hydra-access-controls 5.0.0.pre12 → 5.0.0.pre13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/lib/hydra/access_controls_enforcement.rb +7 -5
  2. data/lib/hydra/policy_aware_access_controls_enforcement.rb +3 -3
  3. data/spec/unit/access_controls_enforcement_spec.rb +20 -8
  4. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +2 -2
  5. metadata +2 -2
data/lib/hydra/access_controls_enforcement.rb CHANGED
@@ -72,7 +72,7 @@ module Hydra::AccessControlsEnforcement
72
72
  end
73
73
  end
74
74
 
75
- private
75
+ protected
76
76
 
77
77
  # If someone hits the show action while their session's viewing_context is in edit mode,
78
78
  # this will redirect them to the edit action.
@@ -106,7 +106,7 @@ module Hydra::AccessControlsEnforcement
106
106
  if @permissions_solr_document["embargo_release_date_dt"]
107
107
  embargo_date = Date.parse(@permissions_solr_document["embargo_release_date_dt"].split(/T/)[0])
108
108
  if embargo_date > Date.parse(Time.now.to_s)
109
- unless current_user && can?(:edit, params[:id])
109
+ unless current_or_guest_user && can?(:edit, params[:id])
110
110
  raise Hydra::AccessDenied.new("This item is under embargo. You do not have sufficient access privileges to read this document.", :edit, params[:id])
111
111
  end
112
112
  end
@@ -201,7 +201,7 @@ module Hydra::AccessControlsEnforcement
201
201
  end
202
202
 
203
203
  # Grant access based on user id & role
204
- unless current_user.nil?
204
+ unless current_or_guest_user.nil?
205
205
  user_access_filters += apply_role_permissions(permission_types)
206
206
  user_access_filters += apply_individual_permissions(permission_types)
207
207
  user_access_filters += apply_superuser_permissions(permission_types)
@@ -224,8 +224,10 @@ module Hydra::AccessControlsEnforcement
224
224
  def apply_individual_permissions(permission_types)
225
225
  # for individual person access
226
226
  user_access_filters = []
227
- permission_types.each do |type|
228
- user_access_filters << "#{type}_access_person_t:#{user_key}"
227
+ if user_key
228
+ permission_types.each do |type|
229
+ user_access_filters << "#{type}_access_person_t:#{user_key}"
230
+ end
229
231
  end
230
232
  user_access_filters
231
233
  end
data/lib/hydra/policy_aware_access_controls_enforcement.rb CHANGED
@@ -12,7 +12,7 @@ module Hydra::PolicyAwareAccessControlsEnforcement
12
12
  end
13
13
  end
14
14
 
15
- # returns solr query for finding all objects whose policies grant discover access to current_user
15
+ # returns solr query for finding all objects whose policies grant discover access to current_or_guest_user
16
16
  def policy_clauses
17
17
  policy_pids = policies_with_access
18
18
  return nil if policy_pids.empty?
@@ -23,10 +23,10 @@ module Hydra::PolicyAwareAccessControlsEnforcement
23
23
  # find all the policies that grant discover/read/edit permissions to this user or any of it's groups
24
24
  def policies_with_access
25
25
  #### TODO -- Memoize this and put it in the session?
26
- return [] unless current_user
26
+ return [] unless current_or_guest_user
27
27
  user_access_filters = []
28
28
  # Grant access based on user id & role
29
- unless current_user.nil?
29
+ unless current_or_guest_user.nil?
30
30
  user_access_filters += apply_policy_role_permissions(discovery_permissions)
31
31
  user_access_filters += apply_policy_individual_permissions(discovery_permissions)
32
32
  end
data/spec/unit/access_controls_enforcement_spec.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  require 'spec_helper'
2
- # Need way to find way to stub current_user and RoleMapper in order to run these tests
2
+ # Need way to find way to stub current_or_guest_user and RoleMapper in order to run these tests
3
3
 
4
4
  describe Hydra::AccessControlsEnforcement do
5
5
  before(:all) do
@@ -8,7 +8,7 @@ describe Hydra::AccessControlsEnforcement do
8
8
  attr_accessor :params
9
9
 
10
10
  def user_key
11
- current_user.user_key
11
+ current_or_guest_user.user_key
12
12
  end
13
13
 
14
14
  def session
@@ -24,7 +24,7 @@ describe Hydra::AccessControlsEnforcement do
24
24
  end
25
25
  context "Given I am not logged in" do
26
26
  before do
27
- subject.stub(:current_user).and_return(User.new)
27
+ subject.stub(:current_or_guest_user).and_return(User.new)
28
28
  subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
29
29
  end
30
30
  it "Then I should be treated as a member of the 'public' group" do
@@ -44,7 +44,7 @@ describe Hydra::AccessControlsEnforcement do
44
44
  User.stub(:find_by_user_key).and_return(@user)
45
45
  # This is a pretty fragile way to stub it...
46
46
  RoleMapper.stub(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
47
- subject.stub(:current_user).and_return(@user)
47
+ subject.stub(:current_or_guest_user).and_return(@user)
48
48
  subject.send(:apply_gated_discovery, @solr_parameters, @user_parameters)
49
49
  end
50
50
  it "Then I should be treated as a member of the 'public' and 'registered' groups" do
@@ -86,7 +86,7 @@ describe Hydra::AccessControlsEnforcement do
86
86
  it "should allow a user w/ edit permissions to view an embargoed object" do
87
87
  user = User.new :uid=>'testuser@example.com'
88
88
  RoleMapper.stub(:roles).with(user.user_key).and_return(["archivist"])
89
- subject.stub(:current_user).and_return(user)
89
+ subject.stub(:current_or_guest_user).and_return(user)
90
90
  subject.should_receive(:can?).with(:edit, nil).and_return(true)
91
91
  subject.stub(:can?).with(:read, nil).and_return(true)
92
92
  subject.instance_variable_set :@permissions_solr_document, SolrDocument.new({"edit_access_person_t"=>["testuser@example.com"], "embargo_release_date_dt"=>(Date.parse(Time.now.to_s)+2).to_s})
@@ -98,7 +98,7 @@ describe Hydra::AccessControlsEnforcement do
98
98
  it "should prevent a user w/o edit permissions from viewing an embargoed object" do
99
99
  user = User.new :uid=>'testuser@example.com'
100
100
  RoleMapper.stub(:roles).with(user.user_key).and_return([])
101
- subject.stub(:current_user).and_return(user)
101
+ subject.stub(:current_or_guest_user).and_return(user)
102
102
  subject.should_receive(:can?).with(:edit, nil).and_return(false)
103
103
  subject.stub(:can?).with(:read, nil).and_return(true)
104
104
  subject.params = {}
@@ -111,7 +111,7 @@ describe Hydra::AccessControlsEnforcement do
111
111
  before(:each) do
112
112
  @stub_user = User.new :uid=>'archivist1@example.com'
113
113
  RoleMapper.stub(:roles).with(@stub_user.user_key).and_return(["archivist","researcher"])
114
- subject.stub(:current_user).and_return(@stub_user)
114
+ subject.stub(:current_or_guest_user).and_return(@stub_user)
115
115
  @solr_parameters = {}
116
116
  @user_parameters = {}
117
117
  end
@@ -133,7 +133,7 @@ describe Hydra::AccessControlsEnforcement do
133
133
  describe "exclude_unwanted_models" do
134
134
  before(:each) do
135
135
  stub_user = User.new :uid=>'archivist1@example.com'
136
- subject.stub(:current_user).and_return(stub_user)
136
+ subject.stub(:current_or_guest_user).and_return(stub_user)
137
137
  @solr_parameters = {}
138
138
  @user_parameters = {}
139
139
  end
@@ -142,6 +142,18 @@ describe Hydra::AccessControlsEnforcement do
142
142
  @solr_parameters[:fq].should include("-has_model_s:\"info:fedora/afmodel:FileAsset\"")
143
143
  end
144
144
  end
145
+
146
+ describe "apply_individual_permissions" do
147
+ describe "when the user is a guest user (user key nil)" do
148
+ before do
149
+ stub_user = User.new
150
+ subject.stub(:current_or_guest_user).and_return(stub_user)
151
+ end
152
+ it "should not create filters" do
153
+ subject.send(:apply_individual_permissions, ["edit","discover","read"]).should == []
154
+ end
155
+ end
156
+ end
145
157
  end
146
158
 
147
159
 
data/spec/unit/policy_aware_access_controls_enforcement_spec.rb CHANGED
@@ -8,7 +8,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
8
8
  attr_accessor :params
9
9
 
10
10
  def user_key
11
- current_user.user_key
11
+ current_or_guest_user.user_key
12
12
  end
13
13
 
14
14
  def session
@@ -71,7 +71,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
71
71
  @user_parameters = {}
72
72
  @user = FactoryGirl.build(:sara_student)
73
73
  RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
74
- subject.stub(:current_user).and_return(@user)
74
+ subject.stub(:current_or_guest_user).and_return(@user)
75
75
  end
76
76
 
77
77
  describe "policies_with_access" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.0.pre12
4
+ version: 5.0.0.pre13
5
5
  prerelease: 6
6
6
  platform: ruby
7
7
  authors:
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2012-11-15 00:00:00.000000000 Z
14
+ date: 2012-11-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: activesupport