hydra-access-controls 8.2.0 → 9.0.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.textile +10 -10
- data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
- data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
- data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
- data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
- data/app/models/concerns/hydra/access_controls.rb +0 -1
- data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
- data/app/models/concerns/hydra/rights.rb +15 -0
- data/app/models/hydra/access_controls/access_control_list.rb +17 -0
- data/app/models/hydra/access_controls/embargo.rb +65 -0
- data/app/models/hydra/access_controls/lease.rb +66 -0
- data/app/models/hydra/access_controls/permission.rb +85 -0
- data/app/vocabularies/acl.rb +12 -0
- data/app/vocabularies/hydra/acl.rb +20 -0
- data/config/fedora.yml +4 -2
- data/hydra-access-controls.gemspec +6 -7
- data/lib/hydra/ability.rb +45 -43
- data/lib/hydra/access_controls_enforcement.rb +23 -25
- data/lib/hydra/admin_policy.rb +34 -11
- data/lib/hydra/config.rb +4 -15
- data/lib/hydra/permissions_query.rb +2 -2
- data/lib/hydra/permissions_solr_document.rb +4 -6
- data/lib/hydra/policy_aware_ability.rb +56 -53
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
- data/lib/hydra-access-controls.rb +1 -1
- data/spec/factories.rb +15 -15
- data/spec/services/embargo_service_spec.rb +6 -6
- data/spec/services/lease_service_spec.rb +6 -6
- data/spec/spec_helper.rb +20 -13
- data/spec/support/mods_asset.rb +3 -3
- data/spec/unit/ability_spec.rb +96 -121
- data/spec/unit/access_controls_enforcement_spec.rb +29 -27
- data/spec/unit/access_right_spec.rb +6 -1
- data/spec/unit/accessible_by_spec.rb +14 -5
- data/spec/unit/admin_policy_spec.rb +99 -92
- data/spec/unit/config_spec.rb +14 -15
- data/spec/unit/embargoable_spec.rb +26 -28
- data/spec/unit/permission_spec.rb +36 -16
- data/spec/unit/permissions_spec.rb +121 -65
- data/spec/unit/policy_aware_ability_spec.rb +64 -78
- data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
- data/spec/unit/role_mapper_spec.rb +10 -10
- data/spec/unit/with_access_right_spec.rb +1 -1
- metadata +29 -51
- data/lib/hydra/access_controls/permission.rb +0 -40
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
- data/lib/hydra/datastream/rights_metadata.rb +0 -276
- data/lib/hydra/datastream.rb +0 -7
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
- data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
@@ -1,104 +1,101 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Hydra::AdminPolicy do
|
4
|
-
its(:defaultRights) { should be_kind_of Hydra::Datastream::InheritableRightsMetadata}
|
5
|
-
its(:rightsMetadata) { should be_kind_of Hydra::Datastream::RightsMetadata}
|
6
|
-
its(:descMetadata) { should be_kind_of ActiveFedora::QualifiedDublinCoreDatastream}
|
7
4
|
|
8
5
|
describe "when setting attributes" do
|
9
6
|
before do
|
10
|
-
subject.title = "My title"
|
11
|
-
subject.description = "My description"
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
end
|
16
|
-
its(:title) { should == "My title"}
|
17
|
-
its(:description) { should == "My description"}
|
18
|
-
its(:license_title) { should == "My license"}
|
19
|
-
its(:license_description) { should == "My license desc"}
|
20
|
-
its(:license_url) { should == "My url"}
|
7
|
+
subject.title = "My title"
|
8
|
+
subject.description = "My description"
|
9
|
+
end
|
10
|
+
its(:title) { is_expected.to eq "My title"}
|
11
|
+
its(:description) { is_expected.to eq "My description"}
|
21
12
|
end
|
22
|
-
|
13
|
+
|
23
14
|
|
24
15
|
describe "to_solr" do
|
25
16
|
subject { Hydra::AdminPolicy.new(:title=>"Foobar").to_solr }
|
26
17
|
it "should have title_ssim" do
|
27
|
-
subject[ActiveFedora::
|
18
|
+
expect(subject[ActiveFedora::SolrQueryBuilder.solr_name('title', type: :string)]).to eq ["Foobar"]
|
28
19
|
end
|
29
20
|
end
|
30
21
|
|
31
22
|
describe "updating default permissions" do
|
32
23
|
it "should create new group permissions" do
|
33
|
-
subject.default_permissions
|
34
|
-
subject.default_permissions.
|
24
|
+
subject.default_permissions.build({:name=>'group1', :access=>'discover', :type=>'group'})
|
25
|
+
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'group', :access=>'discover', :name=>'group1'}]
|
35
26
|
end
|
36
27
|
it "should create new user permissions" do
|
37
|
-
subject.default_permissions
|
38
|
-
subject.default_permissions.
|
28
|
+
subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
|
29
|
+
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'}]
|
39
30
|
end
|
40
31
|
it "should not replace existing groups" do
|
41
|
-
subject.default_permissions
|
42
|
-
subject.default_permissions
|
43
|
-
subject.default_permissions.
|
32
|
+
subject.default_permissions.build({:name=>'group1', :access=>'discover', :type=>'group'})
|
33
|
+
subject.default_permissions.build({:name=>'group2', :access=>'discover', :type=>'group'})
|
34
|
+
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'group', :access=>'discover', :name=>'group1'},
|
44
35
|
{:type=>'group', :access=>'discover', :name=>'group2'}]
|
45
36
|
end
|
46
37
|
it "should not replace existing users" do
|
47
|
-
subject.default_permissions
|
48
|
-
subject.default_permissions
|
49
|
-
subject.default_permissions.
|
50
|
-
{:type=>'
|
38
|
+
subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
|
39
|
+
subject.default_permissions.build({:name=>'user2', :access=>'discover', :type=>'person'})
|
40
|
+
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'},
|
41
|
+
{:type=>'person', :access=>'discover', :name=>'user2'}]
|
51
42
|
end
|
52
43
|
it "should update permissions on existing users" do
|
53
|
-
subject.default_permissions
|
54
|
-
subject.default_permissions =
|
55
|
-
subject.default_permissions.
|
44
|
+
subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
|
45
|
+
subject.default_permissions.first.mode = ::ACL.Write
|
46
|
+
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'edit', :name=>'user1'}]
|
56
47
|
end
|
57
48
|
it "should update permissions on existing groups" do
|
58
|
-
subject.default_permissions
|
59
|
-
subject.default_permissions =
|
60
|
-
subject.default_permissions.
|
49
|
+
subject.default_permissions.build({:name=>'group1', :access=>'discover', :type=>'group'})
|
50
|
+
subject.default_permissions.first.mode = ::ACL.Write
|
51
|
+
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'group', :access=>'edit', :name=>'group1'}]
|
61
52
|
end
|
62
53
|
it "should assign user permissions when :type == 'person'" do
|
63
|
-
subject.default_permissions
|
64
|
-
subject.default_permissions.
|
54
|
+
subject.default_permissions.build({:name=>'user1', :access=>'discover', :type=>'person'})
|
55
|
+
expect(subject.default_permissions.map(&:to_hash)).to eq [{:type=>'person', :access=>'discover', :name=>'user1'}]
|
65
56
|
end
|
66
57
|
it "should raise an ArgumentError when the :type hashkey is invalid" do
|
67
|
-
expect{subject.default_permissions
|
58
|
+
expect { subject.default_permissions.build({:name=>'user1', :access=>'read', :type=>'foo'}) }.to raise_error(ArgumentError, 'Unknown agent type "foo"')
|
68
59
|
end
|
69
60
|
end
|
70
|
-
|
61
|
+
|
71
62
|
describe "Inheritable rights" do
|
72
63
|
before do
|
73
64
|
@policy = Hydra::AdminPolicy.new
|
74
|
-
@policy.default_permissions
|
75
|
-
|
76
|
-
|
77
|
-
|
65
|
+
@policy.default_permissions.build([
|
66
|
+
{:name=>"africana-faculty", :access=>"edit", :type=>"group"},
|
67
|
+
{:name=>"cool-kids", :access=>"edit", :type=>"group"},
|
68
|
+
{:name=>"julius_caesar", :access=>"edit", :type=>"person"},
|
69
|
+
{:name=>"slightlycoolkids", :access=>"read", :type=>"group"},
|
70
|
+
{:name=>"nero", :access=>"read", :type=>"person"},
|
71
|
+
{:name=>"posers", :access=>"discover", :type=>"group"},
|
72
|
+
{:name=>"constantine", :access=>"discover", :type=>"person"}
|
73
|
+
])
|
74
|
+
@policy.build_default_embargo.embargo_release_date = "2102-10-01"
|
78
75
|
end
|
79
76
|
|
80
77
|
describe "to_solr" do
|
81
|
-
subject {@policy.to_solr}
|
82
|
-
|
83
|
-
|
84
|
-
subject.
|
85
|
-
subject.
|
86
|
-
subject.
|
87
|
-
subject.
|
88
|
-
subject.
|
89
|
-
subject.
|
78
|
+
subject { @policy.to_solr }
|
79
|
+
|
80
|
+
it "should not affect normal solr permissions fields" do
|
81
|
+
expect(subject).to_not have_key Hydra.config.permissions.discover.group
|
82
|
+
expect(subject).to_not have_key Hydra.config.permissions.discover.individual
|
83
|
+
expect(subject).to_not have_key Hydra.config.permissions.read.group
|
84
|
+
expect(subject).to_not have_key Hydra.config.permissions.read.individual
|
85
|
+
expect(subject).to_not have_key Hydra.config.permissions.edit.group
|
86
|
+
expect(subject).to_not have_key Hydra.config.permissions.edit.individual
|
87
|
+
expect(subject).to_not have_key Hydra.config.permissions.embargo.release_date
|
90
88
|
end
|
89
|
+
|
91
90
|
it "should provide prefixed/inherited solr permissions fields" do
|
92
|
-
subject[Hydra.config
|
93
|
-
subject[Hydra.config
|
94
|
-
subject[Hydra.config
|
95
|
-
subject[Hydra.config
|
96
|
-
|
97
|
-
|
98
|
-
subject[
|
99
|
-
|
100
|
-
subject[Hydra.config[:permissions][:inheritable][:edit][:individual] ].should == ["julius_caesar"]
|
101
|
-
expect(subject[Hydra.config[:permissions][:inheritable][:embargo_release_date] ]).to eq Date.parse("2102-10-01").to_time.utc.iso8601
|
91
|
+
expect(subject[Hydra.config.permissions.inheritable.discover.group]).to eq ["posers"]
|
92
|
+
expect(subject[Hydra.config.permissions.inheritable.discover.individual]).to eq ["constantine"]
|
93
|
+
expect(subject[Hydra.config.permissions.inheritable.read.group]).to eq ["slightlycoolkids"]
|
94
|
+
expect(subject[Hydra.config.permissions.inheritable.read.individual]).to eq ["nero"]
|
95
|
+
expect(subject[Hydra.config.permissions.inheritable.edit.group]).to match_array ["africana-faculty", "cool-kids"]
|
96
|
+
|
97
|
+
expect(subject[Hydra.config.permissions.inheritable.edit.individual]).to eq ["julius_caesar"]
|
98
|
+
expect(subject[Hydra.config.permissions.inheritable.embargo.release_date]).to eq DateTime.parse("2102-10-01").to_time.utc.iso8601
|
102
99
|
end
|
103
100
|
end
|
104
101
|
|
@@ -110,8 +107,9 @@ describe Hydra::AdminPolicy do
|
|
110
107
|
describe "When accessing assets with Policies associated" do
|
111
108
|
before do
|
112
109
|
@user = FactoryGirl.build(:martia_morocco)
|
113
|
-
RoleMapper.
|
110
|
+
allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
|
114
111
|
end
|
112
|
+
|
115
113
|
before(:all) do
|
116
114
|
class TestAbility
|
117
115
|
include Hydra::PolicyAwareAbility
|
@@ -121,54 +119,60 @@ describe Hydra::AdminPolicy do
|
|
121
119
|
after(:all) do
|
122
120
|
Object.send(:remove_const, :TestAbility)
|
123
121
|
end
|
122
|
+
|
124
123
|
subject { TestAbility.new(@user) }
|
124
|
+
|
125
125
|
context "Given a policy grants read access to a group I belong to" do
|
126
126
|
before do
|
127
127
|
@policy = Hydra::AdminPolicy.new
|
128
|
-
@policy.default_permissions
|
128
|
+
@policy.default_permissions.build({:type=>"group", :access=>"read", :name=>"africana-faculty"})
|
129
129
|
@policy.save
|
130
130
|
end
|
131
|
-
|
131
|
+
|
132
132
|
context "And a subscribing asset does not grant access" do
|
133
133
|
before do
|
134
134
|
@asset = ModsAsset.new()
|
135
135
|
@asset.admin_policy = @policy
|
136
136
|
@asset.save
|
137
137
|
end
|
138
|
-
|
138
|
+
|
139
139
|
it "Then I should be able to view the asset" do
|
140
|
-
subject.can?(:read, @asset).
|
140
|
+
expect(subject.can?(:read, @asset)).to be true
|
141
141
|
end
|
142
|
+
|
142
143
|
it "Then I should not be able to edit, update and destroy the asset" do
|
143
|
-
subject.can?(:edit, @asset).
|
144
|
-
subject.can?(:update, @asset).
|
145
|
-
subject.can?(:destroy, @asset).
|
144
|
+
expect(subject.can?(:edit, @asset)).to be false
|
145
|
+
expect(subject.can?(:update, @asset)).to be false
|
146
|
+
expect(subject.can?(:destroy, @asset)).to be false
|
146
147
|
end
|
147
148
|
end
|
148
149
|
end
|
150
|
+
|
149
151
|
context "Given a policy grants edit access to a group I belong to" do
|
150
152
|
before do
|
151
153
|
@policy = Hydra::AdminPolicy.new
|
152
|
-
@policy.default_permissions
|
154
|
+
@policy.default_permissions.build({:type=>"group", :access=>"edit", :name=>"africana-faculty"})
|
153
155
|
@policy.save
|
154
156
|
end
|
155
|
-
|
157
|
+
|
156
158
|
context "And a subscribing asset does not grant access" do
|
157
159
|
before do
|
158
160
|
@asset = ModsAsset.new()
|
159
161
|
@asset.admin_policy = @policy
|
160
162
|
@asset.save
|
161
163
|
end
|
162
|
-
|
164
|
+
|
163
165
|
it "Then I should be able to view the asset" do
|
164
|
-
subject.can?(:read, @asset).
|
166
|
+
expect(subject.can?(:read, @asset)).to be true
|
165
167
|
end
|
168
|
+
|
166
169
|
it "Then I should be able to edit/update/destroy the asset" do
|
167
|
-
subject.can?(:edit, @asset).
|
168
|
-
subject.can?(:update, @asset).
|
169
|
-
subject.can?(:destroy, @asset).
|
170
|
+
expect(subject.can?(:edit, @asset)).to be true
|
171
|
+
expect(subject.can?(:update, @asset)).to be true
|
172
|
+
expect(subject.can?(:destroy, @asset)).to be true
|
170
173
|
end
|
171
174
|
end
|
175
|
+
|
172
176
|
context "And a subscribing asset grants read access to me as an individual" do
|
173
177
|
before do
|
174
178
|
@asset = ModsAsset.new()
|
@@ -176,14 +180,15 @@ describe Hydra::AdminPolicy do
|
|
176
180
|
@asset.admin_policy = @policy
|
177
181
|
@asset.save
|
178
182
|
end
|
179
|
-
|
183
|
+
|
180
184
|
it "Then I should be able to view the asset" do
|
181
|
-
subject.can?(:read, @asset).
|
185
|
+
expect(subject.can?(:read, @asset)).to be true
|
182
186
|
end
|
187
|
+
|
183
188
|
it "Then I should be able to edit/update/destroy the asset" do
|
184
|
-
subject.can?(:edit, @asset).
|
185
|
-
subject.can?(:update, @asset).
|
186
|
-
subject.can?(:destroy, @asset).
|
189
|
+
expect(subject.can?(:edit, @asset)).to be true
|
190
|
+
expect(subject.can?(:update, @asset)).to be true
|
191
|
+
expect(subject.can?(:destroy, @asset)).to be true
|
187
192
|
end
|
188
193
|
end
|
189
194
|
end
|
@@ -193,23 +198,25 @@ describe Hydra::AdminPolicy do
|
|
193
198
|
@policy = Hydra::AdminPolicy.new
|
194
199
|
@policy.save
|
195
200
|
end
|
196
|
-
|
201
|
+
|
197
202
|
context "And a subscribing asset does not grant access" do
|
198
203
|
before do
|
199
204
|
@asset = ModsAsset.new()
|
200
205
|
@asset.admin_policy = @policy
|
201
206
|
@asset.save
|
202
207
|
end
|
203
|
-
|
208
|
+
|
204
209
|
it "Then I should not be able to view the asset" do
|
205
|
-
subject.can?(:read, @asset).
|
210
|
+
expect(subject.can?(:read, @asset)).to be false
|
206
211
|
end
|
212
|
+
|
207
213
|
it "Then I should not be able to edit/update/destroy the asset" do
|
208
|
-
subject.can?(:edit, @asset).
|
209
|
-
subject.can?(:update, @asset).
|
210
|
-
subject.can?(:destroy, @asset).
|
214
|
+
expect(subject.can?(:edit, @asset)).to be false
|
215
|
+
expect(subject.can?(:update, @asset)).to be false
|
216
|
+
expect(subject.can?(:destroy, @asset)).to be false
|
211
217
|
end
|
212
218
|
end
|
219
|
+
|
213
220
|
context "And a subscribing asset grants read access to me as an individual" do
|
214
221
|
before do
|
215
222
|
@asset = ModsAsset.new()
|
@@ -217,17 +224,17 @@ describe Hydra::AdminPolicy do
|
|
217
224
|
@asset.admin_policy = @policy
|
218
225
|
@asset.save
|
219
226
|
end
|
220
|
-
|
227
|
+
|
221
228
|
it "Then I should be able to view the asset" do
|
222
|
-
subject.can?(:read, @asset).
|
229
|
+
expect(subject.can?(:read, @asset)).to be true
|
223
230
|
end
|
231
|
+
|
224
232
|
it "Then I should not be able to edit/update/destroy the asset" do
|
225
|
-
subject.can?(:edit, @asset).
|
226
|
-
subject.can?(:update, @asset).
|
227
|
-
subject.can?(:destroy, @asset).
|
233
|
+
expect(subject.can?(:edit, @asset)).to be false
|
234
|
+
expect(subject.can?(:update, @asset)).to be false
|
235
|
+
expect(subject.can?(:destroy, @asset)).to be false
|
228
236
|
end
|
229
237
|
end
|
230
238
|
end
|
231
239
|
end
|
232
|
-
|
233
240
|
end
|
data/spec/unit/config_spec.rb
CHANGED
@@ -6,44 +6,43 @@ describe Hydra::Config do
|
|
6
6
|
# You only need to change these values if you've indexed permissions by some means other than the Hydra's built-in tooling.
|
7
7
|
# If you change these, you must also update the permissions request handler in your solrconfig.xml to return those values
|
8
8
|
config[:permissions] = {
|
9
|
-
:discover => {:group =>ActiveFedora::
|
10
|
-
:read => {:group =>ActiveFedora::
|
11
|
-
:edit => {:group =>ActiveFedora::
|
12
|
-
:owner => ActiveFedora::
|
13
|
-
:embargo_release_date => ActiveFedora::SolrService.solr_name("embargo_release_date", Solrizer::Descriptor.new(:date, :stored, :indexed))
|
9
|
+
:discover => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("discover_access_group", :symbol), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("discover_access_person", :symbol)},
|
10
|
+
:read => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("read_access_group", :symbol), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("read_access_person", :symbol)},
|
11
|
+
:edit => {:group =>ActiveFedora::SolrQueryBuilder.solr_name("edit_access_group", :symbol), :individual=>ActiveFedora::SolrQueryBuilder.solr_name("edit_access_person", :symbol)},
|
12
|
+
:owner => ActiveFedora::SolrQueryBuilder.solr_name("depositor", :symbol),
|
14
13
|
}
|
14
|
+
config.permissions.embargo.release_date = ActiveFedora::SolrQueryBuilder.solr_name("embargo_release_date", Solrizer::Descriptor.new(:date, :stored, :indexed))
|
15
15
|
|
16
16
|
# specify the user model
|
17
17
|
config[:user_model] = 'User'
|
18
18
|
|
19
|
-
config[:permissions][:edit][:individual].
|
19
|
+
expect(config[:permissions][:edit][:individual]).to eq 'edit_access_person_ssim'
|
20
20
|
end
|
21
21
|
|
22
22
|
it "should accept a struct based config" do
|
23
23
|
# This specifies the solr field names of permissions-related fields.
|
24
24
|
# You only need to change these values if you've indexed permissions by some means other than the Hydra's built-in tooling.
|
25
25
|
# If you change these, you must also update the permissions request handler in your solrconfig.xml to return those values
|
26
|
-
config.permissions.discover.group = ActiveFedora::
|
26
|
+
config.permissions.discover.group = ActiveFedora::SolrQueryBuilder.solr_name("discover_access_group", :symbol)
|
27
27
|
|
28
28
|
# specify the user model
|
29
29
|
config.user_model = 'User'
|
30
30
|
|
31
|
-
config.permissions.discover.group.
|
32
|
-
config.user_model.
|
31
|
+
expect(config.permissions.discover.group).to eq 'discover_access_group_ssim'
|
32
|
+
expect(config.user_model).to eq 'User'
|
33
33
|
end
|
34
34
|
|
35
35
|
it "should have inheritable attributes" do
|
36
|
-
config[:permissions][:inheritable][:edit][:individual].
|
36
|
+
expect(config[:permissions][:inheritable][:edit][:individual]).to eq 'inheritable_edit_access_person_ssim'
|
37
37
|
end
|
38
38
|
it "should have a nil policy_class" do
|
39
|
-
config[:permissions][:policy_class].
|
39
|
+
expect(config[:permissions][:policy_class]).to be_nil
|
40
40
|
end
|
41
41
|
|
42
42
|
it "should have defaults" do
|
43
|
-
config.permissions.read.individual.
|
44
|
-
config.permissions.
|
45
|
-
config.
|
46
|
-
config.user_model.should == 'User'
|
43
|
+
expect(config.permissions.read.individual).to eq 'read_access_person_ssim'
|
44
|
+
expect(config.permissions.embargo.release_date).to eq 'embargo_release_date_dtsi'
|
45
|
+
expect(config.user_model).to eq 'User'
|
47
46
|
end
|
48
47
|
|
49
48
|
end
|
@@ -2,23 +2,21 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Hydra::AccessControls::Embargoable do
|
4
4
|
|
5
|
-
|
6
|
-
|
5
|
+
before do
|
6
|
+
class TestModel < ActiveFedora::Base
|
7
7
|
def save(returning_value = true)
|
8
8
|
valid? && run_callbacks(:save) && !!returning_value
|
9
9
|
end
|
10
10
|
|
11
11
|
include Hydra::AccessControls::Embargoable
|
12
|
-
|
13
|
-
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
after { Object.send(:remove_const, :TestModel) }
|
14
16
|
|
15
17
|
let(:future_date) { Date.today+2 }
|
16
18
|
let(:past_date) { Date.today-2 }
|
17
|
-
|
18
|
-
subject.rightsMetadata
|
19
|
-
}
|
20
|
-
|
21
|
-
subject { model.new }
|
19
|
+
subject { TestModel.new }
|
22
20
|
|
23
21
|
context 'validations' do
|
24
22
|
subject { ModsAsset.new(lease_expiration_date: past_date, embargo_release_date: past_date) }
|
@@ -53,14 +51,14 @@ describe Hydra::AccessControls::Embargoable do
|
|
53
51
|
}.to change { subject.visibility_changed? }.from(false).to(true)
|
54
52
|
expect(subject).to be_under_embargo
|
55
53
|
expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
|
56
|
-
expect(subject.embargo_release_date).to eq future_date
|
54
|
+
expect(subject.embargo_release_date).to eq future_date
|
57
55
|
expect(subject.visibility_after_embargo).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
58
56
|
end
|
59
57
|
it "relies on default before/after visibility if none provided" do
|
60
58
|
subject.apply_embargo(future_date.to_s)
|
61
59
|
expect(subject).to be_under_embargo
|
62
60
|
expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
|
63
|
-
expect(subject.embargo_release_date).to eq future_date
|
61
|
+
expect(subject.embargo_release_date).to eq future_date
|
64
62
|
expect(subject.visibility_after_embargo).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
|
65
63
|
end
|
66
64
|
end
|
@@ -118,13 +116,13 @@ describe Hydra::AccessControls::Embargoable do
|
|
118
116
|
expect(subject).to be_active_lease
|
119
117
|
expect(subject).to be_visibility_changed
|
120
118
|
expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
121
|
-
expect(subject.lease_expiration_date).to eq future_date
|
119
|
+
expect(subject.lease_expiration_date).to eq future_date
|
122
120
|
expect(subject.visibility_after_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
|
123
121
|
end
|
124
122
|
it "relies on default before/after visibility if none provided" do
|
125
123
|
subject.apply_lease(future_date.to_s)
|
126
124
|
expect(subject.visibility_during_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
|
127
|
-
expect(subject.lease_expiration_date).to eq future_date
|
125
|
+
expect(subject.lease_expiration_date).to eq future_date
|
128
126
|
expect(subject.visibility_after_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
|
129
127
|
end
|
130
128
|
end
|
@@ -142,7 +140,7 @@ describe Hydra::AccessControls::Embargoable do
|
|
142
140
|
}.to change { subject.visibility_changed? }.from(false).to(true)
|
143
141
|
expect(subject).to be_active_lease
|
144
142
|
expect(subject.visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
145
|
-
expect(subject.lease_expiration_date).to eq future_date
|
143
|
+
expect(subject.lease_expiration_date).to eq future_date
|
146
144
|
expect(subject.visibility_after_lease).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
|
147
145
|
end
|
148
146
|
end
|
@@ -210,7 +208,7 @@ describe Hydra::AccessControls::Embargoable do
|
|
210
208
|
end
|
211
209
|
end
|
212
210
|
|
213
|
-
context '
|
211
|
+
context 'validate_visibility_complies_with_embargo' do
|
214
212
|
before do
|
215
213
|
subject.visibility_during_embargo = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
|
216
214
|
subject.visibility_after_embargo = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
@@ -219,12 +217,12 @@ describe Hydra::AccessControls::Embargoable do
|
|
219
217
|
it 'returns true if current visibility matches visibility_during_embargo' do
|
220
218
|
subject.visibility = subject.visibility_during_embargo
|
221
219
|
subject.embargo_release_date = future_date.to_s
|
222
|
-
expect(subject.
|
220
|
+
expect(subject.validate_visibility_complies_with_embargo).to be true
|
223
221
|
end
|
224
222
|
it 'records a failures in record.errors[:embargo]' do
|
225
223
|
subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
|
226
224
|
subject.embargo_release_date = future_date.to_s
|
227
|
-
expect(subject.
|
225
|
+
expect(subject.validate_visibility_complies_with_embargo).to be false
|
228
226
|
expect(subject.errors[:embargo].first).to eq "An embargo is in effect for this object until #{subject.embargo_release_date}. Until that time the visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED}. Call embargo_visibility! on this object to repair."
|
229
227
|
end
|
230
228
|
end
|
@@ -232,12 +230,12 @@ describe Hydra::AccessControls::Embargoable do
|
|
232
230
|
it 'returns true if current visibility matches visibility_after_embargo' do
|
233
231
|
subject.visibility = subject.visibility_after_embargo
|
234
232
|
subject.embargo_release_date = past_date.to_s
|
235
|
-
expect(subject.
|
233
|
+
expect(subject.validate_visibility_complies_with_embargo).to be true
|
236
234
|
end
|
237
235
|
it '(embargo expired) records a failures in record.errors[:embargo]' do
|
238
236
|
subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
|
239
237
|
subject.embargo_release_date = past_date.to_s
|
240
|
-
expect(subject.
|
238
|
+
expect(subject.validate_visibility_complies_with_embargo).to be false
|
241
239
|
expect(subject.errors[:embargo].first).to eq "The embargo expired on #{subject.embargo_release_date}. The visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE}. Call embargo_visibility! on this object to repair."
|
242
240
|
end
|
243
241
|
end
|
@@ -286,7 +284,7 @@ describe Hydra::AccessControls::Embargoable do
|
|
286
284
|
end
|
287
285
|
end
|
288
286
|
|
289
|
-
context '
|
287
|
+
context 'validate_visibility_complies_with_lease' do
|
290
288
|
let(:future_date) { 2.days.from_now }
|
291
289
|
let(:past_date) { 2.days.ago }
|
292
290
|
before do
|
@@ -297,12 +295,12 @@ describe Hydra::AccessControls::Embargoable do
|
|
297
295
|
it 'returns true if current visibility matches visibility_after_lease' do
|
298
296
|
subject.visibility = subject.visibility_after_lease
|
299
297
|
subject.lease_expiration_date = past_date.to_s
|
300
|
-
expect(subject.
|
298
|
+
expect(subject.validate_visibility_complies_with_lease).to be true
|
301
299
|
end
|
302
300
|
it 'records a failures in record.errors[:lease]' do
|
303
301
|
subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
304
302
|
subject.lease_expiration_date = past_date.to_s
|
305
|
-
expect(subject.
|
303
|
+
expect(subject.validate_visibility_complies_with_lease).to be false
|
306
304
|
expect(subject.errors[:lease].first).to eq "The lease expired on #{subject.lease_expiration_date}. The visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC}. Call lease_visibility! on this object to repair."
|
307
305
|
end
|
308
306
|
end
|
@@ -310,12 +308,12 @@ describe Hydra::AccessControls::Embargoable do
|
|
310
308
|
it 'returns true if current visibility matches visibility_during_embargo' do
|
311
309
|
subject.visibility = subject.visibility_during_lease
|
312
310
|
subject.lease_expiration_date = future_date.to_s
|
313
|
-
expect(subject.
|
311
|
+
expect(subject.validate_visibility_complies_with_lease).to be true
|
314
312
|
end
|
315
313
|
it 'records a failures in record.errors[:lease]' do
|
316
314
|
subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED
|
317
315
|
subject.lease_expiration_date = future_date.to_s
|
318
|
-
expect(subject.
|
316
|
+
expect(subject.validate_visibility_complies_with_lease).to be false
|
319
317
|
expect(subject.errors[:lease].first).to eq "A lease is in effect for this object until #{subject.lease_expiration_date}. Until that time the visibility should be #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC} but it is currently #{Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED}. Call lease_visibility! on this object to repair."
|
320
318
|
end
|
321
319
|
end
|
@@ -368,24 +366,24 @@ describe Hydra::AccessControls::Embargoable do
|
|
368
366
|
|
369
367
|
it 'persists a date object' do
|
370
368
|
subject.embargo_release_date = the_date
|
371
|
-
expect(
|
369
|
+
expect(subject.embargo_release_date).to be_kind_of DateTime
|
372
370
|
end
|
373
371
|
|
374
372
|
it 'persists a valid string' do
|
375
373
|
subject.embargo_release_date = the_date.to_s
|
376
|
-
expect(
|
374
|
+
expect(subject.embargo_release_date).to be_kind_of DateTime
|
377
375
|
end
|
378
376
|
|
379
377
|
it 'raises an error on an empty string' do
|
380
378
|
expect {
|
381
379
|
subject.embargo_release_date = ''
|
382
|
-
}.to raise_error
|
380
|
+
}.to raise_error(ArgumentError, "invalid date")
|
383
381
|
end
|
384
382
|
|
385
383
|
it 'does not persist an invalid string' do
|
386
384
|
expect {
|
387
385
|
subject.embargo_release_date = "Tim"
|
388
|
-
}.to raise_error
|
386
|
+
}.to raise_error(ArgumentError, "invalid date")
|
389
387
|
end
|
390
388
|
end
|
391
389
|
|
@@ -1,28 +1,48 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Hydra::AccessControls::Permission do
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
4
|
+
|
5
|
+
describe "an initialized instance" do
|
6
|
+
let(:permission) { described_class.new(type: 'person', name: 'bob', access: 'read') }
|
7
|
+
|
8
|
+
it "should set predicates" do
|
9
|
+
expect(permission.agent.first.rdf_subject).to eq ::RDF::URI.new('http://projecthydra.org/ns/auth/person#bob')
|
10
|
+
expect(permission.mode.first.rdf_subject).to eq ACL.Read
|
11
|
+
end
|
12
|
+
|
13
|
+
describe "#to_hash" do
|
14
|
+
subject { permission.to_hash }
|
15
|
+
it { should eq(type: 'person', name: 'bob', access: 'read') }
|
16
|
+
end
|
17
|
+
|
18
|
+
describe "#agent_name" do
|
19
|
+
subject { permission.agent_name }
|
20
|
+
it { should eq 'bob' }
|
21
|
+
end
|
22
|
+
|
23
|
+
describe "#access" do
|
24
|
+
subject { permission.access }
|
25
|
+
it { should eq 'read' }
|
26
|
+
end
|
27
|
+
|
28
|
+
describe "#type" do
|
29
|
+
subject { permission.type }
|
30
|
+
it { should eq 'person' }
|
10
31
|
end
|
11
32
|
end
|
12
|
-
|
13
|
-
subject { described_class.new(type: 'user', name: 'bob', access: 'read') }
|
14
|
-
its(:to_hash) { should == {type: 'user', name: 'bob', access: 'read'} }
|
15
|
-
end
|
33
|
+
|
16
34
|
describe "equality comparison" do
|
17
|
-
let(:perm1) { described_class.new(type: '
|
18
|
-
let(:perm2) { described_class.new(type: '
|
19
|
-
let(:perm3) { described_class.new(type: '
|
35
|
+
let(:perm1) { described_class.new(type: 'person', name: 'bob', access: 'read') }
|
36
|
+
let(:perm2) { described_class.new(type: 'person', name: 'bob', access: 'read') }
|
37
|
+
let(:perm3) { described_class.new(type: 'person', name: 'jane', access: 'read') }
|
38
|
+
|
20
39
|
it "should be equal if all values are equal" do
|
21
|
-
perm1.
|
40
|
+
expect(perm1).to eq perm2
|
22
41
|
end
|
42
|
+
|
23
43
|
it "should be unequal if some values are unequal" do
|
24
|
-
perm1.
|
25
|
-
perm2.
|
44
|
+
expect(perm1).to_not eq perm3
|
45
|
+
expect(perm2).to_not eq perm3
|
26
46
|
end
|
27
47
|
end
|
28
48
|
end
|