hydra-access-controls 9.0.1 → 9.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/hydra-access-controls.gemspec +2 -2
- data/lib/hydra/ability.rb +1 -1
- data/lib/hydra/access_controls_enforcement.rb +12 -10
- data/spec/unit/access_controls_enforcement_spec.rb +10 -11
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 53a9ac37f60be38af2c511a423f849ecd9991c0f
|
|
4
|
+
data.tar.gz: 8ac4de9c1ac17eabc873ed5e0775d252d4e0b77b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61551d7bed4090045e64c9c07b1f38c28edd724e5df26c0e38987a031f72f6bcc12d717f9a538af4c29fded68091da6ec345f5c5503ea234a8e9c1b182d6046a
|
|
7
|
+
data.tar.gz: adb99e576d8f641be0ef66b7efedde72840f1fe3a859c59f457fe18eb9ce3933bb9ca14a5c9fd00dbca50bc744420c485e6a6cb28d0ce5eb6a5b74014e3c923f
|
|
@@ -21,8 +21,8 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
gem.add_dependency 'activesupport', '~> 4.0'
|
|
22
22
|
gem.add_dependency "active-fedora", '~> 9.0.0'
|
|
23
23
|
gem.add_dependency 'cancancan', '~> 1.8'
|
|
24
|
-
gem.add_dependency 'deprecation', '~> 0.1
|
|
25
|
-
gem.add_dependency "blacklight", '~> 5.
|
|
24
|
+
gem.add_dependency 'deprecation', '~> 0.1'
|
|
25
|
+
gem.add_dependency "blacklight", '~> 5.10'
|
|
26
26
|
|
|
27
27
|
# sass-rails is typically generated into the app's gemfile by `rails new`
|
|
28
28
|
# In rails 3 it's put into the "assets" group and thus not available to the
|
data/lib/hydra/ability.rb
CHANGED
|
@@ -11,7 +11,7 @@ module Hydra
|
|
|
11
11
|
included do
|
|
12
12
|
include CanCan::Ability
|
|
13
13
|
include Hydra::PermissionsQuery
|
|
14
|
-
include Blacklight::
|
|
14
|
+
include Blacklight::SearchHelper
|
|
15
15
|
class_attribute :ability_logic
|
|
16
16
|
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :download_permissions, :custom_permissions]
|
|
17
17
|
end
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
module Hydra::AccessControlsEnforcement
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
3
|
|
|
4
|
-
included do
|
|
4
|
+
included do |klass|
|
|
5
|
+
attr_writer :current_ability
|
|
5
6
|
class_attribute :solr_access_filters_logic
|
|
6
7
|
|
|
7
8
|
# Set defaults. Each symbol identifies a _method_ that must be in
|
|
@@ -14,6 +15,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
14
15
|
|
|
15
16
|
end
|
|
16
17
|
|
|
18
|
+
def current_ability
|
|
19
|
+
@current_ability || raise("current_ability has not been set on #{self}")
|
|
20
|
+
end
|
|
21
|
+
|
|
17
22
|
protected
|
|
18
23
|
|
|
19
24
|
def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
|
|
@@ -59,15 +64,13 @@ module Hydra::AccessControlsEnforcement
|
|
|
59
64
|
# * Applies a lucene query to the solr :q parameter for gated discovery
|
|
60
65
|
# * Uses public_qt search handler if user does not have "read" permissions
|
|
61
66
|
# @param solr_parameters the current solr parameters
|
|
62
|
-
# @param user_parameters the current user-subitted parameters
|
|
63
67
|
#
|
|
64
|
-
# @example This method should be added to your
|
|
68
|
+
# @example This method should be added to your CatalogController's search_params_logic
|
|
65
69
|
# class CatalogController < ApplicationController
|
|
66
|
-
#
|
|
67
|
-
# CatalogController.solr_search_params_logic << :add_access_controls_to_solr_params
|
|
70
|
+
# CatalogController.search_params_logic += [:add_access_controls_to_solr_params]
|
|
68
71
|
# end
|
|
69
|
-
def add_access_controls_to_solr_params(solr_parameters
|
|
70
|
-
apply_gated_discovery(solr_parameters
|
|
72
|
+
def add_access_controls_to_solr_params(solr_parameters)
|
|
73
|
+
apply_gated_discovery(solr_parameters)
|
|
71
74
|
end
|
|
72
75
|
|
|
73
76
|
|
|
@@ -83,11 +86,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
83
86
|
|
|
84
87
|
# Contrller before filter that sets up access-controlled lucene query in order to provide gated discovery behavior
|
|
85
88
|
# @param solr_parameters the current solr parameters
|
|
86
|
-
|
|
87
|
-
def apply_gated_discovery(solr_parameters, user_parameters)
|
|
89
|
+
def apply_gated_discovery(solr_parameters)
|
|
88
90
|
solr_parameters[:fq] ||= []
|
|
89
91
|
solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
|
|
90
|
-
logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
92
|
+
Rails.logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
91
93
|
end
|
|
92
94
|
|
|
93
95
|
|
|
@@ -21,13 +21,13 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
21
21
|
describe "When I am searching for content" do
|
|
22
22
|
before do
|
|
23
23
|
@solr_parameters = {}
|
|
24
|
-
@user_parameters = {}
|
|
25
24
|
end
|
|
26
25
|
context "Given I am not logged in" do
|
|
27
26
|
before do
|
|
28
27
|
allow(subject).to receive(:current_user).and_return(User.new(:new_record=>true))
|
|
29
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
28
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
30
29
|
end
|
|
30
|
+
|
|
31
31
|
it "Then I should be treated as a member of the 'public' group" do
|
|
32
32
|
expect(@solr_parameters[:fq].first).to eq 'edit_access_group_ssim:public OR discover_access_group_ssim:public OR read_access_group_ssim:public'
|
|
33
33
|
end
|
|
@@ -37,7 +37,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
37
37
|
it "Should changed based on the discovery_perissions" do
|
|
38
38
|
@solr_parameters = {}
|
|
39
39
|
discovery_permissions = ["read","edit"]
|
|
40
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
40
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
41
41
|
["edit","read"].each do |type|
|
|
42
42
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:public/)
|
|
43
43
|
end
|
|
@@ -52,7 +52,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
52
52
|
# This is a pretty fragile way to stub it...
|
|
53
53
|
allow(RoleMapper).to receive(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
|
|
54
54
|
allow(subject).to receive(:current_user).and_return(@user)
|
|
55
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
55
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
56
56
|
end
|
|
57
57
|
it "Then I should be treated as a member of the 'public' and 'registered' groups" do
|
|
58
58
|
["discover","edit","read"].each do |type|
|
|
@@ -75,7 +75,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
75
75
|
it "Should changed based on the discovery_perissions" do
|
|
76
76
|
@solr_parameters = {}
|
|
77
77
|
discovery_permissions = ["read","edit"]
|
|
78
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
78
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
79
79
|
["faculty", "africana-faculty"].each do |group_id|
|
|
80
80
|
["edit","read"].each do |type|
|
|
81
81
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:#{group_id}/)
|
|
@@ -117,16 +117,15 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
117
117
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["archivist","researcher"])
|
|
118
118
|
allow(subject).to receive(:current_user).and_return(@stub_user)
|
|
119
119
|
@solr_parameters = {}
|
|
120
|
-
@user_parameters = {}
|
|
121
120
|
end
|
|
122
121
|
it "should set query fields for the user id checking against the discover, access, read fields" do
|
|
123
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
122
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
124
123
|
["discover","edit","read"].each do |type|
|
|
125
124
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{@stub_user.user_key}/)
|
|
126
125
|
end
|
|
127
126
|
end
|
|
128
127
|
it "should set query fields for all roles the user is a member of checking against the discover, access, read fields" do
|
|
129
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
128
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
130
129
|
["discover","edit","read"].each do |type|
|
|
131
130
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:archivist/)
|
|
132
131
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:researcher/)
|
|
@@ -135,7 +134,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
135
134
|
|
|
136
135
|
it "should escape slashes in the group names" do
|
|
137
136
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc/123","cde/567"])
|
|
138
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
137
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
139
138
|
["discover","edit","read"].each do |type|
|
|
140
139
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\\/123/)
|
|
141
140
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\\/567/)
|
|
@@ -143,7 +142,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
143
142
|
end
|
|
144
143
|
it "should escape spaces in the group names" do
|
|
145
144
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc 123","cd/e 567"])
|
|
146
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
145
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
147
146
|
["discover","edit","read"].each do |type|
|
|
148
147
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\ 123/)
|
|
149
148
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cd\\\/e\\ 567/)
|
|
@@ -151,7 +150,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
151
150
|
end
|
|
152
151
|
it "should escape colons in the group names" do
|
|
153
152
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc:123","cde:567"])
|
|
154
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
153
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
155
154
|
["discover","edit","read"].each do |type|
|
|
156
155
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\:123/)
|
|
157
156
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\:567/)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 9.0
|
|
4
|
+
version: 9.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2015-
|
|
13
|
+
date: 2015-03-06 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -60,28 +60,28 @@ dependencies:
|
|
|
60
60
|
requirements:
|
|
61
61
|
- - "~>"
|
|
62
62
|
- !ruby/object:Gem::Version
|
|
63
|
-
version: 0.1
|
|
63
|
+
version: '0.1'
|
|
64
64
|
type: :runtime
|
|
65
65
|
prerelease: false
|
|
66
66
|
version_requirements: !ruby/object:Gem::Requirement
|
|
67
67
|
requirements:
|
|
68
68
|
- - "~>"
|
|
69
69
|
- !ruby/object:Gem::Version
|
|
70
|
-
version: 0.1
|
|
70
|
+
version: '0.1'
|
|
71
71
|
- !ruby/object:Gem::Dependency
|
|
72
72
|
name: blacklight
|
|
73
73
|
requirement: !ruby/object:Gem::Requirement
|
|
74
74
|
requirements:
|
|
75
75
|
- - "~>"
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: '5.
|
|
77
|
+
version: '5.10'
|
|
78
78
|
type: :runtime
|
|
79
79
|
prerelease: false
|
|
80
80
|
version_requirements: !ruby/object:Gem::Requirement
|
|
81
81
|
requirements:
|
|
82
82
|
- - "~>"
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
|
-
version: '5.
|
|
84
|
+
version: '5.10'
|
|
85
85
|
- !ruby/object:Gem::Dependency
|
|
86
86
|
name: sass-rails
|
|
87
87
|
requirement: !ruby/object:Gem::Requirement
|