hydra-access-controls 6.2.0 → 6.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/hydra/policy_aware_access_controls_enforcement.rb +5 -4
  3. data/spec/unit/policy_aware_access_controls_enforcement_spec.rb +42 -18
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8aa9a9ba62eeb9030329ff121f35ea64ce5833b6
4
- data.tar.gz: 3801bd2b2a23ce8e62a7af0d522b16a7f49f7794
3
+ metadata.gz: 5d7ec1b3adb389dc48bd7289d972644827be5eb2
4
+ data.tar.gz: 9f8137ca800cfa87d14ab4eeebe68d1a55b9280d
5
5
  SHA512:
6
- metadata.gz: 71123bf8489eca05d1eb124a7b815b7e97148cd6bac7e9886dbc1613cba2735312fae40c90129cc297f47032b65fccc896d63d1233c3077ceccbb869a8885197
7
- data.tar.gz: fcea17d03eae35064878aa41691c5d923d65f3765d8175ce16ae207512e5f10a09a8fa2e7916ec168b510566f8e8f3c462e8325a070a4f9a0eeaa8e902a5a1a4
6
+ metadata.gz: cbdbde25b685579b8f9685d65c9f6ef9d84669ff1db988c1ca5eac3a6d66f6a271e9fbf686856de5292c122d0a5538617133591f78c1de4ef4d85ae1918831a6
7
+ data.tar.gz: 37e07d96b2fe872966d00eb2fda3e87c7d7b30be1e664ac23e07a0760cae70bf05303da96eec601b96706141e86494b392502427a497a7e90d5bbb0477d5f631
data/lib/hydra/policy_aware_access_controls_enforcement.rb CHANGED
@@ -23,7 +23,6 @@ module Hydra::PolicyAwareAccessControlsEnforcement
23
23
  # find all the policies that grant discover/read/edit permissions to this user or any of it's groups
24
24
  def policies_with_access
25
25
  #### TODO -- Memoize this and put it in the session?
26
- return [] unless current_user
27
26
  user_access_filters = []
28
27
  # Grant access based on user id & role
29
28
  user_access_filters += apply_policy_role_permissions(discovery_permissions)
@@ -46,12 +45,14 @@ module Hydra::PolicyAwareAccessControlsEnforcement
46
45
  end
47
46
 
48
47
  def apply_policy_individual_permissions(permission_types)
49
- # for individual person access
50
- user_access_filters = []
48
+ # for individual person access
49
+ user_access_filters = []
50
+ if current_user
51
51
  discovery_permissions.each do |type|
52
52
  user_access_filters << ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer ) + ":#{current_user.user_key}"
53
53
  end
54
- user_access_filters
54
+ end
55
+ user_access_filters
55
56
  end
56
57
 
57
58
  # Returns the Model used for AdminPolicy objects.
data/spec/unit/policy_aware_access_controls_enforcement_spec.rb CHANGED
@@ -53,11 +53,23 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
53
53
  policy6.save
54
54
  @sample_policies << policy6
55
55
 
56
- # no access
57
- policy7 = Hydra::AdminPolicy.create(:pid=>"test:policy7")
56
+ # public discover
57
+ policy7 = Hydra::AdminPolicy.create(:pid => "test:policy7")
58
+ policy7.default_permissions = [{:type=>"group", :access=>"discover", :name=>"public"}]
59
+ policy7.save
58
60
  @sample_policies << policy7
59
61
 
60
- @policies_with_access = @sample_policies.select { |p| p.pid != policy7.pid }
62
+ # public read
63
+ policy8 = Hydra::AdminPolicy.create(:pid => "test:policy8")
64
+ policy8.default_permissions = [{:type=>"group", :access=>"read", :name=>"public"}]
65
+ policy8.save
66
+ @sample_policies << policy8
67
+
68
+ # no access
69
+ policy_no_access = Hydra::AdminPolicy.create(:pid=>"test:policy_no_access")
70
+ @sample_policies << policy_no_access
71
+
72
+ @policies_with_access = @sample_policies.select { |p| p.pid != policy_no_access.pid }
61
73
  end
62
74
 
63
75
  after(:all) do
@@ -70,38 +82,50 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
70
82
  @solr_parameters = {}
71
83
  @user_parameters = {}
72
84
  @user = FactoryGirl.build(:sara_student)
73
- RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
74
- subject.stub(:current_user).and_return(@user)
75
85
  end
76
86
 
77
87
  describe "policies_with_access" do
78
- it "should return the policies that provide discover permissions" do
79
- @policies_with_access.map {|p| p.pid }.each do |p|
80
- subject.policies_with_access.should include(p)
88
+ context "Authenticated user" do
89
+ before do
90
+ RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
91
+ subject.stub(:current_user).and_return(@user)
92
+ end
93
+ it "should return the policies that provide discover permissions" do
94
+ @policies_with_access.map {|p| p.pid }.each do |p|
95
+ subject.policies_with_access.should include(p)
96
+ end
97
+ subject.policies_with_access.should_not include("test:policy_no_access")
98
+ end
99
+ it "should allow you to configure which model to use for policies" do
100
+ Hydra.stub(:config).and_return( {:permissions=>{:policy_class => ModsAsset}} )
101
+ ModsAsset.should_receive(:find_with_conditions).and_return([])
102
+ subject.policies_with_access
81
103
  end
82
104
  end
83
- it "should return the policies that provide discover permissions" do
84
- subject.policies_with_access.should_not include("test:policy7")
85
- end
86
- it "should allow you to configure which model to use for policies" do
87
- Hydra.stub(:config).and_return( {:permissions=>{:policy_class => ModsAsset}} )
88
- ModsAsset.should_receive(:find_with_conditions).and_return([])
89
- subject.policies_with_access
105
+ context "Anonymous user" do
106
+ before { subject.stub(:current_user).and_return(nil) }
107
+ it "should return the policies that provide discover permissions" do
108
+ subject.policies_with_access.should == ["test:policy7", "test:policy8"]
109
+ end
90
110
  end
91
111
  end
92
112
 
93
113
  describe "apply_gated_discovery" do
114
+ before do
115
+ RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles)
116
+ subject.stub(:current_user).and_return(@user)
117
+ end
94
118
  it "should include policy-aware query" do
95
119
  # stubbing out policies_with_access because solr doesn't always return them in the same order.
96
- policy_pids = (1..6).map {|n| "test:policy#{n}"}
120
+ policy_pids = (1..8).map {|n| "test:policy#{n}"}
97
121
  subject.should_receive(:policies_with_access).and_return(policy_pids)
98
122
  subject.apply_gated_discovery(@solr_parameters, @user_parameters)
99
- @solr_parameters[:fq].first.should include(" OR (#{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy1 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy2 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy3 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy4 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy5 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy6)")
123
+ @solr_parameters[:fq].first.should include(" OR (#{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy1 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy2 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy3 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy4 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy5 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy6 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy7 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy8)")
100
124
  end
101
125
  it "should not change anything if there are no clauses to add" do
102
126
  subject.stub(:policy_clauses).and_return(nil)
103
127
  subject.apply_gated_discovery(@solr_parameters, @user_parameters)
104
- @solr_parameters[:fq].first.should_not include(" OR (#{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy1 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy2 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy3 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy4 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy5 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy6)")
128
+ @solr_parameters[:fq].first.should_not include(" OR (#{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy1 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy2 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy3 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy4 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy5 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy6 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy7 OR #{ActiveFedora::SolrService.solr_name('is_governed_by', :symbol)}:info\\:fedora\\/test\\:policy8)")
105
129
  end
106
130
  end
107
131
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hydra-access-controls
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.2.0
4
+ version: 6.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Beer
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2013-05-23 00:00:00.000000000 Z
13
+ date: 2013-06-14 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activesupport