hydra-access-controls 11.0.0.rc1 → 11.0.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 61225eacc0eb1ffe2facc00ac42aa082567c42835cb4d5b05f69e2fa0ee6fd37
-  data.tar.gz: 426e99adcb97802d370833f95112b48be577745fc195ceb4fccfed0c97f6276d
+  metadata.gz: c1c375e2d0865e3c30b810323eab035c5ecd19e058417c7bf1c486c360862df5
+  data.tar.gz: 209bdc9997eead2dac861e6c628555c3d1367a47ab2a79485d75d1634641e845
 SHA512:
-  metadata.gz: a3744e8f64c8b98d2a5a2e1d1a7c8b1f941937f2041f8698e11068cc0d934b3d9f227054ce8feacd185b6ec1e8a9c57835684aa868676210f387cbda503165e8
-  data.tar.gz: e5b37637f6fd11f5bc9c1f85ebde7227b93ceb434281437b9a410992ec5abaefb8e648ff945d59c1e8382ea142860d0cfb1f24fffb3bb4e4a20aa4b7952c52fd
+  metadata.gz: cccfdc0d8acf8d16fe0a78f7e953c7f2a9ee5760431ebca7f8c726b223faff8e9faffb89ebeaf77c0f3359f454170a64662b791743fe066915ece9412cdb808f
+  data.tar.gz: 24be0383b71eeac26a4517c49f6a11c4c19595bf8d788278f32f3c62d62cf94523a8bae5fa533a2cb941c9183497bdd701c4661691906c470da2916bf54ebcdf

data/app/models/concerns/hydra/access_controls/permissions.rb

@@ -22,7 +22,7 @@ module Hydra
       end
 
       def permission_delegate
-        (access_control || create_access_control).tap { |d| d.owner = self }
+        (access_control || build_access_control).tap { |d| d.owner = self }
       end
 
       def to_solr(solr_doc = {})

data/app/models/hydra/access_control.rb

@@ -31,11 +31,11 @@ module Hydra
             obj.update(attributes.except(:id, '_destroy'))
           end
         else
-          relationship.create(attributes)
+          relationship.build(attributes)
         end
       end
       # Poison the cache
-      relationship.reset if any_destroyed
+      save! && relationship.reset if any_destroyed
     end
 
     def relationship

data/app/models/role_mapper.rb

@@ -1,8 +1,6 @@
-# RoleMapper This is used by AccessControls::SearchBuilder to get users' Roles
-# (used in access permissions) If you are using something like Shibboleth or
-# LDAP to get users' Roles, you should override this Class.  Your override
-# should include a Module that implements the same behaviors as
-# Hydra::RoleMapperBehavior
+# RoleMapper This is used by AccessControlsEnforcement to get users' Roles (used in access permissions)
+# If you are using something like Shibboleth or LDAP to get users' Roles, you should override this Class.  
+# Your override should include a Module that implements the same behaviors as Hydra::RoleMapperBehavior 
 class RoleMapper
   include Hydra::RoleMapperBehavior
 end

data/app/services/hydra/embargo_service.rb

@@ -14,7 +14,7 @@ module Hydra
       #   (assumes that when lease visibility is applied to assets
       #    whose leases have expired, the lease expiration date will be removed from its metadata)
       def assets_under_embargo
-        ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:*")
+        ActiveFedora::Base.where("#{Hydra.config.permissions.embargo.release_date}:[* TO *]")
       end
 
       # Returns all assets that have had embargoes deactivated in the past.

data/app/services/hydra/lease_service.rb

@@ -10,7 +10,7 @@ module Hydra
       #   (assumes that when lease visibility is applied to assets
       #    whose leases have expired, the lease expiration date will be removed from its metadata)
       def assets_under_lease
-        ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:*")
+        ActiveFedora::Base.where("#{Hydra.config.permissions.lease.expiration_date}:[* TO *]")
       end
 
       # Returns all assets that have had embargoes deactivated in the past.
@@ -20,4 +20,3 @@ module Hydra
     end
   end
 end
-

data/hydra-access-controls.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |gem|
   gem.email         = ["hydra-tech@googlegroups.com"]
   gem.description   = %q{Access controls for project hydra}
   gem.summary       = %q{Access controls for project hydra}
-  gem.homepage      = "http://projecthydra.org"
+  gem.homepage      = "https://github.com/samvera/hydra-head/tree/master/hydra-access-controls"
 
   gem.files         = `git ls-files`.split($\)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -19,11 +19,11 @@ Gem::Specification.new do |gem|
   gem.required_ruby_version = '>= 1.9.3'
 
   gem.add_dependency 'activesupport', '>= 4', '< 6'
-  gem.add_dependency "active-fedora", '~> 12.0'
+  gem.add_dependency "active-fedora", '>= 10.0.0'
+  gem.add_dependency "blacklight", '>= 5.16'
+  gem.add_dependency "blacklight-access_controls", '~> 0.6.0'
   gem.add_dependency 'cancancan', '~> 1.8'
   gem.add_dependency 'deprecation', '~> 1.0'
-  gem.add_dependency "blacklight", '>= 5.16'
-  gem.add_dependency "blacklight-access_controls", '~> 0.7.0.rc1'
 
   gem.add_development_dependency "rake", '~> 10.1'
   gem.add_development_dependency 'rspec', '~> 3.1'

data/lib/active_fedora/accessible_by.rb

@@ -1,5 +1,8 @@
 ActiveFedora::QueryMethods.module_eval do
   extend ActiveSupport::Concern
+  included do
+    include Hydra::AccessControlsEnforcement
+  end
 
   def accessible_by(ability, action = :index)
     permission_types = case action
@@ -11,15 +14,6 @@ ActiveFedora::QueryMethods.module_eval do
     filters = gated_discovery_filters(permission_types, ability).join(" OR ")
     spawn.where!(filters)
   end
-
-  private
-
-    def gated_discovery_filters(types, ability)
-      search_builder = Hydra::AccessControls::SearchBuilder.new(self,
-                                                                ability: ability,
-                                                                permission_types: types)
-      search_builder.send(:gated_discovery_filters)
-    end
 end
 
 ActiveFedora::Querying.module_eval do

data/lib/hydra-access-controls.rb

@@ -29,12 +29,7 @@ module Hydra
     alias :config :configure
   end
 
-  class Engine < Rails::Engine
-    # autoload_paths is only necessary for Rails 3
-    config.autoload_paths += %W(
-      #{config.root}/app/models/concerns
-    )
-  end
+  class Engine < Rails::Engine; end
 
   # This error is raised when a user isn't allowed to access a given controller action.
   # This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
@@ -43,3 +38,11 @@ module Hydra
 end
 
 require 'active_fedora/accessible_by'
+
+# While we support ActiveFedora 10 and 11, alias ActiveFedora::Indexing and
+# ActiveFedora::Indexing::Inserter to Solrizer
+require 'active_fedora/version'
+if ActiveFedora.version.split('.').first.to_i < 12
+  ActiveFedora::Indexing::Inserter   = Solrizer
+  ActiveFedora::Indexing::Descriptor = Solrizer::Descriptor
+end

data/lib/hydra/access_controls_enforcement.rb

@@ -2,12 +2,6 @@ module Hydra::AccessControlsEnforcement
   extend ActiveSupport::Concern
   include Blacklight::AccessControls::Enforcement
 
-  included do
-    Deprecation.warn(self, 'Hydra::AccessControlsEnforcement is deprecated ' \
-      'and will be removed in version 11. Use ' \
-      'Hydra::AccessControls::SearchBuilder instead.')
-  end
-
   protected
 
   def under_embargo?

data/lib/hydra/policy_aware_access_controls_enforcement.rb

@@ -1,11 +1,5 @@
 # Repeats access controls evaluation methods, but checks against a governing "Policy" object (or "Collection" object) that provides inherited access controls.
 module Hydra::PolicyAwareAccessControlsEnforcement
-  extend ActiveSupport::Concern
-  included do
-    Deprecation.warn(self, 'Hydra::PolicyAwareAccessControlsEnforcement is deprecated ' \
-      'and will be removed in version 11. Use ' \
-      'Hydra::AccessControls::PolicyAwareSearchBuilder instead.')
-  end
 
   # Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access.
   # Appends the result of policy_clauses into the :fq

data/spec/factories.rb

@@ -11,52 +11,52 @@ FactoryBot.define do
   end
 
   factory :archivist, :parent=>:user do |u|
-    uid 'archivist1'
-    password 'archivist1'
+    uid { 'archivist1' }
+    password { 'archivist1' }
   end
   factory :registered_user, :parent=>:user do |u|
-    uid 'registered_user'
-    password 'registered_user'
+    uid { 'registered_user' }
+    password { 'registered_user' }
   end
   factory :staff, :parent=>:user do |u|
-    uid 'staff1'
-    password 'staff1'
+    uid { 'staff1' }
+    password { 'staff1' }
   end
   factory :student, :parent=>:user do |u|
-    uid 'student1'
-    password 'student1'
+    uid { 'student1' }
+    password { 'student1' }
   end
   factory :joe_creator, :parent=>:user do |u|
-    uid 'joe_creator'
-    password 'joe_creator'
+    uid { 'joe_creator' }
+    password { 'joe_creator' }
   end
   factory :martia_morocco, :parent=>:user do |u|
-    uid 'martia_morocco'
-    password 'martia_morocco'
+    uid { 'martia_morocco' }
+    password { 'martia_morocco' }
   end
   factory :ira_instructor, :parent=>:user do |u|
-    uid 'ira_instructor'
-    password 'ira_instructor'
+    uid { 'ira_instructor' }
+    password { 'ira_instructor' }
   end
   factory :calvin_collaborator, :parent=>:user do |u|
-    uid 'calvin_collaborator'
-    password 'calvin_collaborator'
+    uid { 'calvin_collaborator' }
+    password { 'calvin_collaborator' }
   end
   factory :sara_student, :parent=>:user do |u|
-    uid 'sara_student'
-    password 'sara_student'
+    uid { 'sara_student' }
+    password { 'sara_student' }
   end
   factory :louis_librarian, :parent=>:user do |u|
-    uid 'louis_librarian'
-    password 'louis_librarian'
+    uid { 'louis_librarian' }
+    password { 'louis_librarian' }
   end
   factory :carol_curator, :parent=>:user do |u|
-    uid 'carol_curator'
-    password 'carol_curator'
+    uid { 'carol_curator' }
+    password { 'carol_curator' }
   end
   factory :alice_admin, :parent=>:user do |u|
-    uid 'alice_admin'
-    password 'alice_admin'
+    uid { 'alice_admin' }
+    password { 'alice_admin' }
   end
 
   #
@@ -70,23 +70,23 @@ FactoryBot.define do
   end
 
   factory :default_access_asset, :parent=>:asset do |a|
-    permissions_attributes [{ name: "joe_creator", access: "edit", type: "person" }]
+    permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
   end
 
   factory :dept_access_asset, :parent=>:asset do |a|
-    permissions_attributes [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }]
+    permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
   end
 
   factory :group_edit_asset, :parent=>:asset do |a|
-    permissions_attributes [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}]
+    permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
   end
 
   factory :org_read_access_asset, :parent=>:asset do |a|
-    permissions_attributes [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
+    permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
   end
 
   factory :open_access_asset, :parent=>:asset do |a|
-    permissions_attributes [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }]
+    permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
   end
 
 end

data/spec/services/embargo_service_spec.rb

@@ -29,7 +29,6 @@ describe Hydra::EmbargoService do
 
   describe "#assets_under_embargo" do
     it "returns all assets with embargo release date set" do
-      result = subject.assets_under_embargo
       returned_ids = subject.assets_under_embargo.map {|a| a.id}
       expect(returned_ids).to include work_with_expired_embargo1.id, work_with_expired_embargo2.id, work_with_embargo_in_effect.id
       expect(returned_ids).to_not include work_without_embargo.id

data/spec/spec_helper.rb

@@ -11,12 +11,22 @@ Hydra::Engine.config.autoload_paths.each { |path| $LOAD_PATH.unshift path }
 
 require 'byebug' unless ENV['CI']
 
-if ENV['COVERAGE'] and RUBY_VERSION =~ /^1.9/
+def coverage_needed?
+  ENV['COVERAGE'] || ENV['CI']
+end
+
+if RUBY_VERSION =~ /^1.9/ && coverage_needed?
   require 'simplecov'
-  require 'simplecov-rcov'
+  require 'coveralls'
 
-  SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
-  SimpleCov.start
+  SimpleCov.root(File.expand_path('../../../', __FILE__))
+  SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
+    [
+      SimpleCov::Formatter::HTMLFormatter,
+      Coveralls::SimpleCov::Formatter
+    ]
+  )
+  SimpleCov.start('rails')
 end
 
 # Since we're not doing a Rails Engine test, we have to load these classes manually:
@@ -52,4 +62,3 @@ RSpec.configure do |config|
     ActiveFedora::Cleaner.clean!
   end
 end
-

data/spec/support/user.rb

@@ -5,7 +5,7 @@ class User
   attr_accessor :uid
 
   def initialize(params={})
-    self.uid = params.delete(:uid) if params[:uid]
+    self.uid = params.delete(:uid) if params && params[:uid]
     super
   end
   

data/spec/unit/accessible_by_spec.rb

@@ -23,7 +23,7 @@ describe "active_fedora/accessible_by" do
 
   describe "#accsesible_by" do
     it "should return objects readable by the ability" do
-      expect(ModsAsset.accessible_by(ability)).to eq [public_obj, editable_obj]
+      expect(ModsAsset.accessible_by(ability)).to contain_exactly(public_obj, editable_obj)
     end
     it "should return object editable by the ability" do
       expect(ModsAsset.accessible_by(ability, :edit)).to eq [editable_obj]

data/spec/unit/permissions_spec.rb

@@ -28,9 +28,8 @@ describe Hydra::AccessControls::Permissions do
   end
 
   describe "building a new permission" do
-    before { subject.save! }
-
     it "sets the accessTo association" do
+      subject.save!
       perm = subject.permissions.build(name: 'user1', type: 'person', access: 'read')
       expect(perm.access_to_id).to eq subject.id
     end
@@ -38,9 +37,13 @@ describe Hydra::AccessControls::Permissions do
     it "autosaves the permissions" do
       subject.permissions.build(name: 'user1', type: 'person', access: 'read')
       subject.save!
-      subject.reload
       foo = Foo.find(subject.id)
-      expect(foo.permissions.to_a).not_to eq []
+
+      expect(foo.permissions)
+        .to contain_exactly(have_attributes(access:       'read',
+                                            access_to_id: subject.id,
+                                            agent_name:   'user1',
+                                            type:         'person'))
     end
   end
 

data/spec/unit/policy_aware_access_controls_enforcement_spec.rb

@@ -6,10 +6,8 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
 
     class PolicyMockSearchBuilder < Blacklight::SearchBuilder
       include Blacklight::Solr::SearchBuilderBehavior
-      Deprecation.silence(PolicyMockSearchBuilder) do
-        include Hydra::AccessControlsEnforcement
-        include Hydra::PolicyAwareAccessControlsEnforcement
-      end
+      include Hydra::AccessControlsEnforcement
+      include Hydra::PolicyAwareAccessControlsEnforcement
       attr_accessor :params
 
       def initialize(current_ability)
@@ -136,14 +134,15 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
 
     context "when policies are included" do
       before { subject.apply_gated_discovery(@solr_parameters) }
-
+      
       it "builds a query that includes all the policies" do
+        skip if ActiveFedora.version.split('.').first.to_i < 11
         (1..11).each do |p|
           expect(policy_queries).to include(/_query_:\"{!raw f=#{governed_field}}test-policy#{p}\"/)
         end
       end
     end
-
+    
     context "when policies are not included" do
       before do
         allow(subject).to receive(:policy_clauses).and_return(nil)

data/tasks/hydra-access-controls.rake

@@ -6,7 +6,7 @@ namespace "hydra-access" do
     fcrepo_params = { port: 8986, verbose: true, managed: true,
                       no_jms: true, fcrepo_home_dir: 'fcrepo4-test-data' }
     SolrWrapper.wrap(solr_params) do |solr|
-      solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "config")) do
+      solr.with_collection(name: 'hydra-test', dir: File.join(File.expand_path("../..", File.dirname(__FILE__)), "solr", "conf")) do
         FcrepoWrapper.wrap(fcrepo_params) do
           Rake::Task['spec'].invoke
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 11.0.0.rc1
+  version: 11.0.0.rc2
 platform: ruby
 authors:
 - Chris Beer
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-17 00:00:00.000000000 Z
+date: 2020-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -36,72 +36,72 @@ dependencies:
   name: active-fedora
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: 10.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: 10.0.0
 - !ruby/object:Gem::Dependency
-  name: cancancan
+  name: blacklight
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '5.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '5.16'
 - !ruby/object:Gem::Dependency
-  name: deprecation
+  name: blacklight-access_controls
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.6.0
 - !ruby/object:Gem::Dependency
-  name: blacklight
+  name: cancancan
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.16'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.16'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
-  name: blacklight-access_controls
+  name: deprecation
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.0.rc1
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.0.rc1
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -160,8 +160,6 @@ files:
 - app/models/hydra/access_controls/permission.rb
 - app/models/hydra/permissions_solr_document.rb
 - app/models/role_mapper.rb
-- app/search_builders/hydra/access_controls/policy_aware_search_builder.rb
-- app/search_builders/hydra/access_controls/search_builder.rb
 - app/services/hydra/embargo_service.rb
 - app/services/hydra/lease_service.rb
 - app/validators/hydra/future_date_validator.rb
@@ -213,7 +211,7 @@ files:
 - spec/unit/with_depositor_spec.rb
 - spec/validators/future_date_validator_spec.rb
 - tasks/hydra-access-controls.rake
-homepage: http://projecthydra.org
+homepage: https://github.com/samvera/hydra-head/tree/master/hydra-access-controls
 licenses:
 - APACHE-2.0
 metadata: {}
@@ -232,8 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.1
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
 summary: Access controls for project hydra

data/app/search_builders/hydra/access_controls/policy_aware_search_builder.rb

@@ -1,97 +0,0 @@
-module Hydra
-  module AccessControls
-    # A SearchBuilder that applies filters that are expressed within policies.
-    # The permissions on the policy are inherited by the objects goverend by the
-    # policy.
-    class PolicyAwareSearchBuilder < Hydra::AccessControls::SearchBuilder
-      # Extends Blacklight::AccessControls::SearchBuilder.apply_gated_discovery
-      # to reflect policy-provided access.
-      # Appends the result of policy_clauses into the :fq
-      # @param [Hash] solr_parameters the current solr parameters, to be
-      #               modified herein!
-      def apply_gated_discovery(solr_parameters)
-        super
-        logger.debug("POLICY-aware Solr parameters: #{solr_parameters.inspect}")
-      end
-
-      # @return [String,nil] solr query for finding all objects whose policies
-      #                      grant discover access to current_user
-      def policy_clauses
-        policy_ids = policies_with_access
-        return nil if policy_ids.empty?
-        clauses = policy_ids.map do |id|
-          ActiveFedora::SolrQueryBuilder
-            .construct_query_for_rel(isGovernedBy: id)
-        end
-        '(' + clauses.join(' OR '.freeze) + ')'
-      end
-
-      # Find all the policies that grant discover/read/edit permissions to this user or any of its groups.
-      # Grant access based on user id & group
-      def policies_with_access
-        #### TODO -- Memoize this and put it in the session?
-        user_access_filters = []
-        user_access_filters += apply_policy_group_permissions(discovery_permissions)
-        user_access_filters += apply_policy_user_permissions(discovery_permissions)
-        where = user_access_filters.join(' OR ')
-        result = policy_class.search_with_conditions(where,
-                                                     fl: 'id',
-                                                     rows: policy_class.count)
-        logger.debug "get policies: #{result}\n\n"
-        result.map { |h| h['id'] }
-      end
-
-      # for groups
-      # @param [Array{String,#to_sym}] permission_types symbols (or equivalent) from Hydra.config.permissions.inheritable
-      def apply_policy_group_permissions(permission_types = discovery_permissions)
-        user_access_filters = []
-        current_ability.user_groups.each do |group|
-          permission_types.each do |type|
-            user_access_filters << escape_filter(Hydra.config.permissions.inheritable[type.to_sym].group, group)
-          end
-        end
-        user_access_filters
-      end
-
-      # for individual user access
-      # @param [Array{String,#to_sym}] permission_types
-      def apply_policy_user_permissions(permission_types = discovery_permissions)
-        user = current_ability.current_user
-        return [] unless user && user.user_key.present?
-        permission_types.map do |type|
-          escape_filter(Hydra.config.permissions.inheritable[type.to_sym].individual, user.user_key)
-        end
-      end
-
-      # Override method from blacklight-access_controls
-      def discovery_permissions
-        @discovery_permissions ||= %w[edit discover read]
-      end
-
-      # Returns the Model used for AdminPolicy objects.
-      # You can set this by overriding this method or setting
-      # Hydra.config[:permissions][:policy_class]
-      # Defults to Hydra::AdminPolicy
-      def policy_class
-        Hydra.config.permissions.policy_class || Hydra::AdminPolicy
-      end
-
-      private
-
-      def gated_discovery_filters
-        filters = super
-        additional_clauses = policy_clauses
-        filters << additional_clauses unless additional_clauses.blank?
-        filters
-      end
-
-      # Find the name of the solr field for this type of permission.
-      # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
-      # Used by blacklight-access_controls gem.
-      def solr_field_for(permission_type, permission_category)
-        permissions = Hydra.config.permissions[permission_type.to_sym]
-        permission_category == 'group' ? permissions.group : permissions.individual
-      end
-    end
-  end
-end

data/app/search_builders/hydra/access_controls/search_builder.rb

@@ -1,13 +0,0 @@
-module Hydra
-  module AccessControls
-    class SearchBuilder < Blacklight::AccessControls::SearchBuilder
-      # Find the name of the solr field for this type of permission.
-      # e.g. "read_access_group_ssim" or "discover_access_person_ssim".
-      # Used by blacklight-access_controls.
-      def solr_field_for(permission_type, permission_category)
-        permissions = Hydra.config.permissions[permission_type.to_sym]
-        permission_category == 'group' ? permissions.group : permissions.individual
-      end
-    end
-  end
-end