hydra-access-controls 8.2.0 → 9.0.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/README.textile +10 -10
  3. data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
  4. data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
  5. data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
  6. data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
  7. data/app/models/concerns/hydra/access_controls.rb +0 -1
  8. data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
  9. data/app/models/concerns/hydra/rights.rb +15 -0
  10. data/app/models/hydra/access_controls/access_control_list.rb +17 -0
  11. data/app/models/hydra/access_controls/embargo.rb +65 -0
  12. data/app/models/hydra/access_controls/lease.rb +66 -0
  13. data/app/models/hydra/access_controls/permission.rb +85 -0
  14. data/app/vocabularies/acl.rb +12 -0
  15. data/app/vocabularies/hydra/acl.rb +20 -0
  16. data/config/fedora.yml +4 -2
  17. data/hydra-access-controls.gemspec +6 -7
  18. data/lib/hydra/ability.rb +45 -43
  19. data/lib/hydra/access_controls_enforcement.rb +23 -25
  20. data/lib/hydra/admin_policy.rb +34 -11
  21. data/lib/hydra/config.rb +4 -15
  22. data/lib/hydra/permissions_query.rb +2 -2
  23. data/lib/hydra/permissions_solr_document.rb +4 -6
  24. data/lib/hydra/policy_aware_ability.rb +56 -53
  25. data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
  26. data/lib/hydra-access-controls.rb +1 -1
  27. data/spec/factories.rb +15 -15
  28. data/spec/services/embargo_service_spec.rb +6 -6
  29. data/spec/services/lease_service_spec.rb +6 -6
  30. data/spec/spec_helper.rb +20 -13
  31. data/spec/support/mods_asset.rb +3 -3
  32. data/spec/unit/ability_spec.rb +96 -121
  33. data/spec/unit/access_controls_enforcement_spec.rb +29 -27
  34. data/spec/unit/access_right_spec.rb +6 -1
  35. data/spec/unit/accessible_by_spec.rb +14 -5
  36. data/spec/unit/admin_policy_spec.rb +99 -92
  37. data/spec/unit/config_spec.rb +14 -15
  38. data/spec/unit/embargoable_spec.rb +26 -28
  39. data/spec/unit/permission_spec.rb +36 -16
  40. data/spec/unit/permissions_spec.rb +121 -65
  41. data/spec/unit/policy_aware_ability_spec.rb +64 -78
  42. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
  43. data/spec/unit/role_mapper_spec.rb +10 -10
  44. data/spec/unit/with_access_right_spec.rb +1 -1
  45. metadata +29 -51
  46. data/lib/hydra/access_controls/permission.rb +0 -40
  47. data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
  48. data/lib/hydra/datastream/rights_metadata.rb +0 -276
  49. data/lib/hydra/datastream.rb +0 -7
  50. data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
  51. data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
  52. data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
@@ -9,79 +9,126 @@ describe Hydra::AccessControls::Permissions do
9
9
 
10
10
  subject { Foo.new }
11
11
 
12
-
12
+ it "should have many permissions" do
13
+ expect(subject.permissions).to eq []
14
+ end
15
+
16
+ #TODO is permission same as an acl?
17
+
13
18
  it "should have a set of permissions" do
14
19
  subject.read_groups=['group1', 'group2']
15
20
  subject.edit_users=['user1']
16
21
  subject.read_users=['user2', 'user3']
17
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
22
+ expect(subject.permissions).to match_array [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
18
23
  Hydra::AccessControls::Permission.new({:type=>"group", :access=>"read", :name=>"group2"}),
19
- Hydra::AccessControls::Permission.new({:type=>"user", :access=>"read", :name=>"user2"}),
20
- Hydra::AccessControls::Permission.new({:type=>"user", :access=>"read", :name=>"user3"}),
21
- Hydra::AccessControls::Permission.new({:type=>"user", :access=>"edit", :name=>"user1"})]
24
+ Hydra::AccessControls::Permission.new({:type=>"person", :access=>"read", :name=>"user2"}),
25
+ Hydra::AccessControls::Permission.new({:type=>"person", :access=>"read", :name=>"user3"}),
26
+ Hydra::AccessControls::Permission.new({:type=>"person", :access=>"edit", :name=>"user1"})]
27
+ end
28
+
29
+ describe "building a new permission" do
30
+ before { subject.save! }
31
+
32
+ it "should set the accessTo association" do
33
+ perm = subject.permissions.build(name: 'user1', type: 'person', access: 'read')
34
+ subject.save
35
+ expect(perm.access_to_id).to eq subject.id
36
+ end
22
37
  end
38
+
23
39
  describe "updating permissions" do
24
40
  describe "with nested attributes" do
25
41
  before do
26
- subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"jcoyne"}]
42
+ subject.save!
43
+ subject.permissions_attributes = [{:type=>"person", :access=>"edit", :name=>"jcoyne"}]
27
44
  end
28
- it "should handle a hash" do
29
- subject.permissions_attributes = {'0' => {type: "group", access:"read", name:"group1"}, '1'=> {type: 'user', access: 'edit', name: 'user2'}}
30
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
31
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne"),
32
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"user2")]
45
+ context "when a hash is passed" do
46
+ before do
47
+ subject.permissions_attributes = {'0' => {type: "group", access:"read", name:"group1"},
48
+ '1' => {type: 'person', access: 'edit', name: 'user2'}}
49
+ end
50
+ it "should handle a hash" do
51
+ expect(subject.permissions.size).to eq 3
52
+ expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
53
+ expect(subject.permissions.map(&:to_hash)).to match_array [
54
+ {type: "person", access: "edit", name: "jcoyne"},
55
+ {type: "group", access: "read", name: "group1"},
56
+ {type: "person", access: "edit", name: "user2"}]
57
+ end
33
58
  end
59
+
34
60
  it "should create new group permissions" do
35
- subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
36
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
37
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
61
+ subject.permissions_attributes = [{type: "group", access: "read", name: "group1"}]
62
+ expect(subject.permissions.size).to eq 2
63
+ expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
64
+ expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
65
+ expect(subject.permissions[1].to_hash).to eq(type: "group", access: "read", name: "group1")
38
66
  end
67
+
39
68
  it "should create new user permissions" do
40
- subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
41
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user1"),
42
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
43
- end
44
- it "should not replace existing groups" do
45
- subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
46
- subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group2"}]
47
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group1"),
48
- Hydra::AccessControls::Permission.new(:type=>"group", :access=>"read", :name=>"group2"),
49
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
50
- end
51
- it "should not replace existing users" do
52
- subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
53
- subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user2"}]
54
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user1"),
55
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"read", :name=>"user2"),
56
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
69
+ subject.permissions_attributes = [{:type=>"person", :access=>"read", :name=>"user1"}]
70
+ expect(subject.permissions.size).to eq 2
71
+ expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
72
+ expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
73
+ expect(subject.permissions[1].to_hash).to eq(type: "person", access: "read", name: "user1")
57
74
  end
58
- it "should update permissions on existing users" do
59
- subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
60
- subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"user1"}]
61
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"user1"),
62
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
63
- end
64
- it "should update permissions on existing groups" do
65
- subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
66
- subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1"}]
67
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
68
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
75
+
76
+ context "when called multiple times" do
77
+ it "should not replace existing groups" do
78
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
79
+ subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group2"}]
80
+ expect(subject.permissions.size).to eq 3
81
+ expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
82
+ expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
83
+ expect(subject.permissions[1].to_hash).to eq(type: "group", access: "read", name: "group1")
84
+ expect(subject.permissions[2].to_hash).to eq(type: "group", access: "read", name: "group2")
85
+ end
86
+
87
+ it "should not replace existing users" do
88
+ subject.permissions_attributes = [{:type=>"person", :access=>"read", :name=>"user1"}]
89
+ subject.permissions_attributes = [{:type=>"person", :access=>"read", :name=>"user2"}]
90
+ expect(subject.permissions.size).to eq 3
91
+ expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
92
+ expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
93
+ expect(subject.permissions[1].to_hash).to eq(type: "person", access: "read", name: "user1")
94
+ expect(subject.permissions[2].to_hash).to eq(type: "person", access: "read", name: "user2")
95
+ end
96
+
97
+ it "should update permissions on existing users" do
98
+ subject.update permissions_attributes: [{:type=>"person", :access=>"read", :name=>"user1"}]
99
+ subject.update permissions_attributes: [{:type=>"person", :access=>"edit", :name=>"user1"}]
100
+ expect(subject.permissions.size).to eq 2
101
+ expect(subject.permissions.to_a).to all(be_a(Hydra::AccessControls::Permission))
102
+ expect(subject.permissions[0].to_hash).to eq(type: "person", access: "edit", name: "jcoyne")
103
+ expect(subject.permissions[1].to_hash).to eq(type: "person", access: "edit", name: "user1")
104
+ end
105
+
106
+ it "should update permissions on existing groups" do
107
+ subject.update permissions_attributes: [{:type=>"group", :access=>"read", :name=>"group1"}]
108
+ subject.update permissions_attributes: [{:type=>"group", :access=>"edit", :name=>"group1"}]
109
+ expect(subject.permissions.map(&:to_hash)).to match_array [
110
+ {:type=>"group", :access=>"edit", :name=>"group1"},
111
+ {:type=>"person", :access=>"edit", :name=>"jcoyne"}]
112
+ end
69
113
  end
114
+
70
115
  it "should remove permissions on existing users" do
71
- subject.permissions_attributes = [{:type=>"user", :access=>"read", :name=>"user1"}]
72
- subject.permissions_attributes = [{:type=>"user", :access=>"edit", :name=>"user1", _destroy: true}]
73
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
116
+ subject.update permissions_attributes: [{:type=>"person", :access=>"read", :name=>"user1"}]
117
+ subject.update permissions_attributes: [{:id=>ActiveFedora::Base.uri_to_id(subject.permissions.last.rdf_subject.to_s), :type=>"person", :access=>"edit", :name=>"user1", _destroy: true}]
118
+ expect(subject.permissions.reload.map(&:to_hash)).to eq [{ :name=>"jcoyne", :type=>"person", :access=>"edit" }]
74
119
  end
120
+
75
121
  it "should remove permissions on existing groups" do
76
- subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
77
- subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1", _destroy: '1'}]
78
- subject.permissions.should == [Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
122
+ subject.update permissions_attributes: [{:type=>"group", :access=>"read", :name=>"group1"}]
123
+ subject.update permissions_attributes: [{:id=>ActiveFedora::Base.uri_to_id(subject.permissions.last.rdf_subject.to_s), :type=>"group", :access=>"edit", :name=>"group1", _destroy: '1'}]
124
+ expect(subject.permissions.reload.map(&:to_hash)).to eq [{:type=>"person", :access=>"edit", :name=>"jcoyne"}]
79
125
  end
126
+
80
127
  it "should not remove when destroy flag is falsy" do
81
- subject.permissions_attributes = [{:type=>"group", :access=>"read", :name=>"group1"}]
82
- subject.permissions_attributes = [{:type=>"group", :access=>"edit", :name=>"group1", _destroy: '0'}]
83
- subject.permissions.should == [ Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
84
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
128
+ subject.update permissions_attributes: [{:type=>"group", :access=>"read", :name=>"group1"}]
129
+ subject.update permissions_attributes: [{:id=>ActiveFedora::Base.uri_to_id(subject.permissions.last.rdf_subject.to_s), :type=>"group", :access=>"edit", :name=>"group1", _destroy: '0'}]
130
+ expect(subject.permissions.reload.map(&:to_hash)).to match_array [{:type=>"group", :access=>"edit", :name=>"group1"},
131
+ {:type=>"person", :access=>"edit", :name=>"jcoyne"}]
85
132
  end
86
133
  end
87
134
 
@@ -89,7 +136,8 @@ describe Hydra::AccessControls::Permissions do
89
136
  before do
90
137
  subject.permissions = [
91
138
  Hydra::AccessControls::Permission.new(:type=>"group", :access=>"edit", :name=>"group1"),
92
- Hydra::AccessControls::Permission.new(:type=>"user", :access=>"edit", :name=>"jcoyne")]
139
+ Hydra::AccessControls::Permission.new(:type=>"person", :access=>"edit", :name=>"jcoyne")]
140
+ subject.save!
93
141
  end
94
142
  it "should set the permissions" do
95
143
  expect(subject.edit_users).to eq ['jcoyne']
@@ -103,30 +151,38 @@ describe Hydra::AccessControls::Permissions do
103
151
  end
104
152
  context "with rightsMetadata" do
105
153
  before do
106
- subject.rightsMetadata.update_permissions("person"=>{"person1"=>"read","person2"=>"discover"}, "group"=>{'group-6' => 'read', "group-7"=>'read', 'group-8'=>'edit'})
154
+ subject.permissions.build(type: 'person', access: 'read', name: 'person1')
155
+ subject.permissions.build(type: 'person', access: 'discover', name: 'person2')
156
+ subject.permissions.build(type: 'group', access: 'read', name: 'group-6')
157
+ subject.permissions.build(type: 'group', access: 'read', name: 'group-7')
158
+ subject.permissions.build(type: 'group', access: 'edit', name: 'group-8')
107
159
  end
160
+
108
161
  it "should have read groups accessor" do
109
- subject.read_groups.should == ['group-6', 'group-7']
162
+ expect(subject.read_groups).to eq ['group-6', 'group-7']
110
163
  end
164
+
111
165
  it "should have read groups string accessor" do
112
- subject.read_groups_string.should == 'group-6, group-7'
113
- end
114
- it "should have read groups writer" do
115
- subject.read_groups = ['group-2', 'group-3']
116
- subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
117
- subject.rightsMetadata.users.should == {"person1"=>"read","person2"=>"discover"}
166
+ expect(subject.read_groups_string).to eq 'group-6, group-7'
118
167
  end
119
168
 
120
169
  it "should have read groups string writer" do
121
170
  subject.read_groups_string = 'umg/up.dlt.staff, group-3'
122
- subject.rightsMetadata.groups.should == {'umg/up.dlt.staff' => 'read', 'group-3'=>'read', 'group-8' => 'edit'}
123
- subject.rightsMetadata.users.should == {"person1"=>"read","person2"=>"discover"}
171
+ expect(subject.read_groups).to eq ['umg/up.dlt.staff', 'group-3']
172
+ expect(subject.edit_groups).to eq ['group-8']
173
+ expect(subject.read_users).to eq ['person1']
124
174
  end
175
+
125
176
  it "should only revoke eligible groups" do
126
177
  subject.set_read_groups(['group-2', 'group-3'], ['group-6'])
127
178
  # 'group-7' is not eligible to be revoked
128
- subject.rightsMetadata.groups.should == {'group-2' => 'read', 'group-3'=>'read', 'group-7' => 'read', 'group-8' => 'edit'}
129
- subject.rightsMetadata.users.should == {"person1"=>"read","person2"=>"discover"}
179
+ expect(subject.permissions.map(&:to_hash)).to match_array([
180
+ {name: 'group-2', type: 'group', access: 'read'},
181
+ {name: 'group-3', type: 'group', access: 'read'},
182
+ {name: 'group-7', type: 'group', access: 'read'},
183
+ {name: 'group-8', type: 'group', access: 'edit'},
184
+ {name: 'person1', type: 'person', access: 'read'},
185
+ {name: 'person2', type: 'person', access: 'discover'}])
130
186
  end
131
187
  end
132
188
  end
@@ -2,59 +2,49 @@ require 'spec_helper'
2
2
 
3
3
  describe Hydra::PolicyAwareAbility do
4
4
  before do
5
- Hydra.stub(:config).and_return({
6
- :permissions=>{
7
- :discover => {:group =>"discover_access_group_ssim", :individual=>"discover_access_person_ssim"},
8
- :read => {:group =>"read_access_group_ssim", :individual=>"read_access_person_ssim"},
9
- :edit => {:group =>"edit_access_group_ssim", :individual=>"edit_access_person_ssim"},
10
- :owner => "depositor_ssim",
11
- :embargo_release_date => "embargo_release_date_dtsi",
12
-
13
- :inheritable => {
14
- :discover => {:group =>"inheritable_discover_access_group_ssim", :individual=>"inheritable_discover_access_person_ssim"},
15
- :read => {:group =>"inheritable_read_access_group_ssim", :individual=>"inheritable_read_access_person_ssim"},
16
- :edit => {:group =>"inheritable_edit_access_group_ssim", :individual=>"inheritable_edit_access_person_ssim"},
17
- :owner => "inheritable_depositor_ssim",
18
- :embargo_release_date => "inheritable_embargo_release_date_dtsi"
19
- }
20
- }})
5
+ allow(Hydra.config.permissions).to receive(:inheritable).and_return({
6
+ :discover => {:group =>"inheritable_discover_access_group_ssim", :individual=>"inheritable_discover_access_person_ssim"},
7
+ :read => {:group =>"inheritable_read_access_group_ssim", :individual=>"inheritable_read_access_person_ssim"},
8
+ :edit => {:group =>"inheritable_edit_access_group_ssim", :individual=>"inheritable_edit_access_person_ssim"},
9
+ :owner => "inheritable_depositor_ssim",
10
+ :embargo_release_date => "inheritable_embargo_release_date_dtsi"
11
+ })
21
12
  end
22
- before(:all) do
13
+ before do
23
14
  class PolicyAwareClass
24
15
  include Hydra::PolicyAwareAbility
25
16
  end
26
- @policy = Hydra::AdminPolicy.new
17
+ @policy = Hydra::AdminPolicy.create
27
18
  # Set the inheritable permissions
28
- @policy.default_permissions = [
19
+ @policy.default_permissions.create [
29
20
  {:type=>"group", :access=>"read", :name=>"africana-faculty"},
30
21
  {:type=>"group", :access=>"edit", :name=>"cool_kids"},
31
22
  {:type=>"group", :access=>"edit", :name=>"in_crowd"},
32
- {:type=>"user", :access=>"read", :name=>"nero"},
33
- {:type=>"user", :access=>"edit", :name=>"julius_caesar"}
23
+ {:type=>"person", :access=>"read", :name=>"nero"},
24
+ {:type=>"person", :access=>"edit", :name=>"julius_caesar"}
34
25
  ]
35
-
36
- @policy.save
26
+
27
+ @policy.save!
37
28
  @asset = ModsAsset.new
38
29
  @asset.admin_policy = @policy
39
- @asset.save
30
+ @asset.save!
40
31
  end
41
- after(:all) do
42
- @policy.delete
43
- @asset.delete
32
+
33
+ after do
44
34
  Object.send(:remove_const, :PolicyAwareClass)
45
- end
35
+ end
36
+
46
37
  subject { PolicyAwareClass.new( User.new ) }
47
-
38
+
48
39
  describe "policy_pid_for" do
49
40
  before do
50
- @policy2 = Hydra::AdminPolicy.new
51
- @policy2.default_permissions =
52
- [
41
+ @policy2 = Hydra::AdminPolicy.create
42
+ @policy2.default_permissions.create [
53
43
  {:type=>"group", :access=>"read", :name=>"untenured-faculty"},
54
44
  {:type=>"group", :access=>"edit", :name=>"awesome_kids"},
55
45
  {:type=>"group", :access=>"edit", :name=>"bad_crowd"},
56
- {:type=>"user", :access=>"read", :name=>"constantine"},
57
- {:type=>"user", :access=>"edit", :name=>"brutus"}
46
+ {:type=>"person", :access=>"read", :name=>"constantine"},
47
+ {:type=>"person", :access=>"edit", :name=>"brutus"}
58
48
  ]
59
49
  @policy2.save
60
50
  @asset2 = ModsAsset.new
@@ -62,124 +52,120 @@ describe Hydra::PolicyAwareAbility do
62
52
  @asset2.save
63
53
  @asset3 = ModsAsset.create
64
54
  end
65
- after do
66
- @policy2.delete
67
- @asset2.delete
68
- @asset3.delete
69
- end
55
+
70
56
  it "should retrieve the pid doc for the current object's governing policy" do
71
- subject.policy_pid_for(@asset.pid).should == @policy.pid
72
- subject.policy_pid_for(@asset2.pid).should == @policy2.pid
73
- subject.policy_pid_for(@asset3.pid).should be_nil
57
+ expect(subject.policy_pid_for(@asset.id)).to eq @policy.id
58
+ expect(subject.policy_pid_for(@asset2.id)).to eq @policy2.id
59
+ expect(subject.policy_pid_for(@asset3.id)).to be_nil
74
60
  end
75
61
  end
76
62
 
77
63
  describe "policy_permissions_doc" do
78
64
  it "should retrieve the permissions doc for the current object's policy and store for re-use" do
79
- subject.should_receive(:get_permissions_solr_response_for_doc_id).with(@policy.pid).once.and_return("mock solr doc")
80
- subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
81
- subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
82
- subject.policy_permissions_doc(@policy.pid).should == "mock solr doc"
65
+ expect(subject).to receive(:get_permissions_solr_response_for_doc_id).with(@policy.id).once.and_return("mock solr doc")
66
+ expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
67
+ expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
68
+ expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
83
69
  end
84
70
  end
85
71
  describe "test_edit_from_policy" do
86
72
  context "public user" do
87
73
  it "should return false" do
88
- subject.stub(:user_groups).and_return(["public"])
89
- subject.test_edit_from_policy(@asset.pid).should be false
74
+ allow(subject).to receive(:user_groups).and_return(["public"])
75
+ expect(subject.test_edit_from_policy(@asset.id)).to be false
90
76
  end
91
77
  end
92
78
  context "registered user" do
93
79
  it "should return false" do
94
- subject.user_groups.should include("registered")
95
- subject.test_edit_from_policy(@asset.pid).should be false
80
+ expect(subject.user_groups).to include("registered")
81
+ expect(subject.test_edit_from_policy(@asset.id)).to be false
96
82
  end
97
83
  end
98
84
  context "user with policy read access only" do
99
85
  it "should return false" do
100
- subject.current_user.stub(:user_key).and_return("nero")
101
- subject.test_edit_from_policy(@asset.pid).should be false
86
+ allow(subject.current_user).to receive(:user_key).and_return("nero")
87
+ expect(subject.test_edit_from_policy(@asset.id)).to be false
102
88
  end
103
89
  end
104
90
  context "user with policy edit access" do
105
91
  it "should return true" do
106
- subject.current_user.stub(:user_key).and_return("julius_caesar")
107
- subject.test_edit_from_policy(@asset.pid).should be true
92
+ allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
93
+ expect(subject.test_edit_from_policy(@asset.id)).to be true
108
94
  end
109
95
  end
110
96
  context "user in group with policy read access" do
111
97
  it "should return false" do
112
- subject.stub(:user_groups).and_return(["africana-faculty"])
113
- subject.test_edit_from_policy(@asset.pid).should be false
98
+ allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
99
+ expect(subject.test_edit_from_policy(@asset.id)).to be false
114
100
  end
115
101
  end
116
102
  context "user in group with policy edit access" do
117
103
  it "should return true" do
118
- subject.stub(:user_groups).and_return(["cool_kids"])
119
- subject.test_edit_from_policy(@asset.pid).should be true
104
+ allow(subject).to receive(:user_groups).and_return(["cool_kids"])
105
+ expect(subject.test_edit_from_policy(@asset.id)).to be true
120
106
  end
121
107
  end
122
108
  end
123
109
  describe "test_read_from_policy" do
124
110
  context "public user" do
125
111
  it "should return false" do
126
- subject.stub(:user_groups).and_return(["public"])
127
- subject.test_read_from_policy(@asset.pid).should be false
112
+ allow(subject).to receive(:user_groups).and_return(["public"])
113
+ expect(subject.test_read_from_policy(@asset.id)).to be false
128
114
  end
129
115
  end
130
116
  context "registered user" do
131
117
  it "should return false" do
132
- subject.user_groups.should include("registered")
133
- subject.test_read_from_policy(@asset.pid).should be false
118
+ expect(subject.user_groups).to include("registered")
119
+ expect(subject.test_read_from_policy(@asset.id)).to be false
134
120
  end
135
121
  end
136
122
  context "user with policy read access only" do
137
123
  it "should return false" do
138
- subject.current_user.stub(:user_key).and_return("nero")
139
- subject.test_read_from_policy(@asset.pid).should be true
124
+ allow(subject.current_user).to receive(:user_key).and_return("nero")
125
+ expect(subject.test_read_from_policy(@asset.id)).to be true
140
126
  end
141
127
  end
142
128
  context "user with policy edit access" do
143
129
  it "should return true" do
144
- subject.current_user.stub(:user_key).and_return("julius_caesar")
145
- subject.test_read_from_policy(@asset.pid).should be true
130
+ allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
131
+ expect(subject.test_read_from_policy(@asset.id)).to be true
146
132
  end
147
133
  end
148
134
  context "user in group with policy read access" do
149
135
  it "should return false" do
150
- subject.stub(:user_groups).and_return(["africana-faculty"])
151
- subject.test_read_from_policy(@asset.pid).should be true
136
+ allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
137
+ expect(subject.test_read_from_policy(@asset.id)).to be true
152
138
  end
153
139
  end
154
140
  context "user in group with policy edit access" do
155
141
  it "should return true" do
156
- subject.stub(:user_groups).and_return(["cool_kids"])
157
- subject.test_read_from_policy(@asset.pid).should be true
142
+ allow(subject).to receive(:user_groups).and_return(["cool_kids"])
143
+ expect(subject.test_read_from_policy(@asset.id)).to be true
158
144
  end
159
145
  end
160
146
  end
161
147
  describe "edit_groups_from_policy" do
162
148
  it "should retrieve the list of groups with edit access from the policy" do
163
- result = subject.edit_groups_from_policy(@policy.pid)
164
- result.length.should == 2
165
- result.should include("cool_kids","in_crowd")
149
+ result = subject.edit_groups_from_policy(@policy.id)
150
+ expect(result.length).to eq 2
151
+ expect(result).to include("cool_kids","in_crowd")
166
152
  end
167
153
  end
168
154
  describe "edit_persons_from_policy" do
169
155
  it "should retrieve the list of individuals with edit access from the policy" do
170
- expect(subject.edit_users_from_policy(@policy.pid)).to eq ["julius_caesar"]
156
+ expect(subject.edit_users_from_policy(@policy.id)).to eq ["julius_caesar"]
171
157
  end
172
158
  end
173
159
  describe "read_groups_from_policy" do
174
160
  it "should retrieve the list of groups with read access from the policy" do
175
- result = subject.read_groups_from_policy(@policy.pid)
176
- result.length.should == 3
177
- result.should include("cool_kids", "in_crowd", "africana-faculty")
161
+ result = subject.read_groups_from_policy(@policy.id)
162
+ expect(result.length).to eq 3
163
+ expect(result).to include("cool_kids", "in_crowd", "africana-faculty")
178
164
  end
179
165
  end
180
166
  describe "read_persons_from_policy" do
181
167
  it "should retrieve the list of individuals with read access from the policy" do
182
- expect(subject.read_users_from_policy(@policy.pid)).to eq ["julius_caesar","nero"]
168
+ expect(subject.read_users_from_policy(@policy.id)).to eq ["julius_caesar","nero"]
183
169
  end
184
170
  end
185
171
  end