hydra-access-controls 8.2.0 → 9.0.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.textile +10 -10
- data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
- data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
- data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
- data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
- data/app/models/concerns/hydra/access_controls.rb +0 -1
- data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
- data/app/models/concerns/hydra/rights.rb +15 -0
- data/app/models/hydra/access_controls/access_control_list.rb +17 -0
- data/app/models/hydra/access_controls/embargo.rb +65 -0
- data/app/models/hydra/access_controls/lease.rb +66 -0
- data/app/models/hydra/access_controls/permission.rb +85 -0
- data/app/vocabularies/acl.rb +12 -0
- data/app/vocabularies/hydra/acl.rb +20 -0
- data/config/fedora.yml +4 -2
- data/hydra-access-controls.gemspec +6 -7
- data/lib/hydra/ability.rb +45 -43
- data/lib/hydra/access_controls_enforcement.rb +23 -25
- data/lib/hydra/admin_policy.rb +34 -11
- data/lib/hydra/config.rb +4 -15
- data/lib/hydra/permissions_query.rb +2 -2
- data/lib/hydra/permissions_solr_document.rb +4 -6
- data/lib/hydra/policy_aware_ability.rb +56 -53
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
- data/lib/hydra-access-controls.rb +1 -1
- data/spec/factories.rb +15 -15
- data/spec/services/embargo_service_spec.rb +6 -6
- data/spec/services/lease_service_spec.rb +6 -6
- data/spec/spec_helper.rb +20 -13
- data/spec/support/mods_asset.rb +3 -3
- data/spec/unit/ability_spec.rb +96 -121
- data/spec/unit/access_controls_enforcement_spec.rb +29 -27
- data/spec/unit/access_right_spec.rb +6 -1
- data/spec/unit/accessible_by_spec.rb +14 -5
- data/spec/unit/admin_policy_spec.rb +99 -92
- data/spec/unit/config_spec.rb +14 -15
- data/spec/unit/embargoable_spec.rb +26 -28
- data/spec/unit/permission_spec.rb +36 -16
- data/spec/unit/permissions_spec.rb +121 -65
- data/spec/unit/policy_aware_ability_spec.rb +64 -78
- data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
- data/spec/unit/role_mapper_spec.rb +10 -10
- data/spec/unit/with_access_right_spec.rb +1 -1
- metadata +29 -51
- data/lib/hydra/access_controls/permission.rb +0 -40
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
- data/lib/hydra/datastream/rights_metadata.rb +0 -276
- data/lib/hydra/datastream.rb +0 -7
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
- data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
@@ -9,79 +9,126 @@ describe Hydra::AccessControls::Permissions do
|
|
9
9
|
|
10
10
|
subject { Foo.new }
|
11
11
|
|
12
|
-
|
12
|
+
it "should have many permissions" do
|
13
|
+
expect(subject.permissions).to eq []
|
14
|
+
end
|
15
|
+
|
16
|
+
#TODO is permission same as an acl?
|
17
|
+
|
13
18
|
it "should have a set of permissions" do
|
14
19
|
subject.read_groups=['group1', 'group2']
|
15
20
|
subject.edit_users=['user1']
|
16
21
|
subject.read_users=['user2', 'user3']
|
17
|
-
subject.permissions.
|
22
|
+
expect(subject.permissions).to match_array [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
|
18
23
|
Hydra::AccessControls::Permission.new({:type=>"group", :access=>"read", :name=>"group2"}),
|
19
|
-
Hydra::AccessControls::Permission.new({:type=>"
|
20
|
-
Hydra::AccessControls::Permission.new({:type=>"
|
21
|
-
Hydra::AccessControls::Permission.new({:type=>"
|
24
|
+
Hydra::AccessControls::Permission.new({:type=>"person", :access=>"read", :name=>"user2"}),
|
25
|
+
Hydra::AccessControls::Permission.new({:type=>"person", :access=>"read", :name=>"user3"}),
|
26
|
+
Hydra::AccessControls::Permission.new({:type=>"person", :access=>"edit", :name=>"user1"})]
|
27
|
+
end
|
28
|
+
|
29
|
+
describe "building a new permission" do
|
30
|
+
before { subject.save! }
|
31
|
+
|
32
|
+
it "should set the accessTo association" do
|
33
|
+
perm = subject.permissions.build(name: 'user1', type: 'person', access: 'read')
|
34
|
+
subject.save
|
35
|
+
expect(perm.access_to_id).to eq subject.id
|
36
|
+
end
|
22
37
|
end
|
38
|
+
|
23
39
|
describe "updating permissions" do
|
24
40
|
describe "with nested attributes" do
|
25
41
|
before do
|
26
|
-
subject.
|
42
|
+
subject.save!
|
43
|
+
subject.permissions_attributes = [{:type=>"person", :access=>"edit", :name=>"jcoyne"}]
|
27
44
|
end
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
45
|
+
context "when a hash is passed" do
|
46
|
+
before do
|
47
|
+
subject.permissions_attributes = {'0' => {type: "group", access:"read", name:"group1"},
|
48
|
+
'1' => {type: 'person', access: 'edit', name: 'user2'}}
|
49
|
+
end
|
50
|
+
it "should handle a hash" do
|
51
|
+
expect(subject.permissions.size).to eq 3
|
52
|
+
expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
|
53
|
+
expect(subject.permissions.map(&:to_hash)).to match_array [
|
54
|
+
{type: "person", access: "edit", name: "jcoyne"},
|
55
|
+
{type: "group", access: "read", name: "group1"},
|
56
|
+
{type: "person", access: "edit", name: "user2"}]
|
57
|
+
end
|
33
58
|
end
|
59
|
+
|
34
60
|
it "should create new group permissions" do
|
35
|
-
subject.permissions_attributes = [{:
|
36
|
-
subject.permissions.
|
37
|
-
|
61
|
+
subject.permissions_attributes = [{type: "group", access: "read", name: "group1"}]
|
62
|
+
expect(subject.permissions.size).to eq 2
|
63
|
+
expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
|
64
|
+
expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
|
65
|
+
expect(subject.permissions[1].to_hash).to eq(type: "group", access: "read", name: "group1")
|
38
66
|
end
|
67
|
+
|
39
68
|
it "should create new user permissions" do
|
40
|
-
subject.permissions_attributes = [{:type=>"
|
41
|
-
subject.permissions.
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
46
|
-
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group2"}]
|
47
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
|
48
|
-
Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group2"),
|
49
|
-
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
50
|
-
end
|
51
|
-
it "should not replace existing users" do
|
52
|
-
subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
|
53
|
-
subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user2"}]
|
54
|
-
subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user1"),
|
55
|
-
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user2"),
|
56
|
-
Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
|
69
|
+
subject.permissions_attributes = [{:type=>"person", :access=>"read", :name=>"user1"}]
|
70
|
+
expect(subject.permissions.size).to eq 2
|
71
|
+
expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
|
72
|
+
expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
|
73
|
+
expect(subject.permissions[1].to_hash).to eq(type: "person", access: "read", name: "user1")
|
57
74
|
end
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
75
|
+
|
76
|
+
context "when called multiple times" do
|
77
|
+
it "should not replace existing groups" do
|
78
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
|
79
|
+
subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group2"}]
|
80
|
+
expect(subject.permissions.size).to eq 3
|
81
|
+
expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
|
82
|
+
expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
|
83
|
+
expect(subject.permissions[1].to_hash).to eq(type: "group", access: "read", name: "group1")
|
84
|
+
expect(subject.permissions[2].to_hash).to eq(type: "group", access: "read", name: "group2")
|
85
|
+
end
|
86
|
+
|
87
|
+
it "should not replace existing users" do
|
88
|
+
subject.permissions_attributes = [{:type=>"person", :access=>"read", :name=>"user1"}]
|
89
|
+
subject.permissions_attributes = [{:type=>"person", :access=>"read", :name=>"user2"}]
|
90
|
+
expect(subject.permissions.size).to eq 3
|
91
|
+
expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
|
92
|
+
expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
|
93
|
+
expect(subject.permissions[1].to_hash).to eq(type: "person", access: "read", name: "user1")
|
94
|
+
expect(subject.permissions[2].to_hash).to eq(type: "person", access: "read", name: "user2")
|
95
|
+
end
|
96
|
+
|
97
|
+
it "should update permissions on existing users" do
|
98
|
+
subject.update permissions_attributes: [{:type=>"person", :access=>"read", :name=>"user1"}]
|
99
|
+
subject.update permissions_attributes: [{:type=>"person", :access=>"edit", :name=>"user1"}]
|
100
|
+
expect(subject.permissions.size).to eq 2
|
101
|
+
expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
|
102
|
+
expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
|
103
|
+
expect(subject.permissions[1].to_hash).to eq(type: "person", access: "edit", name: "user1")
|
104
|
+
end
|
105
|
+
|
106
|
+
it "should update permissions on existing groups" do
|
107
|
+
subject.update permissions_attributes: [{:type=>"group", :access=>"read", :name=>"group1"}]
|
108
|
+
subject.update permissions_attributes: [{:type=>"group", :access=>"edit", :name=>"group1"}]
|
109
|
+
expect(subject.permissions.map(&:to_hash)).to match_array [
|
110
|
+
{:type=>"group", :access=>"edit", :name=>"group1"},
|
111
|
+
{:type=>"person", :access=>"edit", :name=>"jcoyne"}]
|
112
|
+
end
|
69
113
|
end
|
114
|
+
|
70
115
|
it "should remove permissions on existing users" do
|
71
|
-
subject.permissions_attributes
|
72
|
-
subject.permissions_attributes
|
73
|
-
subject.permissions.
|
116
|
+
subject.update permissions_attributes: [{:type=>"person", :access=>"read", :name=>"user1"}]
|
117
|
+
subject.update permissions_attributes: [{:id=>ActiveFedora::Base.uri_to_id(subject.permissions.last.rdf_subject.to_s), :type=>"person", :access=>"edit", :name=>"user1", _destroy: true}]
|
118
|
+
expect(subject.permissions.reload.map(&:to_hash)).to eq [{ :name=>"jcoyne", :type=>"person", :access=>"edit" }]
|
74
119
|
end
|
120
|
+
|
75
121
|
it "should remove permissions on existing groups" do
|
76
|
-
subject.permissions_attributes
|
77
|
-
subject.permissions_attributes
|
78
|
-
subject.permissions.
|
122
|
+
subject.update permissions_attributes: [{:type=>"group", :access=>"read", :name=>"group1"}]
|
123
|
+
subject.update permissions_attributes: [{:id=>ActiveFedora::Base.uri_to_id(subject.permissions.last.rdf_subject.to_s), :type=>"group", :access=>"edit", :name=>"group1", _destroy: '1'}]
|
124
|
+
expect(subject.permissions.reload.map(&:to_hash)).to eq [{:type=>"person", :access=>"edit", :name=>"jcoyne"}]
|
79
125
|
end
|
126
|
+
|
80
127
|
it "should not remove when destroy flag is falsy" do
|
81
|
-
subject.permissions_attributes
|
82
|
-
subject.permissions_attributes
|
83
|
-
subject.permissions.
|
84
|
-
|
128
|
+
subject.update permissions_attributes: [{:type=>"group", :access=>"read", :name=>"group1"}]
|
129
|
+
subject.update permissions_attributes: [{:id=>ActiveFedora::Base.uri_to_id(subject.permissions.last.rdf_subject.to_s), :type=>"group", :access=>"edit", :name=>"group1", _destroy: '0'}]
|
130
|
+
expect(subject.permissions.reload.map(&:to_hash)).to match_array [{:type=>"group", :access=>"edit", :name=>"group1"},
|
131
|
+
{:type=>"person", :access=>"edit", :name=>"jcoyne"}]
|
85
132
|
end
|
86
133
|
end
|
87
134
|
|
@@ -89,7 +136,8 @@ describe Hydra::AccessControls::Permissions do
|
|
89
136
|
before do
|
90
137
|
subject.permissions = [
|
91
138
|
Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
|
92
|
-
Hydra::AccessControls::Permission.new(:type=>"
|
139
|
+
Hydra::AccessControls::Permission.new(:type=>"person", :access=>"edit", :name=>"jcoyne")]
|
140
|
+
subject.save!
|
93
141
|
end
|
94
142
|
it "should set the permissions" do
|
95
143
|
expect(subject.edit_users).to eq ['jcoyne']
|
@@ -103,30 +151,38 @@ describe Hydra::AccessControls::Permissions do
|
|
103
151
|
end
|
104
152
|
context "with rightsMetadata" do
|
105
153
|
before do
|
106
|
-
subject.
|
154
|
+
subject.permissions.build(type: 'person', access: 'read', name: 'person1')
|
155
|
+
subject.permissions.build(type: 'person', access: 'discover', name: 'person2')
|
156
|
+
subject.permissions.build(type: 'group', access: 'read', name: 'group-6')
|
157
|
+
subject.permissions.build(type: 'group', access: 'read', name: 'group-7')
|
158
|
+
subject.permissions.build(type: 'group', access: 'edit', name: 'group-8')
|
107
159
|
end
|
160
|
+
|
108
161
|
it "should have read groups accessor" do
|
109
|
-
subject.read_groups.
|
162
|
+
expect(subject.read_groups).to eq ['group-6', 'group-7']
|
110
163
|
end
|
164
|
+
|
111
165
|
it "should have read groups string accessor" do
|
112
|
-
subject.read_groups_string.
|
113
|
-
end
|
114
|
-
it "should have read groups writer" do
|
115
|
-
subject.read_groups = ['group-2', 'group-3']
|
116
|
-
subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
|
117
|
-
subject.rightsMetadata.users.should == {"person1"=>"read","person2"=>"discover"}
|
166
|
+
expect(subject.read_groups_string).to eq 'group-6, group-7'
|
118
167
|
end
|
119
168
|
|
120
169
|
it "should have read groups string writer" do
|
121
170
|
subject.read_groups_string = 'umg/up.dlt.staff, group-3'
|
122
|
-
subject.
|
123
|
-
subject.
|
171
|
+
expect(subject.read_groups).to eq ['umg/up.dlt.staff', 'group-3']
|
172
|
+
expect(subject.edit_groups).to eq ['group-8']
|
173
|
+
expect(subject.read_users).to eq ['person1']
|
124
174
|
end
|
175
|
+
|
125
176
|
it "should only revoke eligible groups" do
|
126
177
|
subject.set_read_groups(['group-2', 'group-3'], ['group-6'])
|
127
178
|
# 'group-7' is not eligible to be revoked
|
128
|
-
subject.
|
129
|
-
|
179
|
+
expect(subject.permissions.map(&:to_hash)).to match_array([
|
180
|
+
{name: 'group-2', type: 'group', access: 'read'},
|
181
|
+
{name: 'group-3', type: 'group', access: 'read'},
|
182
|
+
{name: 'group-7', type: 'group', access: 'read'},
|
183
|
+
{name: 'group-8', type: 'group', access: 'edit'},
|
184
|
+
{name: 'person1', type: 'person', access: 'read'},
|
185
|
+
{name: 'person2', type: 'person', access: 'discover'}])
|
130
186
|
end
|
131
187
|
end
|
132
188
|
end
|
@@ -2,59 +2,49 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Hydra::PolicyAwareAbility do
|
4
4
|
before do
|
5
|
-
Hydra.
|
6
|
-
|
7
|
-
:
|
8
|
-
:
|
9
|
-
:
|
10
|
-
:
|
11
|
-
|
12
|
-
|
13
|
-
:inheritable => {
|
14
|
-
:discover => {:group =>"inheritable_discover_access_group_ssim", :individual=>"inheritable_discover_access_person_ssim"},
|
15
|
-
:read => {:group =>"inheritable_read_access_group_ssim", :individual=>"inheritable_read_access_person_ssim"},
|
16
|
-
:edit => {:group =>"inheritable_edit_access_group_ssim", :individual=>"inheritable_edit_access_person_ssim"},
|
17
|
-
:owner => "inheritable_depositor_ssim",
|
18
|
-
:embargo_release_date => "inheritable_embargo_release_date_dtsi"
|
19
|
-
}
|
20
|
-
}})
|
5
|
+
allow(Hydra.config.permissions).to receive(:inheritable).and_return({
|
6
|
+
:discover => {:group =>"inheritable_discover_access_group_ssim", :individual=>"inheritable_discover_access_person_ssim"},
|
7
|
+
:read => {:group =>"inheritable_read_access_group_ssim", :individual=>"inheritable_read_access_person_ssim"},
|
8
|
+
:edit => {:group =>"inheritable_edit_access_group_ssim", :individual=>"inheritable_edit_access_person_ssim"},
|
9
|
+
:owner => "inheritable_depositor_ssim",
|
10
|
+
:embargo_release_date => "inheritable_embargo_release_date_dtsi"
|
11
|
+
})
|
21
12
|
end
|
22
|
-
before
|
13
|
+
before do
|
23
14
|
class PolicyAwareClass
|
24
15
|
include Hydra::PolicyAwareAbility
|
25
16
|
end
|
26
|
-
@policy = Hydra::AdminPolicy.
|
17
|
+
@policy = Hydra::AdminPolicy.create
|
27
18
|
# Set the inheritable permissions
|
28
|
-
@policy.default_permissions
|
19
|
+
@policy.default_permissions.create [
|
29
20
|
{:type=>"group", :access=>"read", :name=>"africana-faculty"},
|
30
21
|
{:type=>"group", :access=>"edit", :name=>"cool_kids"},
|
31
22
|
{:type=>"group", :access=>"edit", :name=>"in_crowd"},
|
32
|
-
{:type=>"
|
33
|
-
{:type=>"
|
23
|
+
{:type=>"person", :access=>"read", :name=>"nero"},
|
24
|
+
{:type=>"person", :access=>"edit", :name=>"julius_caesar"}
|
34
25
|
]
|
35
|
-
|
36
|
-
@policy.save
|
26
|
+
|
27
|
+
@policy.save!
|
37
28
|
@asset = ModsAsset.new
|
38
29
|
@asset.admin_policy = @policy
|
39
|
-
@asset.save
|
30
|
+
@asset.save!
|
40
31
|
end
|
41
|
-
|
42
|
-
|
43
|
-
@asset.delete
|
32
|
+
|
33
|
+
after do
|
44
34
|
Object.send(:remove_const, :PolicyAwareClass)
|
45
|
-
end
|
35
|
+
end
|
36
|
+
|
46
37
|
subject { PolicyAwareClass.new( User.new ) }
|
47
|
-
|
38
|
+
|
48
39
|
describe "policy_pid_for" do
|
49
40
|
before do
|
50
|
-
@policy2 = Hydra::AdminPolicy.
|
51
|
-
@policy2.default_permissions
|
52
|
-
[
|
41
|
+
@policy2 = Hydra::AdminPolicy.create
|
42
|
+
@policy2.default_permissions.create [
|
53
43
|
{:type=>"group", :access=>"read", :name=>"untenured-faculty"},
|
54
44
|
{:type=>"group", :access=>"edit", :name=>"awesome_kids"},
|
55
45
|
{:type=>"group", :access=>"edit", :name=>"bad_crowd"},
|
56
|
-
{:type=>"
|
57
|
-
{:type=>"
|
46
|
+
{:type=>"person", :access=>"read", :name=>"constantine"},
|
47
|
+
{:type=>"person", :access=>"edit", :name=>"brutus"}
|
58
48
|
]
|
59
49
|
@policy2.save
|
60
50
|
@asset2 = ModsAsset.new
|
@@ -62,124 +52,120 @@ describe Hydra::PolicyAwareAbility do
|
|
62
52
|
@asset2.save
|
63
53
|
@asset3 = ModsAsset.create
|
64
54
|
end
|
65
|
-
|
66
|
-
@policy2.delete
|
67
|
-
@asset2.delete
|
68
|
-
@asset3.delete
|
69
|
-
end
|
55
|
+
|
70
56
|
it "should retrieve the pid doc for the current object's governing policy" do
|
71
|
-
subject.policy_pid_for(@asset.
|
72
|
-
subject.policy_pid_for(@asset2.
|
73
|
-
subject.policy_pid_for(@asset3.
|
57
|
+
expect(subject.policy_pid_for(@asset.id)).to eq @policy.id
|
58
|
+
expect(subject.policy_pid_for(@asset2.id)).to eq @policy2.id
|
59
|
+
expect(subject.policy_pid_for(@asset3.id)).to be_nil
|
74
60
|
end
|
75
61
|
end
|
76
62
|
|
77
63
|
describe "policy_permissions_doc" do
|
78
64
|
it "should retrieve the permissions doc for the current object's policy and store for re-use" do
|
79
|
-
subject.
|
80
|
-
subject.policy_permissions_doc(@policy.
|
81
|
-
subject.policy_permissions_doc(@policy.
|
82
|
-
subject.policy_permissions_doc(@policy.
|
65
|
+
expect(subject).to receive(:get_permissions_solr_response_for_doc_id).with(@policy.id).once.and_return("mock solr doc")
|
66
|
+
expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
|
67
|
+
expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
|
68
|
+
expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
|
83
69
|
end
|
84
70
|
end
|
85
71
|
describe "test_edit_from_policy" do
|
86
72
|
context "public user" do
|
87
73
|
it "should return false" do
|
88
|
-
subject.
|
89
|
-
subject.test_edit_from_policy(@asset.
|
74
|
+
allow(subject).to receive(:user_groups).and_return(["public"])
|
75
|
+
expect(subject.test_edit_from_policy(@asset.id)).to be false
|
90
76
|
end
|
91
77
|
end
|
92
78
|
context "registered user" do
|
93
79
|
it "should return false" do
|
94
|
-
subject.user_groups.
|
95
|
-
subject.test_edit_from_policy(@asset.
|
80
|
+
expect(subject.user_groups).to include("registered")
|
81
|
+
expect(subject.test_edit_from_policy(@asset.id)).to be false
|
96
82
|
end
|
97
83
|
end
|
98
84
|
context "user with policy read access only" do
|
99
85
|
it "should return false" do
|
100
|
-
subject.current_user.
|
101
|
-
subject.test_edit_from_policy(@asset.
|
86
|
+
allow(subject.current_user).to receive(:user_key).and_return("nero")
|
87
|
+
expect(subject.test_edit_from_policy(@asset.id)).to be false
|
102
88
|
end
|
103
89
|
end
|
104
90
|
context "user with policy edit access" do
|
105
91
|
it "should return true" do
|
106
|
-
subject.current_user.
|
107
|
-
subject.test_edit_from_policy(@asset.
|
92
|
+
allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
|
93
|
+
expect(subject.test_edit_from_policy(@asset.id)).to be true
|
108
94
|
end
|
109
95
|
end
|
110
96
|
context "user in group with policy read access" do
|
111
97
|
it "should return false" do
|
112
|
-
subject.
|
113
|
-
subject.test_edit_from_policy(@asset.
|
98
|
+
allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
|
99
|
+
expect(subject.test_edit_from_policy(@asset.id)).to be false
|
114
100
|
end
|
115
101
|
end
|
116
102
|
context "user in group with policy edit access" do
|
117
103
|
it "should return true" do
|
118
|
-
subject.
|
119
|
-
subject.test_edit_from_policy(@asset.
|
104
|
+
allow(subject).to receive(:user_groups).and_return(["cool_kids"])
|
105
|
+
expect(subject.test_edit_from_policy(@asset.id)).to be true
|
120
106
|
end
|
121
107
|
end
|
122
108
|
end
|
123
109
|
describe "test_read_from_policy" do
|
124
110
|
context "public user" do
|
125
111
|
it "should return false" do
|
126
|
-
subject.
|
127
|
-
subject.test_read_from_policy(@asset.
|
112
|
+
allow(subject).to receive(:user_groups).and_return(["public"])
|
113
|
+
expect(subject.test_read_from_policy(@asset.id)).to be false
|
128
114
|
end
|
129
115
|
end
|
130
116
|
context "registered user" do
|
131
117
|
it "should return false" do
|
132
|
-
subject.user_groups.
|
133
|
-
subject.test_read_from_policy(@asset.
|
118
|
+
expect(subject.user_groups).to include("registered")
|
119
|
+
expect(subject.test_read_from_policy(@asset.id)).to be false
|
134
120
|
end
|
135
121
|
end
|
136
122
|
context "user with policy read access only" do
|
137
123
|
it "should return false" do
|
138
|
-
subject.current_user.
|
139
|
-
subject.test_read_from_policy(@asset.
|
124
|
+
allow(subject.current_user).to receive(:user_key).and_return("nero")
|
125
|
+
expect(subject.test_read_from_policy(@asset.id)).to be true
|
140
126
|
end
|
141
127
|
end
|
142
128
|
context "user with policy edit access" do
|
143
129
|
it "should return true" do
|
144
|
-
subject.current_user.
|
145
|
-
subject.test_read_from_policy(@asset.
|
130
|
+
allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
|
131
|
+
expect(subject.test_read_from_policy(@asset.id)).to be true
|
146
132
|
end
|
147
133
|
end
|
148
134
|
context "user in group with policy read access" do
|
149
135
|
it "should return false" do
|
150
|
-
subject.
|
151
|
-
subject.test_read_from_policy(@asset.
|
136
|
+
allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
|
137
|
+
expect(subject.test_read_from_policy(@asset.id)).to be true
|
152
138
|
end
|
153
139
|
end
|
154
140
|
context "user in group with policy edit access" do
|
155
141
|
it "should return true" do
|
156
|
-
subject.
|
157
|
-
subject.test_read_from_policy(@asset.
|
142
|
+
allow(subject).to receive(:user_groups).and_return(["cool_kids"])
|
143
|
+
expect(subject.test_read_from_policy(@asset.id)).to be true
|
158
144
|
end
|
159
145
|
end
|
160
146
|
end
|
161
147
|
describe "edit_groups_from_policy" do
|
162
148
|
it "should retrieve the list of groups with edit access from the policy" do
|
163
|
-
result = subject.edit_groups_from_policy(@policy.
|
164
|
-
result.length.
|
165
|
-
result.
|
149
|
+
result = subject.edit_groups_from_policy(@policy.id)
|
150
|
+
expect(result.length).to eq 2
|
151
|
+
expect(result).to include("cool_kids","in_crowd")
|
166
152
|
end
|
167
153
|
end
|
168
154
|
describe "edit_persons_from_policy" do
|
169
155
|
it "should retrieve the list of individuals with edit access from the policy" do
|
170
|
-
expect(subject.edit_users_from_policy(@policy.
|
156
|
+
expect(subject.edit_users_from_policy(@policy.id)).to eq ["julius_caesar"]
|
171
157
|
end
|
172
158
|
end
|
173
159
|
describe "read_groups_from_policy" do
|
174
160
|
it "should retrieve the list of groups with read access from the policy" do
|
175
|
-
result = subject.read_groups_from_policy(@policy.
|
176
|
-
result.length.
|
177
|
-
result.
|
161
|
+
result = subject.read_groups_from_policy(@policy.id)
|
162
|
+
expect(result.length).to eq 3
|
163
|
+
expect(result).to include("cool_kids", "in_crowd", "africana-faculty")
|
178
164
|
end
|
179
165
|
end
|
180
166
|
describe "read_persons_from_policy" do
|
181
167
|
it "should retrieve the list of individuals with read access from the policy" do
|
182
|
-
expect(subject.read_users_from_policy(@policy.
|
168
|
+
expect(subject.read_users_from_policy(@policy.id)).to eq ["julius_caesar","nero"]
|
183
169
|
end
|
184
170
|
end
|
185
171
|
end
|