hydra-access-controls 10.3.0 → 10.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 41551b5b4c585cf81dcf873b800b5699dc6c1b22
|
|
4
|
+
data.tar.gz: a81738e509b739baf6d816ad0ec58f68a1b880f9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4979abd13373922171646bd2bf6cbf79c8c016e3c45b145be961cf778a4818d71151345ed0bfa8defa41ab3f32cfbe7de2a1a0a5d3280d600c2377d4811575b
|
|
7
|
+
data.tar.gz: 25049f1bb1d157fa2512c045644543851c88020c60f8875ee2c4b993f5619a0f57394a01d5e84b56ff5f15d69ff35cb34f17987f0b4e8d5f0ded3e5dfcce2051
|
|
@@ -61,7 +61,9 @@ module Hydra
|
|
|
61
61
|
prop['id'] = selected.id if selected
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
-
|
|
64
|
+
clean_collection = remove_bad_deletes(attributes_collection)
|
|
65
|
+
|
|
66
|
+
self.permissions_attributes_without_uniqueness = clean_collection
|
|
65
67
|
end
|
|
66
68
|
|
|
67
69
|
# Return a list of groups that have discover permission
|
|
@@ -437,6 +439,19 @@ module Hydra
|
|
|
437
439
|
raise 'no agent' unless agent.present?
|
|
438
440
|
agent.first.rdf_subject.to_s.start_with?(PERSON_AGENT_URL_PREFIX)
|
|
439
441
|
end
|
|
442
|
+
|
|
443
|
+
# Removes any permissions if both a delete and an update are found for the same id
|
|
444
|
+
# or if a delete is present without an id.
|
|
445
|
+
def remove_bad_deletes(collection)
|
|
446
|
+
collection.delete_if { |permission| (has_destroy_flag?(permission) && !permission.has_key?(:id)) }
|
|
447
|
+
collection.each do |permission|
|
|
448
|
+
next unless has_destroy_flag?(permission)
|
|
449
|
+
delete_id = permission.fetch(:id, nil)
|
|
450
|
+
if collection.map { |c| c if c.fetch(:id, nil) == delete_id }.compact.count > 1
|
|
451
|
+
collection.delete_if { |permission| permission.fetch(:id, nil) == delete_id }
|
|
452
|
+
end
|
|
453
|
+
end
|
|
454
|
+
end
|
|
440
455
|
end
|
|
441
456
|
end
|
|
442
457
|
end
|
|
@@ -151,6 +151,55 @@ describe Hydra::AccessControls::Permissions do
|
|
|
151
151
|
expect(reloaded).to eq [{ type: "person", access: "edit", name: "jcoyne" }]
|
|
152
152
|
end
|
|
153
153
|
end
|
|
154
|
+
|
|
155
|
+
context "when destroy and update are simultaneously set for the same id" do
|
|
156
|
+
let(:simultaneous) do
|
|
157
|
+
[
|
|
158
|
+
{ id: permissions_id, type: "group", access: "read", name: "group1", _destroy: '1' },
|
|
159
|
+
{ id: permissions_id, type: "group", access: "read", name: "group1", }
|
|
160
|
+
]
|
|
161
|
+
end
|
|
162
|
+
before do
|
|
163
|
+
subject.update permissions_attributes: [{ type: "group", access: "read", name: "group1" }]
|
|
164
|
+
subject.update permissions_attributes: simultaneous
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
it "leaves the permissions unchanged" do
|
|
168
|
+
expect(reloaded).to contain_exactly({name: "jcoyne", type: "person", access: "edit"}, {name: "group1", type: "group", access: "read"})
|
|
169
|
+
end
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
context "when destroy is present without an id" do
|
|
173
|
+
let(:missing_id) do
|
|
174
|
+
[ { type: "group", access: "read", name: "group1", _destroy: '1' } ]
|
|
175
|
+
end
|
|
176
|
+
before do
|
|
177
|
+
subject.update permissions_attributes: missing_id
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
it "leaves the permissions unchanged" do
|
|
181
|
+
expect(reloaded).to contain_exactly({name: "jcoyne", type: "person", access: "edit"})
|
|
182
|
+
end
|
|
183
|
+
end
|
|
184
|
+
|
|
185
|
+
context "when updating multiple different permissions at the same time" do
|
|
186
|
+
before do
|
|
187
|
+
subject.update permissions_attributes: [{ type: "group", access: "read", name: "group1" }]
|
|
188
|
+
subject.update permissions_attributes: [
|
|
189
|
+
{ id: permissions_id, type: "group", access: "read", name: "group1", _destroy: '1' },
|
|
190
|
+
{ type: "group", access: "edit", name: "group2" },
|
|
191
|
+
{ type: "person", access: "read", name: "joebob" }
|
|
192
|
+
]
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
it "removes permissions on existing groups and updates the others" do
|
|
196
|
+
expect(reloaded).to contain_exactly(
|
|
197
|
+
{name: "jcoyne", type: "person", access: "edit"},
|
|
198
|
+
{name: "group2", type: "group", access: "edit"},
|
|
199
|
+
{name: "joebob", type: "person", access: "read"}
|
|
200
|
+
)
|
|
201
|
+
end
|
|
202
|
+
end
|
|
154
203
|
end
|
|
155
204
|
|
|
156
205
|
context "to a falsy value" do
|
|
@@ -126,23 +126,31 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
|
126
126
|
end
|
|
127
127
|
|
|
128
128
|
describe "apply_gated_discovery" do
|
|
129
|
-
before do
|
|
130
|
-
allow(RoleMapper).to receive(:roles).with(user).and_return(user.roles)
|
|
131
|
-
end
|
|
132
129
|
let(:governed_field) { ActiveFedora.index_field_mapper.solr_name('isGovernedBy', :symbol) }
|
|
130
|
+
let(:policy_queries) { @solr_parameters[:fq].first.split(" OR ") }
|
|
133
131
|
|
|
134
|
-
|
|
135
|
-
# stubbing out policies_with_access because solr doesn't always return them in the same order.
|
|
136
|
-
policy_ids = (1..8).map {|n| "policies/#{n}"}
|
|
137
|
-
expect(subject).to receive(:policies_with_access).and_return(policy_ids)
|
|
138
|
-
subject.apply_gated_discovery(@solr_parameters)
|
|
139
|
-
expect(@solr_parameters[:fq].first).to include(" OR (_query_:\"{!field f=#{governed_field}}policies/1\" OR _query_:\"{!field f=#{governed_field}}policies/2\" OR _query_:\"{!field f=#{governed_field}}policies/3\" OR _query_:\"{!field f=#{governed_field}}policies/4\" OR _query_:\"{!field f=#{governed_field}}policies/5\" OR _query_:\"{!field f=#{governed_field}}policies/6\" OR _query_:\"{!field f=#{governed_field}}policies/7\" OR _query_:\"{!field f=#{governed_field}}policies/8\")")
|
|
140
|
-
end
|
|
132
|
+
before { allow(RoleMapper).to receive(:roles).with(user).and_return(user.roles) }
|
|
141
133
|
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
134
|
+
context "when policies are included" do
|
|
135
|
+
before { subject.apply_gated_discovery(@solr_parameters) }
|
|
136
|
+
|
|
137
|
+
it "builds a query that includes all the policies" do
|
|
138
|
+
(1..11).each do |p|
|
|
139
|
+
expect(policy_queries).to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
context "when policies are not included" do
|
|
145
|
+
before do
|
|
146
|
+
allow(subject).to receive(:policy_clauses).and_return(nil)
|
|
147
|
+
subject.apply_gated_discovery(@solr_parameters)
|
|
148
|
+
end
|
|
149
|
+
it "does not include any policies in the query" do
|
|
150
|
+
(1..11).each do |p|
|
|
151
|
+
expect(policy_queries).not_to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
|
|
152
|
+
end
|
|
153
|
+
end
|
|
146
154
|
end
|
|
147
155
|
end
|
|
148
156
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 10.3.
|
|
4
|
+
version: 10.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2016-
|
|
13
|
+
date: 2016-10-28 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -236,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
236
236
|
version: '0'
|
|
237
237
|
requirements: []
|
|
238
238
|
rubyforge_project:
|
|
239
|
-
rubygems_version: 2.6.
|
|
239
|
+
rubygems_version: 2.6.4
|
|
240
240
|
signing_key:
|
|
241
241
|
specification_version: 4
|
|
242
242
|
summary: Access controls for project hydra
|