RubyGems - hydra-access-controls - Versions diffs - 10.5.0 → 10.5.1 - Mend

hydra-access-controls 10.5.0 → 10.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/hydra/policy_aware_access_controls_enforcement.rb +10 -9
data/spec/factories.rb +1 -1
data/spec/services/embargo_service_spec.rb +4 -4
data/spec/services/lease_service_spec.rb +4 -4
data/spec/spec_helper.rb +1 -1
data/spec/unit/ability_spec.rb +25 -25
data/spec/unit/accessible_by_spec.rb +4 -4
data/spec/unit/admin_policy_spec.rb +1 -1
data/spec/unit/permission_spec.rb +1 -1
data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ed94a3c77e4473df017f3e8d932af844b5bc4eda
-  data.tar.gz: 14bf723d584d15d01d35882b3be61fa4d2c14fa5
+  metadata.gz: 2ff67011c0dfacf46f43a710b1bf75be300c91f8
+  data.tar.gz: 9894ed9ca3d96943443058a9546b32cdd71c8a8c
 SHA512:
-  metadata.gz: ac4802b6ab1511152cef8d8f9c4c27194eb6e5f90e4439f35130497d17bb72ccd7676be420a1c80ea487b7bda2f60595dee9acec091e80fcf9a911d8dd8fece8
-  data.tar.gz: 0f3830cef55ada92f0d9cb4250e433ac56b331eba178e4cbaea785aa68748cfff57355dc2ded2a60d511255b65abc173332ff4179f971642a0d5c955845d2b59
+  metadata.gz: 41a3c4f41486967062df9adb768a6002eb5762967e70ce225dfa474eb2c293c2b86edea0a0b7cc935e57518bbcc1dd4d7ea2124b2dc514e600e0221ab209a0fb
+  data.tar.gz: c862bc4aa6120634f94370b7d0a0d72c579e4f07de7f135fff793c9ca65024519fbe5462777659ab89c5d91fc0a83955981722aa56284cec9615d82b773614c4

data/lib/hydra/policy_aware_access_controls_enforcement.rb CHANGED

@@ -1,27 +1,26 @@
 # Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
 module Hydra::PolicyAwareAccessControlsEnforcement
-  # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access
-  # appends the result of policy_clauses into the :fq
-  # @param solr_parameters the current solr parameters
-  # @param user_parameters the current user-subitted parameters
+  # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access.
+  # Appends the result of policy_clauses into the :fq
+  # @param [Hash] solr_parameters the current solr parameters, to be modified herein!
   def apply_gated_discovery(solr_parameters)
     super
     logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }")
   end
-  # returns solr query for finding all objects whose policies grant discover access to current_user
+  # @return [String,nil] solr query for finding all objects whose policies grant discover access to current_user
   def policy_clauses
     policy_ids = policies_with_access
     return nil if policy_ids.empty?
     '(' + policy_ids.map {|id| ActiveFedora::SolrQueryBuilder.construct_query_for_rel(isGovernedBy: id)}.join(' OR '.freeze) + ')'
   end
-  # find all the policies that grant discover/read/edit permissions to this user or any of its groups
+  # Find all the policies that grant discover/read/edit permissions to this user or any of its groups.
+  # Grant access based on user id & group
   def policies_with_access
     #### TODO -- Memoize this and put it in the session?
     user_access_filters = []
-    # Grant access based on user id & group
     user_access_filters += apply_policy_group_permissions(discovery_permissions)
     user_access_filters += apply_policy_user_permissions(discovery_permissions)
     result = policy_class.search_with_conditions( user_access_filters.join(" OR "), fl: "id", rows: policy_class.count )
@@ -29,8 +28,9 @@ module Hydra::PolicyAwareAccessControlsEnforcement
     result.map {|h| h['id']}
   end
+  # for groups
+  # @param [Array{String,#to_sym}] permission_types symbols (or equivalent) from Hydra.config.permissions.inheritable
   def apply_policy_group_permissions(permission_types = discovery_permissions)
-      # for groups
       user_access_filters = []
       current_ability.user_groups.each_with_index do |group, i|
         permission_types.each do |type|
@@ -40,8 +40,9 @@ module Hydra::PolicyAwareAccessControlsEnforcement
       user_access_filters
   end
+  # for individual user access
+  # @param [Array{String,#to_sym}] permission_types
   def apply_policy_user_permissions(permission_types = discovery_permissions)
-    # for individual user access
     user = current_ability.current_user
     return [] unless user && user.user_key.present?
     permission_types.map do |type|

data/spec/factories.rb CHANGED

@@ -1,4 +1,4 @@
-FactoryGirl.define do
+FactoryBot.define do
   # Users

data/spec/services/embargo_service_spec.rb CHANGED

@@ -5,19 +5,19 @@ describe Hydra::EmbargoService do
   let(:past_date) { 2.days.ago }
   let!(:work_with_expired_embargo1) do
-    FactoryGirl.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
       work.save(validate:false)
     end
   end
   let!(:work_with_expired_embargo2) do
-    FactoryGirl.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, embargo_release_date: past_date.to_s).tap do |work|
       work.save(validate:false)
     end
   end
-  let!(:work_with_embargo_in_effect) { FactoryGirl.create(:asset, embargo_release_date: future_date.to_s)}
-  let!(:work_without_embargo) { FactoryGirl.create(:asset)}
+  let!(:work_with_embargo_in_effect) { FactoryBot.create(:asset, embargo_release_date: future_date.to_s)}
+  let!(:work_without_embargo) { FactoryBot.create(:asset)}
   describe "#assets_with_expired_embargoes" do
     it "returns an array of assets with expired embargoes" do

data/spec/services/lease_service_spec.rb CHANGED

@@ -5,19 +5,19 @@ describe Hydra::LeaseService do
   let(:past_date) { 2.days.ago }
   let!(:work_with_expired_lease1) do
-    FactoryGirl.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
       work.save(validate: false)
     end
   end
   let!(:work_with_expired_lease2) do
-    FactoryGirl.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
+    FactoryBot.build(:asset, lease_expiration_date: past_date.to_s).tap do |work|
       work.save(validate: false)
     end
   end
-  let!(:work_with_lease_in_effect) { FactoryGirl.create(:asset, lease_expiration_date: future_date.to_s)}
-  let!(:work_without_lease) { FactoryGirl.create(:asset)}
+  let!(:work_with_lease_in_effect) { FactoryBot.create(:asset, lease_expiration_date: future_date.to_s)}
+  let!(:work_without_lease) { FactoryBot.create(:asset)}
   describe "#assets_with_expired_leases" do
     it "returns an array of assets with expired embargoes" do

data/spec/spec_helper.rb CHANGED

@@ -35,7 +35,7 @@ ActiveSupport::Dependencies.autoload_paths += relative_load_paths
 require 'support/mods_asset'
 require 'support/solr_document'
 require "support/user"
-require "factory_girl"
+require "factory_bot"
 require 'rspec/mocks'
 require 'rspec/its'
 require "factories"

data/spec/unit/ability_spec.rb CHANGED

@@ -31,7 +31,7 @@ describe Ability do
   end
   context "for a signed in user" do
-    let(:user) { FactoryGirl.build(:registered_user) }
+    let(:user) { FactoryBot.build(:registered_user) }
     it { should_not be_able_to(:create, ActiveFedora::Base) }
   end
@@ -42,7 +42,7 @@ describe Ability do
 #   Test coverage for discover permission is in spec/requests/gated_discovery_spec.rb
   describe "Given an asset that has been made publicly discoverable" do
-    let(:asset) { FactoryGirl.create(:asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "public", access: "discover", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset.save
@@ -58,7 +58,7 @@ describe Ability do
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should     be_able_to(:discover, asset) }
       it { should_not be_able_to(:read, asset) }
       it { should_not be_able_to(:edit, asset) }
@@ -68,8 +68,8 @@ describe Ability do
   end
   describe "Given an asset that has been made publicly available (ie. open access)" do
-    #let(:asset) { FactoryGirl.create(:open_access_asset) }
-    let(:asset) { FactoryGirl.create(:asset) }
+    #let(:asset) { FactoryBot.create(:open_access_asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset.save
@@ -85,7 +85,7 @@ describe Ability do
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should     be_able_to(:discover, asset) }
       it { should     be_able_to(:read, asset) }
       it { should_not be_able_to(:edit, asset) }
@@ -95,7 +95,7 @@ describe Ability do
   end
   describe "Given an asset with no custom access set" do
-    let(:asset) { FactoryGirl.create(:asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "joe_creator", access: "edit", type: "person" }]
       asset.save
@@ -110,7 +110,7 @@ describe Ability do
       it { should_not be_able_to(:destroy, asset) }
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should_not be_able_to(:discover, asset) }
       it { should_not be_able_to(:read, asset) }
       it { should_not be_able_to(:edit, asset) }
@@ -118,7 +118,7 @@ describe Ability do
       it { should_not be_able_to(:destroy, asset) }
     end
     context "Then the Creator" do
-      let(:user) { FactoryGirl.build(:joe_creator) }
+      let(:user) { FactoryBot.build(:joe_creator) }
       it { should     be_able_to(:discover, asset) }
       it { should     be_able_to(:read, asset) }
       it { should     be_able_to(:edit, asset) }
@@ -132,14 +132,14 @@ describe Ability do
   end
   describe "Given an asset which registered users have read access to" do
-    # let(:asset) { FactoryGirl.create(:org_read_access_asset) }
-    let(:asset) { FactoryGirl.create(:asset) }
+    # let(:asset) { FactoryBot.create(:org_read_access_asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset.save
     end
     context "The a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       before do
         allow(user).to receive(:new_record?).and_return(false)
       end
@@ -154,7 +154,7 @@ describe Ability do
   end
   describe "Given an asset with collaborator" do
-    let(:asset) { FactoryGirl.create(:asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
       asset.save
@@ -162,7 +162,7 @@ describe Ability do
     after { asset.destroy }
     context "Then a collaborator with edit access (user permision)" do
-      let(:user) { FactoryGirl.build(:calvin_collaborator) }
+      let(:user) { FactoryBot.build(:calvin_collaborator) }
       it { should     be_able_to(:discover, asset) }
       it { should     be_able_to(:read, asset) }
@@ -173,7 +173,7 @@ describe Ability do
     end
     context "Then a collaborator with edit access (group permision)" do
-      let(:user) { FactoryGirl.build(:martia_morocco) }
+      let(:user) { FactoryBot.build(:martia_morocco) }
       before do
         allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])
       end
@@ -183,14 +183,14 @@ describe Ability do
   end
   describe "Given an asset where dept can read & registered users can discover" do
-    # let(:asset) { FactoryGirl.create(:dept_access_asset) }
-    let(:asset) { FactoryGirl.create(:asset) }
+    # let(:asset) { FactoryBot.create(:dept_access_asset) }
+    let(:asset) { FactoryBot.create(:asset) }
     before do
       asset.permissions_attributes = [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
       asset.save
     end
     context "Then a registered user" do
-      let(:user) { FactoryGirl.build(:registered_user) }
+      let(:user) { FactoryBot.build(:registered_user) }
       it { should_not be_able_to(:discover, asset) }
       it { should_not be_able_to(:read, asset) }
@@ -201,7 +201,7 @@ describe Ability do
     end
     context "Then someone whose role/group has read access" do
-      let(:user) { FactoryGirl.build(:martia_morocco) }
+      let(:user) { FactoryBot.build(:martia_morocco) }
       before do
         allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])
       end
@@ -228,7 +228,7 @@ describe Ability do
         end
       end
     end
-    let(:user) { FactoryGirl.build(:staff) }
+    let(:user) { FactoryBot.build(:staff) }
     after do
       Object.send(:remove_const, :MyAbility)
@@ -241,13 +241,13 @@ describe Ability do
   end
   describe "calling ability on two separate objects" do
-    let(:asset1) { FactoryGirl.create(:asset) }
-    let(:asset2) { FactoryGirl.create(:asset) }
+    let(:asset1) { FactoryBot.create(:asset) }
+    let(:asset2) { FactoryBot.create(:asset) }
     before do
       asset1.permissions_attributes = [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
       asset1.save
     end
-    let(:user) { FactoryGirl.build(:calvin_collaborator) } # has access to @asset1, but not @asset2
+    let(:user) { FactoryBot.build(:calvin_collaborator) } # has access to @asset1, but not @asset2
     after do
       asset1.destroy
       asset2.destroy
@@ -261,8 +261,8 @@ describe Ability do
   end
   describe "download permissions" do
-    let(:asset) { FactoryGirl.create(:asset) }
-    let(:user) { FactoryGirl.build(:user) }
+    let(:asset) { FactoryBot.create(:asset) }
+    let(:user) { FactoryBot.build(:user) }
     let(:file) { ActiveFedora::File.new() }
     before { allow(file).to receive(:uri).and_return(uri) }

data/spec/unit/accessible_by_spec.rb CHANGED

@@ -1,11 +1,11 @@
 require 'spec_helper'
 describe "active_fedora/accessible_by" do
-  let(:user) {FactoryGirl.build(:ira_instructor)}
+  let(:user) {FactoryBot.build(:ira_instructor)}
   let(:ability) {Ability.new(user)}
-  let(:private_obj) {FactoryGirl.create(:asset)}
-  let(:public_obj) {FactoryGirl.create(:asset)}
-  let(:editable_obj) {FactoryGirl.create(:asset)}
+  let(:private_obj) {FactoryBot.create(:asset)}
+  let(:public_obj) {FactoryBot.create(:asset)}
+  let(:editable_obj) {FactoryBot.create(:asset)}
   before do
     private_obj.permissions_attributes = [{ name: "joe_creator", access: "edit", type: "person" }]

data/spec/unit/admin_policy_spec.rb CHANGED

@@ -120,7 +120,7 @@ describe Hydra::AdminPolicy do
   # Policy-based Access Controls
   #
   describe "When accessing assets with Policies associated" do
-    let(:user) { FactoryGirl.build(:martia_morocco) }
+    let(:user) { FactoryBot.build(:martia_morocco) }
     before do
       allow(user).to receive(:groups).and_return(["faculty", "africana-faculty"])

data/spec/unit/permission_spec.rb CHANGED

@@ -62,7 +62,7 @@ describe Hydra::AccessControls::Permission do
     context 'with a User instance passed as :name argument' do
       let(:permission) { described_class.new(type: 'person', name: user, access: 'read') }
-      let(:user) { FactoryGirl.build(:archivist, email: 'archivist1@example.com') }
+      let(:user) { FactoryBot.build(:archivist, email: 'archivist1@example.com') }
       it "uses string and escape agent when building" do
         expect(permission.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#archivist1@example.com'

data/spec/unit/policy_aware_access_controls_enforcement_spec.rb CHANGED

@@ -92,7 +92,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
   let(:current_ability) { Ability.new(user) }
   subject { PolicyMockSearchBuilder.new(current_ability) }
-  let(:user) { FactoryGirl.build(:sara_student) }
+  let(:user) { FactoryBot.build(:sara_student) }
   before do
     @solr_parameters = {}

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 10.5.0
+  version: 10.5.1
 platform: ruby
 authors:
 - Chris Beer
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-09 00:00:00.000000000 Z
+date: 2018-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -237,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.12
+rubygems_version: 2.6.14
 signing_key:
 specification_version: 4
 summary: Access controls for project hydra