hydra-core 7.0.0 → 7.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 49c8a1e875c79d9755f8b70f052efd056e804411
-  data.tar.gz: 833a9c78e91293b4597d6ed8badee944ff3f4cbb
+  metadata.gz: 4e00f40dbd2788db9f9604419b786044b7634d05
+  data.tar.gz: f2a980dcfd1dce0761ddc87d24f52f196511020a
 SHA512:
-  metadata.gz: ffe8839308cdf3dd9d3b7f5fc6ebefd0243c38012da3488b63bc4d764550b1bb940bfc184bbb50e62e0023ae1b509f8332d427d5aea067c02ef468eae04ca88e
-  data.tar.gz: 8d441b1be8af28f9ec9c99999d3b8e3c68c126ca4411c013f59b9308610c839ebce2a980a739f9b225a1fce7fc4e29323534c30048450c0d65d01670aff42bcd
+  metadata.gz: 2e2936a83461ca3a9a53dfccb945a3993b4965780bfbbb035a7ee61b5729218b3b4c347ec8e9ee15242b3969daf19590aecf5366a6107dccd9202b8d63d7281d
+  data.tar.gz: 450565c96214fd6c7de40d78dd5d9313331871d3997c42802ddb84d839b295a40877274ade67ba3edc1109cb2b4e2e986c0374159987f31f8c8bd7a4a035805e

data/app/controllers/concerns/hydra/controller/controller_behavior.rb

@@ -16,14 +16,14 @@ module Hydra::Controller::ControllerBehavior
     include Hydra::AccessControlsEnforcement
   
     # Catch permission errors
-    rescue_from Hydra::AccessDenied do |exception|
+    rescue_from CanCan::AccessDenied do |exception|
       if (exception.action == :edit)
         redirect_to({:action=>'show'}, :alert => exception.message)
       elsif current_user and current_user.persisted?
-        redirect_to root_url, :alert => exception.message
+        redirect_to root_path, :alert => exception.message
       else
         session["user_return_to"] = request.url
-        redirect_to new_user_session_url, :alert => exception.message
+        redirect_to new_user_session_path, :alert => exception.message
       end
     end
   end

data/app/controllers/concerns/hydra/controller/download_behavior.rb

@@ -5,6 +5,7 @@ module Hydra
       extend Deprecation
 
       included do
+        include Hydra::Controller::ControllerBehavior
         before_filter :load_asset
         before_filter :load_datastream
         before_filter :authorize_download!

data/lib/hydra-head/version.rb

@@ -1,4 +1,4 @@
 module HydraHead
-  VERSION = "7.0.0"
+  VERSION = "7.0.1"
 end
 

data/spec/controllers/downloads_controller_spec.rb

@@ -4,6 +4,8 @@ describe DownloadsController do
   before do
     Rails.application.routes.draw do
       resources :downloads
+      devise_for :users
+      root to: 'catalog#index'
     end
   end
 
@@ -32,12 +34,35 @@ describe DownloadsController do
       @obj.destroy
       Object.send(:remove_const, :ContentHolder)
     end 
-    describe "when logged in as reader" do
+    context "when not logged in" do
+      context "when a specific datastream is requested" do
+        it "should redirect to the root path and display an error" do
+          get "show", id: @obj.pid, datastream_id: "descMetadata"
+          expect(response).to redirect_to new_user_session_path
+          expect(flash[:alert]).to eq "You are not authorized to access this page."
+        end
+      end
+    end
+    context "when logged in, but without read access" do
+      let(:user) { User.new.tap {|u| u.email = 'email2@example.com'; u.password = 'password'; u.save} }
+      before do
+        sign_in user
+      end
+      context "when a specific datastream is requested" do
+        it "should redirect to the root path and display an error" do
+          get "show", id: @obj.pid, datastream_id: "descMetadata"
+          expect(response).to redirect_to root_path
+          expect(flash[:alert]).to eq "You are not authorized to access this page."
+        end
+      end
+    end
+
+    context "when logged in as reader" do
       before do
         sign_in @user
         User.any_instance.stub(:groups).and_return([])
       end
-      describe "show" do
+      describe "#show" do
         it "should default to returning default download configured by object" do
           ContentHolder.stub(:default_content_ds).and_return('buzz')
           get "show", :id => @obj.pid
@@ -167,7 +192,10 @@ describe DownloadsController do
         it "should authorize according to can_download?" do
           controller.current_ability.can?(:download, @obj.datastreams['buzz']).should be_true
           controller.stub(:can_download?).and_return(false)
-          expect { get :show, id: @obj, datastream_id: 'buzz' }.to raise_error(CanCan::AccessDenied)
+          Deprecation.silence(Hydra::Controller::DownloadBehavior) do
+            get :show, id: @obj, datastream_id: 'buzz'
+          end
+          expect(response).to redirect_to root_url
         end
       end
       context "current_ability.can? returns false / can_download? returns true" do
@@ -178,7 +206,9 @@ describe DownloadsController do
         it "should authorize according to can_download?" do
           controller.current_ability.can?(:download, @obj.datastreams['buzz']).should be_false
           controller.stub(:can_download?).and_return(true)
-          get :show, id: @obj, datastream_id: 'buzz'
+          Deprecation.silence(Hydra::Controller::DownloadBehavior) do
+            get :show, id: @obj, datastream_id: 'buzz'
+          end
           response.should be_successful           
         end
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-core
 version: !ruby/object:Gem::Version
-  version: 7.0.0
+  version: 7.0.1
 platform: ruby
 authors:
 - Matt Zumwalt, Bess Sadler, Julie Meloni, Naomi Dushay, Jessie Keck, John Scofield,
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-31 00:00:00.000000000 Z
+date: 2014-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -51,14 +51,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 7.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 7.0.1
 - !ruby/object:Gem::Dependency
   name: jettywrapper
   requirement: !ruby/object:Gem::Requirement