hydra-access-controls 11.0.7 → 12.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/models/concerns/hydra/access_controls/embargoable.rb +2 -2
- data/app/models/concerns/hydra/access_controls/visibility.rb +17 -6
- data/app/models/hydra/access_controls/permission.rb +2 -12
- data/hydra-access-controls.gemspec +7 -8
- data/lib/active_fedora/accessible_by.rb +2 -4
- data/lib/hydra-access-controls.rb +7 -1
- data/lib/hydra/ability.rb +0 -1
- data/lib/hydra/access_controls_enforcement.rb +16 -0
- data/spec/factories/objects.rb +34 -0
- data/spec/{factories.rb → factories/user.rb} +0 -32
- data/spec/spec_helper.rb +2 -1
- data/spec/unit/embargoable_spec.rb +5 -13
- data/spec/unit/permission_spec.rb +6 -18
- data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +6 -19
- data/spec/unit/visibility_spec.rb +25 -0
- metadata +28 -34
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 399d12c5e3bbaf7a4f7f89b834803ba68bfa9f6a28d6e8ee95c0cb3d6a1d745b
|
|
4
|
+
data.tar.gz: ed68661ab7b6182930000473102723a6ad0e6f82c9fe671aac7c2f03a3597fd4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d0c2cf3c21d32ae7b5cf3aeb72116603cd614340f3409b9b69aaff4d8a09760bf18f01164775cd2ff628d522b53e8e8b530c6ea82159003e53dd107d48bfe109
|
|
7
|
+
data.tar.gz: bd228f09270e9a1b08c315db330413f42e530a1e6964e324ef56f86e504758ee7964edfca8a8504e09627e32d32127967e426b9c69699c968f25465d81e12449
|
|
@@ -5,8 +5,8 @@ module Hydra
|
|
|
5
5
|
include Hydra::AccessControls::WithAccessRight
|
|
6
6
|
|
|
7
7
|
included do
|
|
8
|
-
validates :lease_expiration_date, :'hydra/future_date' => true, if: :enforce_future_date_for_lease
|
|
9
|
-
validates :embargo_release_date, :'hydra/future_date' => true, if: :enforce_future_date_for_embargo
|
|
8
|
+
validates :lease_expiration_date, :'hydra/future_date' => true, if: :enforce_future_date_for_lease?
|
|
9
|
+
validates :embargo_release_date, :'hydra/future_date' => true, if: :enforce_future_date_for_embargo?
|
|
10
10
|
|
|
11
11
|
belongs_to :embargo, predicate: Hydra::ACL.hasEmbargo, class_name: 'Hydra::AccessControls::Embargo', autosave: true
|
|
12
12
|
belongs_to :lease, predicate: Hydra::ACL.hasLease, class_name: 'Hydra::AccessControls::Lease', autosave: true
|
|
@@ -2,6 +2,14 @@ module Hydra::AccessControls
|
|
|
2
2
|
module Visibility
|
|
3
3
|
extend ActiveSupport::Concern
|
|
4
4
|
|
|
5
|
+
included do
|
|
6
|
+
# ActiveModel::Dirty requires defining the attribute method
|
|
7
|
+
# @see https://api.rubyonrails.org/classes/ActiveModel/Dirty.html
|
|
8
|
+
define_attribute_methods :visibility
|
|
9
|
+
# instance variable needs to be initialized here based upon what is in read_groups
|
|
10
|
+
after_initialize { @visibility = visibility }
|
|
11
|
+
end
|
|
12
|
+
|
|
5
13
|
def visibility=(value)
|
|
6
14
|
return if value.nil?
|
|
7
15
|
# only set explicit permissions
|
|
@@ -15,6 +23,7 @@ module Hydra::AccessControls
|
|
|
15
23
|
else
|
|
16
24
|
raise ArgumentError, "Invalid visibility: #{value.inspect}"
|
|
17
25
|
end
|
|
26
|
+
@visibility = value
|
|
18
27
|
end
|
|
19
28
|
|
|
20
29
|
def visibility
|
|
@@ -27,8 +36,14 @@ module Hydra::AccessControls
|
|
|
27
36
|
end
|
|
28
37
|
end
|
|
29
38
|
|
|
30
|
-
|
|
31
|
-
|
|
39
|
+
# Overridden for ActiveModel::Dirty tracking of visibility
|
|
40
|
+
# Required by ActiveModel::AttributeMethods
|
|
41
|
+
# @see https://api.rubyonrails.org/classes/ActiveModel/AttributeMethods.html
|
|
42
|
+
# An instance variable is used to avoid infinite recursion caused by calling #visibility
|
|
43
|
+
# Using this approach requires setting visibility read groups through #visibility=
|
|
44
|
+
# instead of manipulating them directly if #visibility_changed? is expected to work correctly.
|
|
45
|
+
def attributes
|
|
46
|
+
super.merge({ 'visibility' => @visibility })
|
|
32
47
|
end
|
|
33
48
|
|
|
34
49
|
private
|
|
@@ -41,10 +56,6 @@ module Hydra::AccessControls
|
|
|
41
56
|
AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]
|
|
42
57
|
end
|
|
43
58
|
|
|
44
|
-
def visibility_will_change!
|
|
45
|
-
@visibility_will_change = true
|
|
46
|
-
end
|
|
47
|
-
|
|
48
59
|
def public_visibility!
|
|
49
60
|
visibility_will_change! unless visibility == AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
|
50
61
|
remove_groups = represented_visibility - [AccessRight::PERMISSION_TEXT_VALUE_PUBLIC]
|
|
@@ -41,7 +41,7 @@ module Hydra::AccessControls
|
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def agent_name
|
|
44
|
-
decode(parsed_agent.last)
|
|
44
|
+
URI.decode(parsed_agent.last)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def update(*)
|
|
@@ -80,7 +80,7 @@ module Hydra::AccessControls
|
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
def build_agent_resource(prefix, name)
|
|
83
|
-
[Agent.new(::RDF::URI.new("#{prefix}##{encode(name)}"))]
|
|
83
|
+
[Agent.new(::RDF::URI.new("#{prefix}##{URI.encode(name)}"))]
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
def build_access(access)
|
|
@@ -96,15 +96,5 @@ module Hydra::AccessControls
|
|
|
96
96
|
raise ArgumentError, "Unknown access #{access.inspect}"
|
|
97
97
|
end
|
|
98
98
|
end
|
|
99
|
-
|
|
100
|
-
private
|
|
101
|
-
|
|
102
|
-
def encode(str)
|
|
103
|
-
URI::RFC2396_Parser.new.escape(str)
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
def decode(str)
|
|
107
|
-
URI::RFC2396_Parser.new.unescape(str)
|
|
108
|
-
end
|
|
109
99
|
end
|
|
110
100
|
end
|
|
@@ -16,15 +16,14 @@ Gem::Specification.new do |gem|
|
|
|
16
16
|
gem.version = version
|
|
17
17
|
gem.license = "APACHE-2.0"
|
|
18
18
|
|
|
19
|
-
gem.required_ruby_version = '>=
|
|
19
|
+
gem.required_ruby_version = '>= 2.4'
|
|
20
20
|
|
|
21
|
-
gem.add_dependency 'activesupport', '>=
|
|
22
|
-
gem.add_dependency
|
|
23
|
-
gem.add_dependency
|
|
24
|
-
gem.add_dependency
|
|
25
|
-
gem.add_dependency 'cancancan', '~> 1.8'
|
|
21
|
+
gem.add_dependency 'activesupport', '>= 5.2', '< 7'
|
|
22
|
+
gem.add_dependency 'active-fedora', '>= 10.0.0'
|
|
23
|
+
gem.add_dependency 'blacklight-access_controls', '~> 6.0'
|
|
24
|
+
gem.add_dependency 'cancancan', '>= 1.8', '< 4'
|
|
26
25
|
gem.add_dependency 'deprecation', '~> 1.0'
|
|
27
26
|
|
|
28
|
-
gem.add_development_dependency
|
|
29
|
-
gem.add_development_dependency 'rspec', '~>
|
|
27
|
+
gem.add_development_dependency 'rake', '>= 12.3.3'
|
|
28
|
+
gem.add_development_dependency 'rspec', '~> 4.0'
|
|
30
29
|
end
|
|
@@ -1,8 +1,5 @@
|
|
|
1
1
|
ActiveFedora::QueryMethods.module_eval do
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
|
-
included do
|
|
4
|
-
include Hydra::AccessControlsEnforcement
|
|
5
|
-
end
|
|
6
3
|
|
|
7
4
|
def accessible_by(ability, action = :index)
|
|
8
5
|
permission_types = case action
|
|
@@ -11,7 +8,8 @@ ActiveFedora::QueryMethods.module_eval do
|
|
|
11
8
|
when :update, :edit, :create, :new, :destroy then [:edit]
|
|
12
9
|
end
|
|
13
10
|
|
|
14
|
-
|
|
11
|
+
builder = Hydra::SearchBuilder.new(nil).with_ability(ability).with_discovery_permissions(permission_types)
|
|
12
|
+
filters = builder.send(:gated_discovery_filters).join(" OR ")
|
|
15
13
|
spawn.where!(filters)
|
|
16
14
|
end
|
|
17
15
|
end
|
|
@@ -29,7 +29,13 @@ module Hydra
|
|
|
29
29
|
alias :config :configure
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
class Engine < Rails::Engine
|
|
32
|
+
class Engine < Rails::Engine
|
|
33
|
+
config.before_configuration do
|
|
34
|
+
ActiveSupport::Inflector.inflections(:en) do |inflect|
|
|
35
|
+
inflect.acronym 'ACL'
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
33
39
|
|
|
34
40
|
# This error is raised when a user isn't allowed to access a given controller action.
|
|
35
41
|
# This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
|
data/lib/hydra/ability.rb
CHANGED
|
@@ -12,7 +12,6 @@ module Hydra
|
|
|
12
12
|
|
|
13
13
|
included do
|
|
14
14
|
include Hydra::PermissionsQuery
|
|
15
|
-
include Blacklight::SearchHelper
|
|
16
15
|
|
|
17
16
|
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :discover_permissions, :download_permissions, :custom_permissions]
|
|
18
17
|
end
|
|
@@ -2,6 +2,22 @@ module Hydra::AccessControlsEnforcement
|
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
3
|
include Blacklight::AccessControls::Enforcement
|
|
4
4
|
|
|
5
|
+
def current_ability
|
|
6
|
+
@current_ability || (scope.current_ability if scope&.respond_to?(:current_ability))
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def with_ability(ability)
|
|
10
|
+
params_will_change!
|
|
11
|
+
@current_ability = ability
|
|
12
|
+
self
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def with_discovery_permissions(permissions)
|
|
16
|
+
params_will_change!
|
|
17
|
+
@discovery_permissions = Array(permissions)
|
|
18
|
+
self
|
|
19
|
+
end
|
|
20
|
+
|
|
5
21
|
protected
|
|
6
22
|
|
|
7
23
|
def under_embargo?
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
FactoryBot.define do
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Repository Objects
|
|
5
|
+
#
|
|
6
|
+
|
|
7
|
+
factory :asset, :class => ModsAsset do |o|
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
factory :admin_policy, :class => Hydra::AdminPolicy do |o|
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
factory :default_access_asset, :parent=>:asset do |a|
|
|
14
|
+
permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
factory :dept_access_asset, :parent=>:asset do |a|
|
|
18
|
+
permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
factory :group_edit_asset, :parent=>:asset do |a|
|
|
22
|
+
permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
factory :org_read_access_asset, :parent=>:asset do |a|
|
|
26
|
+
permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
factory :open_access_asset, :parent=>:asset do |a|
|
|
30
|
+
permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
FactoryBot.define do
|
|
2
2
|
|
|
3
3
|
# Users
|
|
4
|
-
|
|
5
4
|
# Prototype user factory
|
|
6
5
|
factory :user, :aliases => [:owner] do |u|
|
|
7
6
|
sequence :uid do |n|
|
|
@@ -58,36 +57,5 @@ FactoryBot.define do
|
|
|
58
57
|
uid { 'alice_admin' }
|
|
59
58
|
password { 'alice_admin' }
|
|
60
59
|
end
|
|
61
|
-
|
|
62
|
-
#
|
|
63
|
-
# Repository Objects
|
|
64
|
-
#
|
|
65
|
-
|
|
66
|
-
factory :asset, :class => ModsAsset do |o|
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
factory :admin_policy, :class => Hydra::AdminPolicy do |o|
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
factory :default_access_asset, :parent=>:asset do |a|
|
|
73
|
-
permissions_attributes { [{ name: "joe_creator", access: "edit", type: "person" }] }
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
factory :dept_access_asset, :parent=>:asset do |a|
|
|
77
|
-
permissions_attributes { [{ name: "africana-faculty", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }] }
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
factory :group_edit_asset, :parent=>:asset do |a|
|
|
81
|
-
permissions_attributes { [{ name:"africana-faculty", access: "edit", type: "group" }, {name: "calvin_collaborator", access: "edit", type: "person"}] }
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
factory :org_read_access_asset, :parent=>:asset do |a|
|
|
85
|
-
permissions_attributes { [{ name: "registered", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
factory :open_access_asset, :parent=>:asset do |a|
|
|
89
|
-
permissions_attributes { [{ name: "public", access: "read", type: "group" }, { name: "joe_creator", access: "edit", type: "person" }, { name: "calvin_collaborator", access: "edit", type: "person" }] }
|
|
90
|
-
end
|
|
91
|
-
|
|
92
60
|
end
|
|
93
61
|
|
data/spec/spec_helper.rb
CHANGED
|
@@ -48,7 +48,8 @@ require "support/user"
|
|
|
48
48
|
require "factory_bot"
|
|
49
49
|
require 'rspec/mocks'
|
|
50
50
|
require 'rspec/its'
|
|
51
|
-
require
|
|
51
|
+
require 'factories/user'
|
|
52
|
+
require 'factories/objects'
|
|
52
53
|
|
|
53
54
|
# HttpLogger.logger = Logger.new(STDOUT)
|
|
54
55
|
# HttpLogger.ignore = [/localhost:8983\/solr/]
|
|
@@ -83,9 +83,9 @@ describe Hydra::AccessControls::Embargoable do
|
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
describe 'validations' do
|
|
86
|
-
context "with
|
|
86
|
+
context "with dates" do
|
|
87
87
|
subject { ModsAsset.new(lease_expiration_date: past_date, embargo_release_date: past_date) }
|
|
88
|
-
it "validates embargo_release_date and lease_expiration_date
|
|
88
|
+
it "validates embargo_release_date and lease_expiration_date" do
|
|
89
89
|
expect(subject).to_not be_valid
|
|
90
90
|
expect(subject.errors[:lease_expiration_date]).to eq ['Must be a future date']
|
|
91
91
|
expect(subject.errors[:embargo_release_date]).to eq ['Must be a future date']
|
|
@@ -165,11 +165,7 @@ describe Hydra::AccessControls::Embargoable do
|
|
|
165
165
|
context "when the same embargo is applied" do
|
|
166
166
|
before do
|
|
167
167
|
subject.apply_embargo(future_date.to_s)
|
|
168
|
-
|
|
169
|
-
subject.embargo.send(:reset_changes)
|
|
170
|
-
else
|
|
171
|
-
subject.embargo.send(:clear_changes_information)
|
|
172
|
-
end
|
|
168
|
+
subject.embargo.send(:clear_changes_information)
|
|
173
169
|
end
|
|
174
170
|
|
|
175
171
|
it "doesn't call visibility_will_change!" do
|
|
@@ -248,11 +244,7 @@ describe Hydra::AccessControls::Embargoable do
|
|
|
248
244
|
context "when the same lease is applied" do
|
|
249
245
|
before do
|
|
250
246
|
subject.apply_lease(future_date.to_s)
|
|
251
|
-
|
|
252
|
-
subject.lease.send(:reset_changes)
|
|
253
|
-
else
|
|
254
|
-
subject.lease.send(:clear_changes_information)
|
|
255
|
-
end
|
|
247
|
+
subject.lease.send(:clear_changes_information)
|
|
256
248
|
end
|
|
257
249
|
|
|
258
250
|
it "doesn't call visibility_will_change!" do
|
|
@@ -266,7 +258,7 @@ describe Hydra::AccessControls::Embargoable do
|
|
|
266
258
|
before do
|
|
267
259
|
subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
|
268
260
|
# reset the changed log
|
|
269
|
-
subject.send(:
|
|
261
|
+
subject.send(:clear_changes_information)
|
|
270
262
|
end
|
|
271
263
|
|
|
272
264
|
it "applies appropriate embargo_visibility settings" do
|
|
@@ -47,29 +47,17 @@ describe Hydra::AccessControls::Permission do
|
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
describe "URI escaping" do
|
|
50
|
-
let(:
|
|
51
|
-
let(:
|
|
52
|
-
let(:user_permission3) { described_class.new(type: 'person', name: 'john+doe', access: 'read') }
|
|
53
|
-
let(:group_permission) { described_class.new(type: 'group', name: 'hydra devs', access: 'read') }
|
|
54
|
-
let(:group_permission2) { described_class.new(type: 'group', name: 'hydra%20devs', access: 'read') }
|
|
55
|
-
let(:group_permission3) { described_class.new(type: 'group', name: 'hydra+devs', access: 'read') }
|
|
50
|
+
let(:permission) { described_class.new(type: 'person', name: 'john doe', access: 'read') }
|
|
51
|
+
let(:permission2) { described_class.new(type: 'group', name: 'hydra devs', access: 'read') }
|
|
56
52
|
|
|
57
53
|
it "should escape agent when building" do
|
|
58
|
-
expect(
|
|
59
|
-
expect(
|
|
60
|
-
expect(user_permission3.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#john+doe'
|
|
61
|
-
expect(group_permission.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra%20devs'
|
|
62
|
-
expect(group_permission2.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra%2520devs'
|
|
63
|
-
expect(group_permission3.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra+devs'
|
|
54
|
+
expect(permission.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/person#john%20doe'
|
|
55
|
+
expect(permission2.agent.first.rdf_subject.to_s).to eq 'http://projecthydra.org/ns/auth/group#hydra%20devs'
|
|
64
56
|
end
|
|
65
57
|
|
|
66
58
|
it "should unescape agent when parsing" do
|
|
67
|
-
expect(
|
|
68
|
-
expect(
|
|
69
|
-
expect(user_permission3.agent_name).to eq 'john+doe'
|
|
70
|
-
expect(group_permission.agent_name).to eq 'hydra devs'
|
|
71
|
-
expect(group_permission2.agent_name).to eq 'hydra%20devs'
|
|
72
|
-
expect(group_permission3.agent_name).to eq 'hydra+devs'
|
|
59
|
+
expect(permission.agent_name).to eq 'john doe'
|
|
60
|
+
expect(permission2.agent_name).to eq 'hydra devs'
|
|
73
61
|
end
|
|
74
62
|
|
|
75
63
|
context 'with a User instance passed as :name argument' do
|
|
@@ -1,28 +1,15 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
|
-
describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
3
|
+
RSpec.describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
4
4
|
before do
|
|
5
5
|
allow(Devise).to receive(:authentication_keys).and_return(['uid'])
|
|
6
6
|
|
|
7
|
-
class PolicyMockSearchBuilder <
|
|
8
|
-
include Blacklight::Solr::SearchBuilderBehavior
|
|
9
|
-
include Hydra::AccessControlsEnforcement
|
|
7
|
+
class PolicyMockSearchBuilder < Hydra::SearchBuilder
|
|
10
8
|
include Hydra::PolicyAwareAccessControlsEnforcement
|
|
11
|
-
attr_accessor :params
|
|
12
|
-
|
|
13
|
-
def initialize(current_ability)
|
|
14
|
-
@current_ability = current_ability
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def current_ability
|
|
18
|
-
@current_ability
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def session
|
|
22
|
-
end
|
|
23
9
|
|
|
24
10
|
delegate :logger, to: :Rails
|
|
25
11
|
end
|
|
12
|
+
|
|
26
13
|
@sample_policies = []
|
|
27
14
|
# user discover
|
|
28
15
|
policy1 = Hydra::AdminPolicy.create(id: "test-policy1")
|
|
@@ -91,7 +78,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
|
91
78
|
end
|
|
92
79
|
|
|
93
80
|
let(:current_ability) { Ability.new(user) }
|
|
94
|
-
subject { PolicyMockSearchBuilder.new(current_ability) }
|
|
81
|
+
subject { PolicyMockSearchBuilder.new(nil).with_ability(current_ability) }
|
|
95
82
|
let(:user) { FactoryBot.build(:sara_student) }
|
|
96
83
|
|
|
97
84
|
before do
|
|
@@ -134,7 +121,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
|
134
121
|
|
|
135
122
|
context "when policies are included" do
|
|
136
123
|
before { subject.apply_gated_discovery(@solr_parameters) }
|
|
137
|
-
|
|
124
|
+
|
|
138
125
|
it "builds a query that includes all the policies" do
|
|
139
126
|
skip if ActiveFedora.version.split('.').first.to_i < 11
|
|
140
127
|
(1..11).each do |p|
|
|
@@ -142,7 +129,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
|
|
|
142
129
|
end
|
|
143
130
|
end
|
|
144
131
|
end
|
|
145
|
-
|
|
132
|
+
|
|
146
133
|
context "when policies are not included" do
|
|
147
134
|
before do
|
|
148
135
|
allow(subject).to receive(:policy_clauses).and_return(nil)
|
|
@@ -100,4 +100,29 @@ describe Hydra::AccessControls::Visibility do
|
|
|
100
100
|
expect(model.read_groups).to contain_exactly 'public', 'another'
|
|
101
101
|
end
|
|
102
102
|
end
|
|
103
|
+
|
|
104
|
+
context 'dirty tracking' do
|
|
105
|
+
let(:object_class) do
|
|
106
|
+
Class.new(ActiveFedora::Base) do
|
|
107
|
+
include Hydra::AccessControls::Permissions
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
before { stub_const("Foo", object_class) }
|
|
112
|
+
|
|
113
|
+
subject { Foo.new }
|
|
114
|
+
|
|
115
|
+
it 'responds to visibility_changed?' do
|
|
116
|
+
expect(subject).to respond_to(:visibility_changed?)
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
it 'tracks changes' do
|
|
120
|
+
expect(subject.visibility_changed?).to eq false
|
|
121
|
+
subject.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
|
|
122
|
+
expect(subject.visibility_changed?).to eq true
|
|
123
|
+
expect(subject.visibility_changed?(to: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC)).to eq true
|
|
124
|
+
expect(subject.visibility_changed?(from: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE)).to eq true
|
|
125
|
+
expect(subject.visibility_changed?(from: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE, to: Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC)).to eq true
|
|
126
|
+
end
|
|
127
|
+
end
|
|
103
128
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 12.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2020-11-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -18,20 +18,20 @@ dependencies:
|
|
|
18
18
|
requirements:
|
|
19
19
|
- - ">="
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
|
-
version: '
|
|
21
|
+
version: '5.2'
|
|
22
22
|
- - "<"
|
|
23
23
|
- !ruby/object:Gem::Version
|
|
24
|
-
version: '
|
|
24
|
+
version: '7'
|
|
25
25
|
type: :runtime
|
|
26
26
|
prerelease: false
|
|
27
27
|
version_requirements: !ruby/object:Gem::Requirement
|
|
28
28
|
requirements:
|
|
29
29
|
- - ">="
|
|
30
30
|
- !ruby/object:Gem::Version
|
|
31
|
-
version: '
|
|
31
|
+
version: '5.2'
|
|
32
32
|
- - "<"
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version: '
|
|
34
|
+
version: '7'
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: active-fedora
|
|
37
37
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -46,48 +46,40 @@ dependencies:
|
|
|
46
46
|
- - ">="
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
48
|
version: 10.0.0
|
|
49
|
-
- !ruby/object:Gem::Dependency
|
|
50
|
-
name: blacklight
|
|
51
|
-
requirement: !ruby/object:Gem::Requirement
|
|
52
|
-
requirements:
|
|
53
|
-
- - ">="
|
|
54
|
-
- !ruby/object:Gem::Version
|
|
55
|
-
version: '5.16'
|
|
56
|
-
type: :runtime
|
|
57
|
-
prerelease: false
|
|
58
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
59
|
-
requirements:
|
|
60
|
-
- - ">="
|
|
61
|
-
- !ruby/object:Gem::Version
|
|
62
|
-
version: '5.16'
|
|
63
49
|
- !ruby/object:Gem::Dependency
|
|
64
50
|
name: blacklight-access_controls
|
|
65
51
|
requirement: !ruby/object:Gem::Requirement
|
|
66
52
|
requirements:
|
|
67
53
|
- - "~>"
|
|
68
54
|
- !ruby/object:Gem::Version
|
|
69
|
-
version:
|
|
55
|
+
version: '6.0'
|
|
70
56
|
type: :runtime
|
|
71
57
|
prerelease: false
|
|
72
58
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
59
|
requirements:
|
|
74
60
|
- - "~>"
|
|
75
61
|
- !ruby/object:Gem::Version
|
|
76
|
-
version:
|
|
62
|
+
version: '6.0'
|
|
77
63
|
- !ruby/object:Gem::Dependency
|
|
78
64
|
name: cancancan
|
|
79
65
|
requirement: !ruby/object:Gem::Requirement
|
|
80
66
|
requirements:
|
|
81
|
-
- - "
|
|
67
|
+
- - ">="
|
|
82
68
|
- !ruby/object:Gem::Version
|
|
83
69
|
version: '1.8'
|
|
70
|
+
- - "<"
|
|
71
|
+
- !ruby/object:Gem::Version
|
|
72
|
+
version: '4'
|
|
84
73
|
type: :runtime
|
|
85
74
|
prerelease: false
|
|
86
75
|
version_requirements: !ruby/object:Gem::Requirement
|
|
87
76
|
requirements:
|
|
88
|
-
- - "
|
|
77
|
+
- - ">="
|
|
89
78
|
- !ruby/object:Gem::Version
|
|
90
79
|
version: '1.8'
|
|
80
|
+
- - "<"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '4'
|
|
91
83
|
- !ruby/object:Gem::Dependency
|
|
92
84
|
name: deprecation
|
|
93
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,30 +98,30 @@ dependencies:
|
|
|
106
98
|
name: rake
|
|
107
99
|
requirement: !ruby/object:Gem::Requirement
|
|
108
100
|
requirements:
|
|
109
|
-
- - "
|
|
101
|
+
- - ">="
|
|
110
102
|
- !ruby/object:Gem::Version
|
|
111
|
-
version:
|
|
103
|
+
version: 12.3.3
|
|
112
104
|
type: :development
|
|
113
105
|
prerelease: false
|
|
114
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
115
107
|
requirements:
|
|
116
|
-
- - "
|
|
108
|
+
- - ">="
|
|
117
109
|
- !ruby/object:Gem::Version
|
|
118
|
-
version:
|
|
110
|
+
version: 12.3.3
|
|
119
111
|
- !ruby/object:Gem::Dependency
|
|
120
112
|
name: rspec
|
|
121
113
|
requirement: !ruby/object:Gem::Requirement
|
|
122
114
|
requirements:
|
|
123
115
|
- - "~>"
|
|
124
116
|
- !ruby/object:Gem::Version
|
|
125
|
-
version: '
|
|
117
|
+
version: '4.0'
|
|
126
118
|
type: :development
|
|
127
119
|
prerelease: false
|
|
128
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
129
121
|
requirements:
|
|
130
122
|
- - "~>"
|
|
131
123
|
- !ruby/object:Gem::Version
|
|
132
|
-
version: '
|
|
124
|
+
version: '4.0'
|
|
133
125
|
description: Access controls for project hydra
|
|
134
126
|
email:
|
|
135
127
|
- hydra-tech@googlegroups.com
|
|
@@ -182,7 +174,8 @@ files:
|
|
|
182
174
|
- lib/hydra/role_mapper_behavior.rb
|
|
183
175
|
- lib/hydra/shared_spec/group_service_interface.rb
|
|
184
176
|
- lib/hydra/user.rb
|
|
185
|
-
- spec/factories.rb
|
|
177
|
+
- spec/factories/objects.rb
|
|
178
|
+
- spec/factories/user.rb
|
|
186
179
|
- spec/indexers/embargo_indexer_spec.rb
|
|
187
180
|
- spec/indexers/lease_indexer_spec.rb
|
|
188
181
|
- spec/services/embargo_service_spec.rb
|
|
@@ -223,19 +216,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
223
216
|
requirements:
|
|
224
217
|
- - ">="
|
|
225
218
|
- !ruby/object:Gem::Version
|
|
226
|
-
version:
|
|
219
|
+
version: '2.4'
|
|
227
220
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
228
221
|
requirements:
|
|
229
222
|
- - ">="
|
|
230
223
|
- !ruby/object:Gem::Version
|
|
231
224
|
version: '0'
|
|
232
225
|
requirements: []
|
|
233
|
-
rubygems_version: 3.1.
|
|
226
|
+
rubygems_version: 3.1.2
|
|
234
227
|
signing_key:
|
|
235
228
|
specification_version: 4
|
|
236
229
|
summary: Access controls for project hydra
|
|
237
230
|
test_files:
|
|
238
|
-
- spec/factories.rb
|
|
231
|
+
- spec/factories/objects.rb
|
|
232
|
+
- spec/factories/user.rb
|
|
239
233
|
- spec/indexers/embargo_indexer_spec.rb
|
|
240
234
|
- spec/indexers/lease_indexer_spec.rb
|
|
241
235
|
- spec/services/embargo_service_spec.rb
|