.reflect_on_association(:admin_policy).solr_key
|
|
37
|
+
IS_GOVERNED_BY_SOLR_FIELD
|
|
38
|
+
end
|
|
39
|
+
|
|
41
40
|
# Returns the permissions solr document for policy_pid
|
|
42
41
|
# The document is stored in an instance variable, so calling this multiple times will only query solr once.
|
|
43
|
-
# To force reload, set @policy_permissions_solr_cache to {}
|
|
42
|
+
# To force reload, set @policy_permissions_solr_cache to {}
|
|
44
43
|
def policy_permissions_doc(policy_pid)
|
|
45
44
|
@policy_permissions_solr_cache ||= {}
|
|
46
45
|
@policy_permissions_solr_cache[policy_pid] ||= get_permissions_solr_response_for_doc_id(policy_pid)
|
|
47
46
|
end
|
|
48
|
-
|
|
47
|
+
|
|
49
48
|
# Tests whether the object's governing policy object grants edit access for the current user
|
|
50
49
|
def test_edit_from_policy(object_pid)
|
|
51
50
|
policy_pid = policy_pid_for(object_pid)
|
|
52
|
-
if policy_pid.nil?
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
|
|
51
|
+
return false if policy_pid.nil?
|
|
52
|
+
Rails.logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide EDIT permissions for #{current_user.user_key}?")
|
|
53
|
+
group_intersection = user_groups & edit_groups_from_policy( policy_pid )
|
|
54
|
+
result = !group_intersection.empty? || edit_users_from_policy( policy_pid ).include?(current_user.user_key)
|
|
55
|
+
Rails.logger.debug("[CANCAN] -policy- decision: #{result}")
|
|
56
|
+
result
|
|
57
|
+
end
|
|
58
|
+
|
|
63
59
|
# Tests whether the object's governing policy object grants read access for the current user
|
|
64
60
|
def test_read_from_policy(object_pid)
|
|
65
61
|
policy_pid = policy_pid_for(object_pid)
|
|
66
|
-
if policy_pid.nil?
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
end
|
|
75
|
-
end
|
|
76
|
-
|
|
62
|
+
return false if policy_pid.nil?
|
|
63
|
+
Rails.logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide READ permissions for #{current_user.user_key}?")
|
|
64
|
+
group_intersection = user_groups & read_groups_from_policy( policy_pid )
|
|
65
|
+
result = !group_intersection.empty? || read_users_from_policy( policy_pid ).include?(current_user.user_key)
|
|
66
|
+
Rails.logger.debug("[CANCAN] -policy- decision: #{result}")
|
|
67
|
+
result
|
|
68
|
+
end
|
|
69
|
+
|
|
77
70
|
# Returns the list of groups granted edit access by the policy object identified by policy_pid
|
|
78
71
|
def edit_groups_from_policy(policy_pid)
|
|
79
72
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
80
|
-
edit_group_field = Hydra.config
|
|
73
|
+
edit_group_field = Hydra.config.permissions.inheritable[:edit][:group]
|
|
81
74
|
eg = ((policy_permissions == nil || policy_permissions.fetch(edit_group_field,nil) == nil) ? [] : policy_permissions.fetch(edit_group_field,nil))
|
|
82
75
|
Rails.logger.debug("[CANCAN] -policy- edit_groups: #{eg.inspect}")
|
|
83
76
|
return eg
|
|
@@ -87,44 +80,54 @@ module Hydra::PolicyAwareAbility
|
|
|
87
80
|
# Note: edit implies read, so read_groups is the union of edit and read groups
|
|
88
81
|
def read_groups_from_policy(policy_pid)
|
|
89
82
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
90
|
-
read_group_field = Hydra.config
|
|
83
|
+
read_group_field = Hydra.config.permissions.inheritable[:read][:group]
|
|
91
84
|
rg = edit_groups_from_policy(policy_pid) | ((policy_permissions == nil || policy_permissions.fetch(read_group_field,nil) == nil) ? [] : policy_permissions.fetch(read_group_field,nil))
|
|
92
85
|
Rails.logger.debug("[CANCAN] -policy- read_groups: #{rg.inspect}")
|
|
93
86
|
return rg
|
|
94
87
|
end
|
|
95
88
|
|
|
89
|
+
def edit_persons_from_policy(policy_pid)
|
|
90
|
+
Deprecation.warn(Hydra::PolicyAwareAbility, "The edit_persons_from_policy method is deprecated and will be removed from Hydra::PolicyAwareAbility in hydra-head 8.0. Use edit_users_from_policy instead.", caller)
|
|
91
|
+
edit_users_from_policy(policy_pid)
|
|
92
|
+
end
|
|
93
|
+
|
|
96
94
|
# Returns the list of users granted edit access by the policy object identified by policy_pid
|
|
97
95
|
def edit_users_from_policy(policy_pid)
|
|
98
96
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
99
|
-
edit_user_field = Hydra.config
|
|
97
|
+
edit_user_field = Hydra.config.permissions.inheritable[:edit][:individual]
|
|
100
98
|
eu = ((policy_permissions == nil || policy_permissions.fetch(edit_user_field,nil) == nil) ? [] : policy_permissions.fetch(edit_user_field,nil))
|
|
101
99
|
Rails.logger.debug("[CANCAN] -policy- edit_users: #{eu.inspect}")
|
|
102
100
|
return eu
|
|
103
101
|
end
|
|
104
102
|
|
|
103
|
+
def read_persons_from_policy(policy_pid)
|
|
104
|
+
Deprecation.warn(Hydra::PolicyAwareAbility, "The read_persons_from_policy method is deprecated and will be removed from Hydra::PolicyAwareAbility in hydra-head 8.0. Use read_users_from_policy instead.", caller)
|
|
105
|
+
read_users_from_policy(policy_pid)
|
|
106
|
+
end
|
|
107
|
+
|
|
105
108
|
# Returns the list of users granted read access by the policy object identified by policy_pid
|
|
106
109
|
# Note: edit implies read, so read_users is the union of edit and read users
|
|
107
110
|
def read_users_from_policy(policy_pid)
|
|
108
111
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
109
|
-
read_user_field = Hydra.config
|
|
112
|
+
read_user_field = Hydra.config.permissions.inheritable[:read][:individual]
|
|
110
113
|
ru = edit_users_from_policy(policy_pid) | ((policy_permissions == nil || policy_permissions.fetch(read_user_field, nil) == nil) ? [] : policy_permissions.fetch(read_user_field, nil))
|
|
111
114
|
Rails.logger.debug("[CANCAN] -policy- read_users: #{ru.inspect}")
|
|
112
115
|
return ru
|
|
113
116
|
end
|
|
114
|
-
|
|
117
|
+
|
|
115
118
|
private
|
|
116
|
-
|
|
119
|
+
|
|
117
120
|
# Grabs the value of field_name from solr_result
|
|
118
121
|
# @example
|
|
119
|
-
# solr_result = Multiresimage.find_with_conditions({:id=>object_pid}, :fl=>'
|
|
120
|
-
# value_from_solr_field(solr_result, '
|
|
122
|
+
# solr_result = Multiresimage.find_with_conditions({:id=>object_pid}, :fl=>'is_governed_by_ssim')
|
|
123
|
+
# value_from_solr_field(solr_result, 'is_governed_by_ssim')
|
|
121
124
|
# => ["info:fedora/changeme:2278"]
|
|
122
125
|
def value_from_solr_field(solr_result, field_name)
|
|
123
126
|
field_from_result = solr_result.select {|x| x.has_key?(field_name)}.first
|
|
124
127
|
if field_from_result.nil?
|
|
125
|
-
|
|
128
|
+
nil
|
|
126
129
|
else
|
|
127
|
-
|
|
130
|
+
field_from_result[field_name]
|
|
128
131
|
end
|
|
129
132
|
end
|
|
130
133
|
|
|
@@ -1,22 +1,24 @@
|
|
|
1
1
|
# Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
|
|
2
2
|
module Hydra::PolicyAwareAccessControlsEnforcement
|
|
3
|
-
|
|
3
|
+
extend Deprecation
|
|
4
|
+
|
|
4
5
|
# Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access
|
|
5
6
|
# appends the result of policy_clauses into the :fq
|
|
6
7
|
# @param solr_parameters the current solr parameters
|
|
7
|
-
|
|
8
|
+
# @param user_parameters the current user-subitted parameters
|
|
9
|
+
def apply_gated_discovery(solr_parameters, user_parameters)
|
|
8
10
|
solr_parameters[:fq] ||= []
|
|
9
11
|
solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
|
|
10
12
|
logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }")
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
# returns solr query for finding all objects whose policies grant discover access to current_user
|
|
14
|
-
def policy_clauses
|
|
16
|
+
def policy_clauses
|
|
15
17
|
policy_pids = policies_with_access
|
|
16
18
|
return nil if policy_pids.empty?
|
|
17
|
-
'(' + policy_pids.map {|pid| ActiveFedora::
|
|
19
|
+
'(' + policy_pids.map {|pid| ActiveFedora::SolrQueryBuilder.construct_query_for_rel(is_governed_by: "info:fedora/#{pid}")}.join(' OR ') + ')'
|
|
18
20
|
end
|
|
19
|
-
|
|
21
|
+
|
|
20
22
|
# find all the policies that grant discover/read/edit permissions to this user or any of its groups
|
|
21
23
|
def policies_with_access
|
|
22
24
|
#### TODO -- Memoize this and put it in the session?
|
|
@@ -28,39 +30,47 @@ module Hydra::PolicyAwareAccessControlsEnforcement
|
|
|
28
30
|
logger.debug "get policies: #{result}\n\n"
|
|
29
31
|
result.map {|h| h['id']}
|
|
30
32
|
end
|
|
31
|
-
|
|
33
|
+
|
|
34
|
+
def apply_policy_role_permissions(permission_types = discovery_permissions)
|
|
35
|
+
Deprecation.warn(Hydra::PolicyAwareAccessControlsEnforcement, "The method apply_policy_role_permissions is deprecated and will be removed from Hydra::PolicyAwareAccessControlsEnforcement in hydra-head 8.0. Use apply_policy_group_permissions instead.", caller)
|
|
36
|
+
apply_policy_group_permissions(permission_types)
|
|
37
|
+
end
|
|
38
|
+
|
|
32
39
|
def apply_policy_group_permissions(permission_types = discovery_permissions)
|
|
33
40
|
# for groups
|
|
34
41
|
user_access_filters = []
|
|
35
42
|
current_ability.user_groups.each_with_index do |group, i|
|
|
36
43
|
permission_types.each do |type|
|
|
37
|
-
user_access_filters << escape_filter(
|
|
44
|
+
user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].group, group)
|
|
38
45
|
end
|
|
39
46
|
end
|
|
40
47
|
user_access_filters
|
|
41
48
|
end
|
|
42
49
|
|
|
50
|
+
def apply_policy_individual_permissions(permission_types = discovery_permissions)
|
|
51
|
+
Deprecation.warn(Hydra::PolicyAwareAccessControlsEnforcement, "The method apply_policy_individual_permissions is deprecated and will be removed from Hydra::PolicyAwareAccessControlsEnforcement in hydra-head 8.0. Use apply_policy_user_permissions instead.", caller)
|
|
52
|
+
apply_policy_user_permissions(permission_types)
|
|
53
|
+
end
|
|
54
|
+
|
|
43
55
|
def apply_policy_user_permissions(permission_types = discovery_permissions)
|
|
44
56
|
# for individual user access
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
57
|
+
user_access_filters = []
|
|
58
|
+
if current_user
|
|
59
|
+
permission_types.each do |type|
|
|
60
|
+
user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].individual, current_user.user_key)
|
|
61
|
+
end
|
|
49
62
|
end
|
|
63
|
+
user_access_filters
|
|
50
64
|
end
|
|
51
65
|
|
|
52
66
|
# Returns the Model used for AdminPolicy objects.
|
|
53
67
|
# You can set this by overriding this method or setting Hydra.config[:permissions][:policy_class]
|
|
54
68
|
# Defults to Hydra::AdminPolicy
|
|
55
69
|
def policy_class
|
|
56
|
-
|
|
57
|
-
return Hydra::AdminPolicy
|
|
58
|
-
else
|
|
59
|
-
return Hydra.config[:permissions][:policy_class]
|
|
60
|
-
end
|
|
70
|
+
Hydra.config.permissions.policy_class || Hydra::AdminPolicy
|
|
61
71
|
end
|
|
62
72
|
|
|
63
|
-
protected
|
|
73
|
+
protected
|
|
64
74
|
|
|
65
75
|
def gated_discovery_filters
|
|
66
76
|
filters = super
|
|
@@ -70,5 +80,5 @@ module Hydra::PolicyAwareAccessControlsEnforcement
|
|
|
70
80
|
end
|
|
71
81
|
filters
|
|
72
82
|
end
|
|
73
|
-
|
|
83
|
+
|
|
74
84
|
end
|
|
@@ -2,6 +2,7 @@ require 'rails'
|
|
|
2
2
|
require 'active-fedora'
|
|
3
3
|
require 'blacklight'
|
|
4
4
|
require 'cancan'
|
|
5
|
+
require "deprecation"
|
|
5
6
|
|
|
6
7
|
module Hydra
|
|
7
8
|
extend ActiveSupport::Autoload
|
|
@@ -11,7 +12,6 @@ module Hydra
|
|
|
11
12
|
autoload :PolicyAwareAccessControlsEnforcement
|
|
12
13
|
autoload :Ability
|
|
13
14
|
autoload :Config
|
|
14
|
-
autoload :Datastream
|
|
15
15
|
autoload :PolicyAwareAbility
|
|
16
16
|
autoload :AdminPolicy
|
|
17
17
|
autoload :AdminPolicyBehavior
|
data/spec/factories.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
FactoryGirl.define do
|
|
2
|
-
|
|
2
|
+
|
|
3
3
|
# Users
|
|
4
|
-
|
|
4
|
+
|
|
5
5
|
# Prototype user factory
|
|
6
6
|
factory :user, :aliases => [:owner] do |u|
|
|
7
7
|
sequence :uid do |n|
|
|
@@ -11,7 +11,7 @@ FactoryGirl.define do
|
|
|
11
11
|
password { uid }
|
|
12
12
|
new_record false
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
factory :archivist, :parent=>:user do |u|
|
|
16
16
|
uid 'archivist1'
|
|
17
17
|
password 'archivist1'
|
|
@@ -71,34 +71,34 @@ FactoryGirl.define do
|
|
|
71
71
|
roles { ["repository-admin"] }
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
-
#
|
|
74
|
+
#
|
|
75
75
|
# Repository Objects
|
|
76
76
|
#
|
|
77
|
-
|
|
77
|
+
|
|
78
78
|
factory :asset, :class => ModsAsset do |o|
|
|
79
79
|
end
|
|
80
|
-
|
|
80
|
+
|
|
81
81
|
factory :admin_policy, :class => Hydra::AdminPolicy do |o|
|
|
82
82
|
end
|
|
83
|
-
|
|
83
|
+
|
|
84
84
|
factory :default_access_asset, :parent=>:asset do |a|
|
|
85
|
-
permissions_attributes [{:
|
|
85
|
+
permissions_attributes [{ name: "joe_creator", access: "edit", type: "person" }]
|
|
86
86
|
end
|
|
87
|
-
|
|
87
|
+
|
|
88
88
|
factory :dept_access_asset, :parent=>:asset do |a|
|
|
89
|
-
permissions_attributes [{:
|
|
89
|
+
permissions_attributes [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
factory :group_edit_asset, :parent=>:asset do |a|
|
|
93
|
-
permissions_attributes [{:
|
|
93
|
+
permissions_attributes [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
|
|
94
94
|
end
|
|
95
|
-
|
|
95
|
+
|
|
96
96
|
factory :org_read_access_asset, :parent=>:asset do |a|
|
|
97
|
-
permissions_attributes [{:
|
|
97
|
+
permissions_attributes [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
|
|
98
98
|
end
|
|
99
|
-
|
|
99
|
+
|
|
100
100
|
factory :open_access_asset, :parent=>:asset do |a|
|
|
101
|
-
permissions_attributes [{:
|
|
101
|
+
permissions_attributes [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
end
|
|
@@ -21,18 +21,18 @@ describe Hydra::EmbargoService do
|
|
|
21
21
|
|
|
22
22
|
describe "#assets_with_expired_embargoes" do
|
|
23
23
|
it "returns an array of assets with expired embargoes" do
|
|
24
|
-
|
|
25
|
-
expect(
|
|
26
|
-
expect(
|
|
24
|
+
returned_ids = subject.assets_with_expired_embargoes.map {|a| a.id}
|
|
25
|
+
expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id
|
|
26
|
+
expect(returned_ids).to_not include work_with_embargo_in_effect.id, work_without_embargo.id
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
describe "#assets_under_embargo" do
|
|
31
31
|
it "returns all assets with embargo release date set" do
|
|
32
32
|
result = subject.assets_under_embargo
|
|
33
|
-
|
|
34
|
-
expect(
|
|
35
|
-
expect(
|
|
33
|
+
returned_ids = subject.assets_under_embargo.map {|a| a.id}
|
|
34
|
+
expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id, work_with_embargo_in_effect.id
|
|
35
|
+
expect(returned_ids).to_not include work_without_embargo.id
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -21,17 +21,17 @@ describe Hydra::LeaseService do
|
|
|
21
21
|
|
|
22
22
|
describe "#assets_with_expired_leases" do
|
|
23
23
|
it "returns an array of assets with expired embargoes" do
|
|
24
|
-
|
|
25
|
-
expect(
|
|
26
|
-
expect(
|
|
24
|
+
returned_ids = subject.assets_with_expired_leases.map {|a| a.id}
|
|
25
|
+
expect(returned_ids).to include work_with_expired_lease1.id, work_with_expired_lease2.id
|
|
26
|
+
expect(returned_ids).to_not include work_with_lease_in_effect.id, work_without_lease.id
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
describe "#assets_under_lease" do
|
|
31
31
|
it "returns an array of assets with expired embargoes" do
|
|
32
|
-
|
|
33
|
-
expect(
|
|
34
|
-
expect(
|
|
32
|
+
returned_ids = subject.assets_under_lease.map {|a| a.id}
|
|
33
|
+
expect(returned_ids).to include work_with_expired_lease1.id, work_with_expired_lease2.id, work_with_lease_in_effect.id
|
|
34
|
+
expect(returned_ids).to_not include work_without_lease.id
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -20,27 +20,34 @@ end
|
|
|
20
20
|
require 'support/rails'
|
|
21
21
|
|
|
22
22
|
# Since we're not doing a Rails Engine test, we have to load these classes manually:
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
23
|
+
require_relative '../app/vocabularies/acl'
|
|
24
|
+
require_relative '../app/vocabularies/hydra/acl'
|
|
25
|
+
require_relative '../app/models/role_mapper'
|
|
26
|
+
require_relative '../app/models/ability'
|
|
27
|
+
require_relative '../app/models/hydra/access_controls/access_control_list'
|
|
28
|
+
require_relative '../app/models/hydra/access_controls/permission'
|
|
29
|
+
require_relative '../app/models/hydra/access_controls/embargo'
|
|
30
|
+
require_relative '../app/models/hydra/access_controls/lease'
|
|
31
|
+
require_relative '../app/services/hydra/lease_service'
|
|
32
|
+
require_relative '../app/services/hydra/embargo_service'
|
|
33
|
+
require_relative '../app/validators/hydra/future_date_validator'
|
|
35
34
|
require 'support/mods_asset'
|
|
36
35
|
require 'support/solr_document'
|
|
37
36
|
require "support/user"
|
|
38
37
|
require "factory_girl"
|
|
39
38
|
require "factories"
|
|
40
39
|
|
|
40
|
+
# HttpLogger.logger = Logger.new(STDOUT)
|
|
41
|
+
# HttpLogger.ignore = [/localhost:8983\/solr/]
|
|
42
|
+
# HttpLogger.colorize = false
|
|
41
43
|
|
|
42
|
-
|
|
44
|
+
ActiveFedora::Base.logger = Logger.new(STDOUT)
|
|
43
45
|
|
|
46
|
+
require 'active_fedora/cleaner'
|
|
47
|
+
RSpec.configure do |config|
|
|
48
|
+
config.before(:each) do
|
|
49
|
+
ActiveFedora::Cleaner.clean!
|
|
50
|
+
end
|
|
44
51
|
end
|
|
45
52
|
|
|
46
53
|
# Stubbing Devise
|
data/spec/support/mods_asset.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class ModsAsset < ActiveFedora::Base
|
|
2
2
|
include Hydra::AccessControls::Embargoable
|
|
3
|
-
|
|
4
|
-
# This is how we're associating admin policies with assets.
|
|
3
|
+
|
|
4
|
+
# This is how we're associating admin policies with assets.
|
|
5
5
|
# You can associate them however you want, just use the :is_governed_by relationship
|
|
6
|
-
belongs_to :admin_policy, class_name: "Hydra::AdminPolicy",
|
|
6
|
+
belongs_to :admin_policy, class_name: "Hydra::AdminPolicy", predicate: ActiveFedora::Predicates.find_graph_predicate(:is_governed_by)
|
|
7
7
|
end
|