hydra-access-controls 6.5.2 → 7.0.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/concerns/hydra/access_controls/permissions.rb +18 -13
- data/hydra-access-controls.gemspec +2 -2
- data/lib/hydra-access-controls.rb +13 -7
- data/lib/hydra/ability.rb +35 -18
- data/lib/hydra/access_controls/permission.rb +1 -6
- data/lib/hydra/access_controls_enforcement.rb +8 -9
- data/lib/hydra/admin_policy.rb +3 -3
- data/lib/hydra/config.rb +152 -0
- data/lib/hydra/datastream/inheritable_rights_metadata.rb +5 -7
- data/lib/hydra/datastream/rights_metadata.rb +17 -19
- data/lib/hydra/permissions_query.rb +3 -1
- data/lib/hydra/policy_aware_ability.rb +24 -13
- data/lib/hydra/policy_aware_access_controls_enforcement.rb +19 -11
- data/spec/spec_helper.rb +0 -8
- data/spec/support/mods_asset.rb +1 -2
- data/spec/support/solr_document.rb +6 -1
- data/spec/unit/ability_spec.rb +67 -85
- data/spec/unit/access_controls_enforcement_spec.rb +3 -3
- data/spec/unit/admin_policy_spec.rb +0 -17
- data/spec/unit/config_spec.rb +48 -0
- data/spec/unit/hydra_rights_metadata_persistence_spec.rb +1 -1
- data/spec/unit/hydra_rights_metadata_spec.rb +0 -5
- data/spec/unit/permissions_spec.rb +80 -72
- metadata +12 -14
- data/lib/hydra/model_mixins/rights_metadata.rb +0 -27
- data/spec/unit/permission_spec.rb +0 -28
- data/spec/unit/rights_metadata_spec.rb +0 -104
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a4a93165f43e234199b40f661c831297b8fa0028
|
|
4
|
+
data.tar.gz: e1a7ffe7818ad9b6a4b05f275c04b692492c6ae0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d6347cac6a363890e6c97010635aa9348cf7ba0c8ee7b42cbe194559a15409d7828226d9c5671e9f32572a2c6b19c74950783b9637609dd93245e0d64d1c48d1
|
|
7
|
+
data.tar.gz: 85f02a19c26d9dbcf3403c7031805961849d73a013b73620936347082aebec6428aac7520dfe930f48b50474741a4cbe87930390854ebb134f037bb16f37ea6d
|
|
@@ -9,18 +9,12 @@ module Hydra
|
|
|
9
9
|
has_metadata "rightsMetadata", type: Hydra::Datastream::RightsMetadata
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
# permissions= added for backward compatibility of Hydra::AdminPolicy for hydra-head < 6.4
|
|
13
|
-
def permissions= attributes_collection
|
|
14
|
-
Deprecation.warn(Permissions, "The permissions= method is deprecated and will be removed from Hydra::AccessControls::Permissions in hydra-head 7.0", caller)
|
|
15
|
-
self.permissions_attributes = attributes_collection
|
|
16
|
-
end
|
|
17
|
-
|
|
18
12
|
## Updates those permissions that are provided to it. Does not replace any permissions unless they are provided
|
|
19
13
|
# @example
|
|
20
14
|
# obj.permissions_attributes= [{:name=>"group1", :access=>"discover", :type=>'group'},
|
|
21
15
|
# {:name=>"group2", :access=>"discover", :type=>'group'}]
|
|
22
16
|
def permissions_attributes= attributes_collection
|
|
23
|
-
perm_hash = {'person' => rightsMetadata.
|
|
17
|
+
perm_hash = {'person' => rightsMetadata.users, 'group'=> rightsMetadata.groups}
|
|
24
18
|
|
|
25
19
|
if attributes_collection.is_a? Hash
|
|
26
20
|
attributes_collection = attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
|
|
@@ -52,7 +46,20 @@ module Hydra
|
|
|
52
46
|
## Returns a list with all the permissions on the object.
|
|
53
47
|
def permissions
|
|
54
48
|
(rightsMetadata.groups.map {|x| Permission.new(type: 'group', access: x[1], name: x[0] )} +
|
|
55
|
-
rightsMetadata.
|
|
49
|
+
rightsMetadata.users.map {|x| Permission.new(type: 'user', access: x[1], name: x[0] )})
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# @param values [Array<Permission>] a list of permission objects to set
|
|
53
|
+
def permissions= values
|
|
54
|
+
perm_hash = {'person' => {}, 'group'=> {}}
|
|
55
|
+
values.each do |perm|
|
|
56
|
+
if perm.type == 'user'
|
|
57
|
+
perm_hash['person'][perm.name] = perm.access
|
|
58
|
+
else
|
|
59
|
+
perm_hash['group'][perm.name] = perm.access
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
rightsMetadata.permissions = perm_hash
|
|
56
63
|
end
|
|
57
64
|
|
|
58
65
|
# Return a list of groups that have discover permission
|
|
@@ -107,7 +114,7 @@ module Hydra
|
|
|
107
114
|
end
|
|
108
115
|
|
|
109
116
|
def discover_users
|
|
110
|
-
rightsMetadata.
|
|
117
|
+
rightsMetadata.users.map {|k, v| k if v == 'discover'}.compact
|
|
111
118
|
end
|
|
112
119
|
|
|
113
120
|
# Grant discover permissions to the users specified. Revokes discover permission for all other users.
|
|
@@ -208,7 +215,7 @@ module Hydra
|
|
|
208
215
|
end
|
|
209
216
|
|
|
210
217
|
def read_users
|
|
211
|
-
rightsMetadata.
|
|
218
|
+
rightsMetadata.users.map {|k, v| k if v == 'read'}.compact
|
|
212
219
|
end
|
|
213
220
|
|
|
214
221
|
# Grant read permissions to the users specified. Revokes read permission for all other users.
|
|
@@ -310,7 +317,7 @@ module Hydra
|
|
|
310
317
|
end
|
|
311
318
|
|
|
312
319
|
def edit_users
|
|
313
|
-
rightsMetadata.
|
|
320
|
+
rightsMetadata.users.map {|k, v| k if v == 'edit'}.compact
|
|
314
321
|
end
|
|
315
322
|
|
|
316
323
|
# Grant edit permissions to the groups specified. Revokes edit permission for all other groups.
|
|
@@ -351,8 +358,6 @@ module Hydra
|
|
|
351
358
|
|
|
352
359
|
private
|
|
353
360
|
|
|
354
|
-
|
|
355
|
-
|
|
356
361
|
# @param permission either :discover, :read or :edit
|
|
357
362
|
# @param type either :person or :group
|
|
358
363
|
# @param values Values to set
|
|
@@ -19,10 +19,10 @@ Gem::Specification.new do |gem|
|
|
|
19
19
|
gem.required_ruby_version = '>= 1.9.3'
|
|
20
20
|
|
|
21
21
|
gem.add_dependency 'activesupport'
|
|
22
|
-
gem.add_dependency "active-fedora", '~>
|
|
22
|
+
gem.add_dependency "active-fedora", '~> 7.0.0.pre2'
|
|
23
23
|
gem.add_dependency 'cancan'
|
|
24
24
|
gem.add_dependency 'deprecation'
|
|
25
|
-
gem.add_dependency 'blacklight', '~> 4.
|
|
25
|
+
gem.add_dependency 'blacklight', '~> 4.0'
|
|
26
26
|
|
|
27
27
|
gem.add_development_dependency "rake"
|
|
28
28
|
gem.add_development_dependency 'rspec'
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
require '
|
|
1
|
+
require 'rails'
|
|
2
2
|
require 'active-fedora'
|
|
3
3
|
require 'blacklight'
|
|
4
4
|
require 'cancan'
|
|
5
|
-
require 'rails'
|
|
6
5
|
|
|
7
6
|
module Hydra
|
|
8
7
|
extend ActiveSupport::Autoload
|
|
@@ -12,6 +11,7 @@ module Hydra
|
|
|
12
11
|
autoload :PolicyAwareAccessControlsEnforcement
|
|
13
12
|
autoload :AccessControlsEvaluation
|
|
14
13
|
autoload :Ability
|
|
14
|
+
autoload :Config
|
|
15
15
|
autoload :Datastream
|
|
16
16
|
autoload :PolicyAwareAbility
|
|
17
17
|
autoload :AdminPolicy
|
|
@@ -19,17 +19,23 @@ module Hydra
|
|
|
19
19
|
autoload :PermissionsQuery
|
|
20
20
|
autoload :PermissionsCache
|
|
21
21
|
autoload :PermissionsSolrDocument
|
|
22
|
+
|
|
23
|
+
class << self
|
|
24
|
+
def configure(_ = nil)
|
|
25
|
+
@config ||= Config.new
|
|
26
|
+
yield @config if block_given?
|
|
27
|
+
@config
|
|
28
|
+
end
|
|
29
|
+
alias :config :configure
|
|
30
|
+
end
|
|
31
|
+
|
|
22
32
|
class Engine < Rails::Engine
|
|
33
|
+
# autoload_paths is only necessary for Rails 3
|
|
23
34
|
config.autoload_paths += %W(
|
|
24
35
|
#{config.root}/app/models/concerns
|
|
25
36
|
)
|
|
26
37
|
end
|
|
27
38
|
|
|
28
|
-
module ModelMixins
|
|
29
|
-
extend ActiveSupport::Autoload
|
|
30
|
-
autoload :RightsMetadata
|
|
31
|
-
end
|
|
32
|
-
|
|
33
39
|
# This error is raised when a user isn't allowed to access a given controller action.
|
|
34
40
|
# This usually happens within a call to AccessControlsEnforcement#enforce_access_controls but can be
|
|
35
41
|
# raised manually.
|
data/lib/hydra/ability.rb
CHANGED
|
@@ -3,6 +3,7 @@ require 'cancan'
|
|
|
3
3
|
module Hydra
|
|
4
4
|
module Ability
|
|
5
5
|
extend ActiveSupport::Concern
|
|
6
|
+
extend Deprecation
|
|
6
7
|
|
|
7
8
|
# once you include Hydra::Ability you can add custom permission methods by appending to ability_logic like so:
|
|
8
9
|
#
|
|
@@ -13,7 +14,7 @@ module Hydra
|
|
|
13
14
|
include Hydra::PermissionsQuery
|
|
14
15
|
include Blacklight::SolrHelper
|
|
15
16
|
class_attribute :ability_logic
|
|
16
|
-
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :custom_permissions]
|
|
17
|
+
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :download_permissions, :custom_permissions]
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def self.user_class
|
|
@@ -54,7 +55,7 @@ module Hydra
|
|
|
54
55
|
end
|
|
55
56
|
|
|
56
57
|
def create_permissions
|
|
57
|
-
|
|
58
|
+
# no op -- this is automatically run as part of self.ability_logic. Override in your own Ability class to set default create permissions.
|
|
58
59
|
end
|
|
59
60
|
|
|
60
61
|
def edit_permissions
|
|
@@ -66,7 +67,7 @@ module Hydra
|
|
|
66
67
|
test_edit(obj.pid)
|
|
67
68
|
end
|
|
68
69
|
|
|
69
|
-
can :edit, SolrDocument do |obj|
|
|
70
|
+
can [:edit, :update, :destroy], SolrDocument do |obj|
|
|
70
71
|
cache.put(obj.id, obj)
|
|
71
72
|
test_edit(obj.id)
|
|
72
73
|
end
|
|
@@ -87,6 +88,12 @@ module Hydra
|
|
|
87
88
|
end
|
|
88
89
|
end
|
|
89
90
|
|
|
91
|
+
# Download permissions are exercised in Hydra::Controller::DownloadBehavior
|
|
92
|
+
def download_permissions
|
|
93
|
+
can :download, ActiveFedora::Datastream do |ds|
|
|
94
|
+
can? :read, ds.pid # i.e, can download ds if can read object
|
|
95
|
+
end
|
|
96
|
+
end
|
|
90
97
|
|
|
91
98
|
## Override custom permissions in your own app to add more permissions beyond what is defined by default.
|
|
92
99
|
def custom_permissions
|
|
@@ -97,7 +104,7 @@ module Hydra
|
|
|
97
104
|
def test_edit(pid)
|
|
98
105
|
logger.debug("[CANCAN] Checking edit permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
|
|
99
106
|
group_intersection = user_groups & edit_groups(pid)
|
|
100
|
-
result = !group_intersection.empty? ||
|
|
107
|
+
result = !group_intersection.empty? || edit_users(pid).include?(current_user.user_key)
|
|
101
108
|
logger.debug("[CANCAN] decision: #{result}")
|
|
102
109
|
result
|
|
103
110
|
end
|
|
@@ -105,7 +112,7 @@ module Hydra
|
|
|
105
112
|
def test_read(pid)
|
|
106
113
|
logger.debug("[CANCAN] Checking read permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}")
|
|
107
114
|
group_intersection = user_groups & read_groups(pid)
|
|
108
|
-
result = !group_intersection.empty? ||
|
|
115
|
+
result = !group_intersection.empty? || read_users(pid).include?(current_user.user_key)
|
|
109
116
|
result
|
|
110
117
|
end
|
|
111
118
|
|
|
@@ -126,38 +133,48 @@ module Hydra
|
|
|
126
133
|
return rg
|
|
127
134
|
end
|
|
128
135
|
|
|
129
|
-
def
|
|
136
|
+
def edit_users(pid)
|
|
130
137
|
doc = permissions_doc(pid)
|
|
131
138
|
return [] if doc.nil?
|
|
132
|
-
ep = doc[self.class.
|
|
133
|
-
logger.debug("[CANCAN]
|
|
139
|
+
ep = doc[self.class.edit_user_field] || []
|
|
140
|
+
logger.debug("[CANCAN] edit_users: #{ep.inspect}")
|
|
134
141
|
return ep
|
|
135
142
|
end
|
|
136
143
|
|
|
137
|
-
# edit implies read, so
|
|
138
|
-
def
|
|
144
|
+
# edit implies read, so read_users is the union of edit and read users
|
|
145
|
+
def read_users(pid)
|
|
139
146
|
doc = permissions_doc(pid)
|
|
140
147
|
return [] if doc.nil?
|
|
141
|
-
rp =
|
|
142
|
-
logger.debug("[CANCAN]
|
|
148
|
+
rp = edit_users(pid) | (doc[self.class.read_user_field] || [])
|
|
149
|
+
logger.debug("[CANCAN] read_users: #{rp.inspect}")
|
|
143
150
|
return rp
|
|
144
151
|
end
|
|
145
152
|
|
|
146
153
|
module ClassMethods
|
|
147
154
|
def read_group_field
|
|
148
|
-
Hydra.config
|
|
155
|
+
Hydra.config.permissions.read.group
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
def edit_person_field
|
|
159
|
+
Deprecation.warn(Ability, "The edit_person_field class method is deprecated and will be removed from Hydra::Ability in hydra-head 8.0. Use edit_user_field instead.", caller)
|
|
160
|
+
edit_user_field
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
def edit_user_field
|
|
164
|
+
Hydra.config.permissions.edit.individual
|
|
149
165
|
end
|
|
150
166
|
|
|
151
|
-
def
|
|
152
|
-
Hydra.
|
|
167
|
+
def read_person_field
|
|
168
|
+
Deprecation.warn(Ability, "The read_person_field class method is deprecated and will be removed from Hydra::Ability in hydra-head 8.0. Use read_user_field instead.", caller)
|
|
169
|
+
read_user_field
|
|
153
170
|
end
|
|
154
171
|
|
|
155
|
-
def
|
|
156
|
-
Hydra.config
|
|
172
|
+
def read_user_field
|
|
173
|
+
Hydra.config.permissions.read.individual
|
|
157
174
|
end
|
|
158
175
|
|
|
159
176
|
def edit_group_field
|
|
160
|
-
Hydra.config
|
|
177
|
+
Hydra.config.permissions.edit.group
|
|
161
178
|
end
|
|
162
179
|
end
|
|
163
180
|
end
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
module Hydra::AccessControls
|
|
2
2
|
class Permission
|
|
3
|
-
|
|
4
3
|
def initialize(args)
|
|
5
4
|
@vals = {name: args[:name], access: args[:access], type: args[:type]}
|
|
6
5
|
end
|
|
@@ -9,12 +8,8 @@ module Hydra::AccessControls
|
|
|
9
8
|
false
|
|
10
9
|
end
|
|
11
10
|
|
|
12
|
-
def to_hash
|
|
13
|
-
@vals
|
|
14
|
-
end
|
|
15
|
-
|
|
16
11
|
def [] var
|
|
17
|
-
|
|
12
|
+
@vals[var]
|
|
18
13
|
end
|
|
19
14
|
|
|
20
15
|
def name
|
|
@@ -11,7 +11,7 @@ module Hydra::AccessControlsEnforcement
|
|
|
11
11
|
# CatalogController.include ModuleDefiningNewMethod
|
|
12
12
|
# CatalogController.solr_access_filters_logic += [:new_method]
|
|
13
13
|
# CatalogController.solr_access_filters_logic.delete(:we_dont_want)
|
|
14
|
-
self.solr_access_filters_logic = [:
|
|
14
|
+
self.solr_access_filters_logic = [:apply_group_permissions, :apply_user_permissions, :apply_superuser_permissions ]
|
|
15
15
|
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -22,7 +22,7 @@ module Hydra::AccessControlsEnforcement
|
|
|
22
22
|
permission_types = discovery_permissions
|
|
23
23
|
user_access_filters = []
|
|
24
24
|
|
|
25
|
-
# Grant access based on user id &
|
|
25
|
+
# Grant access based on user id & group
|
|
26
26
|
solr_access_filters_logic.each do |method_name|
|
|
27
27
|
user_access_filters += send(method_name, permission_types)
|
|
28
28
|
end
|
|
@@ -102,12 +102,12 @@ module Hydra::AccessControlsEnforcement
|
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
|
|
105
|
-
def
|
|
106
|
-
# for
|
|
105
|
+
def apply_group_permissions(permission_types)
|
|
106
|
+
# for groups
|
|
107
107
|
user_access_filters = []
|
|
108
|
-
current_ability.user_groups.each_with_index do |
|
|
108
|
+
current_ability.user_groups.each_with_index do |group, i|
|
|
109
109
|
permission_types.each do |type|
|
|
110
|
-
user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer),
|
|
110
|
+
user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer), group)
|
|
111
111
|
end
|
|
112
112
|
end
|
|
113
113
|
user_access_filters
|
|
@@ -117,8 +117,8 @@ module Hydra::AccessControlsEnforcement
|
|
|
117
117
|
[key, value.gsub(/[ :\/]/, ' ' => '\ ', '/' => '\/', ':' => '\:')].join(':')
|
|
118
118
|
end
|
|
119
119
|
|
|
120
|
-
def
|
|
121
|
-
# for individual
|
|
120
|
+
def apply_user_permissions(permission_types)
|
|
121
|
+
# for individual user access
|
|
122
122
|
user_access_filters = []
|
|
123
123
|
if current_user && current_user.user_key.present?
|
|
124
124
|
permission_types.each do |type|
|
|
@@ -128,7 +128,6 @@ module Hydra::AccessControlsEnforcement
|
|
|
128
128
|
user_access_filters
|
|
129
129
|
end
|
|
130
130
|
|
|
131
|
-
|
|
132
131
|
# override to apply super user permissions
|
|
133
132
|
def apply_superuser_permissions(permission_types)
|
|
134
133
|
[]
|
data/lib/hydra/admin_policy.rb
CHANGED
|
@@ -14,7 +14,7 @@ class Hydra::AdminPolicy < ActiveFedora::Base
|
|
|
14
14
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
has_attributes :title, :description, datastream:
|
|
17
|
+
has_attributes :title, :description, datastream: 'descMetadata', multiple: false
|
|
18
18
|
has_attributes :license_title, datastream: 'rightsMetadata', at: [:license, :title], multiple: false
|
|
19
19
|
has_attributes :license_description, datastream: 'rightsMetadata', at: [:license, :description], multiple: false
|
|
20
20
|
has_attributes :license_url, datastream: 'rightsMetadata', at: [:license, :url], multiple: false
|
|
@@ -48,7 +48,7 @@ class Hydra::AdminPolicy < ActiveFedora::Base
|
|
|
48
48
|
# obj.default_permissions= [{:name=>"group1", :access=>"discover", :type=>'group'},
|
|
49
49
|
# {:name=>"group2", :access=>"discover", :type=>'group'}]
|
|
50
50
|
def default_permissions=(params)
|
|
51
|
-
perm_hash = {'person' => defaultRights.
|
|
51
|
+
perm_hash = {'person' => defaultRights.users, 'group'=> defaultRights.groups}
|
|
52
52
|
|
|
53
53
|
params.each do |row|
|
|
54
54
|
if row[:type] == 'user' || row[:type] == 'person'
|
|
@@ -72,7 +72,7 @@ class Hydra::AdminPolicy < ActiveFedora::Base
|
|
|
72
72
|
# {:name=>"user3", :access=>"read", :type=>'user'}]
|
|
73
73
|
def default_permissions
|
|
74
74
|
(defaultRights.groups.map {|x| {:type=>'group', :access=>x[1], :name=>x[0] }} +
|
|
75
|
-
defaultRights.
|
|
75
|
+
defaultRights.users.map {|x| {:type=>'user', :access=>x[1], :name=>x[0]}})
|
|
76
76
|
|
|
77
77
|
end
|
|
78
78
|
|
data/lib/hydra/config.rb
ADDED
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
module Hydra
|
|
2
|
+
class Config
|
|
3
|
+
def initialize
|
|
4
|
+
@permissions = PermissionsConfig.new
|
|
5
|
+
@user_model = 'User'
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def []= key, value
|
|
9
|
+
case key
|
|
10
|
+
when :permissions
|
|
11
|
+
self.permissions = value
|
|
12
|
+
when :user_model
|
|
13
|
+
self.user_model = value
|
|
14
|
+
else
|
|
15
|
+
raise "Unknown key"
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def [] key
|
|
20
|
+
case key
|
|
21
|
+
when :permissions
|
|
22
|
+
permissions
|
|
23
|
+
when :user_model
|
|
24
|
+
user_model
|
|
25
|
+
else
|
|
26
|
+
raise "Unknown key #{key}"
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
attr_reader :permissions
|
|
31
|
+
attr_accessor :user_model
|
|
32
|
+
|
|
33
|
+
def permissions= values
|
|
34
|
+
@permissions.merge! values
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
class PermissionsConfig
|
|
38
|
+
attr_accessor :embargo_release_date, :policy_class
|
|
39
|
+
def initialize
|
|
40
|
+
@values = {}
|
|
41
|
+
[:discover, :read, :edit].each do |key|
|
|
42
|
+
@values[key] = GroupPermission.new(
|
|
43
|
+
group: solr_name("#{prefix}#{key}_access_group", :symbol),
|
|
44
|
+
individual: solr_name("#{prefix}#{key}_access_person", :symbol))
|
|
45
|
+
end
|
|
46
|
+
@embargo_release_date = solr_name("#{prefix}embargo_release_date", Solrizer::Descriptor.new(:date, :stored, :indexed))
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def merge! values
|
|
50
|
+
values.each {|k, v| self[k] = v }
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def []= key, value
|
|
54
|
+
case key
|
|
55
|
+
when :discover, :read, :edit
|
|
56
|
+
self.assign_value key, value
|
|
57
|
+
when :embargo_release_date
|
|
58
|
+
self.embargo_release_date = value
|
|
59
|
+
when :policy_class
|
|
60
|
+
self.policy_class = value
|
|
61
|
+
when :owner
|
|
62
|
+
logger.warn "':owner' is no longer a valid configuration for Hydra. Please remove it from your configuration."
|
|
63
|
+
else
|
|
64
|
+
raise "Unknown key"
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def [] key
|
|
69
|
+
case key
|
|
70
|
+
when :discover, :read, :edit
|
|
71
|
+
@values[key]
|
|
72
|
+
when :inheritable
|
|
73
|
+
inheritable
|
|
74
|
+
when :embargo_release_date
|
|
75
|
+
@embargo_release_date
|
|
76
|
+
when :policy_class
|
|
77
|
+
@policy_class
|
|
78
|
+
else
|
|
79
|
+
raise "Unknown key #{key}"
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def inheritable
|
|
84
|
+
@inheritable ||= InheritablePermissionsConfig.new
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def discover
|
|
88
|
+
@values[:discover]
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def read
|
|
92
|
+
@values[:read]
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
def edit
|
|
96
|
+
@values[:edit]
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
def discover= val
|
|
100
|
+
assign_value :discover, val
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
def read= val
|
|
104
|
+
assign_value :read, val
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
def edit= val
|
|
108
|
+
assign_value :edit, val
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
protected
|
|
112
|
+
|
|
113
|
+
def prefix
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
def assign_value key, val
|
|
117
|
+
@values[key].merge!(val)
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
def solr_name(*args)
|
|
121
|
+
ActiveFedora::SolrService.solr_name(*args)
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
|
|
125
|
+
class GroupPermission
|
|
126
|
+
attr_accessor :group, :individual
|
|
127
|
+
def initialize(values = {})
|
|
128
|
+
merge! values
|
|
129
|
+
end
|
|
130
|
+
def merge! values
|
|
131
|
+
@group = values[:group]
|
|
132
|
+
@individual = values[:individual]
|
|
133
|
+
end
|
|
134
|
+
def [] key
|
|
135
|
+
case key
|
|
136
|
+
when :group, :individual
|
|
137
|
+
send key
|
|
138
|
+
else
|
|
139
|
+
raise "Unknown key"
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
class InheritablePermissionsConfig < PermissionsConfig
|
|
146
|
+
protected
|
|
147
|
+
def prefix
|
|
148
|
+
'inheritable_'
|
|
149
|
+
end
|
|
150
|
+
end
|
|
151
|
+
end
|
|
152
|
+
end
|