hydra-access-controls 9.1.3 → 9.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/app/models/concerns/hydra/admin_policy_behavior.rb +4 -16
  3. data/app/models/hydra/access_controls/access_control_list.rb +0 -1
  4. data/app/models/hydra/access_controls/permission.rb +2 -0
  5. data/spec/spec_helper.rb +2 -0
  6. data/spec/unit/admin_policy_spec.rb +17 -5
  7. data/spec/unit/policy_aware_ability_spec.rb +79 -67
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ed2426039b8e73a0ff13649f3e0f76aba68ae372
4
- data.tar.gz: f9621b0df71766c3495fbd7557ebd15a3fbe26a1
3
+ metadata.gz: f9d76736a4784893bf7830fef1115a305586043f
4
+ data.tar.gz: ae74e9ffe75fd0f4207d91ac069f3c0fd4902cb9
5
5
  SHA512:
6
- metadata.gz: 310c1363e3f37d91fd017325a5d7582720299a6ab1ee429d414e1a190c5d51dab8f1fd55dae39c58dd85d999401e4fe19054c66d6e76bba6149b3822c5b0e6db
7
- data.tar.gz: f26b39e2faeb72af6f74adf0d27e8e82bb05a80fb7dc133d8f30d7a76542d12d751a0bf8432acb839b0fbeba06ab9a472fdb949979274115204b734be33bd311
6
+ metadata.gz: 9ed8dd701b055ad960fa2e58786e146fec30b6037a20985a676e0fca9994c7292188bc2d82ca1cba8e454f7b9a43c6e94e351a8144e5d3da192291a988eea417
7
+ data.tar.gz: 233d870496e4dec3770026e30c3be0f3843cc9b8b9195ca16ce47e9c83d76fbe78404e54e698b51571b9cf42c126022f53a9de4c2e366e3ad4ce7f06cde981fa
data/app/models/concerns/hydra/admin_policy_behavior.rb CHANGED
@@ -3,7 +3,7 @@ module Hydra
3
3
  extend ActiveSupport::Concern
4
4
 
5
5
  included do
6
- has_and_belongs_to_many :default_permissions, predicate: Hydra::ACL.defaultPermissions, class_name: 'Hydra::AccessControls::Permission'
6
+ has_and_belongs_to_many :default_permissions, predicate: Hydra::ACL.defaultPermissions, class_name: 'Hydra::AccessControls::Permission', inverse_of: :admin_policies
7
7
  belongs_to :default_embargo, predicate: Hydra::ACL.hasEmbargo, class_name: 'Hydra::AccessControls::Embargo'
8
8
  end
9
9
 
@@ -22,8 +22,9 @@ module Hydra
22
22
  end
23
23
 
24
24
  def merged_policies
25
- default_permissions.each_with_object({}) do |policy, h|
26
- args = policy.to_hash
25
+ # Workaround for https://github.com/projecthydra/active_fedora/issues/775
26
+ default_permissions.to_a.uniq.each_with_object({}) do |permission, h|
27
+ args = permission.to_hash
27
28
  h[args[:access]] ||= {}
28
29
  h[args[:access]][args[:type]] ||= []
29
30
  h[args[:access]][args[:type]] << args[:name]
@@ -48,18 +49,5 @@ module Hydra
48
49
  end
49
50
  defaultRights.update_permissions(perm_hash)
50
51
  end
51
-
52
- ## Returns a list with all the permissions on the object.
53
- # @example
54
- # [{:name=>"group1", :access=>"discover", :type=>'group'},
55
- # {:name=>"group2", :access=>"discover", :type=>'group'},
56
- # {:name=>"user2", :access=>"read", :type=>'user'},
57
- # {:name=>"user1", :access=>"edit", :type=>'user'},
58
- # {:name=>"user3", :access=>"read", :type=>'user'}]
59
- def default_permissions
60
- (defaultRights.groups.map {|x| {:type=>'group', :access=>x[1], :name=>x[0] }} +
61
- defaultRights.users.map {|x| {:type=>'user', :access=>x[1], :name=>x[0]}})
62
- end
63
-
64
52
  end
65
53
  end
data/app/models/hydra/access_controls/access_control_list.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  module Hydra::AccessControls
2
2
  class AccessControlList < ActiveFedora::Base
3
3
  belongs_to :access_to, predicate: ::ACL.accessTo, class_name: 'ActiveFedora::Base'
4
- # has_many :admin_policies, class_name: 'Hydra::AdminPolicy'
5
4
  property :mode, predicate: ::ACL.mode, class_name: 'Hydra::AccessControls::Mode'
6
5
  property :agent, predicate: ::ACL.agent, class_name: 'Hydra::AccessControls::Agent'
7
6
  # property :agentClass, predicate: ACL.agentClass
data/app/models/hydra/access_controls/permission.rb CHANGED
@@ -3,6 +3,8 @@ module Hydra::AccessControls
3
3
  GROUP_AGENT_URL_PREFIX = "http://projecthydra.org/ns/auth/group".freeze
4
4
  PERSON_AGENT_URL_PREFIX = 'http://projecthydra.org/ns/auth/person'.freeze
5
5
  class Permission < AccessControlList
6
+ has_many :admin_policies, inverse_of: :default_permissions, class_name: 'Hydra::AdminPolicy'
7
+
6
8
  def initialize(args)
7
9
  super()
8
10
  build_agent(args[:name], args[:type].to_s)
data/spec/spec_helper.rb CHANGED
@@ -8,6 +8,8 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
8
8
  $LOAD_PATH.unshift(File.dirname(__FILE__))
9
9
  Hydra::Engine.config.autoload_paths.each { |path| $LOAD_PATH.unshift path }
10
10
 
11
+ require 'byebug' unless ENV['CI']
12
+
11
13
  if ENV['COVERAGE'] and RUBY_VERSION =~ /^1.9/
12
14
  require 'simplecov'
13
15
  require 'simplecov-rcov'
data/spec/unit/admin_policy_spec.rb CHANGED
@@ -60,9 +60,9 @@ describe Hydra::AdminPolicy do
60
60
  end
61
61
 
62
62
  describe "Inheritable rights" do
63
+ let(:policy) { described_class.new }
63
64
  before do
64
- @policy = Hydra::AdminPolicy.new
65
- @policy.default_permissions.build([
65
+ policy.default_permissions.build([
66
66
  {:name=>"africana-faculty", :access=>"edit", :type=>"group"},
67
67
  {:name=>"cool-kids", :access=>"edit", :type=>"group"},
68
68
  {:name=>"julius_caesar", :access=>"edit", :type=>"person"},
@@ -71,11 +71,23 @@ describe Hydra::AdminPolicy do
71
71
  {:name=>"posers", :access=>"discover", :type=>"group"},
72
72
  {:name=>"constantine", :access=>"discover", :type=>"person"}
73
73
  ])
74
- @policy.build_default_embargo.embargo_release_date = "2102-10-01"
74
+ policy.build_default_embargo.embargo_release_date = "2102-10-01"
75
75
  end
76
76
 
77
- describe "to_solr" do
78
- subject { @policy.to_solr }
77
+ describe "persisting" do
78
+ before do
79
+ policy.save!
80
+ policy.reload
81
+ end
82
+
83
+ it "has the permissions that were set" do
84
+ expect(policy.default_permissions.size).to eq 7
85
+ end
86
+
87
+ end
88
+
89
+ describe "indexing" do
90
+ subject { policy.to_solr }
79
91
 
80
92
  it "should not affect normal solr permissions fields" do
81
93
  expect(subject).to_not have_key Hydra.config.permissions.discover.group
data/spec/unit/policy_aware_ability_spec.rb CHANGED
@@ -10,162 +10,174 @@ describe Hydra::PolicyAwareAbility do
10
10
  :embargo_release_date => "inheritable_embargo_release_date_dtsi"
11
11
  })
12
12
  end
13
+
13
14
  before do
14
15
  class PolicyAwareClass
15
16
  include Hydra::PolicyAwareAbility
16
17
  end
17
- @policy = Hydra::AdminPolicy.create
18
- # Set the inheritable permissions
19
- @policy.default_permissions.create [
20
- {:type=>"group", :access=>"read", :name=>"africana-faculty"},
21
- {:type=>"group", :access=>"edit", :name=>"cool_kids"},
22
- {:type=>"group", :access=>"edit", :name=>"in_crowd"},
23
- {:type=>"person", :access=>"read", :name=>"nero"},
24
- {:type=>"person", :access=>"edit", :name=>"julius_caesar"}
25
- ]
18
+ end
26
19
 
27
- @policy.save!
28
- @asset = ModsAsset.new
29
- @asset.admin_policy = @policy
30
- @asset.save!
20
+ let(:policy) do
21
+ Hydra::AdminPolicy.create do |p|
22
+ # Set the inheritable permissions
23
+ p.default_permissions.build [
24
+ { type: "group", access: "read", name: "africana-faculty" },
25
+ { type: "group", access: "edit", name: "cool_kids" },
26
+ { type: "group", access: "edit", name: "in_crowd" },
27
+ { type: "person", access: "read", name: "nero" },
28
+ { type: "person", access: "edit", name: "julius_caesar" }
29
+ ]
30
+ end
31
31
  end
32
+ let(:asset) { ModsAsset.create { |a| a.admin_policy = policy } }
32
33
 
33
34
  after do
34
35
  Object.send(:remove_const, :PolicyAwareClass)
35
36
  end
36
37
 
37
- subject { PolicyAwareClass.new( User.new ) }
38
+ let(:instance) { PolicyAwareClass.new( User.new ) }
38
39
 
39
40
  describe "policy_id_for" do
40
- before do
41
- @policy2 = Hydra::AdminPolicy.create
42
- @policy2.default_permissions.create [
43
- {:type=>"group", :access=>"read", :name=>"untenured-faculty"},
44
- {:type=>"group", :access=>"edit", :name=>"awesome_kids"},
45
- {:type=>"group", :access=>"edit", :name=>"bad_crowd"},
46
- {:type=>"person", :access=>"read", :name=>"constantine"},
47
- {:type=>"person", :access=>"edit", :name=>"brutus"}
41
+ let(:policy2) do
42
+ Hydra::AdminPolicy.create do |p|
43
+ # Set the inheritable permissions
44
+ p.default_permissions.build [
45
+ { type: "group", access: "read", name: "untenured-faculty" },
46
+ { type: "group", access: "edit", name: "awesome_kids" },
47
+ { type: "group", access: "edit", name: "bad_crowd" },
48
+ { type: "person", access: "read", name: "constantine" },
49
+ { type: "person", access: "edit", name: "brutus" }
48
50
  ]
49
- @policy2.save
50
- @asset2 = ModsAsset.new
51
- @asset2.admin_policy = @policy2
52
- @asset2.save
53
- @asset3 = ModsAsset.create
51
+ end
54
52
  end
53
+ let(:asset2) { ModsAsset.create { |a| a.admin_policy = policy2 } }
54
+ let(:asset3) { ModsAsset.create }
55
55
 
56
56
  it "should retrieve the pid doc for the current object's governing policy" do
57
- expect(subject.policy_id_for(@asset.id)).to eq @policy.id
58
- expect(subject.policy_id_for(@asset2.id)).to eq @policy2.id
59
- expect(subject.policy_id_for(@asset3.id)).to be_nil
57
+ expect(instance.policy_id_for(asset.id)).to eq policy.id
58
+ expect(instance.policy_id_for(asset2.id)).to eq policy2.id
59
+ expect(instance.policy_id_for(asset3.id)).to be_nil
60
60
  end
61
61
  end
62
62
 
63
63
  describe "policy_permissions_doc" do
64
64
  it "should retrieve the permissions doc for the current object's policy and store for re-use" do
65
- expect(subject).to receive(:get_permissions_solr_response_for_doc_id).with(@policy.id).once.and_return("mock solr doc")
66
- expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
67
- expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
68
- expect(subject.policy_permissions_doc(@policy.id)).to eq "mock solr doc"
65
+ expect(instance).to receive(:get_permissions_solr_response_for_doc_id).with(policy.id).once.and_return("mock solr doc")
66
+ expect(instance.policy_permissions_doc(policy.id)).to eq "mock solr doc"
67
+ expect(instance.policy_permissions_doc(policy.id)).to eq "mock solr doc"
68
+ expect(instance.policy_permissions_doc(policy.id)).to eq "mock solr doc"
69
69
  end
70
70
  end
71
+
71
72
  describe "test_edit_from_policy" do
72
73
  context "public user" do
73
74
  it "should return false" do
74
- allow(subject).to receive(:user_groups).and_return(["public"])
75
- expect(subject.test_edit_from_policy(@asset.id)).to be false
75
+ allow(instance).to receive(:user_groups).and_return(["public"])
76
+ expect(instance.test_edit_from_policy(asset.id)).to be false
76
77
  end
77
78
  end
78
79
  context "registered user" do
79
80
  it "should return false" do
80
- expect(subject.user_groups).to include("registered")
81
- expect(subject.test_edit_from_policy(@asset.id)).to be false
81
+ expect(instance.user_groups).to include("registered")
82
+ expect(instance.test_edit_from_policy(asset.id)).to be false
82
83
  end
83
84
  end
84
85
  context "user with policy read access only" do
85
86
  it "should return false" do
86
- allow(subject.current_user).to receive(:user_key).and_return("nero")
87
- expect(subject.test_edit_from_policy(@asset.id)).to be false
87
+ allow(instance.current_user).to receive(:user_key).and_return("nero")
88
+ expect(instance.test_edit_from_policy(asset.id)).to be false
88
89
  end
89
90
  end
90
91
  context "user with policy edit access" do
91
92
  it "should return true" do
92
- allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
93
- expect(subject.test_edit_from_policy(@asset.id)).to be true
93
+ allow(instance.current_user).to receive(:user_key).and_return("julius_caesar")
94
+ expect(instance.test_edit_from_policy(asset.id)).to be true
94
95
  end
95
96
  end
96
97
  context "user in group with policy read access" do
97
98
  it "should return false" do
98
- allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
99
- expect(subject.test_edit_from_policy(@asset.id)).to be false
99
+ allow(instance).to receive(:user_groups).and_return(["africana-faculty"])
100
+ expect(instance.test_edit_from_policy(asset.id)).to be false
100
101
  end
101
102
  end
102
103
  context "user in group with policy edit access" do
103
104
  it "should return true" do
104
- allow(subject).to receive(:user_groups).and_return(["cool_kids"])
105
- expect(subject.test_edit_from_policy(@asset.id)).to be true
105
+ allow(instance).to receive(:user_groups).and_return(["cool_kids"])
106
+ expect(instance.test_edit_from_policy(asset.id)).to be true
106
107
  end
107
108
  end
108
109
  end
110
+
109
111
  describe "test_read_from_policy" do
110
112
  context "public user" do
111
113
  it "should return false" do
112
- allow(subject).to receive(:user_groups).and_return(["public"])
113
- expect(subject.test_read_from_policy(@asset.id)).to be false
114
+ allow(instance).to receive(:user_groups).and_return(["public"])
115
+ expect(instance.test_read_from_policy(asset.id)).to be false
114
116
  end
115
117
  end
116
118
  context "registered user" do
117
119
  it "should return false" do
118
- expect(subject.user_groups).to include("registered")
119
- expect(subject.test_read_from_policy(@asset.id)).to be false
120
+ expect(instance.user_groups).to include("registered")
121
+ expect(instance.test_read_from_policy(asset.id)).to be false
120
122
  end
121
123
  end
122
124
  context "user with policy read access only" do
123
125
  it "should return false" do
124
- allow(subject.current_user).to receive(:user_key).and_return("nero")
125
- expect(subject.test_read_from_policy(@asset.id)).to be true
126
+ allow(instance.current_user).to receive(:user_key).and_return("nero")
127
+ expect(instance.test_read_from_policy(asset.id)).to be true
126
128
  end
127
129
  end
128
130
  context "user with policy edit access" do
129
131
  it "should return true" do
130
- allow(subject.current_user).to receive(:user_key).and_return("julius_caesar")
131
- expect(subject.test_read_from_policy(@asset.id)).to be true
132
+ allow(instance.current_user).to receive(:user_key).and_return("julius_caesar")
133
+ expect(instance.test_read_from_policy(asset.id)).to be true
132
134
  end
133
135
  end
134
136
  context "user in group with policy read access" do
135
137
  it "should return false" do
136
- allow(subject).to receive(:user_groups).and_return(["africana-faculty"])
137
- expect(subject.test_read_from_policy(@asset.id)).to be true
138
+ allow(instance).to receive(:user_groups).and_return(["africana-faculty"])
139
+ expect(instance.test_read_from_policy(asset.id)).to be true
138
140
  end
139
141
  end
140
142
  context "user in group with policy edit access" do
141
143
  it "should return true" do
142
- allow(subject).to receive(:user_groups).and_return(["cool_kids"])
143
- expect(subject.test_read_from_policy(@asset.id)).to be true
144
+ allow(instance).to receive(:user_groups).and_return(["cool_kids"])
145
+ expect(instance.test_read_from_policy(asset.id)).to be true
144
146
  end
145
147
  end
146
148
  end
149
+
147
150
  describe "edit_groups_from_policy" do
151
+ subject { instance.edit_groups_from_policy(policy.id) }
152
+
148
153
  it "should retrieve the list of groups with edit access from the policy" do
149
- result = subject.edit_groups_from_policy(@policy.id)
150
- expect(result.length).to eq 2
151
- expect(result).to include("cool_kids","in_crowd")
154
+ expect(subject).to match_array ["cool_kids", "in_crowd"]
152
155
  end
153
156
  end
157
+
154
158
  describe "edit_persons_from_policy" do
159
+ subject do
160
+ instance.edit_users_from_policy(policy.id)
161
+ end
162
+
155
163
  it "should retrieve the list of individuals with edit access from the policy" do
156
- expect(subject.edit_users_from_policy(@policy.id)).to eq ["julius_caesar"]
164
+ expect(subject).to eq ["julius_caesar"]
157
165
  end
158
166
  end
167
+
159
168
  describe "read_groups_from_policy" do
169
+ subject { instance.read_groups_from_policy(policy.id) }
170
+
160
171
  it "should retrieve the list of groups with read access from the policy" do
161
- result = subject.read_groups_from_policy(@policy.id)
162
- expect(result.length).to eq 3
163
- expect(result).to include("cool_kids", "in_crowd", "africana-faculty")
172
+ expect(subject).to match_array ["cool_kids", "in_crowd", "africana-faculty"]
164
173
  end
165
174
  end
166
- describe "read_persons_from_policy" do
175
+
176
+ describe "read_users_from_policy" do
177
+ subject { instance.read_users_from_policy(policy.id) }
178
+
167
179
  it "should retrieve the list of individuals with read access from the policy" do
168
- expect(subject.read_users_from_policy(@policy.id)).to eq ["julius_caesar","nero"]
180
+ expect(subject).to eq ["julius_caesar", "nero"]
169
181
  end
170
182
  end
171
183
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.1.3
4
+ version: 9.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2015-04-16 00:00:00.000000000 Z
13
+ date: 2015-04-17 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport