hydra-access-controls 10.7.0 → 11.0.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/app/models/concerns/hydra/access_controls/permissions.rb +1 -1
  3. data/app/models/role_mapper.rb +5 -3
  4. data/app/search_builders/hydra/access_controls/policy_aware_search_builder.rb +97 -0
  5. data/app/search_builders/hydra/access_controls/search_builder.rb +13 -0
  6. data/app/services/hydra/embargo_service.rb +1 -1
  7. data/app/services/hydra/lease_service.rb +2 -1
  8. data/hydra-access-controls.gemspec +4 -4
  9. data/lib/active_fedora/accessible_by.rb +9 -3
  10. data/lib/hydra-access-controls.rb +6 -9
  11. data/lib/hydra/access_controls_enforcement.rb +6 -0
  12. data/lib/hydra/policy_aware_access_controls_enforcement.rb +6 -0
  13. data/spec/factories.rb +29 -29
  14. data/spec/services/embargo_service_spec.rb +1 -0
  15. data/spec/spec_helper.rb +5 -14
  16. data/spec/support/user.rb +1 -1
  17. data/spec/unit/permissions_spec.rb +4 -7
  18. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +6 -5
  19. data/tasks/hydra-access-controls.rake +1 -1
  20. metadata +29 -26
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a7c79ec6fe837de0f50c227d4645733a374171b2320b2dfe5a164b1df4c6e958
4
- data.tar.gz: 01caa2ad2384cf886227747097eeb48abc631383058454fff6b8d61255577eb0
3
+ metadata.gz: 61225eacc0eb1ffe2facc00ac42aa082567c42835cb4d5b05f69e2fa0ee6fd37
4
+ data.tar.gz: 426e99adcb97802d370833f95112b48be577745fc195ceb4fccfed0c97f6276d
5
5
  SHA512:
6
- metadata.gz: c7ebf08abc586fd649c11375017b593518c22b290eb1f09e9b34fdd1a9f76e6b4614c319dd931780f7582aae53e8a4710d29dff6538c63e32b6582393c10b762
7
- data.tar.gz: ad1e0a0095e83ed18a036f98ee37369ceebe8161917f4a591d011ca7e2e94c6aebd398f4fec23a54607f206ec771f0c4c609222b8451b61b2fb84b7e24e6c5c5
6
+ metadata.gz: a3744e8f64c8b98d2a5a2e1d1a7c8b1f941937f2041f8698e11068cc0d934b3d9f227054ce8feacd185b6ec1e8a9c57835684aa868676210f387cbda503165e8
7
+ data.tar.gz: e5b37637f6fd11f5bc9c1f85ebde7227b93ceb434281437b9a410992ec5abaefb8e648ff945d59c1e8382ea142860d0cfb1f24fffb3bb4e4a20aa4b7952c52fd
data/app/models/concerns/hydra/access_controls/permissions.rb CHANGED
@@ -22,7 +22,7 @@ module Hydra
22
22
  end
23
23
 
24
24
  def permission_delegate
25
- (access_control || build_access_control).tap { |d| d.owner = self }
25
+ (access_control || create_access_control).tap { |d| d.owner = self }
26
26
  end
27
27
 
28
28
  def to_solr(solr_doc = {})
data/app/models/role_mapper.rb CHANGED
@@ -1,6 +1,8 @@
1
- # RoleMapper This is used by AccessControlsEnforcement to get users' Roles (used in access permissions)
2
- # If you are using something like Shibboleth or LDAP to get users' Roles, you should override this Class.
3
- # Your override should include a Module that implements the same behaviors as Hydra::RoleMapperBehavior
1
+ # RoleMapper This is used by AccessControls::SearchBuilder to get users' Roles
2
+ # (used in access permissions) If you are using something like Shibboleth or
3
+ # LDAP to get users' Roles, you should override this Class. Your override
4
+ # should include a Module that implements the same behaviors as
5
+ # Hydra::RoleMapperBehavior
4
6
  class RoleMapper
5
7
  include Hydra::RoleMapperBehavior
6
8
  end
data/app/search_builders/hydra/access_controls/policy_aware_search_builder.rb ADDED
@@ -0,0 +1,97 @@
1
+ module Hydra
2
+ module AccessControls
3
+ # A SearchBuilder that applies filters that are expressed within policies.
4
+ # The permissions on the policy are inherited by the objects goverend by the
5
+ # policy.
6
+ class PolicyAwareSearchBuilder < Hydra::AccessControls::SearchBuilder
7
+ # Extends Blacklight::AccessControls::SearchBuilder.apply_gated_discovery
8
+ # to reflect policy-provided access.
9
+ # Appends the result of policy_clauses into the :fq
10
+ # @param [Hash] solr_parameters the current solr parameters, to be
11
+ # modified herein!
12
+ def apply_gated_discovery(solr_parameters)
13
+ super
14
+ logger.debug("POLICY-aware Solr parameters: #{solr_parameters.inspect}")
15
+ end
16
+
17
+ # @return [String,nil] solr query for finding all objects whose policies
18
+ # grant discover access to current_user
19
+ def policy_clauses
20
+ policy_ids = policies_with_access
21
+ return nil if policy_ids.empty?
22
+ clauses = policy_ids.map do |id|
23
+ ActiveFedora::SolrQueryBuilder
24
+ .construct_query_for_rel(isGovernedBy: id)
25
+ end
26
+ '(' + clauses.join(' OR '.freeze) + ')'
27
+ end
28
+
29
+ # Find all the policies that grant discover/read/edit permissions to this user or any of its groups.
30
+ # Grant access based on user id & group
31
+ def policies_with_access
32
+ #### TODO -- Memoize this and put it in the session?
33
+ user_access_filters = []
34
+ user_access_filters += apply_policy_group_permissions(discovery_permissions)
35
+ user_access_filters += apply_policy_user_permissions(discovery_permissions)
36
+ where = user_access_filters.join(' OR ')
37
+ result = policy_class.search_with_conditions(where,
38
+ fl: 'id',
39
+ rows: policy_class.count)
40
+ logger.debug "get policies: #{result}\n\n"
41
+ result.map { |h| h['id'] }
42
+ end
43
+
44
+ # for groups
45
+ # @param [Array{String,#to_sym}] permission_types symbols (or equivalent) from Hydra.config.permissions.inheritable
46
+ def apply_policy_group_permissions(permission_types = discovery_permissions)
47
+ user_access_filters = []
48
+ current_ability.user_groups.each do |group|
49
+ permission_types.each do |type|
50
+ user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].group, group)
51
+ end
52
+ end
53
+ user_access_filters
54
+ end
55
+
56
+ # for individual user access
57
+ # @param [Array{String,#to_sym}] permission_types
58
+ def apply_policy_user_permissions(permission_types = discovery_permissions)
59
+ user = current_ability.current_user
60
+ return [] unless user && user.user_key.present?
61
+ permission_types.map do |type|
62
+ escape_filter(Hydra.config.permissions.inheritable[type.to_sym].individual, user.user_key)
63
+ end
64
+ end
65
+
66
+ # Override method from blacklight-access_controls
67
+ def discovery_permissions
68
+ @discovery_permissions ||= %w[edit discover read]
69
+ end
70
+
71
+ # Returns the Model used for AdminPolicy objects.
72
+ # You can set this by overriding this method or setting
73
+ # Hydra.config[:permissions][:policy_class]
74
+ # Defults to Hydra::AdminPolicy
75
+ def policy_class
76
+ Hydra.config.permissions.policy_class || Hydra::AdminPolicy
77
+ end
78
+
79
+ private
80
+
81
+ def gated_discovery_filters
82
+ filters = super
83
+ additional_clauses = policy_clauses
84
+ filters << additional_clauses unless additional_clauses.blank?
85
+ filters
86
+ end
87
+
88
+ # Find the name of the solr field for this type of permission.
89
+ # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
90
+ # Used by blacklight-access_controls gem.
91
+ def solr_field_for(permission_type, permission_category)
92
+ permissions = Hydra.config.permissions[permission_type.to_sym]
93
+ permission_category == 'group' ? permissions.group : permissions.individual
94
+ end
95
+ end
96
+ end
97
+ end
data/app/search_builders/hydra/access_controls/search_builder.rb ADDED
@@ -0,0 +1,13 @@
1
+ module Hydra
2
+ module AccessControls
3
+ class SearchBuilder < Blacklight::AccessControls::SearchBuilder
4
+ # Find the name of the solr field for this type of permission.
5
+ # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
6
+ # Used by blacklight-access_controls.
7
+ def solr_field_for(permission_type, permission_category)
8
+ permissions = Hydra.config.permissions[permission_type.to_sym]
9
+ permission_category == 'group' ? permissions.group : permissions.individual
10
+ end
11
+ end
12
+ end
13
+ end
data/app/services/hydra/embargo_service.rb CHANGED
@@ -14,7 +14,7 @@ module Hydra
14
14
  # (assumes that when lease visibility is applied to assets
15
15
  # whose leases have expired, the lease expiration date will be removed from its metadata)
16
16
  def assets_under_embargo
17
- ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:[* TO *]")
17
+ ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:*")
18
18
  end
19
19
 
20
20
  # Returns all assets that have had embargoes deactivated in the past.
data/app/services/hydra/lease_service.rb CHANGED
@@ -10,7 +10,7 @@ module Hydra
10
10
  # (assumes that when lease visibility is applied to assets
11
11
  # whose leases have expired, the lease expiration date will be removed from its metadata)
12
12
  def assets_under_lease
13
- ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:[* TO *]")
13
+ ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:*")
14
14
  end
15
15
 
16
16
  # Returns all assets that have had embargoes deactivated in the past.
@@ -20,3 +20,4 @@ module Hydra
20
20
  end
21
21
  end
22
22
  end
23
+
data/hydra-access-controls.gemspec CHANGED
@@ -6,7 +6,7 @@ Gem::Specification.new do |gem|
6
6
  gem.email = ["hydra-tech@googlegroups.com"]
7
7
  gem.description = %q{Access controls for project hydra}
8
8
  gem.summary = %q{Access controls for project hydra}
9
- gem.homepage = "https://github.com/samvera/hydra-head/tree/master/hydra-access-controls"
9
+ gem.homepage = "http://projecthydra.org"
10
10
 
11
11
  gem.files = `git ls-files`.split($\)
12
12
  gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -19,11 +19,11 @@ Gem::Specification.new do |gem|
19
19
  gem.required_ruby_version = '>= 1.9.3'
20
20
 
21
21
  gem.add_dependency 'activesupport', '>= 4', '< 6'
22
- gem.add_dependency "active-fedora", '>= 10.0.0'
23
- gem.add_dependency "blacklight", '>= 5.16'
24
- gem.add_dependency "blacklight-access_controls", '~> 0.6.0'
22
+ gem.add_dependency "active-fedora", '~> 12.0'
25
23
  gem.add_dependency 'cancancan', '~> 1.8'
26
24
  gem.add_dependency 'deprecation', '~> 1.0'
25
+ gem.add_dependency "blacklight", '>= 5.16'
26
+ gem.add_dependency "blacklight-access_controls", '~> 0.7.0.rc1'
27
27
 
28
28
  gem.add_development_dependency "rake", '~> 10.1'
29
29
  gem.add_development_dependency 'rspec', '~> 3.1'
data/lib/active_fedora/accessible_by.rb CHANGED
@@ -1,8 +1,5 @@
1
1
  ActiveFedora::QueryMethods.module_eval do
2
2
  extend ActiveSupport::Concern
3
- included do
4
- include Hydra::AccessControlsEnforcement
5
- end
6
3
 
7
4
  def accessible_by(ability, action = :index)
8
5
  permission_types = case action
@@ -14,6 +11,15 @@ ActiveFedora::QueryMethods.module_eval do
14
11
  filters = gated_discovery_filters(permission_types, ability).join(" OR ")
15
12
  spawn.where!(filters)
16
13
  end
14
+
15
+ private
16
+
17
+ def gated_discovery_filters(types, ability)
18
+ search_builder = Hydra::AccessControls::SearchBuilder.new(self,
19
+ ability: ability,
20
+ permission_types: types)
21
+ search_builder.send(:gated_discovery_filters)
22
+ end
17
23
  end
18
24
 
19
25
  ActiveFedora::Querying.module_eval do
data/lib/hydra-access-controls.rb CHANGED
@@ -29,7 +29,12 @@ module Hydra
29
29
  alias :config :configure
30
30
  end
31
31
 
32
- class Engine < Rails::Engine; end
32
+ class Engine < Rails::Engine
33
+ # autoload_paths is only necessary for Rails 3
34
+ config.autoload_paths += %W(
35
+ #{config.root}/app/models/concerns
36
+ )
37
+ end
33
38
 
34
39
  # This error is raised when a user isn't allowed to access a given controller action.
35
40
  # This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
@@ -38,11 +43,3 @@ module Hydra
38
43
  end
39
44
 
40
45
  require 'active_fedora/accessible_by'
41
-
42
- # While we support ActiveFedora 10 and 11, alias ActiveFedora::Indexing and
43
- # ActiveFedora::Indexing::Inserter to Solrizer
44
- require 'active_fedora/version'
45
- if ActiveFedora.version.split('.').first.to_i < 12
46
- ActiveFedora::Indexing::Inserter = Solrizer
47
- ActiveFedora::Indexing::Descriptor = Solrizer::Descriptor
48
- end
data/lib/hydra/access_controls_enforcement.rb CHANGED
@@ -2,6 +2,12 @@ module Hydra::AccessControlsEnforcement
2
2
  extend ActiveSupport::Concern
3
3
  include Blacklight::AccessControls::Enforcement
4
4
 
5
+ included do
6
+ Deprecation.warn(self, 'Hydra::AccessControlsEnforcement is deprecated ' \
7
+ 'and will be removed in version 11. Use ' \
8
+ 'Hydra::AccessControls::SearchBuilder instead.')
9
+ end
10
+
5
11
  protected
6
12
 
7
13
  def under_embargo?
data/lib/hydra/policy_aware_access_controls_enforcement.rb CHANGED
@@ -1,5 +1,11 @@
1
1
  # Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
2
2
  module Hydra::PolicyAwareAccessControlsEnforcement
3
+ extend ActiveSupport::Concern
4
+ included do
5
+ Deprecation.warn(self, 'Hydra::PolicyAwareAccessControlsEnforcement is deprecated ' \
6
+ 'and will be removed in version 11. Use ' \
7
+ 'Hydra::AccessControls::PolicyAwareSearchBuilder instead.')
8
+ end
3
9
 
4
10
  # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access.
5
11
  # Appends the result of policy_clauses into the :fq
data/spec/factories.rb CHANGED
@@ -11,52 +11,52 @@ FactoryBot.define do
11
11
  end
12
12
 
13
13
  factory :archivist, :parent=>:user do |u|
14
- uid { 'archivist1' }
15
- password { 'archivist1' }
14
+ uid 'archivist1'
15
+ password 'archivist1'
16
16
  end
17
17
  factory :registered_user, :parent=>:user do |u|
18
- uid { 'registered_user' }
19
- password { 'registered_user' }
18
+ uid 'registered_user'
19
+ password 'registered_user'
20
20
  end
21
21
  factory :staff, :parent=>:user do |u|
22
- uid { 'staff1' }
23
- password { 'staff1' }
22
+ uid 'staff1'
23
+ password 'staff1'
24
24
  end
25
25
  factory :student, :parent=>:user do |u|
26
- uid { 'student1' }
27
- password { 'student1' }
26
+ uid 'student1'
27
+ password 'student1'
28
28
  end
29
29
  factory :joe_creator, :parent=>:user do |u|
30
- uid { 'joe_creator' }
31
- password { 'joe_creator' }
30
+ uid 'joe_creator'
31
+ password 'joe_creator'
32
32
  end
33
33
  factory :martia_morocco, :parent=>:user do |u|
34
- uid { 'martia_morocco' }
35
- password { 'martia_morocco' }
34
+ uid 'martia_morocco'
35
+ password 'martia_morocco'
36
36
  end
37
37
  factory :ira_instructor, :parent=>:user do |u|
38
- uid { 'ira_instructor' }
39
- password { 'ira_instructor' }
38
+ uid 'ira_instructor'
39
+ password 'ira_instructor'
40
40
  end
41
41
  factory :calvin_collaborator, :parent=>:user do |u|
42
- uid { 'calvin_collaborator' }
43
- password { 'calvin_collaborator' }
42
+ uid 'calvin_collaborator'
43
+ password 'calvin_collaborator'
44
44
  end
45
45
  factory :sara_student, :parent=>:user do |u|
46
- uid { 'sara_student' }
47
- password { 'sara_student' }
46
+ uid 'sara_student'
47
+ password 'sara_student'
48
48
  end
49
49
  factory :louis_librarian, :parent=>:user do |u|
50
- uid { 'louis_librarian' }
51
- password { 'louis_librarian' }
50
+ uid 'louis_librarian'
51
+ password 'louis_librarian'
52
52
  end
53
53
  factory :carol_curator, :parent=>:user do |u|
54
- uid { 'carol_curator' }
55
- password { 'carol_curator' }
54
+ uid 'carol_curator'
55
+ password 'carol_curator'
56
56
  end
57
57
  factory :alice_admin, :parent=>:user do |u|
58
- uid { 'alice_admin' }
59
- password { 'alice_admin' }
58
+ uid 'alice_admin'
59
+ password 'alice_admin'
60
60
  end
61
61
 
62
62
  #
@@ -70,23 +70,23 @@ FactoryBot.define do
70
70
  end
71
71
 
72
72
  factory :default_access_asset, :parent=>:asset do |a|
73
- permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
73
+ permissions_attributes [{ name: "joe_creator", access: "edit", type: "person" }]
74
74
  end
75
75
 
76
76
  factory :dept_access_asset, :parent=>:asset do |a|
77
- permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
77
+ permissions_attributes [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
78
78
  end
79
79
 
80
80
  factory :group_edit_asset, :parent=>:asset do |a|
81
- permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
81
+ permissions_attributes [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
82
82
  end
83
83
 
84
84
  factory :org_read_access_asset, :parent=>:asset do |a|
85
- permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
85
+ permissions_attributes [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
86
86
  end
87
87
 
88
88
  factory :open_access_asset, :parent=>:asset do |a|
89
- permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
89
+ permissions_attributes [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
90
90
  end
91
91
 
92
92
  end
data/spec/services/embargo_service_spec.rb CHANGED
@@ -29,6 +29,7 @@ describe Hydra::EmbargoService do
29
29
 
30
30
  describe "#assets_under_embargo" do
31
31
  it "returns all assets with embargo release date set" do
32
+ result = subject.assets_under_embargo
32
33
  returned_ids = subject.assets_under_embargo.map {|a| a.id}
33
34
  expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id, work_with_embargo_in_effect.id
34
35
  expect(returned_ids).to_not include work_without_embargo.id
data/spec/spec_helper.rb CHANGED
@@ -11,22 +11,12 @@ Hydra::Engine.config.autoload_paths.each { |path| $LOAD_PATH.unshift path }
11
11
 
12
12
  require 'byebug' unless ENV['CI']
13
13
 
14
- def coverage_needed?
15
- ENV['COVERAGE'] || ENV['CI']
16
- end
17
-
18
- if RUBY_VERSION =~ /^1.9/ && coverage_needed?
14
+ if ENV['COVERAGE'] and RUBY_VERSION =~ /^1.9/
19
15
  require 'simplecov'
20
- require 'coveralls'
16
+ require 'simplecov-rcov'
21
17
 
22
- SimpleCov.root(File.expand_path('../../../', __FILE__))
23
- SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
24
- [
25
- SimpleCov::Formatter::HTMLFormatter,
26
- Coveralls::SimpleCov::Formatter
27
- ]
28
- )
29
- SimpleCov.start('rails')
18
+ SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
19
+ SimpleCov.start
30
20
  end
31
21
 
32
22
  # Since we're not doing a Rails Engine test, we have to load these classes manually:
@@ -62,3 +52,4 @@ RSpec.configure do |config|
62
52
  ActiveFedora::Cleaner.clean!
63
53
  end
64
54
  end
55
+
data/spec/support/user.rb CHANGED
@@ -5,7 +5,7 @@ class User
5
5
  attr_accessor :uid
6
6
 
7
7
  def initialize(params={})
8
- self.uid = params.delete(:uid) if params && params[:uid]
8
+ self.uid = params.delete(:uid) if params[:uid]
9
9
  super
10
10
  end
11
11
 
data/spec/unit/permissions_spec.rb CHANGED
@@ -28,8 +28,9 @@ describe Hydra::AccessControls::Permissions do
28
28
  end
29
29
 
30
30
  describe "building a new permission" do
31
+ before { subject.save! }
32
+
31
33
  it "sets the accessTo association" do
32
- subject.save!
33
34
  perm = subject.permissions.build(name: 'user1', type: 'person', access: 'read')
34
35
  expect(perm.access_to_id).to eq subject.id
35
36
  end
@@ -37,13 +38,9 @@ describe Hydra::AccessControls::Permissions do
37
38
  it "autosaves the permissions" do
38
39
  subject.permissions.build(name: 'user1', type: 'person', access: 'read')
39
40
  subject.save!
41
+ subject.reload
40
42
  foo = Foo.find(subject.id)
41
-
42
- expect(foo.permissions)
43
- .to contain_exactly(have_attributes(access: 'read',
44
- access_to_id: subject.id,
45
- agent_name: 'user1',
46
- type: 'person'))
43
+ expect(foo.permissions.to_a).not_to eq []
47
44
  end
48
45
  end
49
46
 
data/spec/unit/policy_aware_access_controls_enforcement_spec.rb CHANGED
@@ -6,8 +6,10 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
6
6
 
7
7
  class PolicyMockSearchBuilder < Blacklight::SearchBuilder
8
8
  include Blacklight::Solr::SearchBuilderBehavior
9
- include Hydra::AccessControlsEnforcement
10
- include Hydra::PolicyAwareAccessControlsEnforcement
9
+ Deprecation.silence(PolicyMockSearchBuilder) do
10
+ include Hydra::AccessControlsEnforcement
11
+ include Hydra::PolicyAwareAccessControlsEnforcement
12
+ end
11
13
  attr_accessor :params
12
14
 
13
15
  def initialize(current_ability)
@@ -134,15 +136,14 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
134
136
 
135
137
  context "when policies are included" do
136
138
  before { subject.apply_gated_discovery(@solr_parameters) }
137
-
139
+
138
140
  it "builds a query that includes all the policies" do
139
- skip if ActiveFedora.version.split('.').first.to_i < 11
140
141
  (1..11).each do |p|
141
142
  expect(policy_queries).to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
142
143
  end
143
144
  end
144
145
  end
145
-
146
+
146
147
  context "when policies are not included" do
147
148
  before do
148
149
  allow(subject).to receive(:policy_clauses).and_return(nil)
data/tasks/hydra-access-controls.rake CHANGED
@@ -6,7 +6,7 @@ namespace "hydra-access" do
6
6
  fcrepo_params = { port: 8986, verbose: true, managed: true,
7
7
  no_jms: true, fcrepo_home_dir: 'fcrepo4-test-data' }
8
8
  SolrWrapper.wrap(solr_params) do |solr|
9
- solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "conf")) do
9
+ solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "config")) do
10
10
  FcrepoWrapper.wrap(fcrepo_params) do
11
11
  Rake::Task['spec'].invoke
12
12
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 10.7.0
4
+ version: 11.0.0.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2019-08-21 00:00:00.000000000 Z
13
+ date: 2018-01-17 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport
@@ -36,72 +36,72 @@ dependencies:
36
36
  name: active-fedora
37
37
  requirement: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - ">="
39
+ - - "~>"
40
40
  - !ruby/object:Gem::Version
41
- version: 10.0.0
41
+ version: '12.0'
42
42
  type: :runtime
43
43
  prerelease: false
44
44
  version_requirements: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - ">="
46
+ - - "~>"
47
47
  - !ruby/object:Gem::Version
48
- version: 10.0.0
48
+ version: '12.0'
49
49
  - !ruby/object:Gem::Dependency
50
- name: blacklight
50
+ name: cancancan
51
51
  requirement: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - ">="
53
+ - - "~>"
54
54
  - !ruby/object:Gem::Version
55
- version: '5.16'
55
+ version: '1.8'
56
56
  type: :runtime
57
57
  prerelease: false
58
58
  version_requirements: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - ">="
60
+ - - "~>"
61
61
  - !ruby/object:Gem::Version
62
- version: '5.16'
62
+ version: '1.8'
63
63
  - !ruby/object:Gem::Dependency
64
- name: blacklight-access_controls
64
+ name: deprecation
65
65
  requirement: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - "~>"
68
68
  - !ruby/object:Gem::Version
69
- version: 0.6.0
69
+ version: '1.0'
70
70
  type: :runtime
71
71
  prerelease: false
72
72
  version_requirements: !ruby/object:Gem::Requirement
73
73
  requirements:
74
74
  - - "~>"
75
75
  - !ruby/object:Gem::Version
76
- version: 0.6.0
76
+ version: '1.0'
77
77
  - !ruby/object:Gem::Dependency
78
- name: cancancan
78
+ name: blacklight
79
79
  requirement: !ruby/object:Gem::Requirement
80
80
  requirements:
81
- - - "~>"
81
+ - - ">="
82
82
  - !ruby/object:Gem::Version
83
- version: '1.8'
83
+ version: '5.16'
84
84
  type: :runtime
85
85
  prerelease: false
86
86
  version_requirements: !ruby/object:Gem::Requirement
87
87
  requirements:
88
- - - "~>"
88
+ - - ">="
89
89
  - !ruby/object:Gem::Version
90
- version: '1.8'
90
+ version: '5.16'
91
91
  - !ruby/object:Gem::Dependency
92
- name: deprecation
92
+ name: blacklight-access_controls
93
93
  requirement: !ruby/object:Gem::Requirement
94
94
  requirements:
95
95
  - - "~>"
96
96
  - !ruby/object:Gem::Version
97
- version: '1.0'
97
+ version: 0.7.0.rc1
98
98
  type: :runtime
99
99
  prerelease: false
100
100
  version_requirements: !ruby/object:Gem::Requirement
101
101
  requirements:
102
102
  - - "~>"
103
103
  - !ruby/object:Gem::Version
104
- version: '1.0'
104
+ version: 0.7.0.rc1
105
105
  - !ruby/object:Gem::Dependency
106
106
  name: rake
107
107
  requirement: !ruby/object:Gem::Requirement
@@ -160,6 +160,8 @@ files:
160
160
  - app/models/hydra/access_controls/permission.rb
161
161
  - app/models/hydra/permissions_solr_document.rb
162
162
  - app/models/role_mapper.rb
163
+ - app/search_builders/hydra/access_controls/policy_aware_search_builder.rb
164
+ - app/search_builders/hydra/access_controls/search_builder.rb
163
165
  - app/services/hydra/embargo_service.rb
164
166
  - app/services/hydra/lease_service.rb
165
167
  - app/validators/hydra/future_date_validator.rb
@@ -211,7 +213,7 @@ files:
211
213
  - spec/unit/with_depositor_spec.rb
212
214
  - spec/validators/future_date_validator_spec.rb
213
215
  - tasks/hydra-access-controls.rake
214
- homepage: https://github.com/samvera/hydra-head/tree/master/hydra-access-controls
216
+ homepage: http://projecthydra.org
215
217
  licenses:
216
218
  - APACHE-2.0
217
219
  metadata: {}
@@ -226,11 +228,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
226
228
  version: 1.9.3
227
229
  required_rubygems_version: !ruby/object:Gem::Requirement
228
230
  requirements:
229
- - - ">="
231
+ - - ">"
230
232
  - !ruby/object:Gem::Version
231
- version: '0'
233
+ version: 1.3.1
232
234
  requirements: []
233
- rubygems_version: 3.0.1
235
+ rubyforge_project:
236
+ rubygems_version: 2.7.1
234
237
  signing_key:
235
238
  specification_version: 4
236
239
  summary: Access controls for project hydra