hydra-access-controls 8.2.0 → 9.0.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.textile +10 -10
- data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
- data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
- data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
- data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
- data/app/models/concerns/hydra/access_controls.rb +0 -1
- data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
- data/app/models/concerns/hydra/rights.rb +15 -0
- data/app/models/hydra/access_controls/access_control_list.rb +17 -0
- data/app/models/hydra/access_controls/embargo.rb +65 -0
- data/app/models/hydra/access_controls/lease.rb +66 -0
- data/app/models/hydra/access_controls/permission.rb +85 -0
- data/app/vocabularies/acl.rb +12 -0
- data/app/vocabularies/hydra/acl.rb +20 -0
- data/config/fedora.yml +4 -2
- data/hydra-access-controls.gemspec +6 -7
- data/lib/hydra/ability.rb +45 -43
- data/lib/hydra/access_controls_enforcement.rb +23 -25
- data/lib/hydra/admin_policy.rb +34 -11
- data/lib/hydra/config.rb +4 -15
- data/lib/hydra/permissions_query.rb +2 -2
- data/lib/hydra/permissions_solr_document.rb +4 -6
- data/lib/hydra/policy_aware_ability.rb +56 -53
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
- data/lib/hydra-access-controls.rb +1 -1
- data/spec/factories.rb +15 -15
- data/spec/services/embargo_service_spec.rb +6 -6
- data/spec/services/lease_service_spec.rb +6 -6
- data/spec/spec_helper.rb +20 -13
- data/spec/support/mods_asset.rb +3 -3
- data/spec/unit/ability_spec.rb +96 -121
- data/spec/unit/access_controls_enforcement_spec.rb +29 -27
- data/spec/unit/access_right_spec.rb +6 -1
- data/spec/unit/accessible_by_spec.rb +14 -5
- data/spec/unit/admin_policy_spec.rb +99 -92
- data/spec/unit/config_spec.rb +14 -15
- data/spec/unit/embargoable_spec.rb +26 -28
- data/spec/unit/permission_spec.rb +36 -16
- data/spec/unit/permissions_spec.rb +121 -65
- data/spec/unit/policy_aware_ability_spec.rb +64 -78
- data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
- data/spec/unit/role_mapper_spec.rb +10 -10
- data/spec/unit/with_access_right_spec.rb +1 -1
- metadata +29 -51
- data/lib/hydra/access_controls/permission.rb +0 -40
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
- data/lib/hydra/datastream/rights_metadata.rb +0 -276
- data/lib/hydra/datastream.rb +0 -7
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
- data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
@@ -1,12 +1,12 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Hydra::PolicyAwareAccessControlsEnforcement do
|
4
|
-
before
|
4
|
+
before do
|
5
5
|
class PolicyMockController
|
6
6
|
include Hydra::AccessControlsEnforcement
|
7
7
|
include Hydra::PolicyAwareAccessControlsEnforcement
|
8
8
|
attr_accessor :params
|
9
|
-
|
9
|
+
|
10
10
|
def current_ability
|
11
11
|
@current_ability ||= Ability.new(current_user)
|
12
12
|
end
|
@@ -16,146 +16,150 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
16
16
|
|
17
17
|
delegate :logger, to: :Rails
|
18
18
|
end
|
19
|
-
|
19
|
+
|
20
20
|
@sample_policies = []
|
21
21
|
# user discover
|
22
|
-
policy1 = Hydra::AdminPolicy.
|
23
|
-
policy1.default_permissions
|
24
|
-
policy1.save
|
22
|
+
policy1 = Hydra::AdminPolicy.create("test-policy1")
|
23
|
+
policy1.default_permissions.create(:type=>"person", :access=>"discover", :name=>"sara_student")
|
24
|
+
policy1.save!
|
25
|
+
|
25
26
|
@sample_policies << policy1
|
26
|
-
|
27
|
+
|
27
28
|
# user read
|
28
|
-
policy2 = Hydra::AdminPolicy.
|
29
|
-
policy2.default_permissions
|
30
|
-
policy2.save
|
29
|
+
policy2 = Hydra::AdminPolicy.create("test-policy2")
|
30
|
+
policy2.default_permissions.create(:type=>"person", :access=>"read", :name=>"sara_student")
|
31
|
+
policy2.save!
|
31
32
|
@sample_policies << policy2
|
32
|
-
|
33
|
+
|
33
34
|
# user edit
|
34
|
-
policy3 = Hydra::AdminPolicy.
|
35
|
-
policy3.default_permissions
|
36
|
-
policy3.save
|
35
|
+
policy3 = Hydra::AdminPolicy.create("test-policy3")
|
36
|
+
policy3.default_permissions.create(:type=>"person", :access=>"edit", :name=>"sara_student")
|
37
|
+
policy3.save!
|
37
38
|
@sample_policies << policy3
|
38
|
-
|
39
|
-
|
39
|
+
|
40
|
+
|
40
41
|
# group discover
|
41
|
-
policy4 = Hydra::AdminPolicy.
|
42
|
-
policy4.default_permissions
|
43
|
-
policy4.save
|
42
|
+
policy4 = Hydra::AdminPolicy.create("test-policy4")
|
43
|
+
policy4.default_permissions.create(:type=>"group", :access=>"discover", :name=>"africana-104-students")
|
44
|
+
policy4.save!
|
44
45
|
@sample_policies << policy4
|
45
|
-
|
46
|
+
|
46
47
|
# group read
|
47
|
-
policy5 = Hydra::AdminPolicy.
|
48
|
-
policy5.default_permissions
|
49
|
-
policy5.save
|
48
|
+
policy5 = Hydra::AdminPolicy.create("test-policy5")
|
49
|
+
policy5.default_permissions.create(:type=>"group", :access=>"read", :name=>"africana-104-students")
|
50
|
+
policy5.save!
|
50
51
|
@sample_policies << policy5
|
51
|
-
|
52
|
+
|
52
53
|
# group edit
|
53
|
-
policy6 = Hydra::AdminPolicy.
|
54
|
-
policy6.default_permissions
|
55
|
-
policy6.save
|
54
|
+
policy6 = Hydra::AdminPolicy.create("test-policy6")
|
55
|
+
policy6.default_permissions.create(:type=>"group", :access=>"edit", :name=>"africana-104-students")
|
56
|
+
policy6.save!
|
56
57
|
@sample_policies << policy6
|
57
|
-
|
58
|
+
|
58
59
|
# public discover
|
59
|
-
policy7 = Hydra::AdminPolicy.create(
|
60
|
-
policy7.default_permissions
|
61
|
-
policy7.save
|
60
|
+
policy7 = Hydra::AdminPolicy.create("test-policy7")
|
61
|
+
policy7.default_permissions.create(:type=>"group", :access=>"discover", :name=>"public")
|
62
|
+
policy7.save!
|
62
63
|
@sample_policies << policy7
|
63
|
-
|
64
|
+
|
64
65
|
# public read
|
65
|
-
policy8 = Hydra::AdminPolicy.create(
|
66
|
-
policy8.default_permissions
|
67
|
-
policy8.save
|
66
|
+
policy8 = Hydra::AdminPolicy.create("test-policy8")
|
67
|
+
policy8.default_permissions.create(:type=>"group", :access=>"read", :name=>"public")
|
68
|
+
policy8.save!
|
68
69
|
@sample_policies << policy8
|
69
70
|
|
70
71
|
# user discover policies for testing that all are applied when over 10 are applicable
|
71
72
|
(9..11).each do |i|
|
72
|
-
policy = Hydra::AdminPolicy.create(
|
73
|
-
policy.default_permissions
|
74
|
-
policy.save
|
73
|
+
policy = Hydra::AdminPolicy.create("test-policy#{i}")
|
74
|
+
policy.default_permissions.create(:type=>"person", :access=>"discover", :name=>"sara_student")
|
75
|
+
policy.save!
|
75
76
|
@sample_policies << policy
|
76
77
|
end
|
77
78
|
|
78
|
-
# no access
|
79
|
-
policy_no_access = Hydra::AdminPolicy.
|
80
|
-
|
79
|
+
# no access
|
80
|
+
policy_no_access = Hydra::AdminPolicy.new("test-policy_no_access")
|
81
|
+
policy_no_access.save!
|
81
82
|
|
82
|
-
@
|
83
|
-
|
84
|
-
|
85
|
-
after(:all) do
|
86
|
-
@sample_policies.each {|p| p.delete }
|
83
|
+
@sample_policies << policy_no_access
|
84
|
+
@policies_with_access = @sample_policies.select { |p| p.id != policy_no_access.id }
|
87
85
|
end
|
88
|
-
|
86
|
+
|
89
87
|
subject { PolicyMockController.new }
|
90
|
-
|
88
|
+
|
91
89
|
before do
|
92
90
|
@solr_parameters = {}
|
91
|
+
@user_parameters = {}
|
93
92
|
@user = FactoryGirl.build(:sara_student)
|
94
93
|
end
|
95
|
-
|
94
|
+
|
96
95
|
describe "policies_with_access" do
|
97
96
|
context "Authenticated user" do
|
98
97
|
before do
|
99
|
-
RoleMapper.
|
100
|
-
subject.
|
98
|
+
allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
|
99
|
+
allow(subject).to receive(:current_user).and_return(@user)
|
101
100
|
end
|
102
101
|
it "should return the policies that provide discover permissions" do
|
103
|
-
@policies_with_access.map {|p| p.
|
104
|
-
subject.policies_with_access.
|
102
|
+
@policies_with_access.map {|p| p.id }.each do |p|
|
103
|
+
expect(subject.policies_with_access).to include(p)
|
105
104
|
end
|
106
|
-
subject.policies_with_access.
|
105
|
+
expect(subject.policies_with_access).to_not include("test-policy_no_access")
|
107
106
|
end
|
108
107
|
it "should allow you to configure which model to use for policies" do
|
109
|
-
Hydra.
|
110
|
-
ModsAsset.
|
108
|
+
allow(Hydra.config.permissions).to receive(:policy_class).and_return(ModsAsset)
|
109
|
+
expect(ModsAsset).to receive(:find_with_conditions).and_return([])
|
111
110
|
subject.policies_with_access
|
112
111
|
end
|
113
112
|
end
|
114
113
|
context "Anonymous user" do
|
115
|
-
before { subject.
|
114
|
+
before { allow(subject).to receive(:current_user).and_return(nil) }
|
116
115
|
it "should return the policies that provide discover permissions" do
|
117
|
-
subject.policies_with_access.
|
116
|
+
expect(subject.policies_with_access).to match_array ["test-policy7", "test-policy8"]
|
118
117
|
end
|
119
118
|
end
|
120
119
|
end
|
121
|
-
|
120
|
+
|
122
121
|
describe "apply_gated_discovery" do
|
123
122
|
before do
|
124
|
-
RoleMapper.
|
125
|
-
subject.
|
123
|
+
allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
|
124
|
+
allow(subject).to receive(:current_user).and_return(@user)
|
126
125
|
end
|
126
|
+
|
127
127
|
it "should include policy-aware query" do
|
128
128
|
# stubbing out policies_with_access because solr doesn't always return them in the same order.
|
129
|
-
|
130
|
-
subject.
|
131
|
-
subject.apply_gated_discovery(@solr_parameters)
|
132
|
-
governed_field = ActiveFedora::
|
133
|
-
@solr_parameters[:fq].first.
|
129
|
+
policy_ids = (1..8).map {|n| "test:policy#{n}"}
|
130
|
+
expect(subject).to receive(:policies_with_access).and_return(policy_ids)
|
131
|
+
subject.apply_gated_discovery(@solr_parameters, @user_parameters)
|
132
|
+
governed_field = ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)
|
133
|
+
expect(@solr_parameters[:fq].first).to include(" OR (_query_:\"{!raw f=#{governed_field}}info:fedora/test:policy1\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy2\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy3\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy4\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy5\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy6\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy7\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy8\")")
|
134
134
|
end
|
135
|
+
|
135
136
|
it "should not change anything if there are no clauses to add" do
|
136
|
-
subject.
|
137
|
-
subject.apply_gated_discovery(@solr_parameters)
|
138
|
-
@solr_parameters[:fq].first.
|
137
|
+
allow(subject).to receive(:policy_clauses).and_return(nil)
|
138
|
+
subject.apply_gated_discovery(@solr_parameters, @user_parameters)
|
139
|
+
expect(@solr_parameters[:fq].first).to_not include(" OR (#{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy1 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy2 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy3 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy4 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy5 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy6 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy7 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy8)")
|
139
140
|
end
|
140
141
|
end
|
141
142
|
|
142
143
|
describe "apply_policy_role_permissions" do
|
144
|
+
before do
|
145
|
+
allow(subject).to receive(:current_user).and_return(@user)
|
146
|
+
end
|
147
|
+
|
143
148
|
it "should escape slashes in the group names" do
|
144
|
-
RoleMapper.
|
145
|
-
subject.stub(:current_user).and_return(@user)
|
149
|
+
allow(RoleMapper).to receive(:roles).with(@user).and_return(["abc/123","cde/567"])
|
146
150
|
user_access_filters = subject.apply_policy_group_permissions
|
147
151
|
["edit","discover","read"].each do |type|
|
148
|
-
user_access_filters.
|
149
|
-
user_access_filters.
|
152
|
+
expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:abc\\\/123")
|
153
|
+
expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:cde\\\/567")
|
150
154
|
end
|
151
155
|
end
|
156
|
+
|
152
157
|
it "should escape spaces in the group names" do
|
153
|
-
RoleMapper.
|
154
|
-
subject.stub(:current_user).and_return(@user)
|
158
|
+
allow(RoleMapper).to receive(:roles).with(@user).and_return(["abc 123","cd/e 567"])
|
155
159
|
user_access_filters = subject.apply_policy_group_permissions
|
156
160
|
["edit","discover","read"].each do |type|
|
157
|
-
user_access_filters.
|
158
|
-
user_access_filters.
|
161
|
+
expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:abc\\ 123")
|
162
|
+
expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:cd\\\/e\\ 567")
|
159
163
|
end
|
160
164
|
end
|
161
165
|
end
|
@@ -2,27 +2,27 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe RoleMapper do
|
4
4
|
it "should define the 4 roles" do
|
5
|
-
RoleMapper.role_names.sort.
|
5
|
+
expect(RoleMapper.role_names.sort).to eq %w(admin_policy_object_editor archivist donor patron researcher)
|
6
6
|
end
|
7
7
|
it "should quer[iy]able for roles for a given user" do
|
8
|
-
RoleMapper.roles('leland_himself@example.com').sort.
|
9
|
-
RoleMapper.roles('archivist2@example.com').
|
8
|
+
expect(RoleMapper.roles('leland_himself@example.com').sort).to eq ['archivist', 'donor', 'patron']
|
9
|
+
expect(RoleMapper.roles('archivist2@example.com')).to eq ['archivist']
|
10
10
|
end
|
11
11
|
|
12
12
|
it "should not change it's response when it's called repeatedly" do
|
13
13
|
u = User.new(:uid=>'leland_himself@example.com')
|
14
|
-
u.
|
15
|
-
RoleMapper.roles(u).sort.
|
16
|
-
RoleMapper.roles(u).sort.
|
14
|
+
allow(u).to receive(:new_record?).and_return(false)
|
15
|
+
expect(RoleMapper.roles(u).sort).to eq ['archivist', 'donor', 'patron', "registered"]
|
16
|
+
expect(RoleMapper.roles(u).sort).to eq ['archivist', 'donor', 'patron', "registered"]
|
17
17
|
end
|
18
18
|
|
19
19
|
it "should return an empty array if there are no roles" do
|
20
|
-
RoleMapper.roles('zeus@olympus.mt').
|
20
|
+
expect(RoleMapper.roles('zeus@olympus.mt')).to be_empty
|
21
21
|
end
|
22
22
|
it "should know who is what" do
|
23
|
-
RoleMapper.whois('archivist').sort.
|
24
|
-
RoleMapper.whois('salesman').
|
25
|
-
RoleMapper.whois('admin_policy_object_editor').sort.
|
23
|
+
expect(RoleMapper.whois('archivist').sort).to eq %w(archivist1@example.com archivist2@example.com leland_himself@example.com)
|
24
|
+
expect(RoleMapper.whois('salesman')).to be_empty
|
25
|
+
expect(RoleMapper.whois('admin_policy_object_editor').sort).to eq %w(archivist1@example.com)
|
26
26
|
end
|
27
27
|
|
28
28
|
end
|
@@ -34,7 +34,7 @@ describe "WithAccessRight" do
|
|
34
34
|
end
|
35
35
|
|
36
36
|
context "persisted" do
|
37
|
-
before { subject.
|
37
|
+
before { allow(subject).to receive(:persisted?).and_return(true) }
|
38
38
|
context "when it is public" do
|
39
39
|
before do
|
40
40
|
subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hydra-access-controls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 9.0.0.beta1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Beer
|
@@ -10,98 +10,78 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2014-12-03 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: activesupport
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
18
18
|
requirements:
|
19
|
-
- - "
|
19
|
+
- - ">="
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: '
|
21
|
+
version: '0'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
|
-
- - "
|
26
|
+
- - ">="
|
27
27
|
- !ruby/object:Gem::Version
|
28
|
-
version: '
|
28
|
+
version: '0'
|
29
29
|
- !ruby/object:Gem::Dependency
|
30
30
|
name: active-fedora
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
32
32
|
requirements:
|
33
33
|
- - "~>"
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version:
|
35
|
+
version: 9.0.0.beta3
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - "~>"
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version:
|
42
|
+
version: 9.0.0.beta3
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
|
-
name:
|
44
|
+
name: cancancan
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
46
46
|
requirements:
|
47
|
-
- - "~>"
|
48
|
-
- !ruby/object:Gem::Version
|
49
|
-
version: '3.0'
|
50
47
|
- - ">="
|
51
48
|
- !ruby/object:Gem::Version
|
52
|
-
version:
|
49
|
+
version: '0'
|
53
50
|
type: :runtime
|
54
51
|
prerelease: false
|
55
52
|
version_requirements: !ruby/object:Gem::Requirement
|
56
53
|
requirements:
|
57
|
-
- - "~>"
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
version: '3.0'
|
60
54
|
- - ">="
|
61
55
|
- !ruby/object:Gem::Version
|
62
|
-
version:
|
63
|
-
- !ruby/object:Gem::Dependency
|
64
|
-
name: cancancan
|
65
|
-
requirement: !ruby/object:Gem::Requirement
|
66
|
-
requirements:
|
67
|
-
- - "~>"
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '1.8'
|
70
|
-
type: :runtime
|
71
|
-
prerelease: false
|
72
|
-
version_requirements: !ruby/object:Gem::Requirement
|
73
|
-
requirements:
|
74
|
-
- - "~>"
|
75
|
-
- !ruby/object:Gem::Version
|
76
|
-
version: '1.8'
|
56
|
+
version: '0'
|
77
57
|
- !ruby/object:Gem::Dependency
|
78
58
|
name: deprecation
|
79
59
|
requirement: !ruby/object:Gem::Requirement
|
80
60
|
requirements:
|
81
|
-
- - "
|
61
|
+
- - ">="
|
82
62
|
- !ruby/object:Gem::Version
|
83
|
-
version: '0
|
63
|
+
version: '0'
|
84
64
|
type: :runtime
|
85
65
|
prerelease: false
|
86
66
|
version_requirements: !ruby/object:Gem::Requirement
|
87
67
|
requirements:
|
88
|
-
- - "
|
68
|
+
- - ">="
|
89
69
|
- !ruby/object:Gem::Version
|
90
|
-
version: '0
|
70
|
+
version: '0'
|
91
71
|
- !ruby/object:Gem::Dependency
|
92
72
|
name: blacklight
|
93
73
|
requirement: !ruby/object:Gem::Requirement
|
94
74
|
requirements:
|
95
75
|
- - "~>"
|
96
76
|
- !ruby/object:Gem::Version
|
97
|
-
version: '5.
|
77
|
+
version: '5.3'
|
98
78
|
type: :runtime
|
99
79
|
prerelease: false
|
100
80
|
version_requirements: !ruby/object:Gem::Requirement
|
101
81
|
requirements:
|
102
82
|
- - "~>"
|
103
83
|
- !ruby/object:Gem::Version
|
104
|
-
version: '5.
|
84
|
+
version: '5.3'
|
105
85
|
- !ruby/object:Gem::Dependency
|
106
86
|
name: sass-rails
|
107
87
|
requirement: !ruby/object:Gem::Requirement
|
@@ -162,10 +142,17 @@ files:
|
|
162
142
|
- app/models/concerns/hydra/access_controls/visibility.rb
|
163
143
|
- app/models/concerns/hydra/access_controls/with_access_right.rb
|
164
144
|
- app/models/concerns/hydra/admin_policy_behavior.rb
|
145
|
+
- app/models/concerns/hydra/rights.rb
|
146
|
+
- app/models/hydra/access_controls/access_control_list.rb
|
147
|
+
- app/models/hydra/access_controls/embargo.rb
|
148
|
+
- app/models/hydra/access_controls/lease.rb
|
149
|
+
- app/models/hydra/access_controls/permission.rb
|
165
150
|
- app/models/role_mapper.rb
|
166
151
|
- app/services/hydra/embargo_service.rb
|
167
152
|
- app/services/hydra/lease_service.rb
|
168
153
|
- app/validators/hydra/future_date_validator.rb
|
154
|
+
- app/vocabularies/acl.rb
|
155
|
+
- app/vocabularies/hydra/acl.rb
|
169
156
|
- config/fedora.yml
|
170
157
|
- config/locales/hydra-access-controls.en.yml
|
171
158
|
- config/solr.yml
|
@@ -173,13 +160,9 @@ files:
|
|
173
160
|
- lib/active_fedora/accessible_by.rb
|
174
161
|
- lib/hydra-access-controls.rb
|
175
162
|
- lib/hydra/ability.rb
|
176
|
-
- lib/hydra/access_controls/permission.rb
|
177
163
|
- lib/hydra/access_controls_enforcement.rb
|
178
164
|
- lib/hydra/admin_policy.rb
|
179
165
|
- lib/hydra/config.rb
|
180
|
-
- lib/hydra/datastream.rb
|
181
|
-
- lib/hydra/datastream/inheritable_rights_metadata.rb
|
182
|
-
- lib/hydra/datastream/rights_metadata.rb
|
183
166
|
- lib/hydra/permissions_cache.rb
|
184
167
|
- lib/hydra/permissions_query.rb
|
185
168
|
- lib/hydra/permissions_solr_document.rb
|
@@ -204,9 +187,6 @@ files:
|
|
204
187
|
- spec/unit/admin_policy_spec.rb
|
205
188
|
- spec/unit/config_spec.rb
|
206
189
|
- spec/unit/embargoable_spec.rb
|
207
|
-
- spec/unit/hydra_rights_metadata_persistence_spec.rb
|
208
|
-
- spec/unit/hydra_rights_metadata_spec.rb
|
209
|
-
- spec/unit/inheritable_rights_metadata_spec.rb
|
210
190
|
- spec/unit/permission_spec.rb
|
211
191
|
- spec/unit/permissions_spec.rb
|
212
192
|
- spec/unit/policy_aware_ability_spec.rb
|
@@ -228,15 +208,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
228
208
|
requirements:
|
229
209
|
- - ">="
|
230
210
|
- !ruby/object:Gem::Version
|
231
|
-
version:
|
211
|
+
version: 1.9.3
|
232
212
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
233
213
|
requirements:
|
234
|
-
- - "
|
214
|
+
- - ">"
|
235
215
|
- !ruby/object:Gem::Version
|
236
|
-
version:
|
216
|
+
version: 1.3.1
|
237
217
|
requirements: []
|
238
218
|
rubyforge_project:
|
239
|
-
rubygems_version: 2.
|
219
|
+
rubygems_version: 2.2.2
|
240
220
|
signing_key:
|
241
221
|
specification_version: 4
|
242
222
|
summary: Access controls for project hydra
|
@@ -258,9 +238,6 @@ test_files:
|
|
258
238
|
- spec/unit/admin_policy_spec.rb
|
259
239
|
- spec/unit/config_spec.rb
|
260
240
|
- spec/unit/embargoable_spec.rb
|
261
|
-
- spec/unit/hydra_rights_metadata_persistence_spec.rb
|
262
|
-
- spec/unit/hydra_rights_metadata_spec.rb
|
263
|
-
- spec/unit/inheritable_rights_metadata_spec.rb
|
264
241
|
- spec/unit/permission_spec.rb
|
265
242
|
- spec/unit/permissions_spec.rb
|
266
243
|
- spec/unit/policy_aware_ability_spec.rb
|
@@ -269,3 +246,4 @@ test_files:
|
|
269
246
|
- spec/unit/visibility_spec.rb
|
270
247
|
- spec/unit/with_access_right_spec.rb
|
271
248
|
- spec/validators/future_date_validator_spec.rb
|
249
|
+
has_rdoc:
|
@@ -1,40 +0,0 @@
|
|
1
|
-
module Hydra::AccessControls
|
2
|
-
class Permission
|
3
|
-
def initialize(args)
|
4
|
-
@vals = {name: args[:name], access: args[:access], type: args[:type]}
|
5
|
-
end
|
6
|
-
|
7
|
-
def persisted?
|
8
|
-
false
|
9
|
-
end
|
10
|
-
|
11
|
-
def to_hash
|
12
|
-
@vals
|
13
|
-
end
|
14
|
-
|
15
|
-
def [] var
|
16
|
-
to_hash[var]
|
17
|
-
end
|
18
|
-
|
19
|
-
def name
|
20
|
-
self[:name]
|
21
|
-
end
|
22
|
-
|
23
|
-
def access
|
24
|
-
self[:access]
|
25
|
-
end
|
26
|
-
|
27
|
-
def type
|
28
|
-
self[:type]
|
29
|
-
end
|
30
|
-
|
31
|
-
def _destroy
|
32
|
-
false
|
33
|
-
end
|
34
|
-
|
35
|
-
def == other
|
36
|
-
other.is_a?(Permission) && self.name == other.name && self.type == other.type && self.access == other.access
|
37
|
-
end
|
38
|
-
|
39
|
-
end
|
40
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require 'active_support/core_ext/string'
|
2
|
-
module Hydra
|
3
|
-
module Datastream
|
4
|
-
# Implements Hydra RightsMetadata XML terminology for asserting access permissions
|
5
|
-
class InheritableRightsMetadata < Hydra::Datastream::RightsMetadata
|
6
|
-
|
7
|
-
@terminology = Hydra::Datastream::RightsMetadata.terminology
|
8
|
-
|
9
|
-
def to_solr(solr_doc=Hash.new)
|
10
|
-
[:discover, :read, :edit].each do |access|
|
11
|
-
solr_doc[Hydra.config[:permissions][:inheritable][access][:group]] = send("#{access}_access").machine.group
|
12
|
-
solr_doc[Hydra.config[:permissions][:inheritable][access][:individual]] = send("#{access}_access").machine.person
|
13
|
-
end
|
14
|
-
if embargo_release_date.present?
|
15
|
-
key = Hydra.config.permissions.inheritable.embargo.release_date.sub(/_[^_]+$/, '') #Strip off the suffix
|
16
|
-
::Solrizer.insert_field(solr_doc, key, embargo_release_date, :stored_sortable)
|
17
|
-
end
|
18
|
-
return solr_doc
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|