hydra-access-controls 9.1.3 → 9.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/app/models/concerns/hydra/admin_policy_behavior.rb +4 -16
  3. data/app/models/hydra/access_controls/access_control_list.rb +0 -1
  4. data/app/models/hydra/access_controls/permission.rb +2 -0
  5. data/spec/spec_helper.rb +2 -0
  6. data/spec/unit/admin_policy_spec.rb +17 -5
  7. data/spec/unit/policy_aware_ability_spec.rb +79 -67
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ed2426039b8e73a0ff13649f3e0f76aba68ae372
4
- data.tar.gz: f9621b0df71766c3495fbd7557ebd15a3fbe26a1
3
+ metadata.gz: f9d76736a4784893bf7830fef1115a305586043f
4
+ data.tar.gz: ae74e9ffe75fd0f4207d91ac069f3c0fd4902cb9
5
5
  SHA512:
6
- metadata.gz: 310c1363e3f37d91fd017325a5d7582720299a6ab1ee429d414e1a190c5d51dab8f1fd55dae39c58dd85d999401e4fe19054c66d6e76bba6149b3822c5b0e6db
7
- data.tar.gz: f26b39e2faeb72af6f74adf0d27e8e82bb05a80fb7dc133d8f30d7a76542d12d751a0bf8432acb839b0fbeba06ab9a472fdb949979274115204b734be33bd311
6
+ metadata.gz: 9ed8dd701b055ad960fa2e58786e146fec30b6037a20985a676e0fca9994c7292188bc2d82ca1cba8e454f7b9a43c6e94e351a8144e5d3da192291a988eea417
7
+ data.tar.gz: 233d870496e4dec3770026e30c3be0f3843cc9b8b9195ca16ce47e9c83d76fbe78404e54e698b51571b9cf42c126022f53a9de4c2e366e3ad4ce7f06cde981fa
data/app/models/concerns/hydra/admin_policy_behavior.rb CHANGED
@@ -3,7 +3,7 @@ module Hydra
3
3
  extend ActiveSupport::Concern
4
4
 
5
5
  included do
6
- has_and_belongs_to_many :default_permissions, predicate: Hydra::ACL.defaultPermissions, class_name: 'Hydra::AccessControls::Permission'
6
+ has_and_belongs_to_many :default_permissions, predicate: Hydra::ACL.defaultPermissions, class_name: 'Hydra::AccessControls::Permission', inverse_of: :admin_policies
7
7
  belongs_to :default_embargo, predicate: Hydra::ACL.hasEmbargo, class_name: 'Hydra::AccessControls::Embargo'
8
8
  end
9
9
 
@@ -22,8 +22,9 @@ module Hydra
22
22
  end
23
23
 
24
24
  def merged_policies
25
- default_permissions.each_with_object({}) do |policy, h|
26
- args = policy.to_hash
25
+ # Workaround for https://github.com/projecthydra/active_fedora/issues/775
26
+ default_permissions.to_a.uniq.each_with_object({}) do |permission, h|
27
+ args = permission.to_hash
27
28
  h[args[:access]] ||= {}
28
29
  h[args[:access]][args[:type]] ||= []
29
30
  h[args[:access]][args[:type]] << args[:name]
@@ -48,18 +49,5 @@ module Hydra
48
49
  end
49
50
  defaultRights.update_permissions(perm_hash)
50
51
  end
51
-
52
- ## Returns a list with all the permissions on the object.
53
- # @example
54
- # [{:name=>"group1", :access=>"discover", :type=>'group'},
55
- # {:name=>"group2", :access=>"discover", :type=>'group'},
56
- # {:name=>"user2", :access=>"read", :type=>'user'},
57
- # {:name=>"user1", :access=>"edit", :type=>'user'},
58
- # {:name=>"user3", :access=>"read", :type=>'user'}]
59
- def default_permissions
60
- (defaultRights.groups.map {|x| {:type=>'group', :access=>x[1], :name=>x[0] }} +
61
- defaultRights.users.map {|x| {:type=>'user', :access=>x[1], :name=>x[0]}})
62
- end
63
-
64
52
  end
65
53
  end
data/app/models/hydra/access_controls/access_control_list.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  module Hydra::AccessControls
2
2
  class AccessControlList < ActiveFedora::Base
3
3
  belongs_to :access_to, predicate: ::ACL.accessTo, class_name: 'ActiveFedora::Base'
4
- # has_many :admin_policies, class_name: 'Hydra::AdminPolicy'
5
4
  property :mode, predicate: ::ACL.mode, class_name: 'Hydra::AccessControls::Mode'
6
5
  property :agent, predicate: ::ACL.agent, class_name: 'Hydra::AccessControls::Agent'
7
6
  # property :agentClass, predicate: ACL.agentClass
data/app/models/hydra/access_controls/permission.rb CHANGED
@@ -3,6 +3,8 @@ module Hydra::AccessControls
3
3
  GROUP_AGENT_URL_PREFIX = "http://projecthydra.org/ns/auth/group".freeze
4
4
  PERSON_AGENT_URL_PREFIX = 'http://projecthydra.org/ns/auth/person'.freeze
5
5
  class Permission < AccessControlList
6
+ has_many :admin_policies, inverse_of: :default_permissions, class_name: 'Hydra::AdminPolicy'
7
+
6
8
  def initialize(args)
7
9
  super()
8
10
  build_agent(args[:name], args[:type].to_s)
data/spec/spec_helper.rb CHANGED
@@ -8,6 +8,8 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
8
8
  $LOAD_PATH.unshift(File.dirname(__FILE__))
9
9
  Hydra::Engine.config.autoload_paths.each { |path| $LOAD_PATH.unshift path }
10
10
 
11
+ require 'byebug' unless ENV['CI']
12
+
11
13
  if ENV['COVERAGE'] and RUBY_VERSION =~ /^1.9/
12
14
  require 'simplecov'
13
15
  require 'simplecov-rcov'
data/spec/unit/admin_policy_spec.rb CHANGED
@@ -60,9 +60,9 @@ describe Hydra::AdminPolicy do
60
60
  end
61
61
 
62
62
  describe "Inheritable rights" do
63
+ let(:policy) { described_class.new }
63
64
  before do
64
- @policy = Hydra::AdminPolicy.new
65
- @policy.default_permissions.build([
65
+ policy.default_permissions.build([
66
66
  {:name=>"africana-faculty", :access=>"edit", :type=>"group"},
67
67
  {:name=>"cool-kids", :access=>"edit", :type=>"group"},
68
68
  {:name=>"julius_caesar", :access=>"edit", :type=>"person"},
@@ -71,11 +71,23 @@ describe Hydra::AdminPolicy do
71
71
  {:name=>"posers", :access=>"discover", :type=>"group"},
72
72
  {:name=>"constantine", :access=>"discover", :type=>"person"}
73
73
  ])
74
- @policy.build_default_embargo.embargo_release_date = "2102-10-01"
74
+ policy.build_default_embargo.embargo_release_date = "2102-10-01"
75
75
  end
76
76
 
77
- describe "to_solr" do
78
- subject { @policy.to_solr }
77
+ describe "persisting" do
78
+ before do
79
+ policy.save!
80
+ policy.reload
81
+ end
82
+
83
+ it "has the permissions that were set" do
84
+ expect(policy.default_permissions.size).to eq 7
85
+ end
86
+
87
+ end
88
+
89
+ describe "indexing" do
90
+ subject { policy.to_solr }
79
91
 
80
92
  it "should not affect normal solr permissions fields" do
81
93
  expect(subject).to_not have_key Hydra.config.permissions.discover.group
data/spec/unit/policy_aware_ability_spec.rb CHANGED
@@ -10,162 +10,174 @@ describe Hydra::PolicyAwareAbility do
10
10
  :embargo_release_date => "inheritable_embargo_release_date_dtsi"
11
11
  })
12
12
  end
13
+
13
14
  before do
14
15
  class PolicyAwareClass
15
16
  include Hydra::PolicyAwareAbility
16
17
  end
17
- @policy = Hydra::AdminPolicy.create
18
- # Set the inheritable permissions
19
- @policy.default_permissions.create [
20
- {:type=>"group", :access=>"read", :name=>"africana-faculty"},
21
- {:type=>"group", :access=>"edit", :name=>"cool_kids"},
22
- {:type=>"group", :access=>"edit", :name=>"in_crowd"},
23
- {:type=>"person", :access=>"read", :name=>"nero"},
24
- {:type=>"person", :access=>"edit", :name=>"julius_caesar"}
25
- ]
18
+ end
26
19
 
27
- @policy.save!
28
- @asset = ModsAsset.new
29
- @asset.admin_policy = @policy
30
- @asset.save!
20
+ let(:policy) do
21
+ Hydra::AdminPolicy.create do |p|
22
+ # Set the inheritable permissions
23
+ p.default_permissions.build [
24
+ { type: "group", access: "read", name: "africana-faculty" },
25
+ { type: "group", access: "edit", name: "cool_kids" },
26
+ { type: "group", access: "edit", name: "in_crowd" },
27
+ { type: "person", access: "read", name: "nero" },
28
+ { type: "person", access: "edit", name: "julius_caesar" }
29
+ ]
30
+ end
31
31
  end
32
+ let(:asset) { ModsAsset.create { |a| a.admin_policy = policy } }
32
33
 
33
34
  after do
34
35
  Object.send(:remove_const, :PolicyAwareClass)
35
36
  end
36
37
 
37
- subject { PolicyAwareClass.new( User.new ) }
38
+ let(:instance) { PolicyAwareClass.new( User.new ) }
38
39
 
39
40
  describe "policy_id_for" do
40
- before do
41
- @policy2 = Hydra::AdminPolicy.create
42
- @policy2.default_permissions.create [
43
- {:type=>"group", :access=>"read", :name=>"untenured-faculty"},
44
- {:type=>"group", :access=>"edit", :name=>"awesome_kids"},
45
- {:type=>"group", :access=>"edit", :name=>"bad_crowd"},
46
- {:type=>"person", :access=>"read", :name=>"constantine"},
47
- {:type=>"person", :access=>"edit", :name=>"brutus"}
41
+ let(:policy2) do
42
+ Hydra::AdminPolicy.create do |p|
43
+ # Set the inheritable permissions
44
+ p.default_permissions.build [
45
+ { type: "group", access: "read", name: "untenured-faculty" },
46
+ { type: "group", access: "edit", name: "awesome_kids" },
47
+ { type: "group", access: "edit", name: "bad_crowd" },
48
+ { type: "person", access: "read", name: "constantine" },
49
+ { type: "person", access: "edit", name: "brutus" }
48
50
  ]
49
- @policy2.save
50
- @asset2 = ModsAsset.new
51
- @asset2.admin_policy = @policy2
52
- @asset2.save
53
- @asset3 = ModsAsset.create
51
+ end
54
52
  end
53
+ let(:asset2) { ModsAsset.create { |a| a.admin_policy = policy2 } }
54
+ let(:asset3) { ModsAsset.create }
55
55
 
56
56
  it "should retrieve the pid doc for the current object's governing policy" do
57
- expect(subject.policy_id_for(@asset.id)).to eq @policy.id
58
- expect(subject.policy_id_for(@asset2.id)).to eq @policy2.id
59
- expect(subject.policy_id_for(@asset3.id)).to be_nil
57
+ expect(instance.policy_id_for(asset.id)).to eq policy.id
58
+ expect(instance.policy_id_for(asset2.id)).to eq policy2.id
59
+ expect(instance.policy_id_for(asset3.id)).to be_nil
60
60
  end
61
61
  end
62
62
 
63
63
  describe "policy_permissions_doc" do
64
64
  it "should retrieve the permissions doc for the current object's policy and store for re-use" do
65
- expect(subject).to receive(:get_permissions_solr_response_for_doc_id).with(@policy.id).once.and_return("mock solr doc")
66
- expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
67
- expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
68
- expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
65
+ expect(instance).to receive(:get_permissions_solr_response_for_doc_id).with(policy.id).once.and_return("mock solr doc")
66
+ expect(instance.policy_permissions_doc(policy.id)).to eq "mock solr doc"
67
+ expect(instance.policy_permissions_doc(policy.id)).to eq "mock solr doc"
68
+ expect(instance.policy_permissions_doc(policy.id)).to eq "mock solr doc"
69
69
  end
70
70
  end
71
+
71
72
  describe "test_edit_from_policy" do
72
73
  context "public user" do
73
74
  it "should return false" do
74
- allow(subject).to receive(:user_groups).and_return(["public"])
75
- expect(subject.test_edit_from_policy(@asset.id)).to be false
75
+ allow(instance).to receive(:user_groups).and_return(["public"])
76
+ expect(instance.test_edit_from_policy(asset.id)).to be false
76
77
  end
77
78
  end
78
79
  context "registered user" do
79
80
  it "should return false" do
80
- expect(subject.user_groups).to include("registered")
81
- expect(subject.test_edit_from_policy(@asset.id)).to be false
81
+ expect(instance.user_groups).to include("registered")
82
+ expect(instance.test_edit_from_policy(asset.id)).to be false
82
83
  end
83
84
  end
84
85
  context "user with policy read access only" do
85
86
  it "should return false" do
86
- allow(subject.current_user).to receive(:user_key).and_return("nero")
87
- expect(subject.test_edit_from_policy(@asset.id)).to be false
87
+ allow(instance.current_user).to receive(:user_key).and_return("nero")
88
+ expect(instance.test_edit_from_policy(asset.id)).to be false
88
89
  end
89
90
  end
90
91
  context "user with policy edit access" do
91
92
  it "should return true" do
92
- allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
93
- expect(subject.test_edit_from_policy(@asset.id)).to be true
93
+ allow(instance.current_user).to receive(:user_key).and_return("julius_caesar")
94
+ expect(instance.test_edit_from_policy(asset.id)).to be true
94
95
  end
95
96
  end
96
97
  context "user in group with policy read access" do
97
98
  it "should return false" do
98
- allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
99
- expect(subject.test_edit_from_policy(@asset.id)).to be false
99
+ allow(instance).to receive(:user_groups).and_return(["africana-faculty"])
100
+ expect(instance.test_edit_from_policy(asset.id)).to be false
100
101
  end
101
102
  end
102
103
  context "user in group with policy edit access" do
103
104
  it "should return true" do
104
- allow(subject).to receive(:user_groups).and_return(["cool_kids"])
105
- expect(subject.test_edit_from_policy(@asset.id)).to be true
105
+ allow(instance).to receive(:user_groups).and_return(["cool_kids"])
106
+ expect(instance.test_edit_from_policy(asset.id)).to be true
106
107
  end
107
108
  end
108
109
  end
110
+
109
111
  describe "test_read_from_policy" do
110
112
  context "public user" do
111
113
  it "should return false" do
112
- allow(subject).to receive(:user_groups).and_return(["public"])
113
- expect(subject.test_read_from_policy(@asset.id)).to be false
114
+ allow(instance).to receive(:user_groups).and_return(["public"])
115
+ expect(instance.test_read_from_policy(asset.id)).to be false
114
116
  end
115
117
  end
116
118
  context "registered user" do
117
119
  it "should return false" do
118
- expect(subject.user_groups).to include("registered")
119
- expect(subject.test_read_from_policy(@asset.id)).to be false
120
+ expect(instance.user_groups).to include("registered")
121
+ expect(instance.test_read_from_policy(asset.id)).to be false
120
122
  end
121
123
  end
122
124
  context "user with policy read access only" do
123
125
  it "should return false" do
124
- allow(subject.current_user).to receive(:user_key).and_return("nero")
125
- expect(subject.test_read_from_policy(@asset.id)).to be true
126
+ allow(instance.current_user).to receive(:user_key).and_return("nero")
127
+ expect(instance.test_read_from_policy(asset.id)).to be true
126
128
  end
127
129
  end
128
130
  context "user with policy edit access" do
129
131
  it "should return true" do
130
- allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
131
- expect(subject.test_read_from_policy(@asset.id)).to be true
132
+ allow(instance.current_user).to receive(:user_key).and_return("julius_caesar")
133
+ expect(instance.test_read_from_policy(asset.id)).to be true
132
134
  end
133
135
  end
134
136
  context "user in group with policy read access" do
135
137
  it "should return false" do
136
- allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
137
- expect(subject.test_read_from_policy(@asset.id)).to be true
138
+ allow(instance).to receive(:user_groups).and_return(["africana-faculty"])
139
+ expect(instance.test_read_from_policy(asset.id)).to be true
138
140
  end
139
141
  end
140
142
  context "user in group with policy edit access" do
141
143
  it "should return true" do
142
- allow(subject).to receive(:user_groups).and_return(["cool_kids"])
143
- expect(subject.test_read_from_policy(@asset.id)).to be true
144
+ allow(instance).to receive(:user_groups).and_return(["cool_kids"])
145
+ expect(instance.test_read_from_policy(asset.id)).to be true
144
146
  end
145
147
  end
146
148
  end
149
+
147
150
  describe "edit_groups_from_policy" do
151
+ subject { instance.edit_groups_from_policy(policy.id) }
152
+
148
153
  it "should retrieve the list of groups with edit access from the policy" do
149
- result = subject.edit_groups_from_policy(@policy.id)
150
- expect(result.length).to eq 2
151
- expect(result).to include("cool_kids","in_crowd")
154
+ expect(subject).to match_array ["cool_kids", "in_crowd"]
152
155
  end
153
156
  end
157
+
154
158
  describe "edit_persons_from_policy" do
159
+ subject do
160
+ instance.edit_users_from_policy(policy.id)
161
+ end
162
+
155
163
  it "should retrieve the list of individuals with edit access from the policy" do
156
- expect(subject.edit_users_from_policy(@policy.id)).to eq ["julius_caesar"]
164
+ expect(subject).to eq ["julius_caesar"]
157
165
  end
158
166
  end
167
+
159
168
  describe "read_groups_from_policy" do
169
+ subject { instance.read_groups_from_policy(policy.id) }
170
+
160
171
  it "should retrieve the list of groups with read access from the policy" do
161
- result = subject.read_groups_from_policy(@policy.id)
162
- expect(result.length).to eq 3
163
- expect(result).to include("cool_kids", "in_crowd", "africana-faculty")
172
+ expect(subject).to match_array ["cool_kids", "in_crowd", "africana-faculty"]
164
173
  end
165
174
  end
166
- describe "read_persons_from_policy" do
175
+
176
+ describe "read_users_from_policy" do
177
+ subject { instance.read_users_from_policy(policy.id) }
178
+
167
179
  it "should retrieve the list of individuals with read access from the policy" do
168
- expect(subject.read_users_from_policy(@policy.id)).to eq ["julius_caesar","nero"]
180
+ expect(subject).to eq ["julius_caesar", "nero"]
169
181
  end
170
182
  end
171
183
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.1.3
4
+ version: 9.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2015-04-16 00:00:00.000000000 Z
13
+ date: 2015-04-17 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport