hydra-access-controls 9.3.0 → 9.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 48df5495189420a7fcd2badef2493179edcc1560
4
- data.tar.gz: 6b69996bbca5b1f33f233c4327fb58678bb118a8
3
+ metadata.gz: e77408cf3b024c305f4c9e0115e328970dbecce3
4
+ data.tar.gz: 7bde23563a7c7553d1714d1f438d8520e5fd82f8
5
5
  SHA512:
6
- metadata.gz: 77f673207dda70cfc5401f7418cb8af5675cbec3b46afdf896bb04ac2b13cf69954e3b9a3d924ac597d3adb77897d20fb2158f53af085e468430ea37d6c14154
7
- data.tar.gz: 8b9f3925485f1a3725815432bff9d63cf4a2cd8335ea59276c716b842b28b47e45e0d117993f7e263c8db44d727982eb8c78ce75dc5ffd8f4694a3eb3ef9f2be
6
+ metadata.gz: 8275440b6eac3fac51c150c5c2e419d83ce40cd30e3e52a569171cf5ea75c55f16da4efa4d3fa73f404503e8697f502163d64b2313cacbfa44ce593757f2fbf1
7
+ data.tar.gz: f05ae2c6242af7d39552179a27cd67bab85be0c315538c2a7b1ba31a4ff0e355aa7c2d5d5106411f19f8a5d3a99dd9a9e4a6b60580a976171bb1620218a74f38
@@ -0,0 +1,14 @@
1
+ module Hydra
2
+ # include this on your ability class to add ip based groups to your user
3
+ module IpBasedAbility
4
+
5
+ def user_groups
6
+ @user_groups ||= super + ip_based_groups
7
+ end
8
+
9
+ def ip_based_groups
10
+ return [] unless options.key?(:remote_ip)
11
+ IpBasedGroups.for(options.fetch(:remote_ip))
12
+ end
13
+ end
14
+ end
@@ -19,6 +19,7 @@ module Hydra
19
19
  autoload :PermissionsQuery
20
20
  autoload :PermissionsCache
21
21
  autoload :PermissionsSolrDocument
22
+ autoload :IpBasedGroups
22
23
 
23
24
  class << self
24
25
  def configure(_ = nil)
data/lib/hydra/ability.rb CHANGED
@@ -20,12 +20,12 @@ module Hydra
20
20
  Hydra.config[:user_model] ? Hydra.config[:user_model].constantize : ::User
21
21
  end
22
22
 
23
- attr_reader :current_user, :session, :cache
23
+ attr_reader :current_user, :options, :cache
24
24
 
25
- def initialize(user, session=nil)
25
+ def initialize(user, options = {})
26
26
  @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
27
27
  @user = @current_user # just in case someone was using this in an override. Just don't.
28
- @session = session
28
+ @options = options
29
29
  @cache = Hydra::PermissionsCache.new
30
30
  hydra_default_permissions()
31
31
  end
@@ -0,0 +1,58 @@
1
+ require 'ipaddr'
2
+ module Hydra
3
+ class IpBasedGroups
4
+ def self.for(remote_ip)
5
+ groups.select { |group| group.include_ip?(remote_ip) }.map(&:name)
6
+ end
7
+
8
+ class Group
9
+ attr_accessor :name
10
+ # @param [Hash] h
11
+ def initialize(h)
12
+ @name = h.fetch('name')
13
+ @subnet_strings = h.fetch('subnets')
14
+ end
15
+
16
+ def include_ip?(ip_string)
17
+ ip = IPAddr.new(ip_string)
18
+ subnets.any? { |subnet| subnet.include?(ip) }
19
+ end
20
+
21
+ private
22
+
23
+ def subnets
24
+ @subnets ||= @subnet_strings.map { |s| IPAddr.new(s) }
25
+ end
26
+ end
27
+
28
+ def self.groups
29
+ load_groups.fetch('groups').map { |h| Group.new(h) }
30
+ end
31
+
32
+ def self.filename
33
+ 'config/hydra_ip_range.yml'
34
+ end
35
+
36
+ def self.load_groups
37
+ require 'yaml'
38
+
39
+ file = File.join(Rails.root, filename)
40
+
41
+ unless File.exists?(file)
42
+ raise "ip-range configuration file not found. Expected: #{file}."
43
+ end
44
+
45
+ begin
46
+ yml = YAML::load_file(file)
47
+ rescue
48
+ raise("#{filename} was found, but could not be parsed.\n")
49
+ end
50
+ unless yml.is_a? Hash
51
+ raise("#{filename} was found, but was blank or malformed.\n")
52
+ end
53
+
54
+ yml.fetch(Rails.env)
55
+ end
56
+
57
+ end
58
+ end
data/spec/spec_helper.rb CHANGED
@@ -33,6 +33,7 @@ require_relative '../app/models/hydra/access_controls/permission'
33
33
  require_relative '../app/models/hydra/access_controls/embargo'
34
34
  require_relative '../app/models/hydra/access_controls/lease'
35
35
  require_relative '../app/models/concerns/hydra/with_depositor'
36
+ require_relative '../app/models/concerns/hydra/ip_based_ability'
36
37
  require_relative '../app/services/hydra/lease_service'
37
38
  require_relative '../app/services/hydra/embargo_service'
38
39
  require_relative '../app/validators/hydra/future_date_validator'
@@ -0,0 +1,9 @@
1
+ development: &development
2
+ groups:
3
+ - name: 'on-campus'
4
+ subnets:
5
+ - 192.168.0.0/24
6
+ - 10.0.0.0/22
7
+ test: *development
8
+ production: *development
9
+
@@ -0,0 +1,32 @@
1
+ require 'spec_helper'
2
+
3
+ describe Hydra::IpBasedAbility do
4
+ before do
5
+ class TestAbility < Ability
6
+ include Hydra::IpBasedAbility
7
+ end
8
+ end
9
+
10
+ let(:user) { double(groups: ['one', 'two'], new_record?: false) }
11
+ let(:ability) { TestAbility.new(user, args) }
12
+ let(:args) { {} }
13
+
14
+ describe "#user_groups" do
15
+ subject { ability.user_groups }
16
+ context "when no ip is passed" do
17
+ it { is_expected.to eq ['public', 'one', 'two', 'registered'] }
18
+ end
19
+
20
+ context "when ip is passed" do
21
+ context "and it is in range" do
22
+ let(:args) { { remote_ip: '10.0.1.12' } }
23
+ it { is_expected.to eq ['public', 'one', 'two', 'registered', 'on-campus'] }
24
+ end
25
+
26
+ context "and it is out of range" do
27
+ let(:args) { { remote_ip: '10.0.4.12' } }
28
+ it { is_expected.to eq ['public', 'one', 'two', 'registered'] }
29
+ end
30
+ end
31
+ end
32
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.3.0
4
+ version: 9.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2015-10-07 00:00:00.000000000 Z
13
+ date: 2015-11-02 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -144,6 +144,7 @@ files:
144
144
  - app/models/concerns/hydra/access_controls/visibility.rb
145
145
  - app/models/concerns/hydra/access_controls/with_access_right.rb
146
146
  - app/models/concerns/hydra/admin_policy_behavior.rb
147
+ - app/models/concerns/hydra/ip_based_ability.rb
147
148
  - app/models/concerns/hydra/rights.rb
148
149
  - app/models/concerns/hydra/with_depositor.rb
149
150
  - app/models/hydra/access_controls/access_control_list.rb
@@ -166,6 +167,7 @@ files:
166
167
  - lib/hydra/access_controls_enforcement.rb
167
168
  - lib/hydra/admin_policy.rb
168
169
  - lib/hydra/config.rb
170
+ - lib/hydra/ip_based_groups.rb
169
171
  - lib/hydra/permissions_cache.rb
170
172
  - lib/hydra/permissions_query.rb
171
173
  - lib/hydra/permissions_solr_document.rb
@@ -179,6 +181,7 @@ files:
179
181
  - spec/services/embargo_service_spec.rb
180
182
  - spec/services/lease_service_spec.rb
181
183
  - spec/spec_helper.rb
184
+ - spec/support/config/hydra_ip_range.yml
182
185
  - spec/support/config/role_map.yml
183
186
  - spec/support/config/solr.yml
184
187
  - spec/support/mods_asset.rb
@@ -192,6 +195,7 @@ files:
192
195
  - spec/unit/admin_policy_spec.rb
193
196
  - spec/unit/config_spec.rb
194
197
  - spec/unit/embargoable_spec.rb
198
+ - spec/unit/ip_base_ability_spec.rb
195
199
  - spec/unit/permission_spec.rb
196
200
  - spec/unit/permissions_spec.rb
197
201
  - spec/unit/policy_aware_ability_spec.rb
@@ -233,6 +237,7 @@ test_files:
233
237
  - spec/services/embargo_service_spec.rb
234
238
  - spec/services/lease_service_spec.rb
235
239
  - spec/spec_helper.rb
240
+ - spec/support/config/hydra_ip_range.yml
236
241
  - spec/support/config/role_map.yml
237
242
  - spec/support/config/solr.yml
238
243
  - spec/support/mods_asset.rb
@@ -246,6 +251,7 @@ test_files:
246
251
  - spec/unit/admin_policy_spec.rb
247
252
  - spec/unit/config_spec.rb
248
253
  - spec/unit/embargoable_spec.rb
254
+ - spec/unit/ip_base_ability_spec.rb
249
255
  - spec/unit/permission_spec.rb
250
256
  - spec/unit/permissions_spec.rb
251
257
  - spec/unit/policy_aware_ability_spec.rb