hydra-access-controls 9.3.0 → 9.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 48df5495189420a7fcd2badef2493179edcc1560
-  data.tar.gz: 6b69996bbca5b1f33f233c4327fb58678bb118a8
+  metadata.gz: e77408cf3b024c305f4c9e0115e328970dbecce3
+  data.tar.gz: 7bde23563a7c7553d1714d1f438d8520e5fd82f8
 SHA512:
-  metadata.gz: 77f673207dda70cfc5401f7418cb8af5675cbec3b46afdf896bb04ac2b13cf69954e3b9a3d924ac597d3adb77897d20fb2158f53af085e468430ea37d6c14154
-  data.tar.gz: 8b9f3925485f1a3725815432bff9d63cf4a2cd8335ea59276c716b842b28b47e45e0d117993f7e263c8db44d727982eb8c78ce75dc5ffd8f4694a3eb3ef9f2be
+  metadata.gz: 8275440b6eac3fac51c150c5c2e419d83ce40cd30e3e52a569171cf5ea75c55f16da4efa4d3fa73f404503e8697f502163d64b2313cacbfa44ce593757f2fbf1
+  data.tar.gz: f05ae2c6242af7d39552179a27cd67bab85be0c315538c2a7b1ba31a4ff0e355aa7c2d5d5106411f19f8a5d3a99dd9a9e4a6b60580a976171bb1620218a74f38

data/app/models/concerns/hydra/ip_based_ability.rb

@@ -0,0 +1,14 @@
+module Hydra
+  # include this on your ability class to add ip based groups to your user
+  module IpBasedAbility
+
+    def user_groups
+      @user_groups ||= super + ip_based_groups
+    end
+
+    def ip_based_groups
+      return [] unless options.key?(:remote_ip)
+      IpBasedGroups.for(options.fetch(:remote_ip))
+    end
+  end
+end

data/lib/hydra-access-controls.rb

@@ -19,6 +19,7 @@ module Hydra
   autoload :PermissionsQuery
   autoload :PermissionsCache
   autoload :PermissionsSolrDocument
+  autoload :IpBasedGroups
 
   class << self
     def configure(_ = nil)

data/lib/hydra/ability.rb

@@ -20,12 +20,12 @@ module Hydra
       Hydra.config[:user_model] ?  Hydra.config[:user_model].constantize : ::User
     end
 
-    attr_reader :current_user, :session, :cache
+    attr_reader :current_user, :options, :cache
 
-    def initialize(user, session=nil)
+    def initialize(user, options = {})
       @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
       @user = @current_user # just in case someone was using this in an override. Just don't.
-      @session = session
+      @options = options
       @cache = Hydra::PermissionsCache.new
       hydra_default_permissions()
     end

data/lib/hydra/ip_based_groups.rb

@@ -0,0 +1,58 @@
+require 'ipaddr'
+module Hydra
+  class IpBasedGroups
+    def self.for(remote_ip)
+      groups.select { |group| group.include_ip?(remote_ip) }.map(&:name)
+    end
+
+    class Group
+      attr_accessor :name
+      # @param [Hash] h
+      def initialize(h)
+        @name = h.fetch('name')
+        @subnet_strings = h.fetch('subnets')
+      end
+
+      def include_ip?(ip_string)
+        ip = IPAddr.new(ip_string)
+        subnets.any? { |subnet| subnet.include?(ip) }
+      end
+
+      private
+
+        def subnets
+          @subnets ||= @subnet_strings.map { |s| IPAddr.new(s) }
+        end
+    end
+
+      def self.groups
+        load_groups.fetch('groups').map { |h| Group.new(h) }
+      end
+
+      def self.filename
+        'config/hydra_ip_range.yml'
+      end
+
+      def self.load_groups
+        require 'yaml'
+
+        file = File.join(Rails.root, filename)
+
+        unless File.exists?(file)
+          raise "ip-range configuration file not found. Expected: #{file}."
+        end
+
+        begin
+          yml = YAML::load_file(file)
+        rescue
+          raise("#{filename} was found, but could not be parsed.\n")
+        end
+        unless yml.is_a? Hash
+          raise("#{filename} was found, but was blank or malformed.\n")
+        end
+
+        yml.fetch(Rails.env)
+      end
+
+  end
+end

data/spec/spec_helper.rb

@@ -33,6 +33,7 @@ require_relative '../app/models/hydra/access_controls/permission'
 require_relative '../app/models/hydra/access_controls/embargo'
 require_relative '../app/models/hydra/access_controls/lease'
 require_relative '../app/models/concerns/hydra/with_depositor'
+require_relative '../app/models/concerns/hydra/ip_based_ability'
 require_relative '../app/services/hydra/lease_service'
 require_relative '../app/services/hydra/embargo_service'
 require_relative '../app/validators/hydra/future_date_validator'

data/spec/support/config/hydra_ip_range.yml

@@ -0,0 +1,9 @@
+development: &development
+  groups:
+    - name: 'on-campus'
+      subnets:
+        - 192.168.0.0/24
+        - 10.0.0.0/22
+test: *development
+production: *development
+

data/spec/unit/ip_base_ability_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Hydra::IpBasedAbility do
+  before do
+    class TestAbility < Ability
+      include Hydra::IpBasedAbility
+    end
+  end
+
+  let(:user) { double(groups: ['one', 'two'], new_record?: false) }
+  let(:ability) { TestAbility.new(user, args) }
+  let(:args) { {} }
+
+  describe "#user_groups" do
+    subject { ability.user_groups }
+    context "when no ip is passed" do
+      it { is_expected.to eq ['public', 'one', 'two', 'registered'] }
+    end
+
+    context "when ip is passed" do
+      context "and it is in range" do
+        let(:args) { { remote_ip: '10.0.1.12' } }
+        it { is_expected.to eq ['public', 'one', 'two', 'registered', 'on-campus'] }
+      end
+
+      context "and it is out of range" do
+        let(:args) { { remote_ip: '10.0.4.12' } }
+        it { is_expected.to eq ['public', 'one', 'two', 'registered'] }
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 9.3.0
+  version: 9.4.0
 platform: ruby
 authors:
 - Chris Beer
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-07 00:00:00.000000000 Z
+date: 2015-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -144,6 +144,7 @@ files:
 - app/models/concerns/hydra/access_controls/visibility.rb
 - app/models/concerns/hydra/access_controls/with_access_right.rb
 - app/models/concerns/hydra/admin_policy_behavior.rb
+- app/models/concerns/hydra/ip_based_ability.rb
 - app/models/concerns/hydra/rights.rb
 - app/models/concerns/hydra/with_depositor.rb
 - app/models/hydra/access_controls/access_control_list.rb
@@ -166,6 +167,7 @@ files:
 - lib/hydra/access_controls_enforcement.rb
 - lib/hydra/admin_policy.rb
 - lib/hydra/config.rb
+- lib/hydra/ip_based_groups.rb
 - lib/hydra/permissions_cache.rb
 - lib/hydra/permissions_query.rb
 - lib/hydra/permissions_solr_document.rb
@@ -179,6 +181,7 @@ files:
 - spec/services/embargo_service_spec.rb
 - spec/services/lease_service_spec.rb
 - spec/spec_helper.rb
+- spec/support/config/hydra_ip_range.yml
 - spec/support/config/role_map.yml
 - spec/support/config/solr.yml
 - spec/support/mods_asset.rb
@@ -192,6 +195,7 @@ files:
 - spec/unit/admin_policy_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/embargoable_spec.rb
+- spec/unit/ip_base_ability_spec.rb
 - spec/unit/permission_spec.rb
 - spec/unit/permissions_spec.rb
 - spec/unit/policy_aware_ability_spec.rb
@@ -233,6 +237,7 @@ test_files:
 - spec/services/embargo_service_spec.rb
 - spec/services/lease_service_spec.rb
 - spec/spec_helper.rb
+- spec/support/config/hydra_ip_range.yml
 - spec/support/config/role_map.yml
 - spec/support/config/solr.yml
 - spec/support/mods_asset.rb
@@ -246,6 +251,7 @@ test_files:
 - spec/unit/admin_policy_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/embargoable_spec.rb
+- spec/unit/ip_base_ability_spec.rb
 - spec/unit/permission_spec.rb
 - spec/unit/permissions_spec.rb
 - spec/unit/policy_aware_ability_spec.rb