hydra-access-controls 8.2.0 → 9.0.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/README.textile +10 -10
  3. data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
  4. data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
  5. data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
  6. data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
  7. data/app/models/concerns/hydra/access_controls.rb +0 -1
  8. data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
  9. data/app/models/concerns/hydra/rights.rb +15 -0
  10. data/app/models/hydra/access_controls/access_control_list.rb +17 -0
  11. data/app/models/hydra/access_controls/embargo.rb +65 -0
  12. data/app/models/hydra/access_controls/lease.rb +66 -0
  13. data/app/models/hydra/access_controls/permission.rb +85 -0
  14. data/app/vocabularies/acl.rb +12 -0
  15. data/app/vocabularies/hydra/acl.rb +20 -0
  16. data/config/fedora.yml +4 -2
  17. data/hydra-access-controls.gemspec +6 -7
  18. data/lib/hydra/ability.rb +45 -43
  19. data/lib/hydra/access_controls_enforcement.rb +23 -25
  20. data/lib/hydra/admin_policy.rb +34 -11
  21. data/lib/hydra/config.rb +4 -15
  22. data/lib/hydra/permissions_query.rb +2 -2
  23. data/lib/hydra/permissions_solr_document.rb +4 -6
  24. data/lib/hydra/policy_aware_ability.rb +56 -53
  25. data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
  26. data/lib/hydra-access-controls.rb +1 -1
  27. data/spec/factories.rb +15 -15
  28. data/spec/services/embargo_service_spec.rb +6 -6
  29. data/spec/services/lease_service_spec.rb +6 -6
  30. data/spec/spec_helper.rb +20 -13
  31. data/spec/support/mods_asset.rb +3 -3
  32. data/spec/unit/ability_spec.rb +96 -121
  33. data/spec/unit/access_controls_enforcement_spec.rb +29 -27
  34. data/spec/unit/access_right_spec.rb +6 -1
  35. data/spec/unit/accessible_by_spec.rb +14 -5
  36. data/spec/unit/admin_policy_spec.rb +99 -92
  37. data/spec/unit/config_spec.rb +14 -15
  38. data/spec/unit/embargoable_spec.rb +26 -28
  39. data/spec/unit/permission_spec.rb +36 -16
  40. data/spec/unit/permissions_spec.rb +121 -65
  41. data/spec/unit/policy_aware_ability_spec.rb +64 -78
  42. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
  43. data/spec/unit/role_mapper_spec.rb +10 -10
  44. data/spec/unit/with_access_right_spec.rb +1 -1
  45. metadata +29 -51
  46. data/lib/hydra/access_controls/permission.rb +0 -40
  47. data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
  48. data/lib/hydra/datastream/rights_metadata.rb +0 -276
  49. data/lib/hydra/datastream.rb +0 -7
  50. data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
  51. data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
  52. data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
@@ -1,104 +1,101 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Hydra::AdminPolicy do
4
- its(:defaultRights) { should be_kind_of Hydra::Datastream::InheritableRightsMetadata}
5
- its(:rightsMetadata) { should be_kind_of Hydra::Datastream::RightsMetadata}
6
- its(:descMetadata) { should be_kind_of ActiveFedora::QualifiedDublinCoreDatastream}
7
4
 
8
5
  describe "when setting attributes" do
9
6
  before do
10
- subject.title = "My title"
11
- subject.description = "My description"
12
- subject.license_title = "My license"
13
- subject.license_description = "My license desc"
14
- subject.license_url = "My url"
15
- end
16
- its(:title) { should == "My title"}
17
- its(:description) { should == "My description"}
18
- its(:license_title) { should == "My license"}
19
- its(:license_description) { should == "My license desc"}
20
- its(:license_url) { should == "My url"}
7
+ subject.title = "My title"
8
+ subject.description = "My description"
9
+ end
10
+ its(:title) { is_expected.to eq "My title"}
11
+ its(:description) { is_expected.to eq "My description"}
21
12
  end
22
-
13
+
23
14
 
24
15
  describe "to_solr" do
25
16
  subject { Hydra::AdminPolicy.new(:title=>"Foobar").to_solr }
26
17
  it "should have title_ssim" do
27
- subject[ActiveFedora::SolrService.solr_name('title', type: :string)].should == "Foobar"
18
+ expect(subject[ActiveFedora::SolrQueryBuilder.solr_name('title', type: :string)]).to eq ["Foobar"]
28
19
  end
29
20
  end
30
21
 
31
22
  describe "updating default permissions" do
32
23
  it "should create new group permissions" do
33
- subject.default_permissions = [{:name=>'group1', :access=>'discover', :type=>'group'}]
34
- subject.default_permissions.should == [{:type=>'group', :access=>'discover', :name=>'group1'}]
24
+ subject.default_permissions.build({:name=>'group1', :access=>'discover', :type=>'group'})
25
+ expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'group', :access=>'discover', :name=>'group1'}]
35
26
  end
36
27
  it "should create new user permissions" do
37
- subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'user'}]
38
- subject.default_permissions.should == [{:type=>'user', :access=>'discover', :name=>'user1'}]
28
+ subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
29
+ expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'}]
39
30
  end
40
31
  it "should not replace existing groups" do
41
- subject.default_permissions = [{:name=>'group1', :access=>'discover', :type=>'group'}]
42
- subject.default_permissions = [{:name=>'group2', :access=>'discover', :type=>'group'}]
43
- subject.default_permissions.should == [{:type=>'group', :access=>'discover', :name=>'group1'},
32
+ subject.default_permissions.build({:name=>'group1', :access=>'discover', :type=>'group'})
33
+ subject.default_permissions.build({:name=>'group2', :access=>'discover', :type=>'group'})
34
+ expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'group', :access=>'discover', :name=>'group1'},
44
35
  {:type=>'group', :access=>'discover', :name=>'group2'}]
45
36
  end
46
37
  it "should not replace existing users" do
47
- subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'user'}]
48
- subject.default_permissions = [{:name=>'user2', :access=>'discover', :type=>'user'}]
49
- subject.default_permissions.should == [{:type=>'user', :access=>'discover', :name=>'user1'},
50
- {:type=>'user', :access=>'discover', :name=>'user2'}]
38
+ subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
39
+ subject.default_permissions.build({:name=>'user2', :access=>'discover', :type=>'person'})
40
+ expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'},
41
+ {:type=>'person', :access=>'discover', :name=>'user2'}]
51
42
  end
52
43
  it "should update permissions on existing users" do
53
- subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'user'}]
54
- subject.default_permissions = [{:name=>'user1', :access=>'edit', :type=>'user'}]
55
- subject.default_permissions.should == [{:type=>'user', :access=>'edit', :name=>'user1'}]
44
+ subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
45
+ subject.default_permissions.first.mode = ::ACL.Write
46
+ expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'edit', :name=>'user1'}]
56
47
  end
57
48
  it "should update permissions on existing groups" do
58
- subject.default_permissions = [{:name=>'group1', :access=>'discover', :type=>'group'}]
59
- subject.default_permissions = [{:name=>'group1', :access=>'edit', :type=>'group'}]
60
- subject.default_permissions.should == [{:type=>'group', :access=>'edit', :name=>'group1'}]
49
+ subject.default_permissions.build({:name=>'group1', :access=>'discover', :type=>'group'})
50
+ subject.default_permissions.first.mode = ::ACL.Write
51
+ expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'group', :access=>'edit', :name=>'group1'}]
61
52
  end
62
53
  it "should assign user permissions when :type == 'person'" do
63
- subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'person'}]
64
- subject.default_permissions.should == [{:type=>'user', :access=>'discover', :name=>'user1'}]
54
+ subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
55
+ expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'}]
65
56
  end
66
57
  it "should raise an ArgumentError when the :type hashkey is invalid" do
67
- expect{subject.default_permissions = [{:name=>'user1', :access=>'read', :type=>'foo'}]}.to raise_error(ArgumentError)
58
+ expect { subject.default_permissions.build({:name=>'user1', :access=>'read', :type=>'foo'}) }.to raise_error(ArgumentError, 'Unknown agent type "foo"')
68
59
  end
69
60
  end
70
-
61
+
71
62
  describe "Inheritable rights" do
72
63
  before do
73
64
  @policy = Hydra::AdminPolicy.new
74
- @policy.default_permissions = [{:name=>"africana-faculty", :access=>"edit", :type=>"group"}, {:name=>"cool-kids", :access=>"edit", :type=>"group"}, {:name=>"julius_caesar", :access=>"edit", :type=>"user"}]
75
- @policy.default_permissions = [{:name=>"slightlycoolkids", :access=>"read", :type=>"group"}, {:name=>"nero", :access=>"read", :type=>"user"}]
76
- @policy.default_permissions = [{:name=>"posers", :access=>"discover", :type=>"group"}, {:name=>"constantine", :access=>"discover", :type=>"user"}]
77
- @policy.defaultRights.embargo_release_date = "2102-10-01"
65
+ @policy.default_permissions.build([
66
+ {:name=>"africana-faculty", :access=>"edit", :type=>"group"},
67
+ {:name=>"cool-kids", :access=>"edit", :type=>"group"},
68
+ {:name=>"julius_caesar", :access=>"edit", :type=>"person"},
69
+ {:name=>"slightlycoolkids", :access=>"read", :type=>"group"},
70
+ {:name=>"nero", :access=>"read", :type=>"person"},
71
+ {:name=>"posers", :access=>"discover", :type=>"group"},
72
+ {:name=>"constantine", :access=>"discover", :type=>"person"}
73
+ ])
74
+ @policy.build_default_embargo.embargo_release_date = "2102-10-01"
78
75
  end
79
76
 
80
77
  describe "to_solr" do
81
- subject {@policy.to_solr}
82
- it "should not affect normal solr permissions fields" do
83
- subject.should_not have_key( Hydra.config[:permissions][:discover][:group] )
84
- subject.should_not have_key( Hydra.config[:permissions][:discover][:individual] )
85
- subject.should_not have_key( Hydra.config[:permissions][:read][:group] )
86
- subject.should_not have_key( Hydra.config[:permissions][:read][:individual] )
87
- subject.should_not have_key( Hydra.config[:permissions][:edit][:group] )
88
- subject.should_not have_key( Hydra.config[:permissions][:edit][:individual] )
89
- subject.should_not have_key( Hydra.config[:permissions][:embargo_release_date] )
78
+ subject { @policy.to_solr }
79
+
80
+ it "should not affect normal solr permissions fields" do
81
+ expect(subject).to_not have_key Hydra.config.permissions.discover.group
82
+ expect(subject).to_not have_key Hydra.config.permissions.discover.individual
83
+ expect(subject).to_not have_key Hydra.config.permissions.read.group
84
+ expect(subject).to_not have_key Hydra.config.permissions.read.individual
85
+ expect(subject).to_not have_key Hydra.config.permissions.edit.group
86
+ expect(subject).to_not have_key Hydra.config.permissions.edit.individual
87
+ expect(subject).to_not have_key Hydra.config.permissions.embargo.release_date
90
88
  end
89
+
91
90
  it "should provide prefixed/inherited solr permissions fields" do
92
- subject[Hydra.config[:permissions][:inheritable][:discover][:group] ].should == ["posers"]
93
- subject[Hydra.config[:permissions][:inheritable][:discover][:individual] ].should == ["constantine"]
94
- subject[Hydra.config[:permissions][:inheritable][:read][:group] ].should == ["slightlycoolkids"]
95
- subject[Hydra.config[:permissions][:inheritable][:read][:individual] ].should == ["nero"]
96
- inheritable_group = Hydra.config[:permissions][:inheritable][:edit][:group]
97
- subject[inheritable_group].length.should == 2
98
- subject[inheritable_group].should include("africana-faculty", "cool-kids")
99
-
100
- subject[Hydra.config[:permissions][:inheritable][:edit][:individual] ].should == ["julius_caesar"]
101
- expect(subject[Hydra.config[:permissions][:inheritable][:embargo_release_date] ]).to eq Date.parse("2102-10-01").to_time.utc.iso8601
91
+ expect(subject[Hydra.config.permissions.inheritable.discover.group]).to eq ["posers"]
92
+ expect(subject[Hydra.config.permissions.inheritable.discover.individual]).to eq ["constantine"]
93
+ expect(subject[Hydra.config.permissions.inheritable.read.group]).to eq ["slightlycoolkids"]
94
+ expect(subject[Hydra.config.permissions.inheritable.read.individual]).to eq ["nero"]
95
+ expect(subject[Hydra.config.permissions.inheritable.edit.group]).to match_array ["africana-faculty", "cool-kids"]
96
+
97
+ expect(subject[Hydra.config.permissions.inheritable.edit.individual]).to eq ["julius_caesar"]
98
+ expect(subject[Hydra.config.permissions.inheritable.embargo.release_date]).to eq DateTime.parse("2102-10-01").to_time.utc.iso8601
102
99
  end
103
100
  end
104
101
 
@@ -110,8 +107,9 @@ describe Hydra::AdminPolicy do
110
107
  describe "When accessing assets with Policies associated" do
111
108
  before do
112
109
  @user = FactoryGirl.build(:martia_morocco)
113
- RoleMapper.stub(:roles).with(@user).and_return(@user.roles)
110
+ allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
114
111
  end
112
+
115
113
  before(:all) do
116
114
  class TestAbility
117
115
  include Hydra::PolicyAwareAbility
@@ -121,54 +119,60 @@ describe Hydra::AdminPolicy do
121
119
  after(:all) do
122
120
  Object.send(:remove_const, :TestAbility)
123
121
  end
122
+
124
123
  subject { TestAbility.new(@user) }
124
+
125
125
  context "Given a policy grants read access to a group I belong to" do
126
126
  before do
127
127
  @policy = Hydra::AdminPolicy.new
128
- @policy.default_permissions = [{:type=>"group", :access=>"read", :name=>"africana-faculty"}]
128
+ @policy.default_permissions.build({:type=>"group", :access=>"read", :name=>"africana-faculty"})
129
129
  @policy.save
130
130
  end
131
- after { @policy.delete }
131
+
132
132
  context "And a subscribing asset does not grant access" do
133
133
  before do
134
134
  @asset = ModsAsset.new()
135
135
  @asset.admin_policy = @policy
136
136
  @asset.save
137
137
  end
138
- after { @asset.delete }
138
+
139
139
  it "Then I should be able to view the asset" do
140
- subject.can?(:read, @asset).should be true
140
+ expect(subject.can?(:read, @asset)).to be true
141
141
  end
142
+
142
143
  it "Then I should not be able to edit, update and destroy the asset" do
143
- subject.can?(:edit, @asset).should be false
144
- subject.can?(:update, @asset).should be false
145
- subject.can?(:destroy, @asset).should be false
144
+ expect(subject.can?(:edit, @asset)).to be false
145
+ expect(subject.can?(:update, @asset)).to be false
146
+ expect(subject.can?(:destroy, @asset)).to be false
146
147
  end
147
148
  end
148
149
  end
150
+
149
151
  context "Given a policy grants edit access to a group I belong to" do
150
152
  before do
151
153
  @policy = Hydra::AdminPolicy.new
152
- @policy.default_permissions = [{:type=>"group", :access=>"edit", :name=>"africana-faculty"}]
154
+ @policy.default_permissions.build({:type=>"group", :access=>"edit", :name=>"africana-faculty"})
153
155
  @policy.save
154
156
  end
155
- after { @policy.delete }
157
+
156
158
  context "And a subscribing asset does not grant access" do
157
159
  before do
158
160
  @asset = ModsAsset.new()
159
161
  @asset.admin_policy = @policy
160
162
  @asset.save
161
163
  end
162
- after { @asset.delete }
164
+
163
165
  it "Then I should be able to view the asset" do
164
- subject.can?(:read, @asset).should be true
166
+ expect(subject.can?(:read, @asset)).to be true
165
167
  end
168
+
166
169
  it "Then I should be able to edit/update/destroy the asset" do
167
- subject.can?(:edit, @asset).should be true
168
- subject.can?(:update, @asset).should be true
169
- subject.can?(:destroy, @asset).should be true
170
+ expect(subject.can?(:edit, @asset)).to be true
171
+ expect(subject.can?(:update, @asset)).to be true
172
+ expect(subject.can?(:destroy, @asset)).to be true
170
173
  end
171
174
  end
175
+
172
176
  context "And a subscribing asset grants read access to me as an individual" do
173
177
  before do
174
178
  @asset = ModsAsset.new()
@@ -176,14 +180,15 @@ describe Hydra::AdminPolicy do
176
180
  @asset.admin_policy = @policy
177
181
  @asset.save
178
182
  end
179
- after { @asset.delete }
183
+
180
184
  it "Then I should be able to view the asset" do
181
- subject.can?(:read, @asset).should be true
185
+ expect(subject.can?(:read, @asset)).to be true
182
186
  end
187
+
183
188
  it "Then I should be able to edit/update/destroy the asset" do
184
- subject.can?(:edit, @asset).should be true
185
- subject.can?(:update, @asset).should be true
186
- subject.can?(:destroy, @asset).should be true
189
+ expect(subject.can?(:edit, @asset)).to be true
190
+ expect(subject.can?(:update, @asset)).to be true
191
+ expect(subject.can?(:destroy, @asset)).to be true
187
192
  end
188
193
  end
189
194
  end
@@ -193,23 +198,25 @@ describe Hydra::AdminPolicy do
193
198
  @policy = Hydra::AdminPolicy.new
194
199
  @policy.save
195
200
  end
196
- after { @policy.delete }
201
+
197
202
  context "And a subscribing asset does not grant access" do
198
203
  before do
199
204
  @asset = ModsAsset.new()
200
205
  @asset.admin_policy = @policy
201
206
  @asset.save
202
207
  end
203
- after { @asset.delete }
208
+
204
209
  it "Then I should not be able to view the asset" do
205
- subject.can?(:read, @asset).should be false
210
+ expect(subject.can?(:read, @asset)).to be false
206
211
  end
212
+
207
213
  it "Then I should not be able to edit/update/destroy the asset" do
208
- subject.can?(:edit, @asset).should be false
209
- subject.can?(:update, @asset).should be false
210
- subject.can?(:destroy, @asset).should be false
214
+ expect(subject.can?(:edit, @asset)).to be false
215
+ expect(subject.can?(:update, @asset)).to be false
216
+ expect(subject.can?(:destroy, @asset)).to be false
211
217
  end
212
218
  end
219
+
213
220
  context "And a subscribing asset grants read access to me as an individual" do
214
221
  before do
215
222
  @asset = ModsAsset.new()
@@ -217,17 +224,17 @@ describe Hydra::AdminPolicy do
217
224
  @asset.admin_policy = @policy
218
225
  @asset.save
219
226
  end
220
- after { @asset.delete }
227
+
221
228
  it "Then I should be able to view the asset" do
222
- subject.can?(:read, @asset).should be true
229
+ expect(subject.can?(:read, @asset)).to be true
223
230
  end
231
+
224
232
  it "Then I should not be able to edit/update/destroy the asset" do
225
- subject.can?(:edit, @asset).should be false
226
- subject.can?(:update, @asset).should be false
227
- subject.can?(:destroy, @asset).should be false
233
+ expect(subject.can?(:edit, @asset)).to be false
234
+ expect(subject.can?(:update, @asset)).to be false
235
+ expect(subject.can?(:destroy, @asset)).to be false
228
236
  end
229
237
  end
230
238
  end
231
239
  end
232
-
233
240
  end
@@ -6,44 +6,43 @@ describe Hydra::Config do
6
6
  # You only need to change these values if you've indexed permissions by some means other than the Hydra's built-in tooling.
7
7
  # If you change these, you must also update the permissions request handler in your solrconfig.xml to return those values
8
8
  config[:permissions] = {
9
- :discover => {:group =>ActiveFedora::SolrService.solr_name("discover_access_group", :symbol), :individual=>ActiveFedora::SolrService.solr_name("discover_access_person", :symbol)},
10
- :read => {:group =>ActiveFedora::SolrService.solr_name("read_access_group", :symbol), :individual=>ActiveFedora::SolrService.solr_name("read_access_person", :symbol)},
11
- :edit => {:group =>ActiveFedora::SolrService.solr_name("edit_access_group", :symbol), :individual=>ActiveFedora::SolrService.solr_name("edit_access_person", :symbol)},
12
- :owner => ActiveFedora::SolrService.solr_name("depositor", :symbol),
13
- :embargo_release_date => ActiveFedora::SolrService.solr_name("embargo_release_date", Solrizer::Descriptor.new(:date, :stored, :indexed))
9
+ :discover => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("discover_access_group", :symbol), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("discover_access_person", :symbol)},
10
+ :read => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("read_access_group", :symbol), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("read_access_person", :symbol)},
11
+ :edit => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("edit_access_group", :symbol), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("edit_access_person", :symbol)},
12
+ :owner => ActiveFedora::SolrQueryBuilder.solr_name("depositor", :symbol),
14
13
  }
14
+ config.permissions.embargo.release_date = ActiveFedora::SolrQueryBuilder.solr_name("embargo_release_date", Solrizer::Descriptor.new(:date, :stored, :indexed))
15
15
 
16
16
  # specify the user model
17
17
  config[:user_model] = 'User'
18
18
 
19
- config[:permissions][:edit][:individual].should == 'edit_access_person_ssim'
19
+ expect(config[:permissions][:edit][:individual]).to eq 'edit_access_person_ssim'
20
20
  end
21
21
 
22
22
  it "should accept a struct based config" do
23
23
  # This specifies the solr field names of permissions-related fields.
24
24
  # You only need to change these values if you've indexed permissions by some means other than the Hydra's built-in tooling.
25
25
  # If you change these, you must also update the permissions request handler in your solrconfig.xml to return those values
26
- config.permissions.discover.group = ActiveFedora::SolrService.solr_name("discover_access_group", :symbol)
26
+ config.permissions.discover.group = ActiveFedora::SolrQueryBuilder.solr_name("discover_access_group", :symbol)
27
27
 
28
28
  # specify the user model
29
29
  config.user_model = 'User'
30
30
 
31
- config.permissions.discover.group.should == 'discover_access_group_ssim'
32
- config.user_model.should == 'User'
31
+ expect(config.permissions.discover.group).to eq 'discover_access_group_ssim'
32
+ expect(config.user_model).to eq 'User'
33
33
  end
34
34
 
35
35
  it "should have inheritable attributes" do
36
- config[:permissions][:inheritable][:edit][:individual].should == 'inheritable_edit_access_person_ssim'
36
+ expect(config[:permissions][:inheritable][:edit][:individual]).to eq 'inheritable_edit_access_person_ssim'
37
37
  end
38
38
  it "should have a nil policy_class" do
39
- config[:permissions][:policy_class].should be_nil
39
+ expect(config[:permissions][:policy_class]).to be_nil
40
40
  end
41
41
 
42
42
  it "should have defaults" do
43
- config.permissions.read.individual.should == 'read_access_person_ssim'
44
- config.permissions.embargo_release_date.should == 'embargo_release_date_dtsi'
45
- config.permissions.embargo.release_date.should == 'embargo_release_date_dtsi'
46
- config.user_model.should == 'User'
43
+ expect(config.permissions.read.individual).to eq 'read_access_person_ssim'
44
+ expect(config.permissions.embargo.release_date).to eq 'embargo_release_date_dtsi'
45
+ expect(config.user_model).to eq 'User'
47
46
  end
48
47
 
49
48
  end
@@ -2,23 +2,21 @@ require 'spec_helper'
2
2
 
3
3
  describe Hydra::AccessControls::Embargoable do
4
4
 
5
- let(:model) {
6
- Class.new(ActiveFedora::Base) {
5
+ before do
6
+ class TestModel < ActiveFedora::Base
7
7
  def save(returning_value = true)
8
8
  valid? && run_callbacks(:save) && !!returning_value
9
9
  end
10
10
 
11
11
  include Hydra::AccessControls::Embargoable
12
- }
13
- }
12
+ end
13
+ end
14
+
15
+ after { Object.send(:remove_const, :TestModel) }
14
16
 
15
17
  let(:future_date) { Date.today+2 }
16
18
  let(:past_date) { Date.today-2 }
17
- let(:persistence) {
18
- subject.rightsMetadata
19
- }
20
-
21
- subject { model.new }
19
+ subject { TestModel.new }
22
20
 
23
21
  context 'validations' do
24
22
  subject { ModsAsset.new(lease_expiration_date: past_date, embargo_release_date: past_date) }
@@ -53,14 +51,14 @@ describe Hydra::AccessControls::Embargoable do
53
51
  }.to change { subject.visibility_changed? }.from(false).to(true)
54
52
  expect(subject).to be_under_embargo
55
53
  expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
56
- expect(subject.embargo_release_date).to eq future_date.to_time.utc
54
+ expect(subject.embargo_release_date).to eq future_date
57
55
  expect(subject.visibility_after_embargo).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
58
56
  end
59
57
  it "relies on default before/after visibility if none provided" do
60
58
  subject.apply_embargo(future_date.to_s)
61
59
  expect(subject).to be_under_embargo
62
60
  expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
63
- expect(subject.embargo_release_date).to eq future_date.to_time.utc
61
+ expect(subject.embargo_release_date).to eq future_date
64
62
  expect(subject.visibility_after_embargo).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
65
63
  end
66
64
  end
@@ -118,13 +116,13 @@ describe Hydra::AccessControls::Embargoable do
118
116
  expect(subject).to be_active_lease
119
117
  expect(subject).to be_visibility_changed
120
118
  expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
121
- expect(subject.lease_expiration_date).to eq future_date.to_time.utc
119
+ expect(subject.lease_expiration_date).to eq future_date
122
120
  expect(subject.visibility_after_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
123
121
  end
124
122
  it "relies on default before/after visibility if none provided" do
125
123
  subject.apply_lease(future_date.to_s)
126
124
  expect(subject.visibility_during_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
127
- expect(subject.lease_expiration_date).to eq future_date.to_time.utc
125
+ expect(subject.lease_expiration_date).to eq future_date
128
126
  expect(subject.visibility_after_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
129
127
  end
130
128
  end
@@ -142,7 +140,7 @@ describe Hydra::AccessControls::Embargoable do
142
140
  }.to change { subject.visibility_changed? }.from(false).to(true)
143
141
  expect(subject).to be_active_lease
144
142
  expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
145
- expect(subject.lease_expiration_date).to eq future_date.to_time.utc
143
+ expect(subject.lease_expiration_date).to eq future_date
146
144
  expect(subject.visibility_after_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
147
145
  end
148
146
  end
@@ -210,7 +208,7 @@ describe Hydra::AccessControls::Embargoable do
210
208
  end
211
209
  end
212
210
 
213
- context 'validate_embargo' do
211
+ context 'validate_visibility_complies_with_embargo' do
214
212
  before do
215
213
  subject.visibility_during_embargo = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
216
214
  subject.visibility_after_embargo = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
@@ -219,12 +217,12 @@ describe Hydra::AccessControls::Embargoable do
219
217
  it 'returns true if current visibility matches visibility_during_embargo' do
220
218
  subject.visibility = subject.visibility_during_embargo
221
219
  subject.embargo_release_date = future_date.to_s
222
- expect(subject.validate_embargo).to be true
220
+ expect(subject.validate_visibility_complies_with_embargo).to be true
223
221
  end
224
222
  it 'records a failures in record.errors[:embargo]' do
225
223
  subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
226
224
  subject.embargo_release_date = future_date.to_s
227
- expect(subject.validate_embargo).to be false
225
+ expect(subject.validate_visibility_complies_with_embargo).to be false
228
226
  expect(subject.errors[:embargo].first).to eq "An embargo is in effect for this object until #{subject.embargo_release_date}. Until that time the visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED}. Call embargo_visibility! on this object to repair."
229
227
  end
230
228
  end
@@ -232,12 +230,12 @@ describe Hydra::AccessControls::Embargoable do
232
230
  it 'returns true if current visibility matches visibility_after_embargo' do
233
231
  subject.visibility = subject.visibility_after_embargo
234
232
  subject.embargo_release_date = past_date.to_s
235
- expect(subject.validate_embargo).to be true
233
+ expect(subject.validate_visibility_complies_with_embargo).to be true
236
234
  end
237
235
  it '(embargo expired) records a failures in record.errors[:embargo]' do
238
236
  subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
239
237
  subject.embargo_release_date = past_date.to_s
240
- expect(subject.validate_embargo).to be false
238
+ expect(subject.validate_visibility_complies_with_embargo).to be false
241
239
  expect(subject.errors[:embargo].first).to eq "The embargo expired on #{subject.embargo_release_date}. The visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE}. Call embargo_visibility! on this object to repair."
242
240
  end
243
241
  end
@@ -286,7 +284,7 @@ describe Hydra::AccessControls::Embargoable do
286
284
  end
287
285
  end
288
286
 
289
- context 'validate_lease' do
287
+ context 'validate_visibility_complies_with_lease' do
290
288
  let(:future_date) { 2.days.from_now }
291
289
  let(:past_date) { 2.days.ago }
292
290
  before do
@@ -297,12 +295,12 @@ describe Hydra::AccessControls::Embargoable do
297
295
  it 'returns true if current visibility matches visibility_after_lease' do
298
296
  subject.visibility = subject.visibility_after_lease
299
297
  subject.lease_expiration_date = past_date.to_s
300
- expect(subject.validate_lease).to be true
298
+ expect(subject.validate_visibility_complies_with_lease).to be true
301
299
  end
302
300
  it 'records a failures in record.errors[:lease]' do
303
301
  subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
304
302
  subject.lease_expiration_date = past_date.to_s
305
- expect(subject.validate_lease).to be false
303
+ expect(subject.validate_visibility_complies_with_lease).to be false
306
304
  expect(subject.errors[:lease].first).to eq "The lease expired on #{subject.lease_expiration_date}. The visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC}. Call lease_visibility! on this object to repair."
307
305
  end
308
306
  end
@@ -310,12 +308,12 @@ describe Hydra::AccessControls::Embargoable do
310
308
  it 'returns true if current visibility matches visibility_during_embargo' do
311
309
  subject.visibility = subject.visibility_during_lease
312
310
  subject.lease_expiration_date = future_date.to_s
313
- expect(subject.validate_lease).to be true
311
+ expect(subject.validate_visibility_complies_with_lease).to be true
314
312
  end
315
313
  it 'records a failures in record.errors[:lease]' do
316
314
  subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
317
315
  subject.lease_expiration_date = future_date.to_s
318
- expect(subject.validate_lease).to be false
316
+ expect(subject.validate_visibility_complies_with_lease).to be false
319
317
  expect(subject.errors[:lease].first).to eq "A lease is in effect for this object until #{subject.lease_expiration_date}. Until that time the visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED}. Call lease_visibility! on this object to repair."
320
318
  end
321
319
  end
@@ -368,24 +366,24 @@ describe Hydra::AccessControls::Embargoable do
368
366
 
369
367
  it 'persists a date object' do
370
368
  subject.embargo_release_date = the_date
371
- expect(persistence.embargo_release_date.first).to be_kind_of DateTime
369
+ expect(subject.embargo_release_date).to be_kind_of DateTime
372
370
  end
373
371
 
374
372
  it 'persists a valid string' do
375
373
  subject.embargo_release_date = the_date.to_s
376
- expect(persistence.embargo_release_date.first).to be_kind_of DateTime
374
+ expect(subject.embargo_release_date).to be_kind_of DateTime
377
375
  end
378
376
 
379
377
  it 'raises an error on an empty string' do
380
378
  expect {
381
379
  subject.embargo_release_date = ''
382
- }.to raise_error OM::TypeMismatch
380
+ }.to raise_error(ArgumentError, "invalid date")
383
381
  end
384
382
 
385
383
  it 'does not persist an invalid string' do
386
384
  expect {
387
385
  subject.embargo_release_date = "Tim"
388
- }.to raise_error OM::TypeMismatch
386
+ }.to raise_error(ArgumentError, "invalid date")
389
387
  end
390
388
  end
391
389
 
@@ -1,28 +1,48 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Hydra::AccessControls::Permission do
4
- describe "hash-like key access" do
5
- let(:perm) { described_class.new(type: 'user', name: 'bob', access: 'read') }
6
- it "should return values" do
7
- perm[:type].should == 'user'
8
- perm[:name].should == 'bob'
9
- perm[:access].should == 'read'
4
+
5
+ describe "an initialized instance" do
6
+ let(:permission) { described_class.new(type: 'person', name: 'bob', access: 'read') }
7
+
8
+ it "should set predicates" do
9
+ expect(permission.agent.first.rdf_subject).to eq ::RDF::URI.new('http://projecthydra.org/ns/auth/person#bob')
10
+ expect(permission.mode.first.rdf_subject).to eq ACL.Read
11
+ end
12
+
13
+ describe "#to_hash" do
14
+ subject { permission.to_hash }
15
+ it { should eq(type: 'person', name: 'bob', access: 'read') }
16
+ end
17
+
18
+ describe "#agent_name" do
19
+ subject { permission.agent_name }
20
+ it { should eq 'bob' }
21
+ end
22
+
23
+ describe "#access" do
24
+ subject { permission.access }
25
+ it { should eq 'read' }
26
+ end
27
+
28
+ describe "#type" do
29
+ subject { permission.type }
30
+ it { should eq 'person' }
10
31
  end
11
32
  end
12
- describe "#to_hash" do
13
- subject { described_class.new(type: 'user', name: 'bob', access: 'read') }
14
- its(:to_hash) { should == {type: 'user', name: 'bob', access: 'read'} }
15
- end
33
+
16
34
  describe "equality comparison" do
17
- let(:perm1) { described_class.new(type: 'user', name: 'bob', access: 'read') }
18
- let(:perm2) { described_class.new(type: 'user', name: 'bob', access: 'read') }
19
- let(:perm3) { described_class.new(type: 'user', name: 'jane', access: 'read') }
35
+ let(:perm1) { described_class.new(type: 'person', name: 'bob', access: 'read') }
36
+ let(:perm2) { described_class.new(type: 'person', name: 'bob', access: 'read') }
37
+ let(:perm3) { described_class.new(type: 'person', name: 'jane', access: 'read') }
38
+
20
39
  it "should be equal if all values are equal" do
21
- perm1.should == perm2
40
+ expect(perm1).to eq perm2
22
41
  end
42
+
23
43
  it "should be unequal if some values are unequal" do
24
- perm1.should_not == perm3
25
- perm2.should_not == perm3
44
+ expect(perm1).to_not eq perm3
45
+ expect(perm2).to_not eq perm3
26
46
  end
27
47
  end
28
48
  end