hydra-access-controls 9.0.1 → 9.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/hydra-access-controls.gemspec +2 -2
- data/lib/hydra/ability.rb +1 -1
- data/lib/hydra/access_controls_enforcement.rb +12 -10
- data/spec/unit/access_controls_enforcement_spec.rb +10 -11
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 53a9ac37f60be38af2c511a423f849ecd9991c0f
|
|
4
|
+
data.tar.gz: 8ac4de9c1ac17eabc873ed5e0775d252d4e0b77b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61551d7bed4090045e64c9c07b1f38c28edd724e5df26c0e38987a031f72f6bcc12d717f9a538af4c29fded68091da6ec345f5c5503ea234a8e9c1b182d6046a
|
|
7
|
+
data.tar.gz: adb99e576d8f641be0ef66b7efedde72840f1fe3a859c59f457fe18eb9ce3933bb9ca14a5c9fd00dbca50bc744420c485e6a6cb28d0ce5eb6a5b74014e3c923f
|
|
@@ -21,8 +21,8 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
gem.add_dependency 'activesupport', '~> 4.0'
|
|
22
22
|
gem.add_dependency "active-fedora", '~> 9.0.0'
|
|
23
23
|
gem.add_dependency 'cancancan', '~> 1.8'
|
|
24
|
-
gem.add_dependency 'deprecation', '~> 0.1
|
|
25
|
-
gem.add_dependency "blacklight", '~> 5.
|
|
24
|
+
gem.add_dependency 'deprecation', '~> 0.1'
|
|
25
|
+
gem.add_dependency "blacklight", '~> 5.10'
|
|
26
26
|
|
|
27
27
|
# sass-rails is typically generated into the app's gemfile by `rails new`
|
|
28
28
|
# In rails 3 it's put into the "assets" group and thus not available to the
|
data/lib/hydra/ability.rb
CHANGED
|
@@ -11,7 +11,7 @@ module Hydra
|
|
|
11
11
|
included do
|
|
12
12
|
include CanCan::Ability
|
|
13
13
|
include Hydra::PermissionsQuery
|
|
14
|
-
include Blacklight::
|
|
14
|
+
include Blacklight::SearchHelper
|
|
15
15
|
class_attribute :ability_logic
|
|
16
16
|
self.ability_logic = [:create_permissions, :edit_permissions, :read_permissions, :download_permissions, :custom_permissions]
|
|
17
17
|
end
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
module Hydra::AccessControlsEnforcement
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
3
|
|
|
4
|
-
included do
|
|
4
|
+
included do |klass|
|
|
5
|
+
attr_writer :current_ability
|
|
5
6
|
class_attribute :solr_access_filters_logic
|
|
6
7
|
|
|
7
8
|
# Set defaults. Each symbol identifies a _method_ that must be in
|
|
@@ -14,6 +15,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
14
15
|
|
|
15
16
|
end
|
|
16
17
|
|
|
18
|
+
def current_ability
|
|
19
|
+
@current_ability || raise("current_ability has not been set on #{self}")
|
|
20
|
+
end
|
|
21
|
+
|
|
17
22
|
protected
|
|
18
23
|
|
|
19
24
|
def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
|
|
@@ -59,15 +64,13 @@ module Hydra::AccessControlsEnforcement
|
|
|
59
64
|
# * Applies a lucene query to the solr :q parameter for gated discovery
|
|
60
65
|
# * Uses public_qt search handler if user does not have "read" permissions
|
|
61
66
|
# @param solr_parameters the current solr parameters
|
|
62
|
-
# @param user_parameters the current user-subitted parameters
|
|
63
67
|
#
|
|
64
|
-
# @example This method should be added to your
|
|
68
|
+
# @example This method should be added to your CatalogController's search_params_logic
|
|
65
69
|
# class CatalogController < ApplicationController
|
|
66
|
-
#
|
|
67
|
-
# CatalogController.solr_search_params_logic << :add_access_controls_to_solr_params
|
|
70
|
+
# CatalogController.search_params_logic += [:add_access_controls_to_solr_params]
|
|
68
71
|
# end
|
|
69
|
-
def add_access_controls_to_solr_params(solr_parameters
|
|
70
|
-
apply_gated_discovery(solr_parameters
|
|
72
|
+
def add_access_controls_to_solr_params(solr_parameters)
|
|
73
|
+
apply_gated_discovery(solr_parameters)
|
|
71
74
|
end
|
|
72
75
|
|
|
73
76
|
|
|
@@ -83,11 +86,10 @@ module Hydra::AccessControlsEnforcement
|
|
|
83
86
|
|
|
84
87
|
# Contrller before filter that sets up access-controlled lucene query in order to provide gated discovery behavior
|
|
85
88
|
# @param solr_parameters the current solr parameters
|
|
86
|
-
|
|
87
|
-
def apply_gated_discovery(solr_parameters, user_parameters)
|
|
89
|
+
def apply_gated_discovery(solr_parameters)
|
|
88
90
|
solr_parameters[:fq] ||= []
|
|
89
91
|
solr_parameters[:fq] << gated_discovery_filters.join(" OR ")
|
|
90
|
-
logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
92
|
+
Rails.logger.debug("Solr parameters: #{ solr_parameters.inspect }")
|
|
91
93
|
end
|
|
92
94
|
|
|
93
95
|
|
|
@@ -21,13 +21,13 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
21
21
|
describe "When I am searching for content" do
|
|
22
22
|
before do
|
|
23
23
|
@solr_parameters = {}
|
|
24
|
-
@user_parameters = {}
|
|
25
24
|
end
|
|
26
25
|
context "Given I am not logged in" do
|
|
27
26
|
before do
|
|
28
27
|
allow(subject).to receive(:current_user).and_return(User.new(:new_record=>true))
|
|
29
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
28
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
30
29
|
end
|
|
30
|
+
|
|
31
31
|
it "Then I should be treated as a member of the 'public' group" do
|
|
32
32
|
expect(@solr_parameters[:fq].first).to eq 'edit_access_group_ssim:public OR discover_access_group_ssim:public OR read_access_group_ssim:public'
|
|
33
33
|
end
|
|
@@ -37,7 +37,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
37
37
|
it "Should changed based on the discovery_perissions" do
|
|
38
38
|
@solr_parameters = {}
|
|
39
39
|
discovery_permissions = ["read","edit"]
|
|
40
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
40
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
41
41
|
["edit","read"].each do |type|
|
|
42
42
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:public/)
|
|
43
43
|
end
|
|
@@ -52,7 +52,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
52
52
|
# This is a pretty fragile way to stub it...
|
|
53
53
|
allow(RoleMapper).to receive(:byname).and_return(@user.user_key=>["faculty", "africana-faculty"])
|
|
54
54
|
allow(subject).to receive(:current_user).and_return(@user)
|
|
55
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
55
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
56
56
|
end
|
|
57
57
|
it "Then I should be treated as a member of the 'public' and 'registered' groups" do
|
|
58
58
|
["discover","edit","read"].each do |type|
|
|
@@ -75,7 +75,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
75
75
|
it "Should changed based on the discovery_perissions" do
|
|
76
76
|
@solr_parameters = {}
|
|
77
77
|
discovery_permissions = ["read","edit"]
|
|
78
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
78
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
79
79
|
["faculty", "africana-faculty"].each do |group_id|
|
|
80
80
|
["edit","read"].each do |type|
|
|
81
81
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:#{group_id}/)
|
|
@@ -117,16 +117,15 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
117
117
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["archivist","researcher"])
|
|
118
118
|
allow(subject).to receive(:current_user).and_return(@stub_user)
|
|
119
119
|
@solr_parameters = {}
|
|
120
|
-
@user_parameters = {}
|
|
121
120
|
end
|
|
122
121
|
it "should set query fields for the user id checking against the discover, access, read fields" do
|
|
123
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
122
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
124
123
|
["discover","edit","read"].each do |type|
|
|
125
124
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_person_ssim\:#{@stub_user.user_key}/)
|
|
126
125
|
end
|
|
127
126
|
end
|
|
128
127
|
it "should set query fields for all roles the user is a member of checking against the discover, access, read fields" do
|
|
129
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
128
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
130
129
|
["discover","edit","read"].each do |type|
|
|
131
130
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:archivist/)
|
|
132
131
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:researcher/)
|
|
@@ -135,7 +134,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
135
134
|
|
|
136
135
|
it "should escape slashes in the group names" do
|
|
137
136
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc/123","cde/567"])
|
|
138
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
137
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
139
138
|
["discover","edit","read"].each do |type|
|
|
140
139
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\\/123/)
|
|
141
140
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\\/567/)
|
|
@@ -143,7 +142,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
143
142
|
end
|
|
144
143
|
it "should escape spaces in the group names" do
|
|
145
144
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc 123","cd/e 567"])
|
|
146
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
145
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
147
146
|
["discover","edit","read"].each do |type|
|
|
148
147
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\ 123/)
|
|
149
148
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cd\\\/e\\ 567/)
|
|
@@ -151,7 +150,7 @@ describe Hydra::AccessControlsEnforcement do
|
|
|
151
150
|
end
|
|
152
151
|
it "should escape colons in the group names" do
|
|
153
152
|
allow(RoleMapper).to receive(:roles).with(@stub_user).and_return(["abc:123","cde:567"])
|
|
154
|
-
subject.send(:apply_gated_discovery, @solr_parameters
|
|
153
|
+
subject.send(:apply_gated_discovery, @solr_parameters)
|
|
155
154
|
["discover","edit","read"].each do |type|
|
|
156
155
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:abc\\:123/)
|
|
157
156
|
expect(@solr_parameters[:fq].first).to match(/#{type}_access_group_ssim\:cde\\:567/)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hydra-access-controls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 9.0
|
|
4
|
+
version: 9.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Beer
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2015-
|
|
13
|
+
date: 2015-03-06 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -60,28 +60,28 @@ dependencies:
|
|
|
60
60
|
requirements:
|
|
61
61
|
- - "~>"
|
|
62
62
|
- !ruby/object:Gem::Version
|
|
63
|
-
version: 0.1
|
|
63
|
+
version: '0.1'
|
|
64
64
|
type: :runtime
|
|
65
65
|
prerelease: false
|
|
66
66
|
version_requirements: !ruby/object:Gem::Requirement
|
|
67
67
|
requirements:
|
|
68
68
|
- - "~>"
|
|
69
69
|
- !ruby/object:Gem::Version
|
|
70
|
-
version: 0.1
|
|
70
|
+
version: '0.1'
|
|
71
71
|
- !ruby/object:Gem::Dependency
|
|
72
72
|
name: blacklight
|
|
73
73
|
requirement: !ruby/object:Gem::Requirement
|
|
74
74
|
requirements:
|
|
75
75
|
- - "~>"
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: '5.
|
|
77
|
+
version: '5.10'
|
|
78
78
|
type: :runtime
|
|
79
79
|
prerelease: false
|
|
80
80
|
version_requirements: !ruby/object:Gem::Requirement
|
|
81
81
|
requirements:
|
|
82
82
|
- - "~>"
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
|
-
version: '5.
|
|
84
|
+
version: '5.10'
|
|
85
85
|
- !ruby/object:Gem::Dependency
|
|
86
86
|
name: sass-rails
|
|
87
87
|
requirement: !ruby/object:Gem::Requirement
|