hydra-access-controls 8.2.0 → 9.0.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/README.textile +10 -10
  3. data/app/models/concerns/hydra/access_controls/access_right.rb +3 -2
  4. data/app/models/concerns/hydra/access_controls/embargoable.rb +120 -132
  5. data/app/models/concerns/hydra/access_controls/permissions.rb +137 -103
  6. data/app/models/concerns/hydra/access_controls/visibility.rb +3 -5
  7. data/app/models/concerns/hydra/access_controls.rb +0 -1
  8. data/app/models/concerns/hydra/admin_policy_behavior.rb +27 -2
  9. data/app/models/concerns/hydra/rights.rb +15 -0
  10. data/app/models/hydra/access_controls/access_control_list.rb +17 -0
  11. data/app/models/hydra/access_controls/embargo.rb +65 -0
  12. data/app/models/hydra/access_controls/lease.rb +66 -0
  13. data/app/models/hydra/access_controls/permission.rb +85 -0
  14. data/app/vocabularies/acl.rb +12 -0
  15. data/app/vocabularies/hydra/acl.rb +20 -0
  16. data/config/fedora.yml +4 -2
  17. data/hydra-access-controls.gemspec +6 -7
  18. data/lib/hydra/ability.rb +45 -43
  19. data/lib/hydra/access_controls_enforcement.rb +23 -25
  20. data/lib/hydra/admin_policy.rb +34 -11
  21. data/lib/hydra/config.rb +4 -15
  22. data/lib/hydra/permissions_query.rb +2 -2
  23. data/lib/hydra/permissions_solr_document.rb +4 -6
  24. data/lib/hydra/policy_aware_ability.rb +56 -53
  25. data/lib/hydra/policy_aware_access_controls_enforcement.rb +28 -18
  26. data/lib/hydra-access-controls.rb +1 -1
  27. data/spec/factories.rb +15 -15
  28. data/spec/services/embargo_service_spec.rb +6 -6
  29. data/spec/services/lease_service_spec.rb +6 -6
  30. data/spec/spec_helper.rb +20 -13
  31. data/spec/support/mods_asset.rb +3 -3
  32. data/spec/unit/ability_spec.rb +96 -121
  33. data/spec/unit/access_controls_enforcement_spec.rb +29 -27
  34. data/spec/unit/access_right_spec.rb +6 -1
  35. data/spec/unit/accessible_by_spec.rb +14 -5
  36. data/spec/unit/admin_policy_spec.rb +99 -92
  37. data/spec/unit/config_spec.rb +14 -15
  38. data/spec/unit/embargoable_spec.rb +26 -28
  39. data/spec/unit/permission_spec.rb +36 -16
  40. data/spec/unit/permissions_spec.rb +121 -65
  41. data/spec/unit/policy_aware_ability_spec.rb +64 -78
  42. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +81 -77
  43. data/spec/unit/role_mapper_spec.rb +10 -10
  44. data/spec/unit/with_access_right_spec.rb +1 -1
  45. metadata +29 -51
  46. data/lib/hydra/access_controls/permission.rb +0 -40
  47. data/lib/hydra/datastream/inheritable_rights_metadata.rb +0 -22
  48. data/lib/hydra/datastream/rights_metadata.rb +0 -276
  49. data/lib/hydra/datastream.rb +0 -7
  50. data/spec/unit/hydra_rights_metadata_persistence_spec.rb +0 -71
  51. data/spec/unit/hydra_rights_metadata_spec.rb +0 -301
  52. data/spec/unit/inheritable_rights_metadata_spec.rb +0 -65
@@ -1,12 +1,12 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Hydra::PolicyAwareAccessControlsEnforcement do
4
- before(:all) do
4
+ before do
5
5
  class PolicyMockController
6
6
  include Hydra::AccessControlsEnforcement
7
7
  include Hydra::PolicyAwareAccessControlsEnforcement
8
8
  attr_accessor :params
9
-
9
+
10
10
  def current_ability
11
11
  @current_ability ||= Ability.new(current_user)
12
12
  end
@@ -16,146 +16,150 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
16
16
 
17
17
  delegate :logger, to: :Rails
18
18
  end
19
-
19
+
20
20
  @sample_policies = []
21
21
  # user discover
22
- policy1 = Hydra::AdminPolicy.new(:pid=>"test:policy1")
23
- policy1.default_permissions = [{:type=>"user", :access=>"discover", :name=>"sara_student"}]
24
- policy1.save
22
+ policy1 = Hydra::AdminPolicy.create("test-policy1")
23
+ policy1.default_permissions.create(:type=>"person", :access=>"discover", :name=>"sara_student")
24
+ policy1.save!
25
+
25
26
  @sample_policies << policy1
26
-
27
+
27
28
  # user read
28
- policy2 = Hydra::AdminPolicy.new(:pid=>"test:policy2")
29
- policy2.default_permissions = [{:type=>"user", :access=>"read", :name=>"sara_student"}]
30
- policy2.save
29
+ policy2 = Hydra::AdminPolicy.create("test-policy2")
30
+ policy2.default_permissions.create(:type=>"person", :access=>"read", :name=>"sara_student")
31
+ policy2.save!
31
32
  @sample_policies << policy2
32
-
33
+
33
34
  # user edit
34
- policy3 = Hydra::AdminPolicy.new(:pid=>"test:policy3")
35
- policy3.default_permissions = [{:type=>"user", :access=>"edit", :name=>"sara_student"}]
36
- policy3.save
35
+ policy3 = Hydra::AdminPolicy.create("test-policy3")
36
+ policy3.default_permissions.create(:type=>"person", :access=>"edit", :name=>"sara_student")
37
+ policy3.save!
37
38
  @sample_policies << policy3
38
-
39
-
39
+
40
+
40
41
  # group discover
41
- policy4 = Hydra::AdminPolicy.new(:pid=>"test:policy4")
42
- policy4.default_permissions = [{:type=>"group", :access=>"discover", :name=>"africana-104-students"}]
43
- policy4.save
42
+ policy4 = Hydra::AdminPolicy.create("test-policy4")
43
+ policy4.default_permissions.create(:type=>"group", :access=>"discover", :name=>"africana-104-students")
44
+ policy4.save!
44
45
  @sample_policies << policy4
45
-
46
+
46
47
  # group read
47
- policy5 = Hydra::AdminPolicy.new(:pid=>"test:policy5")
48
- policy5.default_permissions = [{:type=>"group", :access=>"read", :name=>"africana-104-students"}]
49
- policy5.save
48
+ policy5 = Hydra::AdminPolicy.create("test-policy5")
49
+ policy5.default_permissions.create(:type=>"group", :access=>"read", :name=>"africana-104-students")
50
+ policy5.save!
50
51
  @sample_policies << policy5
51
-
52
+
52
53
  # group edit
53
- policy6 = Hydra::AdminPolicy.new(:pid=>"test:policy6")
54
- policy6.default_permissions = [{:type=>"group", :access=>"edit", :name=>"africana-104-students"}]
55
- policy6.save
54
+ policy6 = Hydra::AdminPolicy.create("test-policy6")
55
+ policy6.default_permissions.create(:type=>"group", :access=>"edit", :name=>"africana-104-students")
56
+ policy6.save!
56
57
  @sample_policies << policy6
57
-
58
+
58
59
  # public discover
59
- policy7 = Hydra::AdminPolicy.create(:pid => "test:policy7")
60
- policy7.default_permissions = [{:type=>"group", :access=>"discover", :name=>"public"}]
61
- policy7.save
60
+ policy7 = Hydra::AdminPolicy.create("test-policy7")
61
+ policy7.default_permissions.create(:type=>"group", :access=>"discover", :name=>"public")
62
+ policy7.save!
62
63
  @sample_policies << policy7
63
-
64
+
64
65
  # public read
65
- policy8 = Hydra::AdminPolicy.create(:pid => "test:policy8")
66
- policy8.default_permissions = [{:type=>"group", :access=>"read", :name=>"public"}]
67
- policy8.save
66
+ policy8 = Hydra::AdminPolicy.create("test-policy8")
67
+ policy8.default_permissions.create(:type=>"group", :access=>"read", :name=>"public")
68
+ policy8.save!
68
69
  @sample_policies << policy8
69
70
 
70
71
  # user discover policies for testing that all are applied when over 10 are applicable
71
72
  (9..11).each do |i|
72
- policy = Hydra::AdminPolicy.create(:pid => "test:policy#{i}")
73
- policy.default_permissions = [{:type=>"user", :access=>"discover", :name=>"sara_student"}]
74
- policy.save
73
+ policy = Hydra::AdminPolicy.create("test-policy#{i}")
74
+ policy.default_permissions.create(:type=>"person", :access=>"discover", :name=>"sara_student")
75
+ policy.save!
75
76
  @sample_policies << policy
76
77
  end
77
78
 
78
- # no access
79
- policy_no_access = Hydra::AdminPolicy.create(:pid=>"test:policy_no_access")
80
- @sample_policies << policy_no_access
79
+ # no access
80
+ policy_no_access = Hydra::AdminPolicy.new("test-policy_no_access")
81
+ policy_no_access.save!
81
82
 
82
- @policies_with_access = @sample_policies.select { |p| p.pid != policy_no_access.pid }
83
- end
84
-
85
- after(:all) do
86
- @sample_policies.each {|p| p.delete }
83
+ @sample_policies << policy_no_access
84
+ @policies_with_access = @sample_policies.select { |p| p.id != policy_no_access.id }
87
85
  end
88
-
86
+
89
87
  subject { PolicyMockController.new }
90
-
88
+
91
89
  before do
92
90
  @solr_parameters = {}
91
+ @user_parameters = {}
93
92
  @user = FactoryGirl.build(:sara_student)
94
93
  end
95
-
94
+
96
95
  describe "policies_with_access" do
97
96
  context "Authenticated user" do
98
97
  before do
99
- RoleMapper.stub(:roles).with(@user).and_return(@user.roles)
100
- subject.stub(:current_user).and_return(@user)
98
+ allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
99
+ allow(subject).to receive(:current_user).and_return(@user)
101
100
  end
102
101
  it "should return the policies that provide discover permissions" do
103
- @policies_with_access.map {|p| p.pid }.each do |p|
104
- subject.policies_with_access.should include(p)
102
+ @policies_with_access.map {|p| p.id }.each do |p|
103
+ expect(subject.policies_with_access).to include(p)
105
104
  end
106
- subject.policies_with_access.should_not include("test:policy_no_access")
105
+ expect(subject.policies_with_access).to_not include("test-policy_no_access")
107
106
  end
108
107
  it "should allow you to configure which model to use for policies" do
109
- Hydra.stub(:config).and_return( {:permissions=>{:policy_class => ModsAsset}} )
110
- ModsAsset.should_receive(:find_with_conditions).and_return([])
108
+ allow(Hydra.config.permissions).to receive(:policy_class).and_return(ModsAsset)
109
+ expect(ModsAsset).to receive(:find_with_conditions).and_return([])
111
110
  subject.policies_with_access
112
111
  end
113
112
  end
114
113
  context "Anonymous user" do
115
- before { subject.stub(:current_user).and_return(nil) }
114
+ before { allow(subject).to receive(:current_user).and_return(nil) }
116
115
  it "should return the policies that provide discover permissions" do
117
- subject.policies_with_access.should match_array ["test:policy7", "test:policy8"]
116
+ expect(subject.policies_with_access).to match_array ["test-policy7", "test-policy8"]
118
117
  end
119
118
  end
120
119
  end
121
-
120
+
122
121
  describe "apply_gated_discovery" do
123
122
  before do
124
- RoleMapper.stub(:roles).with(@user).and_return(@user.roles)
125
- subject.stub(:current_user).and_return(@user)
123
+ allow(RoleMapper).to receive(:roles).with(@user).and_return(@user.roles)
124
+ allow(subject).to receive(:current_user).and_return(@user)
126
125
  end
126
+
127
127
  it "should include policy-aware query" do
128
128
  # stubbing out policies_with_access because solr doesn't always return them in the same order.
129
- policy_pids = (1..8).map {|n| "test:policy#{n}"}
130
- subject.should_receive(:policies_with_access).and_return(policy_pids)
131
- subject.apply_gated_discovery(@solr_parameters)
132
- governed_field = ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)
133
- @solr_parameters[:fq].first.should include(" OR (_query_:\"{!raw f=#{governed_field}}info:fedora/test:policy1\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy2\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy3\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy4\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy5\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy6\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy7\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy8\")")
129
+ policy_ids = (1..8).map {|n| "test:policy#{n}"}
130
+ expect(subject).to receive(:policies_with_access).and_return(policy_ids)
131
+ subject.apply_gated_discovery(@solr_parameters, @user_parameters)
132
+ governed_field = ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)
133
+ expect(@solr_parameters[:fq].first).to include(" OR (_query_:\"{!raw f=#{governed_field}}info:fedora/test:policy1\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy2\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy3\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy4\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy5\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy6\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy7\" OR _query_:\"{!raw f=#{governed_field}}info:fedora/test:policy8\")")
134
134
  end
135
+
135
136
  it "should not change anything if there are no clauses to add" do
136
- subject.stub(:policy_clauses).and_return(nil)
137
- subject.apply_gated_discovery(@solr_parameters)
138
- @solr_parameters[:fq].first.should_not include(" OR (#{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy1 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy2 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy3 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy4 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy5 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy6 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy7 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy8)")
137
+ allow(subject).to receive(:policy_clauses).and_return(nil)
138
+ subject.apply_gated_discovery(@solr_parameters, @user_parameters)
139
+ expect(@solr_parameters[:fq].first).to_not include(" OR (#{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy1 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy2 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy3 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy4 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy5 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy6 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy7 OR #{ActiveFedora::SolrQueryBuilder.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy8)")
139
140
  end
140
141
  end
141
142
 
142
143
  describe "apply_policy_role_permissions" do
144
+ before do
145
+ allow(subject).to receive(:current_user).and_return(@user)
146
+ end
147
+
143
148
  it "should escape slashes in the group names" do
144
- RoleMapper.stub(:roles).with(@user).and_return(["abc/123","cde/567"])
145
- subject.stub(:current_user).and_return(@user)
149
+ allow(RoleMapper).to receive(:roles).with(@user).and_return(["abc/123","cde/567"])
146
150
  user_access_filters = subject.apply_policy_group_permissions
147
151
  ["edit","discover","read"].each do |type|
148
- user_access_filters.should include("#{ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer )}\:abc\\\/123")
149
- user_access_filters.should include("#{ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer )}\:cde\\\/567")
152
+ expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:abc\\\/123")
153
+ expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:cde\\\/567")
150
154
  end
151
155
  end
156
+
152
157
  it "should escape spaces in the group names" do
153
- RoleMapper.stub(:roles).with(@user).and_return(["abc 123","cd/e 567"])
154
- subject.stub(:current_user).and_return(@user)
158
+ allow(RoleMapper).to receive(:roles).with(@user).and_return(["abc 123","cd/e 567"])
155
159
  user_access_filters = subject.apply_policy_group_permissions
156
160
  ["edit","discover","read"].each do |type|
157
- user_access_filters.should include("#{ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer )}\:abc\\ 123")
158
- user_access_filters.should include("#{ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer )}\:cd\\\/e\\ 567")
161
+ expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:abc\\ 123")
162
+ expect(user_access_filters).to include("inheritable_#{type}_access_group_ssim\:cd\\\/e\\ 567")
159
163
  end
160
164
  end
161
165
  end
@@ -2,27 +2,27 @@ require 'spec_helper'
2
2
 
3
3
  describe RoleMapper do
4
4
  it "should define the 4 roles" do
5
- RoleMapper.role_names.sort.should == %w(admin_policy_object_editor archivist donor patron researcher)
5
+ expect(RoleMapper.role_names.sort).to eq %w(admin_policy_object_editor archivist donor patron researcher)
6
6
  end
7
7
  it "should quer[iy]able for roles for a given user" do
8
- RoleMapper.roles('leland_himself@example.com').sort.should == ['archivist', 'donor', 'patron']
9
- RoleMapper.roles('archivist2@example.com').should == ['archivist']
8
+ expect(RoleMapper.roles('leland_himself@example.com').sort).to eq ['archivist', 'donor', 'patron']
9
+ expect(RoleMapper.roles('archivist2@example.com')).to eq ['archivist']
10
10
  end
11
11
 
12
12
  it "should not change it's response when it's called repeatedly" do
13
13
  u = User.new(:uid=>'leland_himself@example.com')
14
- u.stub(:new_record?).and_return(false)
15
- RoleMapper.roles(u).sort.should == ['archivist', 'donor', 'patron', "registered"]
16
- RoleMapper.roles(u).sort.should == ['archivist', 'donor', 'patron', "registered"]
14
+ allow(u).to receive(:new_record?).and_return(false)
15
+ expect(RoleMapper.roles(u).sort).to eq ['archivist', 'donor', 'patron', "registered"]
16
+ expect(RoleMapper.roles(u).sort).to eq ['archivist', 'donor', 'patron', "registered"]
17
17
  end
18
18
 
19
19
  it "should return an empty array if there are no roles" do
20
- RoleMapper.roles('zeus@olympus.mt').empty?.should == true
20
+ expect(RoleMapper.roles('zeus@olympus.mt')).to be_empty
21
21
  end
22
22
  it "should know who is what" do
23
- RoleMapper.whois('archivist').sort.should == %w(archivist1@example.com archivist2@example.com leland_himself@example.com)
24
- RoleMapper.whois('salesman').empty?.should == true
25
- RoleMapper.whois('admin_policy_object_editor').sort.should == %w(archivist1@example.com)
23
+ expect(RoleMapper.whois('archivist').sort).to eq %w(archivist1@example.com archivist2@example.com leland_himself@example.com)
24
+ expect(RoleMapper.whois('salesman')).to be_empty
25
+ expect(RoleMapper.whois('admin_policy_object_editor').sort).to eq %w(archivist1@example.com)
26
26
  end
27
27
 
28
28
  end
@@ -34,7 +34,7 @@ describe "WithAccessRight" do
34
34
  end
35
35
 
36
36
  context "persisted" do
37
- before { subject.stub( persisted?: true) }
37
+ before { allow(subject).to receive(:persisted?).and_return(true) }
38
38
  context "when it is public" do
39
39
  before do
40
40
  subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.2.0
4
+ version: 9.0.0.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,98 +10,78 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2017-02-06 00:00:00.000000000 Z
13
+ date: 2014-12-03 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - "~>"
19
+ - - ">="
20
20
  - !ruby/object:Gem::Version
21
- version: '4.0'
21
+ version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
- - - "~>"
26
+ - - ">="
27
27
  - !ruby/object:Gem::Version
28
- version: '4.0'
28
+ version: '0'
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: active-fedora
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
33
  - - "~>"
34
34
  - !ruby/object:Gem::Version
35
- version: '8.0'
35
+ version: 9.0.0.beta3
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
40
  - - "~>"
41
41
  - !ruby/object:Gem::Version
42
- version: '8.0'
42
+ version: 9.0.0.beta3
43
43
  - !ruby/object:Gem::Dependency
44
- name: om
44
+ name: cancancan
45
45
  requirement: !ruby/object:Gem::Requirement
46
46
  requirements:
47
- - - "~>"
48
- - !ruby/object:Gem::Version
49
- version: '3.0'
50
47
  - - ">="
51
48
  - !ruby/object:Gem::Version
52
- version: 3.0.7
49
+ version: '0'
53
50
  type: :runtime
54
51
  prerelease: false
55
52
  version_requirements: !ruby/object:Gem::Requirement
56
53
  requirements:
57
- - - "~>"
58
- - !ruby/object:Gem::Version
59
- version: '3.0'
60
54
  - - ">="
61
55
  - !ruby/object:Gem::Version
62
- version: 3.0.7
63
- - !ruby/object:Gem::Dependency
64
- name: cancancan
65
- requirement: !ruby/object:Gem::Requirement
66
- requirements:
67
- - - "~>"
68
- - !ruby/object:Gem::Version
69
- version: '1.8'
70
- type: :runtime
71
- prerelease: false
72
- version_requirements: !ruby/object:Gem::Requirement
73
- requirements:
74
- - - "~>"
75
- - !ruby/object:Gem::Version
76
- version: '1.8'
56
+ version: '0'
77
57
  - !ruby/object:Gem::Dependency
78
58
  name: deprecation
79
59
  requirement: !ruby/object:Gem::Requirement
80
60
  requirements:
81
- - - "~>"
61
+ - - ">="
82
62
  - !ruby/object:Gem::Version
83
- version: '0.1'
63
+ version: '0'
84
64
  type: :runtime
85
65
  prerelease: false
86
66
  version_requirements: !ruby/object:Gem::Requirement
87
67
  requirements:
88
- - - "~>"
68
+ - - ">="
89
69
  - !ruby/object:Gem::Version
90
- version: '0.1'
70
+ version: '0'
91
71
  - !ruby/object:Gem::Dependency
92
72
  name: blacklight
93
73
  requirement: !ruby/object:Gem::Requirement
94
74
  requirements:
95
75
  - - "~>"
96
76
  - !ruby/object:Gem::Version
97
- version: '5.10'
77
+ version: '5.3'
98
78
  type: :runtime
99
79
  prerelease: false
100
80
  version_requirements: !ruby/object:Gem::Requirement
101
81
  requirements:
102
82
  - - "~>"
103
83
  - !ruby/object:Gem::Version
104
- version: '5.10'
84
+ version: '5.3'
105
85
  - !ruby/object:Gem::Dependency
106
86
  name: sass-rails
107
87
  requirement: !ruby/object:Gem::Requirement
@@ -162,10 +142,17 @@ files:
162
142
  - app/models/concerns/hydra/access_controls/visibility.rb
163
143
  - app/models/concerns/hydra/access_controls/with_access_right.rb
164
144
  - app/models/concerns/hydra/admin_policy_behavior.rb
145
+ - app/models/concerns/hydra/rights.rb
146
+ - app/models/hydra/access_controls/access_control_list.rb
147
+ - app/models/hydra/access_controls/embargo.rb
148
+ - app/models/hydra/access_controls/lease.rb
149
+ - app/models/hydra/access_controls/permission.rb
165
150
  - app/models/role_mapper.rb
166
151
  - app/services/hydra/embargo_service.rb
167
152
  - app/services/hydra/lease_service.rb
168
153
  - app/validators/hydra/future_date_validator.rb
154
+ - app/vocabularies/acl.rb
155
+ - app/vocabularies/hydra/acl.rb
169
156
  - config/fedora.yml
170
157
  - config/locales/hydra-access-controls.en.yml
171
158
  - config/solr.yml
@@ -173,13 +160,9 @@ files:
173
160
  - lib/active_fedora/accessible_by.rb
174
161
  - lib/hydra-access-controls.rb
175
162
  - lib/hydra/ability.rb
176
- - lib/hydra/access_controls/permission.rb
177
163
  - lib/hydra/access_controls_enforcement.rb
178
164
  - lib/hydra/admin_policy.rb
179
165
  - lib/hydra/config.rb
180
- - lib/hydra/datastream.rb
181
- - lib/hydra/datastream/inheritable_rights_metadata.rb
182
- - lib/hydra/datastream/rights_metadata.rb
183
166
  - lib/hydra/permissions_cache.rb
184
167
  - lib/hydra/permissions_query.rb
185
168
  - lib/hydra/permissions_solr_document.rb
@@ -204,9 +187,6 @@ files:
204
187
  - spec/unit/admin_policy_spec.rb
205
188
  - spec/unit/config_spec.rb
206
189
  - spec/unit/embargoable_spec.rb
207
- - spec/unit/hydra_rights_metadata_persistence_spec.rb
208
- - spec/unit/hydra_rights_metadata_spec.rb
209
- - spec/unit/inheritable_rights_metadata_spec.rb
210
190
  - spec/unit/permission_spec.rb
211
191
  - spec/unit/permissions_spec.rb
212
192
  - spec/unit/policy_aware_ability_spec.rb
@@ -228,15 +208,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
228
208
  requirements:
229
209
  - - ">="
230
210
  - !ruby/object:Gem::Version
231
- version: 2.0.0
211
+ version: 1.9.3
232
212
  required_rubygems_version: !ruby/object:Gem::Requirement
233
213
  requirements:
234
- - - ">="
214
+ - - ">"
235
215
  - !ruby/object:Gem::Version
236
- version: '0'
216
+ version: 1.3.1
237
217
  requirements: []
238
218
  rubyforge_project:
239
- rubygems_version: 2.6.8
219
+ rubygems_version: 2.2.2
240
220
  signing_key:
241
221
  specification_version: 4
242
222
  summary: Access controls for project hydra
@@ -258,9 +238,6 @@ test_files:
258
238
  - spec/unit/admin_policy_spec.rb
259
239
  - spec/unit/config_spec.rb
260
240
  - spec/unit/embargoable_spec.rb
261
- - spec/unit/hydra_rights_metadata_persistence_spec.rb
262
- - spec/unit/hydra_rights_metadata_spec.rb
263
- - spec/unit/inheritable_rights_metadata_spec.rb
264
241
  - spec/unit/permission_spec.rb
265
242
  - spec/unit/permissions_spec.rb
266
243
  - spec/unit/policy_aware_ability_spec.rb
@@ -269,3 +246,4 @@ test_files:
269
246
  - spec/unit/visibility_spec.rb
270
247
  - spec/unit/with_access_right_spec.rb
271
248
  - spec/validators/future_date_validator_spec.rb
249
+ has_rdoc:
@@ -1,40 +0,0 @@
1
- module Hydra::AccessControls
2
- class Permission
3
- def initialize(args)
4
- @vals = {name: args[:name], access: args[:access], type: args[:type]}
5
- end
6
-
7
- def persisted?
8
- false
9
- end
10
-
11
- def to_hash
12
- @vals
13
- end
14
-
15
- def [] var
16
- to_hash[var]
17
- end
18
-
19
- def name
20
- self[:name]
21
- end
22
-
23
- def access
24
- self[:access]
25
- end
26
-
27
- def type
28
- self[:type]
29
- end
30
-
31
- def _destroy
32
- false
33
- end
34
-
35
- def == other
36
- other.is_a?(Permission) && self.name == other.name && self.type == other.type && self.access == other.access
37
- end
38
-
39
- end
40
- end
@@ -1,22 +0,0 @@
1
- require 'active_support/core_ext/string'
2
- module Hydra
3
- module Datastream
4
- # Implements Hydra RightsMetadata XML terminology for asserting access permissions
5
- class InheritableRightsMetadata < Hydra::Datastream::RightsMetadata
6
-
7
- @terminology = Hydra::Datastream::RightsMetadata.terminology
8
-
9
- def to_solr(solr_doc=Hash.new)
10
- [:discover, :read, :edit].each do |access|
11
- solr_doc[Hydra.config[:permissions][:inheritable][access][:group]] = send("#{access}_access").machine.group
12
- solr_doc[Hydra.config[:permissions][:inheritable][access][:individual]] = send("#{access}_access").machine.person
13
- end
14
- if embargo_release_date.present?
15
- key = Hydra.config.permissions.inheritable.embargo.release_date.sub(/_[^_]+$/, '') #Strip off the suffix
16
- ::Solrizer.insert_field(solr_doc, key, embargo_release_date, :stored_sortable)
17
- end
18
- return solr_doc
19
- end
20
- end
21
- end
22
- end