hydra-access-controls 8.0.0 → 8.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/hydra-access-controls.gemspec +3 -3
- data/lib/hydra/ability.rb +1 -1
- data/lib/hydra/access_controls_enforcement.rb +12 -10
- data/spec/unit/access_controls_enforcement_spec.rb +11 -13
- metadata +12 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8a9a107ab5eb383394ebfc47c69dce414947a066
|
|
4
|
+
data.tar.gz: 700a1c079faad7648d7255c296f219355aae9463
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9a456db93036e5e7e24559357a468e1609f5ce6d89faf40c5db9bfe2af7c09c0bc359d733cf518079d05b24f76432a7feda172bd64a315d21ee0f831ac81d701
|
|
7
|
+
data.tar.gz: 3ad0be9f95328df88caa11274857b3842fa130c0a70c13e65c50ad948eefe0d79904c2be440b741ccc8c3b2c69b5ecce9767b12a9ccbbd93438fbe252c3f54a7
|
|
@@ -21,9 +21,9 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
gem.add_dependency 'activesupport', '~> 4.0'
|
|
22
22
|
gem.add_dependency "active-fedora", '~> 8.0.0'
|
|
23
23
|
gem.add_dependency "om", '~> 3.0', '>= 3.0.7'
|
|
24
|
-
gem.add_dependency 'cancancan'
|
|
25
|
-
gem.add_dependency 'deprecation'
|
|
26
|
-
gem.add_dependency "blacklight", '~> 5.
|
|
24
|
+
gem.add_dependency 'cancancan', '~> 1.8'
|
|
25
|
+
gem.add_dependency 'deprecation', '~> 0.1'
|
|
26
|
+
gem.add_dependency "blacklight", '~> 5.10'
|
|
27
27
|
|
|
28
28
|
# sass-rails is typically generated into the app's gemfile by `rails new`
|
|
29
29
|
# In rails 3 it's put into the "assets" group and thus not available to the
|
data/lib/hydra/ability.rb
CHANGED
|
@@ -11,7 +11,7 @@ module Hydra
|
|
|
11
11
|
included do
|
|
12
12
|
include CanCan::Ability
|
|
13
13
|
include Hydra::PermissionsQuery
|
|
14
|
-
include Blacklight::
|
|
14
|
+
include Blacklight::SearchHelper
|
|
15
15
|
class_attribute :ability_logic
|
|
16
16
|
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :download_permissions, :custom_permissions]
|
|
17
17
|
end
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
module Hydra::AccessControlsEnforcement
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
3
|
|
|
4
|
-
included do
|
|
4
|
+
included do |klass|
|
|
5
|
+
attr_writer :current_ability
|
|
5
6
|
class_attribute :solr_access_filters_logic
|
|
6
7
|
|
|
7
8
|
# Set defaults. Each symbol identifies a _method_ that must be in
|
|
@@ -13,6 +14,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
13
14
|
self.solr_access_filters_logic = [:apply_group_permissions, :apply_user_permissions, :apply_superuser_permissions ]
|
|
14
15
|
|
|
15
16
|
end
|
|
17
|
+
|
|
18
|
+
def current_ability
|
|
19
|
+
@current_ability || raise("current_ability has not been set on #{self}")
|
|
20
|
+
end
|
|
16
21
|
|
|
17
22
|
protected
|
|
18
23
|
|
|
@@ -59,15 +64,13 @@ module Hydra::AccessControlsEnforcement
|
|
|
59
64
|
# * Applies a lucene query to the solr :q parameter for gated discovery
|
|
60
65
|
# * Uses public_qt search handler if user does not have "read" permissions
|
|
61
66
|
# @param solr_parameters the current solr parameters
|
|
62
|
-
# @param user_parameters the current user-subitted parameters
|
|
63
67
|
#
|
|
64
|
-
# @example This method should be added to your
|
|
68
|
+
# @example This method should be added to your CatalogController's search_params_logic
|
|
65
69
|
# class CatalogController < ApplicationController
|
|
66
|
-
#
|
|
67
|
-
# CatalogController.solr_search_params_logic << :add_access_controls_to_solr_params
|
|
70
|
+
# CatalogController.search_params_logic += [:add_access_controls_to_solr_params]
|
|
68
71
|
# end
|
|
69
|
-
def add_access_controls_to_solr_params(solr_parameters
|
|
70
|
-
apply_gated_discovery(solr_parameters
|
|
72
|
+
def add_access_controls_to_solr_params(solr_parameters)
|
|
73
|
+
apply_gated_discovery(solr_parameters)
|
|
71
74
|
end
|
|
72
75
|
|
|
73
76
|
|
|
@@ -83,11 +86,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
83
86
|
|
|
84
87
|
# Contrller before filter that sets up access-controlled lucene query in order to provide gated discovery behavior
|
|
85
88
|
# @param solr_parameters the current solr parameters
|
|
86
|
-
|
|
87
|
-
def apply_gated_discovery(solr_parameters, user_parameters)
|
|
89
|
+
def apply_gated_discovery(solr_parameters)
|
|
88
90
|
solr_parameters[:fq] ||= []
|
|
89
91
|
solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
|
|
90
|
-
logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
92
|
+
Rails.logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
91
93
|
end
|
|
92
94
|
|
|
93
95
|
|
|
@@ -21,12 +21,11 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
21
21
|
describe "When I am searching for content" do
|
|
22
22
|
before do
|
|
23
23
|
@solr_parameters = {}
|
|
24
|
-
@user_parameters = {}
|
|
25
24
|
end
|
|
26
25
|
context "Given I am not logged in" do
|
|
27
26
|
before do
|
|
28
27
|
allow(subject).to receive(:current_user).and_return(User.new(:new_record=>true))
|
|
29
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
28
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
30
29
|
end
|
|
31
30
|
it "Then I should be treated as a member of the 'public' group" do
|
|
32
31
|
expect(@solr_parameters[:fq].first).to eq 'edit_access_group_ssim:public OR discover_access_group_ssim:public OR read_access_group_ssim:public'
|
|
@@ -35,10 +34,10 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
35
34
|
expect(@solr_parameters[:fq].first).to_not match(/registered/)
|
|
36
35
|
end
|
|
37
36
|
it "Then I should not have individual or group permissions"
|
|
38
|
-
it "Should
|
|
37
|
+
it "Should change based on the discovery_perissions" do
|
|
39
38
|
@solr_parameters = {}
|
|
40
39
|
discovery_permissions = ["read","edit"]
|
|
41
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
40
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
42
41
|
["edit","read"].each do |type|
|
|
43
42
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:public/)
|
|
44
43
|
end
|
|
@@ -52,7 +51,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
52
51
|
# This is a pretty fragile way to stub it...
|
|
53
52
|
allow(RoleMapper).to receive(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
|
|
54
53
|
allow(subject).to receive(:current_user).and_return(@user)
|
|
55
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
54
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
56
55
|
end
|
|
57
56
|
it "Then I should be treated as a member of the 'public' and 'registered' groups" do
|
|
58
57
|
["discover","edit","read"].each do |type|
|
|
@@ -72,10 +71,10 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
72
71
|
end
|
|
73
72
|
end
|
|
74
73
|
end
|
|
75
|
-
it "Should
|
|
74
|
+
it "Should change based on the discovery_perissions" do
|
|
76
75
|
@solr_parameters = {}
|
|
77
76
|
discovery_permissions = ["read","edit"]
|
|
78
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
77
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
79
78
|
["faculty", "africana-faculty"].each do |group_id|
|
|
80
79
|
["edit","read"].each do |type|
|
|
81
80
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:#{group_id}/)
|
|
@@ -117,16 +116,15 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
117
116
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["archivist","researcher"])
|
|
118
117
|
allow(subject).to receive(:current_user).and_return(@stub_user)
|
|
119
118
|
@solr_parameters = {}
|
|
120
|
-
@user_parameters = {}
|
|
121
119
|
end
|
|
122
120
|
it "should set query fields for the user id checking against the discover, access, read fields" do
|
|
123
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
121
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
124
122
|
["discover","edit","read"].each do |type|
|
|
125
123
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{@stub_user.user_key}/)
|
|
126
124
|
end
|
|
127
125
|
end
|
|
128
126
|
it "should set query fields for all roles the user is a member of checking against the discover, access, read fields" do
|
|
129
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
127
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
130
128
|
["discover","edit","read"].each do |type|
|
|
131
129
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:archivist/)
|
|
132
130
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:researcher/)
|
|
@@ -135,7 +133,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
135
133
|
|
|
136
134
|
it "should escape slashes in the group names" do
|
|
137
135
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc/123","cde/567"])
|
|
138
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
136
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
139
137
|
["discover","edit","read"].each do |type|
|
|
140
138
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\\/123/)
|
|
141
139
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\\/567/)
|
|
@@ -143,7 +141,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
143
141
|
end
|
|
144
142
|
it "should escape spaces in the group names" do
|
|
145
143
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc 123","cd/e 567"])
|
|
146
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
144
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
147
145
|
["discover","edit","read"].each do |type|
|
|
148
146
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\ 123/)
|
|
149
147
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cd\\\/e\\ 567/)
|
|
@@ -151,7 +149,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
151
149
|
end
|
|
152
150
|
it "should escape colons in the group names" do
|
|
153
151
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc:123","cde:567"])
|
|
154
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
152
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
155
153
|
["discover","edit","read"].each do |type|
|
|
156
154
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\:123/)
|
|
157
155
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\:567/)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.
|
|
4
|
+
version: 8.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2015-
|
|
13
|
+
date: 2015-03-27 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -64,44 +64,44 @@ dependencies:
|
|
|
64
64
|
name: cancancan
|
|
65
65
|
requirement: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
|
-
- - "
|
|
67
|
+
- - "~>"
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version: '
|
|
69
|
+
version: '1.8'
|
|
70
70
|
type: :runtime
|
|
71
71
|
prerelease: false
|
|
72
72
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
73
|
requirements:
|
|
74
|
-
- - "
|
|
74
|
+
- - "~>"
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
|
-
version: '
|
|
76
|
+
version: '1.8'
|
|
77
77
|
- !ruby/object:Gem::Dependency
|
|
78
78
|
name: deprecation
|
|
79
79
|
requirement: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
|
81
|
-
- - "
|
|
81
|
+
- - "~>"
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
|
-
version: '0'
|
|
83
|
+
version: '0.1'
|
|
84
84
|
type: :runtime
|
|
85
85
|
prerelease: false
|
|
86
86
|
version_requirements: !ruby/object:Gem::Requirement
|
|
87
87
|
requirements:
|
|
88
|
-
- - "
|
|
88
|
+
- - "~>"
|
|
89
89
|
- !ruby/object:Gem::Version
|
|
90
|
-
version: '0'
|
|
90
|
+
version: '0.1'
|
|
91
91
|
- !ruby/object:Gem::Dependency
|
|
92
92
|
name: blacklight
|
|
93
93
|
requirement: !ruby/object:Gem::Requirement
|
|
94
94
|
requirements:
|
|
95
95
|
- - "~>"
|
|
96
96
|
- !ruby/object:Gem::Version
|
|
97
|
-
version: '5.
|
|
97
|
+
version: '5.10'
|
|
98
98
|
type: :runtime
|
|
99
99
|
prerelease: false
|
|
100
100
|
version_requirements: !ruby/object:Gem::Requirement
|
|
101
101
|
requirements:
|
|
102
102
|
- - "~>"
|
|
103
103
|
- !ruby/object:Gem::Version
|
|
104
|
-
version: '5.
|
|
104
|
+
version: '5.10'
|
|
105
105
|
- !ruby/object:Gem::Dependency
|
|
106
106
|
name: sass-rails
|
|
107
107
|
requirement: !ruby/object:Gem::Requirement
|