hydra-access-controls 8.2.0 → 9.0.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.textile +10 -10
- data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
- data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
- data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
- data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
- data/app/models/concerns/hydra/access_controls.rb +0 -1
- data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
- data/app/models/concerns/hydra/rights.rb +15 -0
- data/app/models/hydra/access_controls/access_control_list.rb +17 -0
- data/app/models/hydra/access_controls/embargo.rb +65 -0
- data/app/models/hydra/access_controls/lease.rb +66 -0
- data/app/models/hydra/access_controls/permission.rb +85 -0
- data/app/vocabularies/acl.rb +12 -0
- data/app/vocabularies/hydra/acl.rb +20 -0
- data/config/fedora.yml +4 -2
- data/hydra-access-controls.gemspec +6 -7
- data/lib/hydra/ability.rb +45 -43
- data/lib/hydra/access_controls_enforcement.rb +23 -25
- data/lib/hydra/admin_policy.rb +34 -11
- data/lib/hydra/config.rb +4 -15
- data/lib/hydra/permissions_query.rb +2 -2
- data/lib/hydra/permissions_solr_document.rb +4 -6
- data/lib/hydra/policy_aware_ability.rb +56 -53
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
- data/lib/hydra-access-controls.rb +1 -1
- data/spec/factories.rb +15 -15
- data/spec/services/embargo_service_spec.rb +6 -6
- data/spec/services/lease_service_spec.rb +6 -6
- data/spec/spec_helper.rb +20 -13
- data/spec/support/mods_asset.rb +3 -3
- data/spec/unit/ability_spec.rb +96 -121
- data/spec/unit/access_controls_enforcement_spec.rb +29 -27
- data/spec/unit/access_right_spec.rb +6 -1
- data/spec/unit/accessible_by_spec.rb +14 -5
- data/spec/unit/admin_policy_spec.rb +99 -92
- data/spec/unit/config_spec.rb +14 -15
- data/spec/unit/embargoable_spec.rb +26 -28
- data/spec/unit/permission_spec.rb +36 -16
- data/spec/unit/permissions_spec.rb +121 -65
- data/spec/unit/policy_aware_ability_spec.rb +64 -78
- data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
- data/spec/unit/role_mapper_spec.rb +10 -10
- data/spec/unit/with_access_right_spec.rb +1 -1
- metadata +29 -51
- data/lib/hydra/access_controls/permission.rb +0 -40
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
- data/lib/hydra/datastream/rights_metadata.rb +0 -276
- data/lib/hydra/datastream.rb +0 -7
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
- data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
|
@@ -1,83 +1,76 @@
|
|
|
1
1
|
# Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
|
|
2
2
|
module Hydra::PolicyAwareAbility
|
|
3
3
|
extend ActiveSupport::Concern
|
|
4
|
+
extend Deprecation
|
|
4
5
|
include Hydra::Ability
|
|
5
|
-
|
|
6
|
+
|
|
7
|
+
IS_GOVERNED_BY_SOLR_FIELD = "isGovernedBy_ssim".freeze
|
|
8
|
+
|
|
6
9
|
# Extends Hydra::Ability.test_edit to try policy controls if object-level controls deny access
|
|
7
10
|
def test_edit(pid)
|
|
8
|
-
|
|
9
|
-
if result
|
|
10
|
-
return result
|
|
11
|
-
else
|
|
12
|
-
return test_edit_from_policy(pid)
|
|
13
|
-
end
|
|
11
|
+
super || test_edit_from_policy(pid)
|
|
14
12
|
end
|
|
15
|
-
|
|
13
|
+
|
|
16
14
|
# Extends Hydra::Ability.test_read to try policy controls if object-level controls deny access
|
|
17
15
|
def test_read(pid)
|
|
18
|
-
|
|
19
|
-
if result
|
|
20
|
-
return result
|
|
21
|
-
else
|
|
22
|
-
return test_read_from_policy(pid)
|
|
23
|
-
end
|
|
16
|
+
super || test_read_from_policy(pid)
|
|
24
17
|
end
|
|
25
|
-
|
|
18
|
+
|
|
26
19
|
# Returns the pid of policy object (is_governed_by) for the specified object
|
|
27
|
-
# Assumes that the policy object is associated by an is_governed_by relationship
|
|
20
|
+
# Assumes that the policy object is associated by an is_governed_by relationship
|
|
28
21
|
# (which is stored as "is_governed_by_ssim" in object's solr document)
|
|
29
22
|
# Returns nil if no policy associated with the object
|
|
30
23
|
def policy_pid_for(object_pid)
|
|
31
24
|
policy_pid = policy_pid_cache[object_pid]
|
|
32
25
|
return policy_pid if policy_pid
|
|
33
|
-
solr_result = ActiveFedora::Base.find_with_conditions({:
|
|
26
|
+
solr_result = ActiveFedora::Base.find_with_conditions({id: object_pid}, fl: governed_by_solr_field)
|
|
34
27
|
begin
|
|
35
|
-
policy_pid_cache[object_pid] = policy_pid = value_from_solr_field(solr_result,
|
|
28
|
+
policy_pid_cache[object_pid] = policy_pid = value_from_solr_field(solr_result, governed_by_solr_field).first.gsub("info:fedora/", "")
|
|
36
29
|
rescue NoMethodError
|
|
37
30
|
end
|
|
38
31
|
return policy_pid
|
|
39
32
|
end
|
|
40
|
-
|
|
33
|
+
|
|
34
|
+
def governed_by_solr_field
|
|
35
|
+
# TODO the solr key could be derived if we knew the class of the object:
|
|
36
|
+
# ModsAsset.reflect_on_association(:admin_policy).solr_key
|
|
37
|
+
IS_GOVERNED_BY_SOLR_FIELD
|
|
38
|
+
end
|
|
39
|
+
|
|
41
40
|
# Returns the permissions solr document for policy_pid
|
|
42
41
|
# The document is stored in an instance variable, so calling this multiple times will only query solr once.
|
|
43
|
-
# To force reload, set @policy_permissions_solr_cache to {}
|
|
42
|
+
# To force reload, set @policy_permissions_solr_cache to {}
|
|
44
43
|
def policy_permissions_doc(policy_pid)
|
|
45
44
|
@policy_permissions_solr_cache ||= {}
|
|
46
45
|
@policy_permissions_solr_cache[policy_pid] ||= get_permissions_solr_response_for_doc_id(policy_pid)
|
|
47
46
|
end
|
|
48
|
-
|
|
47
|
+
|
|
49
48
|
# Tests whether the object's governing policy object grants edit access for the current user
|
|
50
49
|
def test_edit_from_policy(object_pid)
|
|
51
50
|
policy_pid = policy_pid_for(object_pid)
|
|
52
|
-
if policy_pid.nil?
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
|
|
51
|
+
return false if policy_pid.nil?
|
|
52
|
+
Rails.logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide EDIT permissions for #{current_user.user_key}?")
|
|
53
|
+
group_intersection = user_groups & edit_groups_from_policy( policy_pid )
|
|
54
|
+
result = !group_intersection.empty? || edit_users_from_policy( policy_pid ).include?(current_user.user_key)
|
|
55
|
+
Rails.logger.debug("[CANCAN] -policy- decision: #{result}")
|
|
56
|
+
result
|
|
57
|
+
end
|
|
58
|
+
|
|
63
59
|
# Tests whether the object's governing policy object grants read access for the current user
|
|
64
60
|
def test_read_from_policy(object_pid)
|
|
65
61
|
policy_pid = policy_pid_for(object_pid)
|
|
66
|
-
if policy_pid.nil?
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
end
|
|
75
|
-
end
|
|
76
|
-
|
|
62
|
+
return false if policy_pid.nil?
|
|
63
|
+
Rails.logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide READ permissions for #{current_user.user_key}?")
|
|
64
|
+
group_intersection = user_groups & read_groups_from_policy( policy_pid )
|
|
65
|
+
result = !group_intersection.empty? || read_users_from_policy( policy_pid ).include?(current_user.user_key)
|
|
66
|
+
Rails.logger.debug("[CANCAN] -policy- decision: #{result}")
|
|
67
|
+
result
|
|
68
|
+
end
|
|
69
|
+
|
|
77
70
|
# Returns the list of groups granted edit access by the policy object identified by policy_pid
|
|
78
71
|
def edit_groups_from_policy(policy_pid)
|
|
79
72
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
80
|
-
edit_group_field = Hydra.config
|
|
73
|
+
edit_group_field = Hydra.config.permissions.inheritable[:edit][:group]
|
|
81
74
|
eg = ((policy_permissions == nil || policy_permissions.fetch(edit_group_field,nil) == nil) ? [] : policy_permissions.fetch(edit_group_field,nil))
|
|
82
75
|
Rails.logger.debug("[CANCAN] -policy- edit_groups: #{eg.inspect}")
|
|
83
76
|
return eg
|
|
@@ -87,44 +80,54 @@ module Hydra::PolicyAwareAbility
|
|
|
87
80
|
# Note: edit implies read, so read_groups is the union of edit and read groups
|
|
88
81
|
def read_groups_from_policy(policy_pid)
|
|
89
82
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
90
|
-
read_group_field = Hydra.config
|
|
83
|
+
read_group_field = Hydra.config.permissions.inheritable[:read][:group]
|
|
91
84
|
rg = edit_groups_from_policy(policy_pid) | ((policy_permissions == nil || policy_permissions.fetch(read_group_field,nil) == nil) ? [] : policy_permissions.fetch(read_group_field,nil))
|
|
92
85
|
Rails.logger.debug("[CANCAN] -policy- read_groups: #{rg.inspect}")
|
|
93
86
|
return rg
|
|
94
87
|
end
|
|
95
88
|
|
|
89
|
+
def edit_persons_from_policy(policy_pid)
|
|
90
|
+
Deprecation.warn(Hydra::PolicyAwareAbility, "The edit_persons_from_policy method is deprecated and will be removed from Hydra::PolicyAwareAbility in hydra-head 8.0. Use edit_users_from_policy instead.", caller)
|
|
91
|
+
edit_users_from_policy(policy_pid)
|
|
92
|
+
end
|
|
93
|
+
|
|
96
94
|
# Returns the list of users granted edit access by the policy object identified by policy_pid
|
|
97
95
|
def edit_users_from_policy(policy_pid)
|
|
98
96
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
99
|
-
edit_user_field = Hydra.config
|
|
97
|
+
edit_user_field = Hydra.config.permissions.inheritable[:edit][:individual]
|
|
100
98
|
eu = ((policy_permissions == nil || policy_permissions.fetch(edit_user_field,nil) == nil) ? [] : policy_permissions.fetch(edit_user_field,nil))
|
|
101
99
|
Rails.logger.debug("[CANCAN] -policy- edit_users: #{eu.inspect}")
|
|
102
100
|
return eu
|
|
103
101
|
end
|
|
104
102
|
|
|
103
|
+
def read_persons_from_policy(policy_pid)
|
|
104
|
+
Deprecation.warn(Hydra::PolicyAwareAbility, "The read_persons_from_policy method is deprecated and will be removed from Hydra::PolicyAwareAbility in hydra-head 8.0. Use read_users_from_policy instead.", caller)
|
|
105
|
+
read_users_from_policy(policy_pid)
|
|
106
|
+
end
|
|
107
|
+
|
|
105
108
|
# Returns the list of users granted read access by the policy object identified by policy_pid
|
|
106
109
|
# Note: edit implies read, so read_users is the union of edit and read users
|
|
107
110
|
def read_users_from_policy(policy_pid)
|
|
108
111
|
policy_permissions = policy_permissions_doc(policy_pid)
|
|
109
|
-
read_user_field = Hydra.config
|
|
112
|
+
read_user_field = Hydra.config.permissions.inheritable[:read][:individual]
|
|
110
113
|
ru = edit_users_from_policy(policy_pid) | ((policy_permissions == nil || policy_permissions.fetch(read_user_field, nil) == nil) ? [] : policy_permissions.fetch(read_user_field, nil))
|
|
111
114
|
Rails.logger.debug("[CANCAN] -policy- read_users: #{ru.inspect}")
|
|
112
115
|
return ru
|
|
113
116
|
end
|
|
114
|
-
|
|
117
|
+
|
|
115
118
|
private
|
|
116
|
-
|
|
119
|
+
|
|
117
120
|
# Grabs the value of field_name from solr_result
|
|
118
121
|
# @example
|
|
119
|
-
# solr_result = Multiresimage.find_with_conditions({:id=>object_pid}, :fl=>'
|
|
120
|
-
# value_from_solr_field(solr_result, '
|
|
122
|
+
# solr_result = Multiresimage.find_with_conditions({:id=>object_pid}, :fl=>'is_governed_by_ssim')
|
|
123
|
+
# value_from_solr_field(solr_result, 'is_governed_by_ssim')
|
|
121
124
|
# => ["info:fedora/changeme:2278"]
|
|
122
125
|
def value_from_solr_field(solr_result, field_name)
|
|
123
126
|
field_from_result = solr_result.select {|x| x.has_key?(field_name)}.first
|
|
124
127
|
if field_from_result.nil?
|
|
125
|
-
|
|
128
|
+
nil
|
|
126
129
|
else
|
|
127
|
-
|
|
130
|
+
field_from_result[field_name]
|
|
128
131
|
end
|
|
129
132
|
end
|
|
130
133
|
|
|
@@ -1,22 +1,24 @@
|
|
|
1
1
|
# Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
|
|
2
2
|
module Hydra::PolicyAwareAccessControlsEnforcement
|
|
3
|
-
|
|
3
|
+
extend Deprecation
|
|
4
|
+
|
|
4
5
|
# Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access
|
|
5
6
|
# appends the result of policy_clauses into the :fq
|
|
6
7
|
# @param solr_parameters the current solr parameters
|
|
7
|
-
|
|
8
|
+
# @param user_parameters the current user-subitted parameters
|
|
9
|
+
def apply_gated_discovery(solr_parameters, user_parameters)
|
|
8
10
|
solr_parameters[:fq] ||= []
|
|
9
11
|
solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
|
|
10
12
|
logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }")
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
# returns solr query for finding all objects whose policies grant discover access to current_user
|
|
14
|
-
def policy_clauses
|
|
16
|
+
def policy_clauses
|
|
15
17
|
policy_pids = policies_with_access
|
|
16
18
|
return nil if policy_pids.empty?
|
|
17
|
-
'(' + policy_pids.map {|pid| ActiveFedora::
|
|
19
|
+
'(' + policy_pids.map {|pid| ActiveFedora::SolrQueryBuilder.construct_query_for_rel(is_governed_by: "info:fedora/#{pid}")}.join(' OR ') + ')'
|
|
18
20
|
end
|
|
19
|
-
|
|
21
|
+
|
|
20
22
|
# find all the policies that grant discover/read/edit permissions to this user or any of its groups
|
|
21
23
|
def policies_with_access
|
|
22
24
|
#### TODO -- Memoize this and put it in the session?
|
|
@@ -28,39 +30,47 @@ module Hydra::PolicyAwareAccessControlsEnforcement
|
|
|
28
30
|
logger.debug "get policies: #{result}\n\n"
|
|
29
31
|
result.map {|h| h['id']}
|
|
30
32
|
end
|
|
31
|
-
|
|
33
|
+
|
|
34
|
+
def apply_policy_role_permissions(permission_types = discovery_permissions)
|
|
35
|
+
Deprecation.warn(Hydra::PolicyAwareAccessControlsEnforcement, "The method apply_policy_role_permissions is deprecated and will be removed from Hydra::PolicyAwareAccessControlsEnforcement in hydra-head 8.0. Use apply_policy_group_permissions instead.", caller)
|
|
36
|
+
apply_policy_group_permissions(permission_types)
|
|
37
|
+
end
|
|
38
|
+
|
|
32
39
|
def apply_policy_group_permissions(permission_types = discovery_permissions)
|
|
33
40
|
# for groups
|
|
34
41
|
user_access_filters = []
|
|
35
42
|
current_ability.user_groups.each_with_index do |group, i|
|
|
36
43
|
permission_types.each do |type|
|
|
37
|
-
user_access_filters << escape_filter(
|
|
44
|
+
user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].group, group)
|
|
38
45
|
end
|
|
39
46
|
end
|
|
40
47
|
user_access_filters
|
|
41
48
|
end
|
|
42
49
|
|
|
50
|
+
def apply_policy_individual_permissions(permission_types = discovery_permissions)
|
|
51
|
+
Deprecation.warn(Hydra::PolicyAwareAccessControlsEnforcement, "The method apply_policy_individual_permissions is deprecated and will be removed from Hydra::PolicyAwareAccessControlsEnforcement in hydra-head 8.0. Use apply_policy_user_permissions instead.", caller)
|
|
52
|
+
apply_policy_user_permissions(permission_types)
|
|
53
|
+
end
|
|
54
|
+
|
|
43
55
|
def apply_policy_user_permissions(permission_types = discovery_permissions)
|
|
44
56
|
# for individual user access
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
57
|
+
user_access_filters = []
|
|
58
|
+
if current_user
|
|
59
|
+
permission_types.each do |type|
|
|
60
|
+
user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].individual, current_user.user_key)
|
|
61
|
+
end
|
|
49
62
|
end
|
|
63
|
+
user_access_filters
|
|
50
64
|
end
|
|
51
65
|
|
|
52
66
|
# Returns the Model used for AdminPolicy objects.
|
|
53
67
|
# You can set this by overriding this method or setting Hydra.config[:permissions][:policy_class]
|
|
54
68
|
# Defults to Hydra::AdminPolicy
|
|
55
69
|
def policy_class
|
|
56
|
-
|
|
57
|
-
return Hydra::AdminPolicy
|
|
58
|
-
else
|
|
59
|
-
return Hydra.config[:permissions][:policy_class]
|
|
60
|
-
end
|
|
70
|
+
Hydra.config.permissions.policy_class || Hydra::AdminPolicy
|
|
61
71
|
end
|
|
62
72
|
|
|
63
|
-
protected
|
|
73
|
+
protected
|
|
64
74
|
|
|
65
75
|
def gated_discovery_filters
|
|
66
76
|
filters = super
|
|
@@ -70,5 +80,5 @@ module Hydra::PolicyAwareAccessControlsEnforcement
|
|
|
70
80
|
end
|
|
71
81
|
filters
|
|
72
82
|
end
|
|
73
|
-
|
|
83
|
+
|
|
74
84
|
end
|
|
@@ -2,6 +2,7 @@ require 'rails'
|
|
|
2
2
|
require 'active-fedora'
|
|
3
3
|
require 'blacklight'
|
|
4
4
|
require 'cancan'
|
|
5
|
+
require "deprecation"
|
|
5
6
|
|
|
6
7
|
module Hydra
|
|
7
8
|
extend ActiveSupport::Autoload
|
|
@@ -11,7 +12,6 @@ module Hydra
|
|
|
11
12
|
autoload :PolicyAwareAccessControlsEnforcement
|
|
12
13
|
autoload :Ability
|
|
13
14
|
autoload :Config
|
|
14
|
-
autoload :Datastream
|
|
15
15
|
autoload :PolicyAwareAbility
|
|
16
16
|
autoload :AdminPolicy
|
|
17
17
|
autoload :AdminPolicyBehavior
|
data/spec/factories.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
FactoryGirl.define do
|
|
2
|
-
|
|
2
|
+
|
|
3
3
|
# Users
|
|
4
|
-
|
|
4
|
+
|
|
5
5
|
# Prototype user factory
|
|
6
6
|
factory :user, :aliases => [:owner] do |u|
|
|
7
7
|
sequence :uid do |n|
|
|
@@ -11,7 +11,7 @@ FactoryGirl.define do
|
|
|
11
11
|
password { uid }
|
|
12
12
|
new_record false
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
factory :archivist, :parent=>:user do |u|
|
|
16
16
|
uid 'archivist1'
|
|
17
17
|
password 'archivist1'
|
|
@@ -71,34 +71,34 @@ FactoryGirl.define do
|
|
|
71
71
|
roles { ["repository-admin"] }
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
-
#
|
|
74
|
+
#
|
|
75
75
|
# Repository Objects
|
|
76
76
|
#
|
|
77
|
-
|
|
77
|
+
|
|
78
78
|
factory :asset, :class => ModsAsset do |o|
|
|
79
79
|
end
|
|
80
|
-
|
|
80
|
+
|
|
81
81
|
factory :admin_policy, :class => Hydra::AdminPolicy do |o|
|
|
82
82
|
end
|
|
83
|
-
|
|
83
|
+
|
|
84
84
|
factory :default_access_asset, :parent=>:asset do |a|
|
|
85
|
-
permissions_attributes [{:
|
|
85
|
+
permissions_attributes [{ name: "joe_creator", access: "edit", type: "person" }]
|
|
86
86
|
end
|
|
87
|
-
|
|
87
|
+
|
|
88
88
|
factory :dept_access_asset, :parent=>:asset do |a|
|
|
89
|
-
permissions_attributes [{:
|
|
89
|
+
permissions_attributes [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
factory :group_edit_asset, :parent=>:asset do |a|
|
|
93
|
-
permissions_attributes [{:
|
|
93
|
+
permissions_attributes [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
|
|
94
94
|
end
|
|
95
|
-
|
|
95
|
+
|
|
96
96
|
factory :org_read_access_asset, :parent=>:asset do |a|
|
|
97
|
-
permissions_attributes [{:
|
|
97
|
+
permissions_attributes [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
|
|
98
98
|
end
|
|
99
|
-
|
|
99
|
+
|
|
100
100
|
factory :open_access_asset, :parent=>:asset do |a|
|
|
101
|
-
permissions_attributes [{:
|
|
101
|
+
permissions_attributes [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
end
|
|
@@ -21,18 +21,18 @@ describe Hydra::EmbargoService do
|
|
|
21
21
|
|
|
22
22
|
describe "#assets_with_expired_embargoes" do
|
|
23
23
|
it "returns an array of assets with expired embargoes" do
|
|
24
|
-
|
|
25
|
-
expect(
|
|
26
|
-
expect(
|
|
24
|
+
returned_ids = subject.assets_with_expired_embargoes.map {|a| a.id}
|
|
25
|
+
expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id
|
|
26
|
+
expect(returned_ids).to_not include work_with_embargo_in_effect.id, work_without_embargo.id
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
describe "#assets_under_embargo" do
|
|
31
31
|
it "returns all assets with embargo release date set" do
|
|
32
32
|
result = subject.assets_under_embargo
|
|
33
|
-
|
|
34
|
-
expect(
|
|
35
|
-
expect(
|
|
33
|
+
returned_ids = subject.assets_under_embargo.map {|a| a.id}
|
|
34
|
+
expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id, work_with_embargo_in_effect.id
|
|
35
|
+
expect(returned_ids).to_not include work_without_embargo.id
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -21,17 +21,17 @@ describe Hydra::LeaseService do
|
|
|
21
21
|
|
|
22
22
|
describe "#assets_with_expired_leases" do
|
|
23
23
|
it "returns an array of assets with expired embargoes" do
|
|
24
|
-
|
|
25
|
-
expect(
|
|
26
|
-
expect(
|
|
24
|
+
returned_ids = subject.assets_with_expired_leases.map {|a| a.id}
|
|
25
|
+
expect(returned_ids).to include work_with_expired_lease1.id, work_with_expired_lease2.id
|
|
26
|
+
expect(returned_ids).to_not include work_with_lease_in_effect.id, work_without_lease.id
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
describe "#assets_under_lease" do
|
|
31
31
|
it "returns an array of assets with expired embargoes" do
|
|
32
|
-
|
|
33
|
-
expect(
|
|
34
|
-
expect(
|
|
32
|
+
returned_ids = subject.assets_under_lease.map {|a| a.id}
|
|
33
|
+
expect(returned_ids).to include work_with_expired_lease1.id, work_with_expired_lease2.id, work_with_lease_in_effect.id
|
|
34
|
+
expect(returned_ids).to_not include work_without_lease.id
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -20,27 +20,34 @@ end
|
|
|
20
20
|
require 'support/rails'
|
|
21
21
|
|
|
22
22
|
# Since we're not doing a Rails Engine test, we have to load these classes manually:
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
23
|
+
require_relative '../app/vocabularies/acl'
|
|
24
|
+
require_relative '../app/vocabularies/hydra/acl'
|
|
25
|
+
require_relative '../app/models/role_mapper'
|
|
26
|
+
require_relative '../app/models/ability'
|
|
27
|
+
require_relative '../app/models/hydra/access_controls/access_control_list'
|
|
28
|
+
require_relative '../app/models/hydra/access_controls/permission'
|
|
29
|
+
require_relative '../app/models/hydra/access_controls/embargo'
|
|
30
|
+
require_relative '../app/models/hydra/access_controls/lease'
|
|
31
|
+
require_relative '../app/services/hydra/lease_service'
|
|
32
|
+
require_relative '../app/services/hydra/embargo_service'
|
|
33
|
+
require_relative '../app/validators/hydra/future_date_validator'
|
|
35
34
|
require 'support/mods_asset'
|
|
36
35
|
require 'support/solr_document'
|
|
37
36
|
require "support/user"
|
|
38
37
|
require "factory_girl"
|
|
39
38
|
require "factories"
|
|
40
39
|
|
|
40
|
+
# HttpLogger.logger = Logger.new(STDOUT)
|
|
41
|
+
# HttpLogger.ignore = [/localhost:8983\/solr/]
|
|
42
|
+
# HttpLogger.colorize = false
|
|
41
43
|
|
|
42
|
-
|
|
44
|
+
ActiveFedora::Base.logger = Logger.new(STDOUT)
|
|
43
45
|
|
|
46
|
+
require 'active_fedora/cleaner'
|
|
47
|
+
RSpec.configure do |config|
|
|
48
|
+
config.before(:each) do
|
|
49
|
+
ActiveFedora::Cleaner.clean!
|
|
50
|
+
end
|
|
44
51
|
end
|
|
45
52
|
|
|
46
53
|
# Stubbing Devise
|
data/spec/support/mods_asset.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class ModsAsset < ActiveFedora::Base
|
|
2
2
|
include Hydra::AccessControls::Embargoable
|
|
3
|
-
|
|
4
|
-
# This is how we're associating admin policies with assets.
|
|
3
|
+
|
|
4
|
+
# This is how we're associating admin policies with assets.
|
|
5
5
|
# You can associate them however you want, just use the :is_governed_by relationship
|
|
6
|
-
belongs_to :admin_policy, class_name: "Hydra::AdminPolicy",
|
|
6
|
+
belongs_to :admin_policy, class_name: "Hydra::AdminPolicy", predicate: ActiveFedora::Predicates.find_graph_predicate(:is_governed_by)
|
|
7
7
|
end
|