hydra-core 9.5.0 → 9.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fbc1d8abf41b8b2c7415d62572fd8c08508e539c
-  data.tar.gz: cfb9c8633be3f2ba867b0633ea5fd41a8877bc78
+  metadata.gz: 7de2e1cf6d7fffb05b9d158a071a5233e757f251
+  data.tar.gz: 190764737d16b04bca3c887f5be91a67699e1ab7
 SHA512:
-  metadata.gz: 8c8d0da2df3d2c30b13d5442be8a7f8083aa839dc40fb1157dc98d1f865a097cc4463dc671f411e3c7cf3ee13e5bdcf1ebcec43a5007f6447b247f3aa244edc3
-  data.tar.gz: e6f73940366cd473be061df8433ce06ac223f694ba6b4d24cac2694303bc382f83363c74aee416b5f9450c66ab63da7efc72a3e4fed5bd4d7de6b987638de89f
+  metadata.gz: d6171dc2226ab963b5221e2a9de0e548307fbebd64881fe2b30947eb8688af55922c2ecb6f5aa9a2ee524fd38f1cc978ff6f300c26bd904899b4192b579e71de
+  data.tar.gz: 45508099ed34d6ff46463feccb5ed7214cbe8bb08a58033982f87febc83cfd46c2485503d9befbd6de279444943481161a17183ba16716350fa1987ff9cc8890

data/app/controllers/concerns/hydra/catalog.rb

@@ -1,5 +1,23 @@
 module Hydra::Catalog
   extend ActiveSupport::Concern
   include Blacklight::Catalog
-  include Hydra::Controller::SearchBuilder
+  include Blacklight::AccessControls::Catalog
+
+  # Action-specific enforcement
+  # Controller "before" filter for enforcing access controls on show actions
+  # @param [Hash] opts (optional, not currently used)
+  def enforce_show_permissions(opts={})
+    # The "super" method comes from blacklight-access_controls.
+    # It will check the read permissions for the record.
+    # By default, it will return a Hydra::PermissionsSolrDocument
+    # that contains the permissions fields for that record
+    # so that you can perform additional permissions checks.
+    permissions_doc = super
+
+    if permissions_doc.under_embargo? && !can?(:edit, permissions_doc)
+      raise Hydra::AccessDenied.new("This item is under embargo.  You do not have sufficient access privileges to read this document.", :edit, params[:id])
+    end
+
+    permissions_doc
+  end
 end

data/app/controllers/concerns/hydra/controller/search_builder.rb

@@ -1,9 +1,8 @@
 module Hydra::Controller::SearchBuilder
   extend ActiveSupport::Concern
 
-  # Override blacklight to produce a search_builder that has the current ability in context
-  def search_builder processor_chain = search_params_logic
-    super.tap { |builder| builder.current_ability = current_ability }
+  included do
+    Deprecation.warn Hydra::Controller::SearchBuilder, "Hydra::Controller::SearchBuilder no longer does anything.  It will be removed in Hydra version 10.  The code that used to be in this module was moved to Blacklight::AccessControls::Catalog in the blacklight-access_controls gem."
   end
 
 end

data/app/search_builders/hydra/search_builder.rb

@@ -1,5 +1,6 @@
 module Hydra
-  class SearchBuilder < Blacklight::Solr::SearchBuilder
+  class SearchBuilder < Blacklight::SearchBuilder
+    include Blacklight::Solr::SearchBuilderBehavior
     include Hydra::AccessControlsEnforcement
   end
 end

data/lib/generators/hydra/templates/catalog_controller.rb

@@ -5,16 +5,17 @@ class CatalogController < ApplicationController
 
   include Hydra::Catalog
   # These before_filters apply the hydra access controls
-  before_filter :enforce_show_permissions, :only=>:show
+  before_filter :enforce_show_permissions, only: :show
+
   # This applies appropriate access controls to all solr queries
-  CatalogController.search_params_logic += [:add_access_controls_to_solr_params]
+  Hydra::SearchBuilder.default_processor_chain += [:add_access_controls_to_solr_params]
 
 
   configure_blacklight do |config|
     config.search_builder_class = Hydra::SearchBuilder
     config.default_solr_params = {
-      :qt => 'search',
-      :rows => 10
+      qt: 'search',
+      rows: 10
     }
 
     # solr field configuration for search results/index views
@@ -41,13 +42,13 @@ class CatalogController < ApplicationController
     #
     # :show may be set to false if you don't want the facet to be drawn in the
     # facet bar
-    config.add_facet_field solr_name('object_type', :facetable), :label => 'Format'
-    config.add_facet_field solr_name('pub_date', :facetable), :label => 'Publication Year'
-    config.add_facet_field solr_name('subject_topic', :facetable), :label => 'Topic', :limit => 20
-    config.add_facet_field solr_name('language', :facetable), :label => 'Language', :limit => true
-    config.add_facet_field solr_name('lc1_letter', :facetable), :label => 'Call Number'
-    config.add_facet_field solr_name('subject_geo', :facetable), :label => 'Region'
-    config.add_facet_field solr_name('subject_era', :facetable), :label => 'Era'
+    config.add_facet_field solr_name('object_type', :facetable), label: 'Format'
+    config.add_facet_field solr_name('pub_date', :facetable), label: 'Publication Year'
+    config.add_facet_field solr_name('subject_topic', :facetable), label: 'Topic', limit: 20
+    config.add_facet_field solr_name('language', :facetable), label: 'Language', limit: true
+    config.add_facet_field solr_name('lc1_letter', :facetable), label: 'Call Number'
+    config.add_facet_field solr_name('subject_geo', :facetable), label: 'Region'
+    config.add_facet_field solr_name('subject_era', :facetable), label: 'Era'
 
     # Have BL send all facet field names to Solr, which has been the default
     # previously. Simply remove these lines if you'd rather use Solr request
@@ -59,32 +60,32 @@ class CatalogController < ApplicationController
 
     # solr fields to be displayed in the index (search results) view
     #   The ordering of the field names is the order of the display
-    config.add_index_field solr_name('title', :stored_searchable, type: :string), :label => 'Title:'
-    config.add_index_field solr_name('title_vern', :stored_searchable, type: :string), :label => 'Title:'
-    config.add_index_field solr_name('author', :stored_searchable, type: :string), :label => 'Author:'
-    config.add_index_field solr_name('author_vern', :stored_searchable, type: :string), :label => 'Author:'
-    config.add_index_field solr_name('format', :symbol), :label => 'Format:'
-    config.add_index_field solr_name('language', :stored_searchable, type: :string), :label => 'Language:'
-    config.add_index_field solr_name('published', :stored_searchable, type: :string), :label => 'Published:'
-    config.add_index_field solr_name('published_vern', :stored_searchable, type: :string), :label => 'Published:'
-    config.add_index_field solr_name('lc_callnum', :stored_searchable, type: :string), :label => 'Call number:'
+    config.add_index_field solr_name('title', :stored_searchable, type: :string), label: 'Title:'
+    config.add_index_field solr_name('title_vern', :stored_searchable, type: :string), label: 'Title:'
+    config.add_index_field solr_name('author', :stored_searchable, type: :string), label: 'Author:'
+    config.add_index_field solr_name('author_vern', :stored_searchable, type: :string), label: 'Author:'
+    config.add_index_field solr_name('format', :symbol), label: 'Format:'
+    config.add_index_field solr_name('language', :stored_searchable, type: :string), label: 'Language:'
+    config.add_index_field solr_name('published', :stored_searchable, type: :string), label: 'Published:'
+    config.add_index_field solr_name('published_vern', :stored_searchable, type: :string), label: 'Published:'
+    config.add_index_field solr_name('lc_callnum', :stored_searchable, type: :string), label: 'Call number:'
 
     # solr fields to be displayed in the show (single result) view
     #   The ordering of the field names is the order of the display
-    config.add_show_field solr_name('title', :stored_searchable, type: :string), :label => 'Title:'
-    config.add_show_field solr_name('title_vern', :stored_searchable, type: :string), :label => 'Title:'
-    config.add_show_field solr_name('subtitle', :stored_searchable, type: :string), :label => 'Subtitle:'
-    config.add_show_field solr_name('subtitle_vern', :stored_searchable, type: :string), :label => 'Subtitle:'
-    config.add_show_field solr_name('author', :stored_searchable, type: :string), :label => 'Author:'
-    config.add_show_field solr_name('author_vern', :stored_searchable, type: :string), :label => 'Author:'
-    config.add_show_field solr_name('format', :symbol), :label => 'Format:'
-    config.add_show_field solr_name('url_fulltext_tsim', :stored_searchable, type: :string), :label => 'URL:'
-    config.add_show_field solr_name('url_suppl_tsim', :stored_searchable, type: :string), :label => 'More Information:'
-    config.add_show_field solr_name('language', :stored_searchable, type: :string), :label => 'Language:'
-    config.add_show_field solr_name('published', :stored_searchable, type: :string), :label => 'Published:'
-    config.add_show_field solr_name('published_vern', :stored_searchable, type: :string), :label => 'Published:'
-    config.add_show_field solr_name('lc_callnum', :stored_searchable, type: :string), :label => 'Call number:'
-    config.add_show_field solr_name('isbn', :stored_searchable, type: :string), :label => 'ISBN:'
+    config.add_show_field solr_name('title', :stored_searchable, type: :string), label: 'Title:'
+    config.add_show_field solr_name('title_vern', :stored_searchable, type: :string), label: 'Title:'
+    config.add_show_field solr_name('subtitle', :stored_searchable, type: :string), label: 'Subtitle:'
+    config.add_show_field solr_name('subtitle_vern', :stored_searchable, type: :string), label: 'Subtitle:'
+    config.add_show_field solr_name('author', :stored_searchable, type: :string), label: 'Author:'
+    config.add_show_field solr_name('author_vern', :stored_searchable, type: :string), label: 'Author:'
+    config.add_show_field solr_name('format', :symbol), label: 'Format:'
+    config.add_show_field solr_name('url_fulltext_tsim', :stored_searchable, type: :string), label: 'URL:'
+    config.add_show_field solr_name('url_suppl_tsim', :stored_searchable, type: :string), label: 'More Information:'
+    config.add_show_field solr_name('language', :stored_searchable, type: :string), label: 'Language:'
+    config.add_show_field solr_name('published', :stored_searchable, type: :string), label: 'Published:'
+    config.add_show_field solr_name('published_vern', :stored_searchable, type: :string), label: 'Published:'
+    config.add_show_field solr_name('lc_callnum', :stored_searchable, type: :string), label: 'Call number:'
+    config.add_show_field solr_name('isbn', :stored_searchable, type: :string), label: 'ISBN:'
 
     # "fielded" search configuration. Used by pulldown among other places.
     # For supported keys in hash, see rdoc for Blacklight::SearchFields
@@ -104,7 +105,7 @@ class CatalogController < ApplicationController
     # solr request handler? The one set in config[:default_solr_parameters][:qt],
     # since we aren't specifying it otherwise.
 
-    config.add_search_field 'all_fields', :label => 'All Fields'
+    config.add_search_field 'all_fields', label: 'All Fields'
 
 
     # Now we see how to over-ride Solr request handler defaults, in this
@@ -117,15 +118,15 @@ class CatalogController < ApplicationController
       # Solr parameter de-referencing like $title_qf.
       # See: http://wiki.apache.org/solr/LocalParams
       field.solr_local_parameters = {
-        :qf => '$title_qf',
-        :pf => '$title_pf'
+        qf: '$title_qf',
+        pf: '$title_pf'
       }
     end
 
     config.add_search_field('author') do |field|
       field.solr_local_parameters = {
-        :qf => '$author_qf',
-        :pf => '$author_pf'
+        qf: '$author_qf',
+        pf: '$author_pf'
       }
     end
 
@@ -135,8 +136,8 @@ class CatalogController < ApplicationController
     config.add_search_field('subject') do |field|
       field.qt = 'search'
       field.solr_local_parameters = {
-        :qf => '$subject_qf',
-        :pf => '$subject_pf'
+        qf: '$subject_qf',
+        pf: '$subject_pf'
       }
     end
 
@@ -144,10 +145,10 @@ class CatalogController < ApplicationController
     # label in pulldown is followed by the name of the SOLR field to sort by and
     # whether the sort is ascending or descending (it must be asc or desc
     # except in the relevancy case).
-    config.add_sort_field 'score desc, pub_date_dtsi desc, title_tesi asc', :label => 'relevance'
-    config.add_sort_field 'pub_date_dtsi desc, title_tesi asc', :label => 'year'
-    config.add_sort_field 'author_tesi asc, title_tesi asc', :label => 'author'
-    config.add_sort_field 'title_tesi asc, pub_date_dtsi desc', :label => 'title'
+    config.add_sort_field 'score desc, pub_date_dtsi desc, title_tesi asc', label: 'relevance'
+    config.add_sort_field 'pub_date_dtsi desc, title_tesi asc', label: 'year'
+    config.add_sort_field 'author_tesi asc, title_tesi asc', label: 'author'
+    config.add_sort_field 'title_tesi asc, pub_date_dtsi desc', label: 'title'
 
     # If there are more than this many search results, no spelling ("did you
     # mean") suggestion is offered.

data/lib/hydra-head/version.rb

@@ -1,3 +1,3 @@
 module HydraHead
-  VERSION = "9.5.0"
+  VERSION = "9.6.0"
 end

data/spec/controllers/catalog_controller_spec.rb

@@ -18,27 +18,13 @@ describe CatalogController do
     end
   end
 
-  describe "Paths Generated by Custom Routes:" do
-    # paths generated by custom routes
-    it "should map {:controller=>'catalog', :action=>'index'} to GET /catalog" do
-      expect(get: "/catalog").to route_to(controller: 'catalog', action: 'index')
-    end
-    it "should map {:controller=>'catalog', :action=>'show', :id=>'test:3'} to GET /catalog/test:3" do
-      expect(get: "/catalog/test:3").to route_to(controller: 'catalog', action: 'show', id: 'test:3')
-    end
-
-    it "should map catalog_path" do
-      expect(catalog_path("test:3")).to eq '/catalog/test:3'
-    end
-  end
-
   describe "index" do
     describe "access controls" do
       before(:all) do
         fq = "read_access_group_ssim:public OR edit_access_group_ssim:public OR discover_access_group_ssim:public"
         solr_opts = { fq: fq }
         response = ActiveFedora::SolrService.instance.conn.get('select', params: solr_opts)
-        @public_only_results = Blacklight::SolrResponse.new(response, solr_opts)
+        @public_only_results = Blacklight::Solr::Response.new(response, solr_opts)
       end
 
       it "should only return public documents if role does not have permissions" do
@@ -72,9 +58,9 @@ describe CatalogController do
         let(:related_uri) { related.rdf_subject }
         let(:asset) do
           ActiveFedora::Base.create do |g|
-            g.resource << [g.rdf_subject, RDF::DC.title, "Test Title"]
+            g.resource << [g.rdf_subject, RDF::Vocab::DC.title, "Test Title"]
             g.resource << [g.rdf_subject, RDF.type, type]
-            g.resource << [g.rdf_subject, RDF::DC.isReferencedBy, related_uri]
+            g.resource << [g.rdf_subject, RDF::Vocab::DC.isReferencedBy, related_uri]
           end
         end
         let(:related) do
@@ -130,4 +116,46 @@ describe CatalogController do
     end
   end
 
+  describe "enforce_show_permissions" do
+    let(:email_edit_access) { "edit_access@example.com" }
+    let(:email_read_access) { "read_access@example.com" }
+    let(:future_date) { 2.days.from_now.strftime("%Y-%m-%dT%H:%M:%SZ") }
+
+    let(:embargoed_object) {
+      doc = SolrDocument.new(id: '123',
+              "edit_access_person_ssim" => [email_edit_access],
+              "read_access_person_ssim" => [email_read_access],
+              "embargo_release_date_dtsi" => future_date)
+      solr = Blacklight.default_index.connection
+      solr.add(doc)
+      solr.commit
+      doc
+    }
+
+    before do
+      controller.params = { id: embargoed_object.id }
+      allow(controller).to receive(:current_user).and_return(user)
+    end
+
+    context 'a user with edit permissions' do
+      let(:user) { User.new email: email_edit_access }
+
+      it 'allows the user to view an embargoed object' do
+        expect {
+          controller.send(:enforce_show_permissions, {})
+        }.not_to raise_error
+      end
+    end
+
+    context 'a user without edit permissions' do
+      let(:user) { User.new email: email_read_access }
+
+      it 'denies access to the embargoed object' do
+        expect {
+          controller.send(:enforce_show_permissions, {})
+        }.to raise_error Hydra::AccessDenied, "This item is under embargo.  You do not have sufficient access privileges to read this document."
+      end
+    end
+  end
+
 end

data/spec/controllers/downloads_controller_spec.rb

@@ -39,6 +39,7 @@ describe DownloadsController do
     end
 
     context "when not logged in" do
+
       context "when a specific datastream is requested" do
         it "should redirect to the root path and display an error" do
           get :show, id: obj, file: "descMetadata"
@@ -47,6 +48,7 @@ describe DownloadsController do
         end
       end
     end
+
     context "when logged in, but without read access" do
       let(:user) { User.create(email: 'email2@example.com', password: 'password') }
       before do

data/spec/test_app_templates/Gemfile.extra

@@ -1,3 +1,6 @@
 gem 'rspec-rails', '~> 3.1', group: :test
 gem 'rspec-its'
 gem 'byebug' unless ENV['CI']
+
+gem 'rails', ENV.fetch('RAILS_VERSION', '4.2.5')
+gem 'blacklight', ENV.fetch('BLACKLIGHT_VERSION', '6.0.0')

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-core
 version: !ruby/object:Gem::Version
-  version: 9.5.0
+  version: 9.6.0
 platform: ruby
 authors:
 - Matt Zumwalt, Bess Sadler, Julie Meloni, Naomi Dushay, Jessie Keck, John Scofield,
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-11 00:00:00.000000000 Z
+date: 2016-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 9.5.0
+        version: 9.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 9.5.0
+        version: 9.6.0
 - !ruby/object:Gem::Dependency
   name: jettywrapper
   requirement: !ruby/object:Gem::Requirement
@@ -215,7 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Hydra-Head Rails Engine (requires Rails3)