hydra-access-controls 9.5.0 → 9.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 124bb44e71c185a51d708ad4c7a368ff767315fd
4
- data.tar.gz: 41fd3af3306eb3f9cf8943a048cba3eddde884a9
3
+ metadata.gz: d858683ef55ada03ab8db4ae2236c36b842895cf
4
+ data.tar.gz: 1607be72ddad76b1f526ca62181d50a7724950bc
5
5
  SHA512:
6
- metadata.gz: 4fc4407250c8593de0233f270cf3d1bbe638916713dab4b1e8e9462dcb3ebfbd52162fce9037e03af7ccfcaba8ce227f9c662f0c6c487d41e5ee836c2e0a8d3a
7
- data.tar.gz: 5ea74853a2c5782822c74640bfb7197b2e45950e25677eab3072720c0dad2b7ac77c55a2879d5f7c771fd36f2fa452aa6f8f36a760ccea1550c4c21545d6d190
6
+ metadata.gz: 74f0875cd669674a81eecc48586fdb10ec1c900ece56e76611ec7258acb4d2411c2b46a2ee08c637fa06b177f9f8f149f626dcf933101f3b6ad1a94fe6115009
7
+ data.tar.gz: 41d8e8afbcc05366e4116e808b99f3c4d4c693754652426e258c72cd3357a4018bea46981d2f913ea0ec831d45cbe051ca0a1fc665a4fc98beebf43f88e74cea
@@ -74,6 +74,8 @@ module Hydra
74
74
  visibility_will_change! if embargo.changed?
75
75
  end
76
76
 
77
+ # Deactivates the embargo and logs a message to the embargo object.
78
+ # Marks this record as dirty so that it will get reindexed.
77
79
  def deactivate_embargo!
78
80
  embargo && embargo.deactivate!
79
81
  visibility_will_change!
@@ -17,6 +17,7 @@ module Hydra::AccessControls
17
17
  (embargo_release_date.present? && Date.today < embargo_release_date)
18
18
  end
19
19
 
20
+ # Deactivates the embargo and logs a message to the embargo_history property
20
21
  def deactivate!
21
22
  return unless embargo_release_date
22
23
  embargo_state = active? ? "active" : "expired"
@@ -61,9 +61,6 @@ module Hydra::AccessControls
61
61
  Agent.new(::RDF::URI.new("#{GROUP_AGENT_URL_PREFIX}##{name}"))
62
62
  when "person"
63
63
  Agent.new(::RDF::URI.new("#{PERSON_AGENT_URL_PREFIX}##{name}"))
64
- when "user"
65
- Deprecation.warn Permission, "Passing \"user\" as the type to Permission is deprecated. Use \"person\" instead. This will be an error in ActiveFedora 9."
66
- Agent.new(::RDF::URI.new("#{PERSON_AGENT_URL_PREFIX}##{name}"))
67
64
  else
68
65
  raise ArgumentError, "Unknown agent type #{type.inspect}"
69
66
  end
@@ -22,13 +22,8 @@ Gem::Specification.new do |gem|
22
22
  gem.add_dependency "active-fedora", '~> 9.0'
23
23
  gem.add_dependency 'cancancan', '~> 1.8'
24
24
  gem.add_dependency 'deprecation', '~> 0.2'
25
- gem.add_dependency "blacklight", '~> 5.16'
26
-
27
- # sass-rails is typically generated into the app's gemfile by `rails new`
28
- # In rails 3 it's put into the "assets" group and thus not available to the
29
- # app. Blacklight 5.3 requires bootstrap-sass which requires (but does not
30
- # declare a dependency on) sass-rails
31
- gem.add_dependency 'sass-rails'
25
+ gem.add_dependency "blacklight", '>= 5.16'
26
+ gem.add_dependency "blacklight-access_controls", '~> 0.1'
32
27
 
33
28
  gem.add_development_dependency "rake", '~> 10.1'
34
29
  gem.add_development_dependency 'rspec', '~> 3.1'
@@ -3,6 +3,7 @@ require 'active-fedora'
3
3
  require 'blacklight'
4
4
  require 'cancan'
5
5
  require "deprecation"
6
+ require 'blacklight-access_controls'
6
7
 
7
8
  module Hydra
8
9
  extend ActiveSupport::Autoload
@@ -1,18 +1,19 @@
1
1
  # Code for [CANCAN] access to Hydra models
2
- require 'cancan'
2
+
3
3
  module Hydra
4
4
  module Ability
5
5
  extend ActiveSupport::Concern
6
6
 
7
+ include Blacklight::AccessControls::Ability
8
+
7
9
  # once you include Hydra::Ability you can add custom permission methods by appending to ability_logic like so:
8
10
  #
9
11
  # self.ability_logic +=[:setup_my_permissions]
10
12
 
11
13
  included do
12
- include CanCan::Ability
13
14
  include Hydra::PermissionsQuery
14
15
  include Blacklight::SearchHelper
15
- class_attribute :ability_logic
16
+
16
17
  self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :discover_permissions, :download_permissions, :custom_permissions]
17
18
  end
18
19
 
@@ -20,37 +21,16 @@ module Hydra
20
21
  Hydra.config[:user_model] ? Hydra.config[:user_model].constantize : ::User
21
22
  end
22
23
 
23
- attr_reader :current_user, :options, :cache
24
-
25
24
  def initialize(user, options = {})
26
25
  @current_user = user || Hydra::Ability.user_class.new # guest user (not logged in)
27
26
  @user = @current_user # just in case someone was using this in an override. Just don't.
28
27
  @options = options
29
- @cache = Hydra::PermissionsCache.new
28
+ @cache = Blacklight::AccessControls::PermissionsCache.new
30
29
  hydra_default_permissions()
31
30
  end
32
31
 
33
- ## You can override this method if you are using a different AuthZ (such as LDAP)
34
- def user_groups
35
- return @user_groups if @user_groups
36
-
37
- @user_groups = default_user_groups
38
- @user_groups |= current_user.groups if current_user and current_user.respond_to? :groups
39
- @user_groups |= ['registered'] unless current_user.new_record?
40
- @user_groups
41
- end
42
-
43
- def default_user_groups
44
- # # everyone is automatically a member of the group 'public'
45
- ['public']
46
- end
47
-
48
-
49
32
  def hydra_default_permissions
50
- Rails.logger.debug("Usergroups are " + user_groups.inspect)
51
- self.ability_logic.each do |method|
52
- send(method)
53
- end
33
+ grant_permissions
54
34
  end
55
35
 
56
36
  def create_permissions
@@ -73,33 +53,19 @@ module Hydra
73
53
  end
74
54
 
75
55
  def read_permissions
76
- can :read, String do |id|
77
- test_read(id)
78
- end
56
+ super
79
57
 
80
58
  can :read, ActiveFedora::Base do |obj|
81
59
  test_read(obj.id)
82
60
  end
83
-
84
- can :read, SolrDocument do |obj|
85
- cache.put(obj.id, obj)
86
- test_read(obj.id)
87
- end
88
61
  end
89
62
 
90
63
  def discover_permissions
91
- can :discover, String do |id|
92
- test_discover(id)
93
- end
64
+ super
94
65
 
95
66
  can :discover, ActiveFedora::Base do |obj|
96
67
  test_discover(obj.id)
97
68
  end
98
-
99
- can :discover, SolrDocument do |obj|
100
- cache.put(obj.id, obj)
101
- test_discover(obj.id)
102
- end
103
69
  end
104
70
 
105
71
  # Download permissions are exercised in Hydra::Controller::DownloadBehavior
@@ -125,20 +91,6 @@ module Hydra
125
91
  result
126
92
  end
127
93
 
128
- def test_read(id)
129
- Rails.logger.debug("[CANCAN] Checking read permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
130
- group_intersection = user_groups & read_groups(id)
131
- result = !group_intersection.empty? || read_users(id).include?(current_user.user_key)
132
- result
133
- end
134
-
135
- def test_discover(id)
136
- Rails.logger.debug("[CANCAN] Checking discover permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
137
- group_intersection = user_groups & discover_groups(id)
138
- result = !group_intersection.empty? || discover_users(id).include?(current_user.user_key)
139
- result
140
- end
141
-
142
94
  def edit_groups(id)
143
95
  doc = permissions_doc(id)
144
96
  return [] if doc.nil?
@@ -149,20 +101,10 @@ module Hydra
149
101
 
150
102
  # edit implies read, so read_groups is the union of edit and read groups
151
103
  def read_groups(id)
152
- doc = permissions_doc(id)
153
- return [] if doc.nil?
154
- rg = edit_groups(id) | (doc[self.class.read_group_field] || [])
104
+ rg = super
105
+ rg |= edit_groups(id)
155
106
  Rails.logger.debug("[CANCAN] read_groups: #{rg.inspect}")
156
- return rg
157
- end
158
-
159
- # read implies discover, so discover_groups is the union of read and discover groups
160
- def discover_groups(id)
161
- doc = permissions_doc(id)
162
- return [] if doc.nil?
163
- dg = read_groups(id) | (doc[self.class.discover_group_field] || [])
164
- Rails.logger.debug("[CANCAN] discover_groups: #{dg.inspect}")
165
- dg
107
+ rg
166
108
  end
167
109
 
168
110
  def edit_users(id)
@@ -175,21 +117,12 @@ module Hydra
175
117
 
176
118
  # edit implies read, so read_users is the union of edit and read users
177
119
  def read_users(id)
178
- doc = permissions_doc(id)
179
- return [] if doc.nil?
180
- rp = edit_users(id) | (doc[self.class.read_user_field] || [])
120
+ rp = super
121
+ rp |= edit_users(id)
181
122
  Rails.logger.debug("[CANCAN] read_users: #{rp.inspect}")
182
- return rp
123
+ rp
183
124
  end
184
125
 
185
- # read implies discover, so discover_users is the union of read and discover users
186
- def discover_users(id)
187
- doc = permissions_doc(id)
188
- return [] if doc.nil?
189
- dp = read_users(id) | (doc[self.class.discover_user_field] || [])
190
- Rails.logger.debug("[CANCAN] discover_users: #{dp.inspect}")
191
- dp
192
- end
193
126
 
194
127
  module ClassMethods
195
128
  def read_group_field
@@ -1,36 +1,9 @@
1
1
  module Hydra::AccessControlsEnforcement
2
2
  extend ActiveSupport::Concern
3
-
4
- included do |klass|
5
- attr_writer :current_ability
6
- class_attribute :solr_access_filters_logic
7
-
8
- # Set defaults. Each symbol identifies a _method_ that must be in
9
- # this class, taking one parameter (permission_types)
10
- # Can be changed in local apps or by plugins, eg:
11
- # CatalogController.include ModuleDefiningNewMethod
12
- # CatalogController.solr_access_filters_logic += [:new_method]
13
- # CatalogController.solr_access_filters_logic.delete(:we_dont_want)
14
- self.solr_access_filters_logic = [:apply_group_permissions, :apply_user_permissions]
15
-
16
- end
17
-
18
- def current_ability
19
- @current_ability || raise("current_ability has not been set on #{self}")
20
- end
3
+ include Blacklight::AccessControls::Enforcement
21
4
 
22
5
  protected
23
6
 
24
- def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
25
- user_access_filters = []
26
-
27
- # Grant access based on user id & group
28
- solr_access_filters_logic.each do |method_name|
29
- user_access_filters += send(method_name, permission_types, ability)
30
- end
31
- user_access_filters
32
- end
33
-
34
7
  def under_embargo?
35
8
  load_permissions_from_solr
36
9
  embargo_key = Hydra.config.permissions.embargo.release_date
@@ -41,82 +14,18 @@ module Hydra::AccessControlsEnforcement
41
14
  false
42
15
  end
43
16
 
44
- #
45
- # Action-specific enforcement
46
- #
47
-
48
- # Controller "before" filter for enforcing access controls on show actions
49
- # @param [Hash] opts (optional, not currently used)
50
- def enforce_show_permissions(opts={})
51
- permissions = current_ability.permissions_doc(params[:id])
52
- if permissions.under_embargo? && !can?(:edit, permissions)
53
- raise Hydra::AccessDenied.new("This item is under embargo. You do not have sufficient access privileges to read this document.", :edit, params[:id])
54
- end
55
- unless can? :read, permissions
56
- raise Hydra::AccessDenied.new("You do not have sufficient access privileges to read this document, which has been marked private.", :read, params[:id])
57
- end
58
- end
59
-
60
- # Solr query modifications
61
- #
62
-
63
- # Set solr_parameters to enforce appropriate permissions
64
- # * Applies a lucene query to the solr :q parameter for gated discovery
65
- # * Uses public_qt search handler if user does not have "read" permissions
66
- # @param solr_parameters the current solr parameters
67
- #
68
- # @example This method should be added to your CatalogController's search_params_logic
69
- # class CatalogController < ApplicationController
70
- # CatalogController.search_params_logic += [:add_access_controls_to_solr_params]
71
- # end
72
- def add_access_controls_to_solr_params(solr_parameters)
73
- apply_gated_discovery(solr_parameters)
74
- end
75
-
76
-
77
17
  # Which permission levels (logical OR) will grant you the ability to discover documents in a search.
78
-
79
- # Override this method if you want it to be something other than the default
18
+ # Overrides blacklight-access_controls method.
80
19
  def discovery_permissions
81
20
  @discovery_permissions ||= ["edit","discover","read"]
82
21
  end
83
- def discovery_permissions= (permissions)
84
- @discovery_permissions = permissions
85
- end
86
22
 
87
- # Contrller before filter that sets up access-controlled lucene query in order to provide gated discovery behavior
88
- # @param solr_parameters the current solr parameters
89
- def apply_gated_discovery(solr_parameters)
90
- solr_parameters[:fq] ||= []
91
- solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
92
- Rails.logger.debug("Solr parameters: #{ solr_parameters.inspect }")
23
+ # Find the name of the solr field for this type of permission.
24
+ # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
25
+ # Used by blacklight-access_controls.
26
+ def solr_field_for(permission_type, permission_category)
27
+ permissions = Hydra.config.permissions[permission_type.to_sym]
28
+ permission_category == 'group' ? permissions.group : permissions.individual
93
29
  end
94
30
 
95
-
96
- def apply_group_permissions(permission_types, ability = current_ability)
97
- # for groups
98
- user_access_filters = []
99
- ability.user_groups.each_with_index do |group, i|
100
- permission_types.each do |type|
101
- user_access_filters << escape_filter(Hydra.config.permissions[type.to_sym].group, group)
102
- end
103
- end
104
- user_access_filters
105
- end
106
-
107
- def escape_filter(key, value)
108
- [key, value.gsub(/[ :\/]/, ' ' => '\ ', '/' => '\/', ':' => '\:')].join(':')
109
- end
110
-
111
- def apply_user_permissions(permission_types, ability = current_ability)
112
- # for individual user access
113
- user_access_filters = []
114
- user = ability.current_user
115
- if user && user.user_key.present?
116
- permission_types.each do |type|
117
- user_access_filters << escape_filter(Hydra.config.permissions[type.to_sym].individual, user.user_key)
118
- end
119
- end
120
- user_access_filters
121
- end
122
31
  end
@@ -1,18 +1,6 @@
1
- class Hydra::PermissionsCache
2
- def initialize
3
- clear
4
- end
1
+ class Hydra::PermissionsCache < Blacklight::AccessControls::PermissionsCache
2
+ extend Deprecation
5
3
 
6
- def get(pid)
7
- @cache[pid]
8
- end
9
-
10
- def put(pid, doc)
11
- @cache[pid] = doc
12
- end
13
-
14
- def clear
15
- @cache = {}
16
- end
4
+ Deprecation.warn Hydra::PermissionsCache, "Hydra::PermissionsCache will be removed in Hydra 10. Use Blacklight::AccessControls::PermissionsCache instead (from blacklight-access_controls gem)."
17
5
 
18
6
  end
@@ -2,48 +2,13 @@ module Hydra
2
2
  module PermissionsQuery
3
3
  extend ActiveSupport::Concern
4
4
 
5
- def permissions_doc(pid)
6
- doc = cache.get(pid)
7
- unless doc
8
- doc = get_permissions_solr_response_for_doc_id(pid)
9
- cache.put(pid, doc)
10
- end
11
- doc
12
- end
13
-
14
- protected
15
-
16
- # a solr query method
17
- # retrieve a solr document, given the doc id
18
- # Modeled on Blacklight::SolrHelper.get_permissions_solr_response_for_doc_id
19
- # @param [String] id of the documetn to retrieve
20
- # @param [Hash] extra_controller_params (optional)
21
- def get_permissions_solr_response_for_doc_id(id=nil, extra_controller_params={})
22
- raise Blacklight::Exceptions::InvalidSolrID.new("The application is trying to retrieve permissions without specifying an asset id") if id.nil?
23
- solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
24
- response = ActiveFedora::SolrService.instance.conn.get('select', params: solr_opts)
25
- solr_response = Blacklight::Solr::Response.new(response, solr_opts)
5
+ include Blacklight::AccessControls::PermissionsQuery
26
6
 
27
- raise Blacklight::Exceptions::InvalidSolrID.new("The solr permissions search handler didn't return anything for id \"#{id}\"") if solr_response.docs.empty?
28
- Hydra::PermissionsSolrDocument.new(solr_response.docs.first, solr_response)
7
+ # What type of solr document to create for the
8
+ # Blacklight::AccessControls::PermissionsQuery.
9
+ def permissions_document_class
10
+ Hydra::PermissionsSolrDocument
29
11
  end
30
12
 
31
- #
32
- # Solr integration
33
- #
34
-
35
- # returns a params hash with the permissions info for a single solr document
36
- # If the id arg is nil, then the value is fetched from params[:id]
37
- # This method is primary called by the get_permissions_solr_response_for_doc_id method.
38
- # Modeled on Blacklight::SolrHelper.solr_doc_params
39
- # @param [String] id of the documetn to retrieve
40
- def permissions_solr_doc_params(id=nil)
41
- id ||= params[:id]
42
- # just to be consistent with the other solr param methods:
43
- {
44
- qt: :permissions,
45
- id: id # this assumes the document request handler will map the 'id' param to the unique key field
46
- }
47
- end
48
13
  end
49
14
  end
@@ -1,6 +1,7 @@
1
1
  # Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
2
2
  module Hydra::PolicyAwareAbility
3
3
  extend ActiveSupport::Concern
4
+ include Blacklight::AccessControls::Ability
4
5
  include Hydra::Ability
5
6
 
6
7
  IS_GOVERNED_BY_SOLR_FIELD = "isGovernedBy_ssim".freeze
@@ -6,8 +6,7 @@ module Hydra::PolicyAwareAccessControlsEnforcement
6
6
  # @param solr_parameters the current solr parameters
7
7
  # @param user_parameters the current user-subitted parameters
8
8
  def apply_gated_discovery(solr_parameters)
9
- solr_parameters[:fq] ||= []
10
- solr_parameters[:fq] << gated_discovery_filters.join(' OR '.freeze)
9
+ super
11
10
  logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }")
12
11
  end
13
12
 
@@ -50,6 +49,11 @@ module Hydra::PolicyAwareAccessControlsEnforcement
50
49
  end
51
50
  end
52
51
 
52
+ # Override method from blacklight-access_controls
53
+ def discovery_permissions
54
+ @discovery_permissions ||= ["edit", "discover", "read"]
55
+ end
56
+
53
57
  # Returns the Model used for AdminPolicy objects.
54
58
  # You can set this by overriding this method or setting Hydra.config[:permissions][:policy_class]
55
59
  # Defults to Hydra::AdminPolicy
@@ -68,4 +72,12 @@ module Hydra::PolicyAwareAccessControlsEnforcement
68
72
  filters
69
73
  end
70
74
 
75
+ # Find the name of the solr field for this type of permission.
76
+ # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
77
+ # Used by blacklight-access_controls gem.
78
+ def solr_field_for(permission_type, permission_category)
79
+ permissions = Hydra.config.permissions[permission_type.to_sym]
80
+ permission_category == 'group' ? permissions.group : permissions.individual
81
+ end
82
+
71
83
  end
@@ -2,18 +2,13 @@
2
2
  # By default, this module assumes you are using the User model created by Blacklight, which uses Devise.
3
3
  # To integrate your own User implementation into Hydra, override this Module or define your own User model in app/models/user.rb within your Hydra head.
4
4
  module Hydra::User
5
+ include Blacklight::AccessControls::User
5
6
 
6
7
  def self.included(klass)
7
8
  # Other modules to auto-include
8
9
  klass.extend(ClassMethods)
9
10
  end
10
11
 
11
- # This method should display the unique identifier for this user as defined by devise.
12
- # The unique identifier is what access controls will be enforced against.
13
- def user_key
14
- send(Devise.authentication_keys.first)
15
- end
16
-
17
12
  def groups
18
13
  RoleMapper.roles(self)
19
14
  end
@@ -1,4 +1,6 @@
1
1
  development:
2
+ adapter: solr
2
3
  url: http://localhost:<%= ENV['TEST_JETTY_PORT'] || 8983 %>/solr/development
3
- test:
4
+ test:
5
+ adapter: solr
4
6
  url: http://localhost:<%= ENV['TEST_JETTY_PORT'] || 8983 %>/solr/test
@@ -233,6 +233,7 @@ describe Ability do
233
233
  describe "custom method" do
234
234
  before do
235
235
  class MyAbility
236
+ include Blacklight::AccessControls::Ability
236
237
  include Hydra::Ability
237
238
  self.ability_logic +=[:setup_my_permissions]
238
239
 
@@ -1,22 +1,32 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Hydra::AccessControlsEnforcement do
4
- before(:all) do
5
- class MockController
6
- include Hydra::AccessControlsEnforcement
7
- attr_accessor :params
4
+ let(:controller) { MockController.new }
5
+ let(:method_chain) { MockController.search_params_logic }
6
+ let(:search_builder) { MockSearchBuilder.new(method_chain, controller) }
8
7
 
9
- def current_ability
10
- @current_ability ||= Ability.new(current_user)
11
- end
8
+ class MockController
9
+ def self.search_params_logic
10
+ [:add_access_controls_to_solr_params]
11
+ end
12
+ end
12
13
 
13
- def session
14
- end
14
+ class MockSearchBuilder < Blacklight::SearchBuilder
15
+ include Blacklight::Solr::SearchBuilderBehavior
16
+ include Hydra::AccessControlsEnforcement
17
+ attr_accessor :params
18
+
19
+ def current_ability
20
+ @current_ability ||= Ability.new(current_user)
21
+ end
15
22
 
16
- delegate :logger, to: :Rails
23
+ def session
17
24
  end
25
+
26
+ delegate :logger, to: :Rails
18
27
  end
19
- subject { MockController.new }
28
+
29
+ subject { search_builder }
20
30
 
21
31
  describe "When I am searching for content" do
22
32
  before do
@@ -85,32 +95,6 @@ describe Hydra::AccessControlsEnforcement do
85
95
  end
86
96
  end
87
97
 
88
- describe "enforce_show_permissions" do
89
- it "should allow a user w/ edit permissions to view an embargoed object" do
90
- user = User.new :uid=>'testuser@example.com'
91
- allow(RoleMapper).to receive(:roles).with(user).and_return(["archivist"])
92
- allow(subject).to receive(:current_user).and_return(user)
93
- allow(subject).to receive(:can?).with(:read, nil).and_return(true)
94
- stub_doc = Hydra::PermissionsSolrDocument.new({"edit_access_person_ssim"=>["testuser@example.com"], "embargo_release_date_dtsi"=>(Date.parse(Time.now.to_s)+2).to_s})
95
-
96
- subject.params = {}
97
- expect(subject).to receive(:can?).with(:edit, stub_doc).and_return(true)
98
- expect(subject).to receive(:can?).with(:read, stub_doc).and_return(true)
99
- expect(subject.current_ability).to receive(:get_permissions_solr_response_for_doc_id).and_return(stub_doc)
100
- expect { subject.send(:enforce_show_permissions, {}) }.not_to raise_error
101
- end
102
- it "should prevent a user w/o edit permissions from viewing an embargoed object" do
103
- user = User.new :uid=>'testuser@example.com'
104
- allow(RoleMapper).to receive(:roles).with(user).and_return([])
105
- allow(subject).to receive(:current_user).and_return(user)
106
- allow(subject).to receive(:can?).with(:read, nil).and_return(true)
107
- subject.params = {}
108
- stub_doc = Hydra::PermissionsSolrDocument.new({"edit_access_person_ssim"=>["testuser@example.com"], "embargo_release_date_dtsi"=>(Date.parse(Time.now.to_s)+2).to_s})
109
- expect(subject.current_ability).to receive(:get_permissions_solr_response_for_doc_id).and_return(stub_doc)
110
- expect(subject).to receive(:can?).with(:edit, stub_doc).and_return(false)
111
- expect {subject.send(:enforce_show_permissions, {})}.to raise_error Hydra::AccessDenied, "This item is under embargo. You do not have sufficient access privileges to read this document."
112
- end
113
- end
114
98
  describe "apply_gated_discovery" do
115
99
  before(:each) do
116
100
  @stub_user = User.new :uid=>'archivist1@example.com'
@@ -2,7 +2,8 @@ require 'spec_helper'
2
2
 
3
3
  describe Hydra::PolicyAwareAccessControlsEnforcement do
4
4
  before do
5
- class PolicyMockSearchBuilder
5
+ class PolicyMockSearchBuilder < Blacklight::SearchBuilder
6
+ include Blacklight::Solr::SearchBuilderBehavior
6
7
  include Hydra::AccessControlsEnforcement
7
8
  include Hydra::PolicyAwareAccessControlsEnforcement
8
9
  attr_accessor :params
@@ -100,12 +101,14 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
100
101
  before do
101
102
  allow(RoleMapper).to receive(:roles).with(user).and_return(user.roles)
102
103
  end
104
+
103
105
  it "should return the policies that provide discover permissions" do
104
106
  @policies_with_access.map {|p| p.id }.each do |p|
105
107
  expect(subject.policies_with_access).to include(p)
106
108
  end
107
109
  expect(subject.policies_with_access).to_not include("test-policy_no_access")
108
110
  end
111
+
109
112
  it "should allow you to configure which model to use for policies" do
110
113
  allow(Hydra.config.permissions).to receive(:policy_class).and_return(ModsAsset)
111
114
  expect(ModsAsset).to receive(:find_with_conditions).and_return([])
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.5.0
4
+ version: 9.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2015-11-11 00:00:00.000000000 Z
13
+ date: 2016-01-21 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -72,30 +72,30 @@ dependencies:
72
72
  name: blacklight
73
73
  requirement: !ruby/object:Gem::Requirement
74
74
  requirements:
75
- - - "~>"
75
+ - - ">="
76
76
  - !ruby/object:Gem::Version
77
77
  version: '5.16'
78
78
  type: :runtime
79
79
  prerelease: false
80
80
  version_requirements: !ruby/object:Gem::Requirement
81
81
  requirements:
82
- - - "~>"
82
+ - - ">="
83
83
  - !ruby/object:Gem::Version
84
84
  version: '5.16'
85
85
  - !ruby/object:Gem::Dependency
86
- name: sass-rails
86
+ name: blacklight-access_controls
87
87
  requirement: !ruby/object:Gem::Requirement
88
88
  requirements:
89
- - - ">="
89
+ - - "~>"
90
90
  - !ruby/object:Gem::Version
91
- version: '0'
91
+ version: '0.1'
92
92
  type: :runtime
93
93
  prerelease: false
94
94
  version_requirements: !ruby/object:Gem::Requirement
95
95
  requirements:
96
- - - ">="
96
+ - - "~>"
97
97
  - !ruby/object:Gem::Version
98
- version: '0'
98
+ version: '0.1'
99
99
  - !ruby/object:Gem::Dependency
100
100
  name: rake
101
101
  requirement: !ruby/object:Gem::Requirement
@@ -181,9 +181,9 @@ files:
181
181
  - spec/services/embargo_service_spec.rb
182
182
  - spec/services/lease_service_spec.rb
183
183
  - spec/spec_helper.rb
184
+ - spec/support/config/blacklight.yml
184
185
  - spec/support/config/hydra_ip_range.yml
185
186
  - spec/support/config/role_map.yml
186
- - spec/support/config/solr.yml
187
187
  - spec/support/mods_asset.rb
188
188
  - spec/support/rails.rb
189
189
  - spec/support/solr_document.rb
@@ -226,7 +226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
226
226
  version: '0'
227
227
  requirements: []
228
228
  rubyforge_project:
229
- rubygems_version: 2.4.5.1
229
+ rubygems_version: 2.5.1
230
230
  signing_key:
231
231
  specification_version: 4
232
232
  summary: Access controls for project hydra
@@ -237,9 +237,9 @@ test_files:
237
237
  - spec/services/embargo_service_spec.rb
238
238
  - spec/services/lease_service_spec.rb
239
239
  - spec/spec_helper.rb
240
+ - spec/support/config/blacklight.yml
240
241
  - spec/support/config/hydra_ip_range.yml
241
242
  - spec/support/config/role_map.yml
242
- - spec/support/config/solr.yml
243
243
  - spec/support/mods_asset.rb
244
244
  - spec/support/rails.rb
245
245
  - spec/support/solr_document.rb