hydra-access-controls 9.10.0 → 10.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ce4b268308e0df8c7d1aa5d8996b19c0670cf52c
4
- data.tar.gz: b6071f5b3965cad44bc26605fed0d7c72b436967
3
+ metadata.gz: e70730aa7b919d1cbf3e4815db314bdf6c7ab61b
4
+ data.tar.gz: be22eb4d9e206a741b8e7543d355bcec3a9342dd
5
5
  SHA512:
6
- metadata.gz: 4479206b877bce374fc5be89d50b69688dfc8a35304f6d20a1eeb0d8c5b5768d3d2dee3eaa5ed8eae13f2c406fa42033c080b048226b6ea6480e46fe45148216
7
- data.tar.gz: d91c7e7f5e83aa16658674f63b654d55a36357e60f32758c8394e281dc89f6393d9239fb10f8e9ee2f503d7ffde3edfc7f2a344bcc0fa7e9509a56bf45c49299
6
+ metadata.gz: ebeb634bda7b08ac09e6a4210c87ba55863a6d63ad7d6abe9b6d31f8fd8d313bcd916494f2c5f9f3b50fea52012141b2caf5201593043747dbe451dc0d3b94b3
7
+ data.tar.gz: f13e52899116432172f7bcf87d53b55abf1173c294a70c4c66b28037339807297305ca54b8b1b948bb6ef6cccb57e347b48188e2c85c987bc5ec8b231cbe067b
data/README.textile CHANGED
@@ -124,7 +124,4 @@ h2. Contributing
124
124
 
125
125
  h2. Testing
126
126
 
127
- $ git submodule init
128
- $ rake jetty:config
129
- $ rake jetty:start
130
- $ rake spec
127
+ $ bundle exec rake spec
data/Rakefile CHANGED
@@ -3,7 +3,6 @@ require "bundler/gem_tasks"
3
3
  require 'rspec/core/rake_task'
4
4
 
5
5
  APP_ROOT= File.expand_path(File.join(File.dirname(__FILE__),".."))
6
- # re-using hydra_jetty.rake from hydra-head
7
6
  import "tasks/hydra-access-controls.rake"
8
7
 
9
8
  desc 'Default: run specs.'
@@ -81,12 +81,6 @@ module Hydra
81
81
  visibility_will_change!
82
82
  end
83
83
 
84
- # Validate that the current visibility is what is specified in the embargo
85
- def validate_embargo
86
- Deprecation.warn Embargoable, "validate_embargo is deprecated and will be removed in hydra-access-controls 9.0.0. Use validate_visibility_complies_with_embargo instead."
87
- validate_visibility_complies_with_embargo
88
- end
89
-
90
84
  # Validate that the current visibility is what is specified in the embargo
91
85
  def validate_visibility_complies_with_embargo
92
86
  return true unless embargo_release_date
@@ -117,11 +111,6 @@ module Hydra
117
111
  end
118
112
  end
119
113
 
120
- def validate_lease
121
- Deprecation.warn Embargoable, "validate_lease is deprecated and will be removed in hydra-access-controls 9.0.0. Use validate_visibility_complies_with_lease instead."
122
- validate_visibility_complies_with_lease
123
- end
124
-
125
114
  def validate_visibility_complies_with_lease
126
115
  return true unless lease_expiration_date
127
116
  if active_lease?
@@ -5,10 +5,24 @@ module Hydra
5
5
  include Hydra::AccessControls::Visibility
6
6
 
7
7
  included do
8
- has_many :permissions, predicate: ::ACL.accessTo, class_name: 'Hydra::AccessControls::Permission', inverse_of: :access_to, dependent: :destroy
9
- accepts_nested_attributes_for :permissions, allow_destroy: true
10
- alias_method :permissions_attributes_without_uniqueness=, :permissions_attributes=
11
- alias_method :permissions_attributes=, :permissions_attributes_with_uniqueness=
8
+ belongs_to :access_control, predicate: ::ACL.accessControl, class_name: 'Hydra::AccessControl'
9
+ before_destroy do |obj|
10
+ access_control.destroy
11
+ end
12
+ after_save do
13
+ # Only force save if autosave woudn't be called normally
14
+ access_control.save! unless access_control.changed?
15
+ end
16
+ end
17
+
18
+ delegate :permissions, :permissions=, to: :permission_delegate
19
+
20
+ def permissions_attributes_without_uniqueness=(attrs)
21
+ permission_delegate.permissions_attributes = attrs
22
+ end
23
+
24
+ def permission_delegate
25
+ (access_control || create_access_control).tap { |d| d.owner = self }
12
26
  end
13
27
 
14
28
  def to_solr(solr_doc = {})
@@ -23,36 +37,36 @@ module Hydra
23
37
  end
24
38
 
25
39
  # When chaging a permission for an object/user, ensure an update is done, not a duplicate
26
- def permissions_attributes_with_uniqueness=(attributes_collection)
40
+ def permissions_attributes=(attributes_collection)
27
41
  if attributes_collection.is_a? Hash
28
42
  keys = attributes_collection.keys
29
43
  attributes_collection = if keys.include?('id') || keys.include?(:id)
30
- Array(attributes_collection)
31
- else
32
- attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
44
+ Array(attributes_collection)
45
+ else
46
+ attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
33
47
  end
34
48
  end
35
49
 
50
+ attributes_collection = attributes_collection.map(&:with_indifferent_access)
36
51
  attributes_collection.each do |prop|
37
52
  existing = case prop[:type]
38
- when 'group'
39
- search_by_type(:group)
40
- when 'person'
41
- search_by_type(:person)
53
+ when 'group'
54
+ search_by_type(:group)
55
+ when 'person'
56
+ search_by_type(:person)
42
57
  end
43
58
 
44
- next unless existing
59
+ next if existing.blank?
45
60
  selected = existing.find { |perm| perm.agent_name == prop[:name] }
46
61
  prop['id'] = selected.id if selected
47
62
  end
48
63
 
49
- self.permissions_attributes_without_uniqueness=attributes_collection
64
+ self.permissions_attributes_without_uniqueness = attributes_collection
50
65
  end
51
66
 
52
-
53
67
  # Return a list of groups that have discover permission
54
68
  def discover_groups
55
- search_by_type_and_mode(:group, Hydra::ACL.Discover).map { |p| p.agent_name }
69
+ search_by_type_and_mode(:group, Hydra::ACL.Discover).map(&:agent_name)
56
70
  end
57
71
 
58
72
  # Grant discover permissions to the groups specified. Revokes discover permission for all other groups.
@@ -74,12 +88,12 @@ module Hydra
74
88
  # => ['one', 'two', 'three']
75
89
  #
76
90
  def discover_groups_string=(groups)
77
- self.discover_groups=groups.split(/[\s,]+/)
91
+ self.discover_groups = groups.split(/[\s,]+/)
78
92
  end
79
93
 
80
94
  # Display the groups a comma delimeted string
81
95
  def discover_groups_string
82
- self.discover_groups.join(', ')
96
+ discover_groups.join(', ')
83
97
  end
84
98
 
85
99
  # Grant discover permissions to the groups specified. Revokes discover permission for
@@ -102,7 +116,7 @@ module Hydra
102
116
  end
103
117
 
104
118
  def discover_users
105
- search_by_type_and_mode(:person, Hydra::ACL.Discover).map { |p| p.agent_name }
119
+ search_by_type_and_mode(:person, Hydra::ACL.Discover).map(&:agent_name)
106
120
  end
107
121
 
108
122
  # Grant discover permissions to the users specified. Revokes discover permission for all other users.
@@ -124,12 +138,12 @@ module Hydra
124
138
  # => ['one', 'two', 'three']
125
139
  #
126
140
  def discover_users_string=(users)
127
- self.discover_users=users.split(/[\s,]+/)
141
+ self.discover_users = users.split(/[\s,]+/)
128
142
  end
129
143
 
130
144
  # Display the users as a comma delimeted string
131
145
  def discover_users_string
132
- self.discover_users.join(', ')
146
+ discover_users.join(', ')
133
147
  end
134
148
 
135
149
  # Grant discover permissions to the users specified. Revokes discover permission for
@@ -153,7 +167,7 @@ module Hydra
153
167
 
154
168
  # Return a list of groups that have discover permission
155
169
  def read_groups
156
- search_by_type_and_mode(:group, ::ACL.Read).map { |p| p.agent_name }
170
+ search_by_type_and_mode(:group, ::ACL.Read).map(&:agent_name)
157
171
  end
158
172
 
159
173
  # Grant read permissions to the groups specified. Revokes read permission for all other groups.
@@ -175,12 +189,12 @@ module Hydra
175
189
  # => ['one', 'two', 'three']
176
190
  #
177
191
  def read_groups_string=(groups)
178
- self.read_groups=groups.split(/[\s,]+/)
192
+ self.read_groups = groups.split(/[\s,]+/)
179
193
  end
180
194
 
181
195
  # Display the groups a comma delimeted string
182
196
  def read_groups_string
183
- self.read_groups.join(', ')
197
+ read_groups.join(', ')
184
198
  end
185
199
 
186
200
  # Grant read permissions to the groups specified. Revokes read permission for
@@ -203,7 +217,7 @@ module Hydra
203
217
  end
204
218
 
205
219
  def read_users
206
- search_by_type_and_mode(:person, ::ACL.Read).map { |p| p.agent_name }
220
+ search_by_type_and_mode(:person, ::ACL.Read).map(&:agent_name)
207
221
  end
208
222
 
209
223
  # Grant read permissions to the users specified. Revokes read permission for all other users.
@@ -225,12 +239,12 @@ module Hydra
225
239
  # => ['one', 'two', 'three']
226
240
  #
227
241
  def read_users_string=(users)
228
- self.read_users=users.split(/[\s,]+/)
242
+ self.read_users = users.split(/[\s,]+/)
229
243
  end
230
244
 
231
245
  # Display the users as a comma delimeted string
232
246
  def read_users_string
233
- self.read_users.join(', ')
247
+ read_users.join(', ')
234
248
  end
235
249
 
236
250
  # Grant read permissions to the users specified. Revokes read permission for
@@ -252,10 +266,9 @@ module Hydra
252
266
  set_entities(:read, :person, users, eligible_users)
253
267
  end
254
268
 
255
-
256
269
  # Return a list of groups that have edit permission
257
270
  def edit_groups
258
- search_by_type_and_mode(:group, ::ACL.Write).map { |p| p.agent_name }
271
+ search_by_type_and_mode(:group, ::ACL.Write).map(&:agent_name)
259
272
  end
260
273
 
261
274
  # Grant edit permissions to the groups specified. Revokes edit permission for all other groups.
@@ -277,12 +290,12 @@ module Hydra
277
290
  # => ['one', 'two', 'three']
278
291
  #
279
292
  def edit_groups_string=(groups)
280
- self.edit_groups=groups.split(/[\s,]+/)
293
+ self.edit_groups = groups.split(/[\s,]+/)
281
294
  end
282
295
 
283
296
  # Display the groups a comma delimeted string
284
297
  def edit_groups_string
285
- self.edit_groups.join(', ')
298
+ edit_groups.join(', ')
286
299
  end
287
300
 
288
301
  # Grant edit permissions to the groups specified. Revokes edit permission for
@@ -305,7 +318,7 @@ module Hydra
305
318
  end
306
319
 
307
320
  def edit_users
308
- search_by_type_and_mode(:person, ::ACL.Write).map { |p| p.agent_name }
321
+ search_by_type_and_mode(:person, ::ACL.Write).map(&:agent_name)
309
322
  end
310
323
 
311
324
  # Grant edit permissions to the groups specified. Revokes edit permission for all other groups.
@@ -341,7 +354,7 @@ module Hydra
341
354
  protected
342
355
 
343
356
  def has_destroy_flag?(hash)
344
- ["1", "true"].include?(hash['_destroy'].to_s)
357
+ %w(1 true).include?(hash['_destroy'].to_s)
345
358
  end
346
359
 
347
360
  private
@@ -358,7 +371,7 @@ module Hydra
358
371
 
359
372
  values.each do |agent_name|
360
373
  exists = search_by_type_and_mode(type, permission_to_uri(permission)).select { |p| p.agent_name == agent_name }
361
- permissions.build(name: agent_name, access: permission.to_s, type: type ) unless exists.present?
374
+ permissions.build(name: agent_name, access: permission.to_s, type: type) unless exists.present?
362
375
  end
363
376
  end
364
377
 
@@ -401,7 +414,7 @@ module Hydra
401
414
  # @param [RDF::URI] mode One of the permissions modes, e.g. ACL.Write, ACL.Read, etc.
402
415
  # @yieldparam [Array<ActiveFedora::Base>] agent the agent type assertions
403
416
  # @return [Array<Permission>] list of permissions where the mode is as selected, the block evaluates to true and the target is not marked for delete
404
- def search_by_mode(mode, &block)
417
+ def search_by_mode(mode)
405
418
  permissions.to_a.select do |p|
406
419
  yield(p.agent) && !p.marked_for_destruction? && p.mode.first.rdf_subject == mode
407
420
  end
@@ -416,16 +429,14 @@ module Hydra
416
429
  end
417
430
 
418
431
  def group_agent?(agent)
419
- raise "no agent" unless agent.present?
432
+ raise 'no agent' unless agent.present?
420
433
  agent.first.rdf_subject.to_s.start_with?(GROUP_AGENT_URL_PREFIX)
421
-
422
434
  end
423
435
 
424
436
  def person_agent?(agent)
425
- raise "no agent" unless agent.present?
437
+ raise 'no agent' unless agent.present?
426
438
  agent.first.rdf_subject.to_s.start_with?(PERSON_AGENT_URL_PREFIX)
427
439
  end
428
-
429
440
  end
430
441
  end
431
442
  end
@@ -0,0 +1,81 @@
1
+ module Hydra
2
+ class AccessControl < ActiveFedora::Base
3
+
4
+ before_destroy do |obj|
5
+ contains.destroy_all
6
+ end
7
+
8
+ is_a_container class_name: 'Hydra::AccessControls::Permission'
9
+ accepts_nested_attributes_for :contains, allow_destroy: true
10
+
11
+ attr_accessor :owner
12
+
13
+ def permissions
14
+ relationship
15
+ end
16
+
17
+ def permissions=(records)
18
+ relationship.replace(records)
19
+ end
20
+
21
+ def permissions_attributes=(attribute_list)
22
+ raise ArgumentError unless attribute_list.is_a? Array
23
+ attribute_list.each do |attributes|
24
+ if attributes.key?(:id)
25
+ obj = relationship.find(attributes[:id])
26
+ if has_destroy_flag?(attributes)
27
+ obj.destroy
28
+ else
29
+ obj.update(attributes.except(:id, '_destroy'))
30
+ end
31
+ else
32
+ relationship.create(attributes)
33
+ end
34
+ end
35
+ end
36
+
37
+ # def has_destroy_flag?(hash)
38
+ # ActiveFedora::Type::Boolean.new.cast(hash['_destroy'])
39
+ # end
40
+
41
+ def relationship
42
+ @relationship ||= CollectionRelationship.new(self, :contains)
43
+ end
44
+
45
+ class CollectionRelationship
46
+ def initialize(owner, reflection)
47
+ @owner = owner
48
+ @relationship = @owner.send(reflection)
49
+ end
50
+
51
+ delegate :to_a, :to_ary, :map, :delete, :last, :size, :count, :[],
52
+ :==, :detect, to: :@relationship
53
+
54
+ # TODO: if directly_contained relationships supported find, we could just
55
+ # delegate find.
56
+ def find(id)
57
+ return to_a.find { |record| record.id == id } if @relationship.loaded?
58
+
59
+ unless id.start_with?(@owner.id)
60
+ raise ArgumentError, "requested ACL (#{id}) is not a member of #{@owner.id}"
61
+ end
62
+ ActiveFedora::Base.find(id)
63
+ end
64
+
65
+ # adds one to the target.
66
+ def build(attributes)
67
+ @relationship.build(attributes) do |record|
68
+ record.access_to = @owner.owner
69
+ end
70
+ end
71
+
72
+ def create(attributes)
73
+ build(attributes).tap(&:save!)
74
+ end
75
+
76
+ def replace(*args)
77
+ @relationship.replace(*args)
78
+ end
79
+ end
80
+ end
81
+ end
@@ -1,6 +1,6 @@
1
1
  module Hydra::AccessControls
2
- AGENT_URL_PREFIX = "http://projecthydra.org/ns/auth/".freeze
3
- GROUP_AGENT_URL_PREFIX = "http://projecthydra.org/ns/auth/group".freeze
2
+ AGENT_URL_PREFIX = 'http://projecthydra.org/ns/auth/'.freeze
3
+ GROUP_AGENT_URL_PREFIX = 'http://projecthydra.org/ns/auth/group'.freeze
4
4
  PERSON_AGENT_URL_PREFIX = 'http://projecthydra.org/ns/auth/person'.freeze
5
5
  class Permission < AccessControlList
6
6
  has_many :admin_policies, inverse_of: :default_permissions, class_name: 'Hydra::AdminPolicy'
@@ -21,12 +21,12 @@ module Hydra::AccessControls
21
21
  "<#{self.class.name} id: #{id} agent: #{agent_value} mode: #{mode_value} access_to: #{access_to_id.inspect}>"
22
22
  end
23
23
 
24
- def == other
25
- other.is_a?(Permission) && id == other.id && self.access_to_id == other.access_to_id &&
26
- self.agent.first.rdf_subject == other.agent.first.rdf_subject && self.mode.first.rdf_subject == other.mode.first.rdf_subject
24
+ def ==(other)
25
+ other.is_a?(Permission) && id == other.id && access_to_id == other.access_to_id &&
26
+ agent.first.rdf_subject == other.agent.first.rdf_subject && mode.first.rdf_subject == other.mode.first.rdf_subject
27
27
  end
28
28
 
29
- def attributes=(attributes)
29
+ def assign_attributes(attributes)
30
30
  attrs = attributes.dup
31
31
  name = attrs.delete(:name)
32
32
  type = attrs.delete(:type)
@@ -50,35 +50,34 @@ module Hydra::AccessControls
50
50
 
51
51
  protected
52
52
 
53
- def parsed_agent
54
- @parsed_agent ||= agent.first.rdf_subject.to_s.sub(AGENT_URL_PREFIX, '').split('#')
55
- end
56
-
57
- def build_agent(name, type)
58
- raise "Can't build agent #{inspect}" unless name && type
59
- self.agent = case type
60
- when "group"
61
- Agent.new(::RDF::URI.new("#{GROUP_AGENT_URL_PREFIX}##{name}"))
62
- when "person"
63
- Agent.new(::RDF::URI.new("#{PERSON_AGENT_URL_PREFIX}##{name}"))
64
- else
65
- raise ArgumentError, "Unknown agent type #{type.inspect}"
66
- end
67
- end
53
+ def parsed_agent
54
+ @parsed_agent ||= agent.first.rdf_subject.to_s.sub(AGENT_URL_PREFIX, '').split('#')
55
+ end
68
56
 
69
- def build_access(access)
70
- raise "Can't build access #{inspect}" unless access
71
- self.mode = case access
72
- when "read"
73
- Mode.new(::ACL.Read)
74
- when "edit"
75
- Mode.new(::ACL.Write)
76
- when "discover"
77
- Mode.new(Hydra::ACL.Discover)
78
- else
79
- raise ArgumentError, "Unknown access #{access.inspect}"
80
- end
81
- end
57
+ def build_agent(name, type)
58
+ raise "Can't build agent #{inspect}" unless name && type
59
+ self.agent = case type
60
+ when 'group'
61
+ Agent.new(::RDF::URI.new("#{GROUP_AGENT_URL_PREFIX}##{name}"))
62
+ when 'person'
63
+ Agent.new(::RDF::URI.new("#{PERSON_AGENT_URL_PREFIX}##{name}"))
64
+ else
65
+ raise ArgumentError, "Unknown agent type #{type.inspect}"
66
+ end
67
+ end
82
68
 
69
+ def build_access(access)
70
+ raise "Can't build access #{inspect}" unless access
71
+ self.mode = case access
72
+ when 'read'
73
+ Mode.new(::ACL.Read)
74
+ when 'edit'
75
+ Mode.new(::ACL.Write)
76
+ when 'discover'
77
+ Mode.new(Hydra::ACL.Discover)
78
+ else
79
+ raise ArgumentError, "Unknown access #{access.inspect}"
80
+ end
81
+ end
83
82
  end
84
83
  end
@@ -3,6 +3,7 @@ class ACL < RDF::StrictVocabulary('http://www.w3.org/ns/auth/acl#')
3
3
  property :mode
4
4
  property :agent
5
5
  property :agentClass
6
+ property :accessControl
6
7
 
7
8
  property :Agent
8
9
  property :Read
@@ -19,9 +19,9 @@ Gem::Specification.new do |gem|
19
19
  gem.required_ruby_version = '>= 1.9.3'
20
20
 
21
21
  gem.add_dependency 'activesupport', '~> 4.0'
22
- gem.add_dependency "active-fedora", '~> 9.11'
22
+ gem.add_dependency "active-fedora", '>= 10.0.0.beta1', '< 11'
23
23
  gem.add_dependency 'cancancan', '~> 1.8'
24
- gem.add_dependency 'deprecation', '~> 0.2'
24
+ gem.add_dependency 'deprecation', '~> 1.0'
25
25
  gem.add_dependency "blacklight", '>= 5.16'
26
26
  gem.add_dependency "blacklight-access_controls", '~> 0.1'
27
27
 
@@ -18,7 +18,6 @@ module Hydra
18
18
  autoload :AdminPolicyBehavior
19
19
  autoload :RoleMapperBehavior
20
20
  autoload :PermissionsQuery
21
- autoload :PermissionsCache
22
21
  autoload :IpBasedGroups
23
22
 
24
23
  class << self
@@ -22,17 +22,5 @@ module Hydra
22
22
  title_without_first.first
23
23
  end
24
24
  alias_method_chain :title, :first
25
-
26
- def license_title=(_)
27
- Deprecation.warn AdminPolicy, "license_title= has been removed from AdminPolicy. Look at Hydra::Rights instead"
28
- end
29
-
30
- def license_description=(_)
31
- Deprecation.warn AdminPolicy, "license_description= has been removed from AdminPolicy. Look at Hydra::Rights instead"
32
- end
33
-
34
- def license_url=(_)
35
- Deprecation.warn AdminPolicy, "license_url= has been removed from AdminPolicy. Look at Hydra::Rights instead"
36
- end
37
25
  end
38
26
  end
data/spec/spec_helper.rb CHANGED
@@ -1,7 +1,8 @@
1
- ENV["environment"] ||= "test"
1
+ ENV['RAILS_ENV'] ||= 'test'
2
+ require 'engine_cart'
3
+ path = File.expand_path(File.join('..', '..', '..', '.internal_test_app'), __FILE__)
4
+ EngineCart.load_application! path
2
5
 
3
- require 'rspec/mocks'
4
- require 'rspec/its'
5
6
  require 'hydra-access-controls'
6
7
 
7
8
  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
@@ -18,9 +19,6 @@ if ENV['COVERAGE'] and RUBY_VERSION =~ /^1.9/
18
19
  SimpleCov.start
19
20
  end
20
21
 
21
-
22
- require 'support/rails'
23
-
24
22
  # Since we're not doing a Rails Engine test, we have to load these classes manually:
25
23
  require 'active_support'
26
24
  require 'active_support/dependencies'
@@ -38,6 +36,8 @@ require 'support/mods_asset'
38
36
  require 'support/solr_document'
39
37
  require "support/user"
40
38
  require "factory_girl"
39
+ require 'rspec/mocks'
40
+ require 'rspec/its'
41
41
  require "factories"
42
42
 
43
43
  # HttpLogger.logger = Logger.new(STDOUT)
@@ -53,9 +53,3 @@ RSpec.configure do |config|
53
53
  end
54
54
  end
55
55
 
56
- # Stubbing Devise
57
- class Devise
58
- def self.authentication_keys
59
- ["uid"]
60
- end
61
- end
@@ -2,6 +2,9 @@ require 'spec_helper'
2
2
  require 'cancan/matchers'
3
3
 
4
4
  describe Ability do
5
+ before do
6
+ allow(Devise).to receive(:authentication_keys).and_return(['uid'])
7
+ end
5
8
  describe "class methods" do
6
9
  subject { Ability }
7
10
  its(:read_group_field) { should == 'read_access_group_ssim'}
@@ -1,6 +1,9 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Hydra::AccessControlsEnforcement do
4
+ before do
5
+ allow(Devise).to receive(:authentication_keys).and_return(['uid'])
6
+ end
4
7
  let(:controller) { MockController.new }
5
8
  let(:method_chain) { MockController.search_params_logic }
6
9
  let(:search_builder) { MockSearchBuilder.new(method_chain, controller) }
@@ -1,6 +1,9 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Hydra::AdminPolicy do
4
+ before do
5
+ allow(Devise).to receive(:authentication_keys).and_return(['uid'])
6
+ end
4
7
 
5
8
  describe "when setting attributes" do
6
9
  before do
@@ -19,11 +19,12 @@ describe Hydra::AccessControls::Permissions do
19
19
  subject.read_groups=['group1', 'group2']
20
20
  subject.edit_users=['user1']
21
21
  subject.read_users=['user2', 'user3']
22
- expect(subject.permissions).to match_array [Hydra::AccessControls::Permission.new(type: "group", access: "read", name: "group1"),
23
- Hydra::AccessControls::Permission.new({ type: "group", access: "read", name: "group2" }),
24
- Hydra::AccessControls::Permission.new({ type: "person", access: "read", name: "user2" }),
25
- Hydra::AccessControls::Permission.new({ type: "person", access: "read", name: "user3" }),
26
- Hydra::AccessControls::Permission.new({ type: "person", access: "edit", name: "user1" })]
22
+ expect(subject.permissions.to_a).to all(be_kind_of(Hydra::AccessControls::Permission))
23
+ expect(subject.permissions.map(&:to_hash)).to match_array [{type: "group", access: "read", name: "group1"},
24
+ { type: "group", access: "read", name: "group2" },
25
+ { type: "person", access: "read", name: "user2" },
26
+ { type: "person", access: "read", name: "user3" },
27
+ { type: "person", access: "edit", name: "user1" }]
27
28
  end
28
29
 
29
30
  describe "building a new permission" do
@@ -31,9 +32,16 @@ describe Hydra::AccessControls::Permissions do
31
32
 
32
33
  it "sets the accessTo association" do
33
34
  perm = subject.permissions.build(name: 'user1', type: 'person', access: 'read')
34
- subject.save
35
35
  expect(perm.access_to_id).to eq subject.id
36
36
  end
37
+
38
+ it "autosaves the permissions" do
39
+ subject.permissions.build(name: 'user1', type: 'person', access: 'read')
40
+ subject.save!
41
+ subject.reload
42
+ foo = Foo.find(subject.id)
43
+ expect(foo.permissions.to_a).not_to eq []
44
+ end
37
45
  end
38
46
 
39
47
  describe "updating permissions" do
@@ -113,14 +121,14 @@ describe Hydra::AccessControls::Permissions do
113
121
  end
114
122
 
115
123
  context "when the destroy flag is set" do
116
- let(:reloaded) { subject.permissions.reload.map(&:to_hash) }
124
+ let(:reloaded) { subject.reload.permissions.map(&:to_hash) }
117
125
  let(:permissions_id) { ActiveFedora::Base.uri_to_id(subject.permissions.last.rdf_subject.to_s) }
118
126
 
119
127
  context "to a truthy value" do
120
128
  context "when updating users" do
121
129
  before do
122
130
  subject.update permissions_attributes: [{ type: "person", access: "read", name: "user1" }]
123
- subject.update permissions_attributes: [{ id: permissions_id, type: "person", access: "edit", name: "user1", _destroy: true}]
131
+ subject.update permissions_attributes: [{ id: permissions_id, type: "person", access: "edit", name: "user1", _destroy: 'true' }]
124
132
  end
125
133
 
126
134
  it "removes permissions on existing users" do
@@ -214,7 +222,7 @@ describe Hydra::AccessControls::Permissions do
214
222
  context "when the original object is destroyed" do
215
223
  before do
216
224
  subject.save!
217
- subject.permissions.build(type: 'person', access: 'read', name: 'person1')
225
+ subject.permissions.create(type: 'person', access: 'read', name: 'person1')
218
226
  subject.save!
219
227
  end
220
228
 
@@ -2,6 +2,8 @@ require 'spec_helper'
2
2
 
3
3
  describe Hydra::PolicyAwareAccessControlsEnforcement do
4
4
  before do
5
+ allow(Devise).to receive(:authentication_keys).and_return(['uid'])
6
+
5
7
  class PolicyMockSearchBuilder < Blacklight::SearchBuilder
6
8
  include Blacklight::Solr::SearchBuilderBehavior
7
9
  include Hydra::AccessControlsEnforcement
@@ -1,28 +1,32 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe RoleMapper do
4
- it "should define the 4 roles" do
4
+ before do
5
+ allow(Devise).to receive(:authentication_keys).and_return(['uid'])
6
+ end
7
+
8
+ it "defines the 4 roles" do
5
9
  expect(RoleMapper.role_names.sort).to eq %w(admin_policy_object_editor archivist donor patron researcher)
6
10
  end
7
- it "should quer[iy]able for roles for a given user" do
11
+ it "is quer[iy]able for roles for a given user" do
8
12
  expect(RoleMapper.roles('leland_himself@example.com').sort).to eq ['archivist', 'donor', 'patron']
9
13
  expect(RoleMapper.roles('archivist2@example.com')).to eq ['archivist']
10
14
  end
11
15
 
12
- it "should not change it's response when it's called repeatedly" do
16
+ it "doesn't change its response when it's called repeatedly" do
13
17
  u = User.new(:uid=>'leland_himself@example.com')
14
18
  allow(u).to receive(:new_record?).and_return(false)
15
19
  expect(RoleMapper.roles(u).sort).to eq ['archivist', 'donor', 'patron', "registered"]
16
20
  expect(RoleMapper.roles(u).sort).to eq ['archivist', 'donor', 'patron', "registered"]
17
21
  end
18
22
 
19
- it "should return an empty array if there are no roles" do
23
+ it "returns an empty array if there are no roles" do
20
24
  expect(RoleMapper.roles('zeus@olympus.mt')).to be_empty
21
25
  end
22
- it "should know who is what" do
26
+
27
+ it "knows who is what" do
23
28
  expect(RoleMapper.whois('archivist').sort).to eq %w(archivist1@example.com archivist2@example.com leland_himself@example.com)
24
29
  expect(RoleMapper.whois('salesman')).to be_empty
25
30
  expect(RoleMapper.whois('admin_policy_object_editor').sort).to eq %w(archivist1@example.com)
26
31
  end
27
-
28
32
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 9.10.0
4
+ version: 10.0.0.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2016-04-19 00:00:00.000000000 Z
13
+ date: 2016-05-10 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -30,16 +30,22 @@ dependencies:
30
30
  name: active-fedora
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
- - - "~>"
33
+ - - ">="
34
34
  - !ruby/object:Gem::Version
35
- version: '9.11'
35
+ version: 10.0.0.beta1
36
+ - - "<"
37
+ - !ruby/object:Gem::Version
38
+ version: '11'
36
39
  type: :runtime
37
40
  prerelease: false
38
41
  version_requirements: !ruby/object:Gem::Requirement
39
42
  requirements:
40
- - - "~>"
43
+ - - ">="
44
+ - !ruby/object:Gem::Version
45
+ version: 10.0.0.beta1
46
+ - - "<"
41
47
  - !ruby/object:Gem::Version
42
- version: '9.11'
48
+ version: '11'
43
49
  - !ruby/object:Gem::Dependency
44
50
  name: cancancan
45
51
  requirement: !ruby/object:Gem::Requirement
@@ -60,14 +66,14 @@ dependencies:
60
66
  requirements:
61
67
  - - "~>"
62
68
  - !ruby/object:Gem::Version
63
- version: '0.2'
69
+ version: '1.0'
64
70
  type: :runtime
65
71
  prerelease: false
66
72
  version_requirements: !ruby/object:Gem::Requirement
67
73
  requirements:
68
74
  - - "~>"
69
75
  - !ruby/object:Gem::Version
70
- version: '0.2'
76
+ version: '1.0'
71
77
  - !ruby/object:Gem::Dependency
72
78
  name: blacklight
73
79
  requirement: !ruby/object:Gem::Requirement
@@ -147,6 +153,7 @@ files:
147
153
  - app/models/concerns/hydra/ip_based_ability.rb
148
154
  - app/models/concerns/hydra/rights.rb
149
155
  - app/models/concerns/hydra/with_depositor.rb
156
+ - app/models/hydra/access_control.rb
150
157
  - app/models/hydra/access_controls/access_control_list.rb
151
158
  - app/models/hydra/access_controls/embargo.rb
152
159
  - app/models/hydra/access_controls/lease.rb
@@ -169,7 +176,6 @@ files:
169
176
  - lib/hydra/admin_policy.rb
170
177
  - lib/hydra/config.rb
171
178
  - lib/hydra/ip_based_groups.rb
172
- - lib/hydra/permissions_cache.rb
173
179
  - lib/hydra/permissions_query.rb
174
180
  - lib/hydra/policy_aware_ability.rb
175
181
  - lib/hydra/policy_aware_access_controls_enforcement.rb
@@ -181,11 +187,8 @@ files:
181
187
  - spec/services/embargo_service_spec.rb
182
188
  - spec/services/lease_service_spec.rb
183
189
  - spec/spec_helper.rb
184
- - spec/support/config/blacklight.yml
185
- - spec/support/config/hydra_ip_range.yml
186
190
  - spec/support/config/role_map.yml
187
191
  - spec/support/mods_asset.rb
188
- - spec/support/rails.rb
189
192
  - spec/support/solr_document.rb
190
193
  - spec/support/user.rb
191
194
  - spec/unit/ability_spec.rb
@@ -221,12 +224,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
221
224
  version: 1.9.3
222
225
  required_rubygems_version: !ruby/object:Gem::Requirement
223
226
  requirements:
224
- - - ">="
227
+ - - ">"
225
228
  - !ruby/object:Gem::Version
226
- version: '0'
229
+ version: 1.3.1
227
230
  requirements: []
228
231
  rubyforge_project:
229
- rubygems_version: 2.4.5.1
232
+ rubygems_version: 2.5.1
230
233
  signing_key:
231
234
  specification_version: 4
232
235
  summary: Access controls for project hydra
@@ -237,11 +240,8 @@ test_files:
237
240
  - spec/services/embargo_service_spec.rb
238
241
  - spec/services/lease_service_spec.rb
239
242
  - spec/spec_helper.rb
240
- - spec/support/config/blacklight.yml
241
- - spec/support/config/hydra_ip_range.yml
242
243
  - spec/support/config/role_map.yml
243
244
  - spec/support/mods_asset.rb
244
- - spec/support/rails.rb
245
245
  - spec/support/solr_document.rb
246
246
  - spec/support/user.rb
247
247
  - spec/unit/ability_spec.rb
@@ -1,6 +0,0 @@
1
- class Hydra::PermissionsCache < Blacklight::AccessControls::PermissionsCache
2
- extend Deprecation
3
-
4
- Deprecation.warn Hydra::PermissionsCache, "Hydra::PermissionsCache will be removed in Hydra 10. Use Blacklight::AccessControls::PermissionsCache instead (from blacklight-access_controls gem)."
5
-
6
- end
@@ -1,6 +0,0 @@
1
- development:
2
- adapter: solr
3
- url: http://localhost:<%= ENV['SOLR_DEVELOPMENT_PORT'] || 8983 %>/solr/hydra-development
4
- test:
5
- adapter: solr
6
- url: http://localhost:<%= ENV['SOLR_TEST_PORT'] || 8985 %>/solr/hydra-test
@@ -1,9 +0,0 @@
1
- development: &development
2
- groups:
3
- - name: 'on-campus'
4
- subnets:
5
- - 192.168.0.0/24
6
- - 10.0.0.0/22
7
- test: *development
8
- production: *development
9
-
@@ -1,23 +0,0 @@
1
- # Rails normally loads the locales of engines for us.
2
- I18n.load_path << 'config/locales/hydra-access-controls.en.yml'
3
-
4
- module Rails
5
- class << self
6
- def env
7
- ENV['environment']
8
- end
9
-
10
- def version
11
- "0.0.0"
12
- #"hydra-access-controls mock rails"
13
- end
14
-
15
- def root
16
- 'spec/support'
17
- end
18
-
19
- def logger
20
- @@logger ||= Logger.new(File.expand_path('../../test.log', __FILE__)).tap { |logger| logger.level = Logger::WARN }
21
- end
22
- end
23
- end