hydra-access-controls 7.0.0.pre2 → 7.0.0.pre3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 09fd4ea3ed17c112a26e56d05b6e4ce2d583fe30
-  data.tar.gz: fe8d298a24f10b9f11b912e633800c3d954e39bc
+  metadata.gz: d2bf5df716ea14df4f98b4dd8c835a1da17f93f3
+  data.tar.gz: 0530e82237df459c058e6160453183968c46b567
 SHA512:
-  metadata.gz: c223889dcf18c95a44ad594106a185a8bb364cb78d175b79cbcd0becadd51ca089ed0664d700a8a60ee5b8b07559aa6685c57c51ee86aa3bf02c022323e9b2b2
-  data.tar.gz: 2819eb5e60c0f5328dc7fd0b1831df749dbb0eac83a04e6d7745192062645032a098d72aae2e7cbdb51a06b9d7ab09419f44b7d0ee0a817e1d0d382653d6925c
+  metadata.gz: ed246412fae1045432c805d1352772ea871e9eea5efd3a573bd4f654e86a070f9f622caa6d43f281bb9f8c4be9fba19717d49f53089103f7d15b2a53fc52c209
+  data.tar.gz: d1ae9981602cda988200b6b3080343e9ec234c2162097431810b27d00008b78da4e3e836934b7cff2df020c3a8c4c7142ede7bd9b9c68b9a5c182b10f7271370

data/hydra-access-controls.gemspec

@@ -19,10 +19,16 @@ Gem::Specification.new do |gem|
   gem.required_ruby_version = '>= 1.9.3'
 
   gem.add_dependency 'activesupport'
-  gem.add_dependency "active-fedora", '~> 7.0.0.rc1'
-  gem.add_dependency 'cancan'
+  gem.add_dependency "active-fedora", '~> 7.0.0.rc3'
+  gem.add_dependency 'cancancan'
   gem.add_dependency 'deprecation'
-  gem.add_dependency 'blacklight', '~> 4.0' 
+  gem.add_dependency "blacklight", '~> 5.0'
+
+  # sass-rails is typically generated into the app's gemfile by `rails new`
+  # In rails 3 it's put into the "assets" group and thus not available to the
+  # app. Blacklight 5.2 requires bootstrap-sass which requires (but does not
+  # declare a dependency on) sass-rails
+  gem.add_dependency 'sass-rails'
 
   gem.add_development_dependency "rake"
   gem.add_development_dependency 'rspec'

data/lib/active_fedora/accessible_by.rb

@@ -0,0 +1,20 @@
+ActiveFedora::QueryMethods.module_eval do
+  extend ActiveSupport::Concern
+  included do
+    include Hydra::AccessControlsEnforcement
+  end
+
+  def accessible_by(ability, action = :index)
+    permission_types = case action
+      when :index then [:discover, :read, :edit]
+      when :show, :read then [:read, :edit]
+      when :update, :edit, :create, :new, :destroy then [:edit]
+    end
+
+    spawn.where!(gated_discovery_filters(permission_types, ability).join(" OR "))
+  end
+end
+
+ActiveFedora::Querying.module_eval do
+  delegate :accessible_by, :to=>:all
+end

data/lib/hydra-access-controls.rb

@@ -9,7 +9,6 @@ module Hydra
   autoload :User
   autoload :AccessControlsEnforcement
   autoload :PolicyAwareAccessControlsEnforcement
-  autoload :AccessControlsEvaluation
   autoload :Ability
   autoload :Config
   autoload :Datastream
@@ -41,3 +40,5 @@ module Hydra
   # raised manually.
   class AccessDenied < ::CanCan::AccessDenied; end
 end
+
+require 'active_fedora/accessible_by'

data/lib/hydra/access_controls/permission.rb

@@ -8,8 +8,12 @@ module Hydra::AccessControls
       false
     end
 
+    def to_hash
+      @vals
+    end
+
     def [] var
-      @vals[var]
+      to_hash[var]
     end
 
     def name

data/lib/hydra/access_controls_enforcement.rb

@@ -2,7 +2,6 @@ module Hydra::AccessControlsEnforcement
   extend ActiveSupport::Concern
 
   included do
-    include Hydra::AccessControlsEvaluation
     class_attribute :solr_access_filters_logic
 
     # Set defaults. Each symbol identifies a _method_ that must be in
@@ -17,14 +16,12 @@ module Hydra::AccessControlsEnforcement
   
   protected
 
-  def gated_discovery_filters
-    # Grant access to public content
-    permission_types = discovery_permissions
+  def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
     user_access_filters = []
     
     # Grant access based on user id & group
     solr_access_filters_logic.each do |method_name|
-      user_access_filters += send(method_name, permission_types)
+      user_access_filters += send(method_name, permission_types, ability)
     end
     user_access_filters
   end
@@ -102,10 +99,10 @@ module Hydra::AccessControlsEnforcement
   end
 
   
-  def apply_group_permissions(permission_types)
+  def apply_group_permissions(permission_types, ability = current_ability)
       # for groups
       user_access_filters = []
-      current_ability.user_groups.each_with_index do |group, i|
+      ability.user_groups.each_with_index do |group, i|
         permission_types.each do |type|
           user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer), group)
         end
@@ -117,19 +114,20 @@ module Hydra::AccessControlsEnforcement
     [key, value.gsub(/[ :\/]/, ' ' => '\ ', '/' => '\/', ':' => '\:')].join(':')
   end
 
-  def apply_user_permissions(permission_types)
+  def apply_user_permissions(permission_types, ability = current_ability)
       # for individual user access
       user_access_filters = []
-      if current_user && current_user.user_key.present?
+      user = ability.current_user
+      if user && user.user_key.present?
         permission_types.each do |type|
-          user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer), current_user.user_key)
+          user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer), user.user_key)
         end
       end
       user_access_filters
   end
 
   # override to apply super user permissions
-  def apply_superuser_permissions(permission_types)
+  def apply_superuser_permissions(permission_types, ability = current_ability)
     []
   end
   

data/lib/hydra/permissions_query.rb

@@ -24,10 +24,8 @@ module Hydra
     # @param [Hash] extra_controller_params (optional)
     def get_permissions_solr_response_for_doc_id(id=nil, extra_controller_params={})
       raise Blacklight::Exceptions::InvalidSolrID.new("The application is trying to retrieve permissions without specifying an asset id") if id.nil?
-      #solr_response = Blacklight.solr.get permissions_solr_doc_params(id).merge(extra_controller_params)
-      #path = blacklight_config.solr_path
       solr_opts = permissions_solr_doc_params(id).merge(extra_controller_params)
-      response = Blacklight.solr.get('select', :params=> solr_opts)
+      response = ActiveFedora::SolrService.instance.conn.get('select', :params=> solr_opts)
       solr_response = Blacklight::SolrResponse.new(force_to_utf8(response), solr_opts)
 
       raise Blacklight::Exceptions::InvalidSolrID.new("The solr permissions search handler didn't return anything for id \"#{id}\"") if solr_response.docs.empty?

data/spec/unit/accessible_by_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+describe "active_fedora/accessible_by" do
+  let(:user) {FactoryGirl.build(:ira_instructor)}
+  let(:ability) {Ability.new(user)}
+  let(:private_obj) {FactoryGirl.create(:default_access_asset)}
+  let(:public_obj) {FactoryGirl.create(:open_access_asset)}
+  let(:editable_obj) {FactoryGirl.create(:group_edit_asset)}
+
+  before do
+    user.should_receive(:groups).at_most(:once).and_return(user.roles)
+    ModsAsset.delete_all
+  end
+
+  after do
+    ModsAsset.delete_all
+  end
+
+  describe "#accsesible_by" do
+    it "should return objects readable by the ability" do
+      expect(ModsAsset.accessible_by(ability)).to eq [public_obj, editable_obj]
+    end
+    it "should return object editable by the ability" do
+      expect(ModsAsset.accessible_by(ability, :edit)).to eq [editable_obj]
+    end
+    it "should return only public objects for an anonymous user" do
+      expect(ModsAsset.accessible_by(Ability.new(nil))).to eq [public_obj]
+    end
+  end
+end

data/spec/unit/permission_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+
+describe Hydra::AccessControls::Permission do
+  describe "hash-like key access" do
+    let(:perm) { described_class.new(type: 'user', name: 'bob', access: 'read') }
+    it "should return values" do
+      perm[:type].should == 'user'
+      perm[:name].should == 'bob'
+      perm[:access].should == 'read'
+    end
+  end
+  describe "#to_hash" do
+    subject { described_class.new(type: 'user', name: 'bob', access: 'read') }
+    its(:to_hash) { should == {type: 'user', name: 'bob', access: 'read'} }
+  end
+  describe "equality comparison" do
+    let(:perm1) { described_class.new(type: 'user', name: 'bob', access: 'read') }
+    let(:perm2) { described_class.new(type: 'user', name: 'bob', access: 'read') }
+    let(:perm3) { described_class.new(type: 'user', name: 'jane', access: 'read') }
+    it "should be equal if all values are equal" do
+      perm1.should == perm2
+    end
+    it "should be unequal if some values are unequal" do
+      perm1.should_not == perm3
+      perm2.should_not == perm3
+    end
+  end
+end

data/spec/unit/policy_aware_access_controls_enforcement_spec.rb

@@ -113,7 +113,7 @@ describe Hydra::PolicyAwareAccessControlsEnforcement do
     context "Anonymous user" do
       before { subject.stub(:current_user).and_return(nil) }
       it "should return the policies that provide discover permissions" do
-        subject.policies_with_access.should == ["test:policy7", "test:policy8"]
+        subject.policies_with_access.should match_array ["test:policy7", "test:policy8"]
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-access-controls
 version: !ruby/object:Gem::Version
-  version: 7.0.0.pre2
+  version: 7.0.0.pre3
 platform: ruby
 authors:
 - Chris Beer
@@ -10,104 +10,118 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-23 00:00:00.000000000 Z
+date: 2014-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: active-fedora
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 7.0.0.rc1
+        version: 7.0.0.rc3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 7.0.0.rc1
+        version: 7.0.0.rc3
 - !ruby/object:Gem::Dependency
-  name: cancan
+  name: cancancan
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: deprecation
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: blacklight
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: sass-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Access controls for project hydra
@@ -117,7 +131,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .rspec
+- ".rspec"
 - README.textile
 - Rakefile
 - app/models/ability.rb
@@ -130,11 +144,11 @@ files:
 - config/fedora.yml
 - config/solr.yml
 - hydra-access-controls.gemspec
+- lib/active_fedora/accessible_by.rb
 - lib/hydra-access-controls.rb
 - lib/hydra/ability.rb
 - lib/hydra/access_controls/permission.rb
 - lib/hydra/access_controls_enforcement.rb
-- lib/hydra/access_controls_evaluation.rb
 - lib/hydra/admin_policy.rb
 - lib/hydra/config.rb
 - lib/hydra/datastream.rb
@@ -159,11 +173,13 @@ files:
 - spec/unit/ability_spec.rb
 - spec/unit/access_controls_enforcement_spec.rb
 - spec/unit/access_right_spec.rb
+- spec/unit/accessible_by_spec.rb
 - spec/unit/admin_policy_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/hydra_rights_metadata_persistence_spec.rb
 - spec/unit/hydra_rights_metadata_spec.rb
 - spec/unit/inheritable_rights_metadata_spec.rb
+- spec/unit/permission_spec.rb
 - spec/unit/permissions_spec.rb
 - spec/unit/policy_aware_ability_spec.rb
 - spec/unit/policy_aware_access_controls_enforcement_spec.rb
@@ -181,17 +197,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>'
+  - - ">"
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.11
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Access controls for project hydra
@@ -208,11 +224,13 @@ test_files:
 - spec/unit/ability_spec.rb
 - spec/unit/access_controls_enforcement_spec.rb
 - spec/unit/access_right_spec.rb
+- spec/unit/accessible_by_spec.rb
 - spec/unit/admin_policy_spec.rb
 - spec/unit/config_spec.rb
 - spec/unit/hydra_rights_metadata_persistence_spec.rb
 - spec/unit/hydra_rights_metadata_spec.rb
 - spec/unit/inheritable_rights_metadata_spec.rb
+- spec/unit/permission_spec.rb
 - spec/unit/permissions_spec.rb
 - spec/unit/policy_aware_ability_spec.rb
 - spec/unit/policy_aware_access_controls_enforcement_spec.rb

data/lib/hydra/access_controls_evaluation.rb

@@ -1,38 +0,0 @@
-# will move to lib/hydra/access_control folder/namespace in release 5.x
-# Provides methods for determining permissions
-# If you include this into a Controller, it will also make a number of these methods available as view helpers.
-module Hydra::AccessControlsEvaluation
-  
-  def self.included(klass)
-    if klass.respond_to?(:helper_method)
-      klass.helper_method(:editor?)
-      klass.helper_method(:reader?)
-      klass.helper_method(:test_permission?)
-    end
-  end
-  
-  # Test the current user's permissions.  This method is used by the editor? and reader? methods
-  # @param [Symbol] permission_type valid options: :edit, :read
-  # This is available as a view helper method as well as within your controllers.
-  # @example
-  #   test_permission(:edit)
-  def test_permission(permission_type)    
-    ActiveSupport::Deprecation.warn("test_permission has been deprecated. Use can? instead") 
-    can? permission_type, @permissions_solr_document
-  end
-
-  # Test whether the the current user has edit permissions.  
-  # This is available as a view helper method as well as within your controllers.
-  def editor?
-    logger.warn("editor? has been deprecated. Use can? instead")
-    can? :edit, @permissions_solr_document
-  end
-  
-  # Test whether the the current user has read permissions.  
-  # This is available as a view helper method as well as within your controllers.
-  def reader?
-    logger.warn("reader? has been deprecated. Use can? instead")
-    can? :read, @permissions_solr_document
-  end
-
-end