hydra-access-controls 8.0.0 → 8.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/hydra-access-controls.gemspec +3 -3
- data/lib/hydra/ability.rb +1 -1
- data/lib/hydra/access_controls_enforcement.rb +12 -10
- data/spec/unit/access_controls_enforcement_spec.rb +11 -13
- metadata +12 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8a9a107ab5eb383394ebfc47c69dce414947a066
|
|
4
|
+
data.tar.gz: 700a1c079faad7648d7255c296f219355aae9463
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9a456db93036e5e7e24559357a468e1609f5ce6d89faf40c5db9bfe2af7c09c0bc359d733cf518079d05b24f76432a7feda172bd64a315d21ee0f831ac81d701
|
|
7
|
+
data.tar.gz: 3ad0be9f95328df88caa11274857b3842fa130c0a70c13e65c50ad948eefe0d79904c2be440b741ccc8c3b2c69b5ecce9767b12a9ccbbd93438fbe252c3f54a7
|
|
@@ -21,9 +21,9 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
gem.add_dependency 'activesupport', '~> 4.0'
|
|
22
22
|
gem.add_dependency "active-fedora", '~> 8.0.0'
|
|
23
23
|
gem.add_dependency "om", '~> 3.0', '>= 3.0.7'
|
|
24
|
-
gem.add_dependency 'cancancan'
|
|
25
|
-
gem.add_dependency 'deprecation'
|
|
26
|
-
gem.add_dependency "blacklight", '~> 5.
|
|
24
|
+
gem.add_dependency 'cancancan', '~> 1.8'
|
|
25
|
+
gem.add_dependency 'deprecation', '~> 0.1'
|
|
26
|
+
gem.add_dependency "blacklight", '~> 5.10'
|
|
27
27
|
|
|
28
28
|
# sass-rails is typically generated into the app's gemfile by `rails new`
|
|
29
29
|
# In rails 3 it's put into the "assets" group and thus not available to the
|
data/lib/hydra/ability.rb
CHANGED
|
@@ -11,7 +11,7 @@ module Hydra
|
|
|
11
11
|
included do
|
|
12
12
|
include CanCan::Ability
|
|
13
13
|
include Hydra::PermissionsQuery
|
|
14
|
-
include Blacklight::
|
|
14
|
+
include Blacklight::SearchHelper
|
|
15
15
|
class_attribute :ability_logic
|
|
16
16
|
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :download_permissions, :custom_permissions]
|
|
17
17
|
end
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
module Hydra::AccessControlsEnforcement
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
3
|
|
|
4
|
-
included do
|
|
4
|
+
included do |klass|
|
|
5
|
+
attr_writer :current_ability
|
|
5
6
|
class_attribute :solr_access_filters_logic
|
|
6
7
|
|
|
7
8
|
# Set defaults. Each symbol identifies a _method_ that must be in
|
|
@@ -13,6 +14,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
13
14
|
self.solr_access_filters_logic = [:apply_group_permissions, :apply_user_permissions, :apply_superuser_permissions ]
|
|
14
15
|
|
|
15
16
|
end
|
|
17
|
+
|
|
18
|
+
def current_ability
|
|
19
|
+
@current_ability || raise("current_ability has not been set on #{self}")
|
|
20
|
+
end
|
|
16
21
|
|
|
17
22
|
protected
|
|
18
23
|
|
|
@@ -59,15 +64,13 @@ module Hydra::AccessControlsEnforcement
|
|
|
59
64
|
# * Applies a lucene query to the solr :q parameter for gated discovery
|
|
60
65
|
# * Uses public_qt search handler if user does not have "read" permissions
|
|
61
66
|
# @param solr_parameters the current solr parameters
|
|
62
|
-
# @param user_parameters the current user-subitted parameters
|
|
63
67
|
#
|
|
64
|
-
# @example This method should be added to your
|
|
68
|
+
# @example This method should be added to your CatalogController's search_params_logic
|
|
65
69
|
# class CatalogController < ApplicationController
|
|
66
|
-
#
|
|
67
|
-
# CatalogController.solr_search_params_logic << :add_access_controls_to_solr_params
|
|
70
|
+
# CatalogController.search_params_logic += [:add_access_controls_to_solr_params]
|
|
68
71
|
# end
|
|
69
|
-
def add_access_controls_to_solr_params(solr_parameters
|
|
70
|
-
apply_gated_discovery(solr_parameters
|
|
72
|
+
def add_access_controls_to_solr_params(solr_parameters)
|
|
73
|
+
apply_gated_discovery(solr_parameters)
|
|
71
74
|
end
|
|
72
75
|
|
|
73
76
|
|
|
@@ -83,11 +86,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
83
86
|
|
|
84
87
|
# Contrller before filter that sets up access-controlled lucene query in order to provide gated discovery behavior
|
|
85
88
|
# @param solr_parameters the current solr parameters
|
|
86
|
-
|
|
87
|
-
def apply_gated_discovery(solr_parameters, user_parameters)
|
|
89
|
+
def apply_gated_discovery(solr_parameters)
|
|
88
90
|
solr_parameters[:fq] ||= []
|
|
89
91
|
solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
|
|
90
|
-
logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
92
|
+
Rails.logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
91
93
|
end
|
|
92
94
|
|
|
93
95
|
|
|
@@ -21,12 +21,11 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
21
21
|
describe "When I am searching for content" do
|
|
22
22
|
before do
|
|
23
23
|
@solr_parameters = {}
|
|
24
|
-
@user_parameters = {}
|
|
25
24
|
end
|
|
26
25
|
context "Given I am not logged in" do
|
|
27
26
|
before do
|
|
28
27
|
allow(subject).to receive(:current_user).and_return(User.new(:new_record=>true))
|
|
29
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
28
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
30
29
|
end
|
|
31
30
|
it "Then I should be treated as a member of the 'public' group" do
|
|
32
31
|
expect(@solr_parameters[:fq].first).to eq 'edit_access_group_ssim:public OR discover_access_group_ssim:public OR read_access_group_ssim:public'
|
|
@@ -35,10 +34,10 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
35
34
|
expect(@solr_parameters[:fq].first).to_not match(/registered/)
|
|
36
35
|
end
|
|
37
36
|
it "Then I should not have individual or group permissions"
|
|
38
|
-
it "Should
|
|
37
|
+
it "Should change based on the discovery_perissions" do
|
|
39
38
|
@solr_parameters = {}
|
|
40
39
|
discovery_permissions = ["read","edit"]
|
|
41
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
40
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
42
41
|
["edit","read"].each do |type|
|
|
43
42
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:public/)
|
|
44
43
|
end
|
|
@@ -52,7 +51,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
52
51
|
# This is a pretty fragile way to stub it...
|
|
53
52
|
allow(RoleMapper).to receive(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
|
|
54
53
|
allow(subject).to receive(:current_user).and_return(@user)
|
|
55
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
54
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
56
55
|
end
|
|
57
56
|
it "Then I should be treated as a member of the 'public' and 'registered' groups" do
|
|
58
57
|
["discover","edit","read"].each do |type|
|
|
@@ -72,10 +71,10 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
72
71
|
end
|
|
73
72
|
end
|
|
74
73
|
end
|
|
75
|
-
it "Should
|
|
74
|
+
it "Should change based on the discovery_perissions" do
|
|
76
75
|
@solr_parameters = {}
|
|
77
76
|
discovery_permissions = ["read","edit"]
|
|
78
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
77
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
79
78
|
["faculty", "africana-faculty"].each do |group_id|
|
|
80
79
|
["edit","read"].each do |type|
|
|
81
80
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:#{group_id}/)
|
|
@@ -117,16 +116,15 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
117
116
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["archivist","researcher"])
|
|
118
117
|
allow(subject).to receive(:current_user).and_return(@stub_user)
|
|
119
118
|
@solr_parameters = {}
|
|
120
|
-
@user_parameters = {}
|
|
121
119
|
end
|
|
122
120
|
it "should set query fields for the user id checking against the discover, access, read fields" do
|
|
123
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
121
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
124
122
|
["discover","edit","read"].each do |type|
|
|
125
123
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{@stub_user.user_key}/)
|
|
126
124
|
end
|
|
127
125
|
end
|
|
128
126
|
it "should set query fields for all roles the user is a member of checking against the discover, access, read fields" do
|
|
129
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
127
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
130
128
|
["discover","edit","read"].each do |type|
|
|
131
129
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:archivist/)
|
|
132
130
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:researcher/)
|
|
@@ -135,7 +133,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
135
133
|
|
|
136
134
|
it "should escape slashes in the group names" do
|
|
137
135
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc/123","cde/567"])
|
|
138
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
136
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
139
137
|
["discover","edit","read"].each do |type|
|
|
140
138
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\\/123/)
|
|
141
139
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\\/567/)
|
|
@@ -143,7 +141,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
143
141
|
end
|
|
144
142
|
it "should escape spaces in the group names" do
|
|
145
143
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc 123","cd/e 567"])
|
|
146
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
144
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
147
145
|
["discover","edit","read"].each do |type|
|
|
148
146
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\ 123/)
|
|
149
147
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cd\\\/e\\ 567/)
|
|
@@ -151,7 +149,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
151
149
|
end
|
|
152
150
|
it "should escape colons in the group names" do
|
|
153
151
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc:123","cde:567"])
|
|
154
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
152
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
155
153
|
["discover","edit","read"].each do |type|
|
|
156
154
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\:123/)
|
|
157
155
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\:567/)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.
|
|
4
|
+
version: 8.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2015-
|
|
13
|
+
date: 2015-03-27 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -64,44 +64,44 @@ dependencies:
|
|
|
64
64
|
name: cancancan
|
|
65
65
|
requirement: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
|
-
- - "
|
|
67
|
+
- - "~>"
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version: '
|
|
69
|
+
version: '1.8'
|
|
70
70
|
type: :runtime
|
|
71
71
|
prerelease: false
|
|
72
72
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
73
|
requirements:
|
|
74
|
-
- - "
|
|
74
|
+
- - "~>"
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
|
-
version: '
|
|
76
|
+
version: '1.8'
|
|
77
77
|
- !ruby/object:Gem::Dependency
|
|
78
78
|
name: deprecation
|
|
79
79
|
requirement: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
|
81
|
-
- - "
|
|
81
|
+
- - "~>"
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
|
-
version: '0'
|
|
83
|
+
version: '0.1'
|
|
84
84
|
type: :runtime
|
|
85
85
|
prerelease: false
|
|
86
86
|
version_requirements: !ruby/object:Gem::Requirement
|
|
87
87
|
requirements:
|
|
88
|
-
- - "
|
|
88
|
+
- - "~>"
|
|
89
89
|
- !ruby/object:Gem::Version
|
|
90
|
-
version: '0'
|
|
90
|
+
version: '0.1'
|
|
91
91
|
- !ruby/object:Gem::Dependency
|
|
92
92
|
name: blacklight
|
|
93
93
|
requirement: !ruby/object:Gem::Requirement
|
|
94
94
|
requirements:
|
|
95
95
|
- - "~>"
|
|
96
96
|
- !ruby/object:Gem::Version
|
|
97
|
-
version: '5.
|
|
97
|
+
version: '5.10'
|
|
98
98
|
type: :runtime
|
|
99
99
|
prerelease: false
|
|
100
100
|
version_requirements: !ruby/object:Gem::Requirement
|
|
101
101
|
requirements:
|
|
102
102
|
- - "~>"
|
|
103
103
|
- !ruby/object:Gem::Version
|
|
104
|
-
version: '5.
|
|
104
|
+
version: '5.10'
|
|
105
105
|
- !ruby/object:Gem::Dependency
|
|
106
106
|
name: sass-rails
|
|
107
107
|
requirement: !ruby/object:Gem::Requirement
|