hyrax 2.1.0.beta2 → 2.1.0.rc1

data/app/controllers/hyrax/dashboard/collection_members_controller.rb

@@ -25,6 +25,7 @@ module Hyrax
         after_update_error(err_msg) if err_msg.present?
         return if err_msg.present?
 
+        collection.reindex_extent = Hyrax::Adapters::NestingIndexAdapter::LIMITED_REINDEX
         members = collection.add_member_objects batch_ids
         messages = members.collect { |member| member.errors.full_messages }.flatten
         if messages.size == members.size

data/app/controllers/hyrax/dashboard/collections_controller.rb

@@ -144,6 +144,8 @@ module Hyrax
 
         process_member_changes
         @collection.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE unless @collection.discoverable?
+        # we don't have to reindex the full graph when updating collection
+        @collection.reindex_extent = Hyrax::Adapters::NestingIndexAdapter::LIMITED_REINDEX
         if @collection.update(collection_params.except(:members))
           after_update
         else
@@ -337,9 +339,10 @@ module Hyrax
 
         def extract_old_style_permission_attributes(attributes)
           # TODO: REMOVE in 3.0 - part of deprecation of permission attributes
-          Deprecation.warn(self, "passing in permissions with a new collection is deprecated and will be removed from Hyrax 3.0 ()") # TODO: elr - add alternative in ()
           permissions = attributes.delete("permissions_attributes")
           return [] unless permissions
+          Deprecation.warn(self, "Passing in permissions_attributes parameter with a new collection is deprecated and support will be removed from Hyrax 3.0. " \
+                                 "Use Hyrax::PermissionTemplate instead to grant Manage, Deposit, or View access.")
           participants = []
           permissions.each do |p|
             access = access(p)

data/app/controllers/hyrax/downloads_controller.rb

@@ -42,7 +42,13 @@ module Hyrax
       def authorize_download!
         authorize! :download, params[asset_param_key]
       rescue CanCan::AccessDenied
-        redirect_to default_image
+        unauthorized_image = Rails.root.join("app", "assets", "images", "unauthorized.png")
+        if File.exist? unauthorized_image
+          send_file unauthorized_image, status: :unauthorized
+        else
+          Deprecation.warn(self, "redirect_to default_image is deprecated and will be removed from Hyrax 3.0 (copy unauthorized.png image to directory assets/images instead)")
+          redirect_to default_image
+        end
       end
 
       def default_image

data/app/forms/hyrax/forms/admin/collection_type_form.rb

@@ -9,7 +9,7 @@ module Hyrax
         delegate :title, :description, :brandable, :discoverable, :nestable, :sharable, :share_applies_to_new_works,
                  :require_membership, :allow_multiple_membership, :assigns_workflow,
                  :assigns_visibility, :id, :collection_type_participants, :persisted?,
-                 :collections?, :admin_set?, :user_collection?, to: :collection_type
+                 :collections?, :admin_set?, :user_collection?, :badge_color, to: :collection_type
 
         def all_settings_disabled?
           collections? || admin_set? || user_collection?

data/app/indexers/hyrax/repository_reindexer.rb

@@ -10,7 +10,7 @@ module Hyrax
       # overrides https://github.com/samvera/active_fedora/blob/master/lib/active_fedora/indexing.rb#L95-L125
       # see implementation details in adapters/nesting_index_adapter.rb#each_perservation_document_id_and_parent_ids
       def reindex_everything(*)
-        Samvera::NestingIndexer.reindex_all!
+        Samvera::NestingIndexer.reindex_all!(extent: Hyrax::Adapters::NestingIndexAdapter::FULL_REINDEX)
       end
     end
   end

data/app/jobs/attach_files_to_work_job.rb

@@ -6,10 +6,7 @@ class AttachFilesToWorkJob < Hyrax::ApplicationJob
   # @param [Array<Hyrax::UploadedFile>] uploaded_files - an array of files to attach
   def perform(work, uploaded_files, **work_attributes)
     validate_files!(uploaded_files)
-    # When running as a background job (as opposed to running inline), a work with files attached
-    # by a proxy user will set the depositor as the intended user that the proxy user was depositing on
-    # behalf of. See ticket #2764.
-    depositor = work.on_behalf_of || work.depositor
+    depositor = proxy_or_depositor(work)
     user = User.find_by_user_key(depositor)
     work_permissions = work.permissions.map(&:to_hash)
     metadata = visibility_attributes(work_attributes)
@@ -39,4 +36,11 @@ class AttachFilesToWorkJob < Hyrax::ApplicationJob
         raise ArgumentError, "Hyrax::UploadedFile required, but #{uploaded_file.class} received: #{uploaded_file.inspect}"
       end
     end
+
+    ##
+    # A work with files attached by a proxy user will set the depositor as the intended user
+    # that the proxy was depositing on behalf of. See tickets #2764, #2902.
+    def proxy_or_depositor(work)
+      work.on_behalf_of.blank? ? work.depositor : work.on_behalf_of
+    end
 end

data/app/jobs/import_url_job.rb

@@ -10,19 +10,23 @@ class ImportUrlJob < Hyrax::ApplicationJob
   queue_as Hyrax.config.ingest_queue_name
 
   before_enqueue do |job|
-    operation = job.arguments.last
     operation.pending_job(job)
   end
 
+  # Retrieves the operation for the job
+  def operation
+    arguments.reduce(:merge).fetch(:operation)
+  end
+
   # @param [FileSet] file_set
   # @param [Hyrax::BatchCreateOperation] operation
-  def perform(file_set, operation)
+  def perform(file_set, operation, headers = {})
     operation.performing!
     user = User.find_by_user_key(file_set.depositor)
     uri = URI(file_set.import_url)
     # @todo Use Hydra::Works::AddExternalFileToFileSet instead of manually
     #       copying the file here. This will be gnarly.
-    copy_remote_file(uri) do |f|
+    copy_remote_file(uri, headers) do |f|
       # reload the FileSet once the data is copied since this is a long running task
       file_set.reload
 
@@ -47,13 +51,15 @@ class ImportUrlJob < Hyrax::ApplicationJob
     # metadata.
     # @param uri [URI] the uri of the file to download
     # @yield [IO] the stream to write to
-    def copy_remote_file(uri)
+    def copy_remote_file(uri, headers = {})
       filename = File.basename(uri.path)
       dir = Dir.mktmpdir
       Rails.logger.debug("ImportUrlJob: Copying <#{uri}> to #{dir}")
+
       File.open(File.join(dir, filename), 'wb') do |f|
         retriever = BrowseEverything::Retriever.new
-        retriever.retrieve('url' => uri) do |chunk|
+        uri_spec = { 'url' => uri }.merge(headers)
+        retriever.retrieve(uri_spec) do |chunk|
           f.write(chunk)
         end
         f.rewind

data/app/models/admin_set.rb

@@ -83,13 +83,35 @@ class AdminSet < ActiveFedora::Base
   # Calculate and update who should have edit access based on who
   # has "manage" access in the PermissionTemplateAccess
   def reset_access_controls!
-    # NOTE: This is different from Collections in that it doesn't update read access.  See the notes in services/hyrax/collections/permissions_service.rb
-    update!(edit_users: permission_template.agent_ids_for(access: 'manage', agent_type: 'user'),
-            edit_groups: permission_template.agent_ids_for(access: 'manage', agent_type: 'group'))
+    # NOTE: This is different from Collections in that it doesn't update read access based on visibility.
+    #       See also app/models/concerns/hyrax/collection_behavior.rb#reset_access_controls!
+    update!(edit_users: permission_template_edit_users,
+            edit_groups: permission_template_edit_groups,
+            read_users: permission_template_read_users,
+            read_groups: permission_template_read_groups)
   end
 
   private
 
+    def permission_template_edit_users
+      permission_template.agent_ids_for(access: 'manage', agent_type: 'user')
+    end
+
+    def permission_template_edit_groups
+      permission_template.agent_ids_for(access: 'manage', agent_type: 'group')
+    end
+
+    def permission_template_read_users
+      (permission_template.agent_ids_for(access: 'view', agent_type: 'user') +
+          permission_template.agent_ids_for(access: 'deposit', agent_type: 'user')).uniq
+    end
+
+    def permission_template_read_groups
+      (permission_template.agent_ids_for(access: 'view', agent_type: 'group') +
+        permission_template.agent_ids_for(access: 'deposit', agent_type: 'group')).uniq -
+        [::Ability.registered_group_name, ::Ability.public_group_name]
+    end
+
     def destroy_permission_template
       permission_template.destroy
     rescue ActiveRecord::RecordNotFound

data/app/models/concerns/hyrax/collection_behavior.rb

@@ -125,21 +125,33 @@ module Hyrax
     # Calculate and update who should have read/edit access to the collections based on who
     # has access in PermissionTemplateAccess
     def reset_access_controls!
-      edit_users = permission_template.agent_ids_for(access: 'manage', agent_type: 'user')
-      edit_groups = permission_template.agent_ids_for(access: 'manage', agent_type: 'group')
-      read_users = permission_template.agent_ids_for(access: 'view', agent_type: 'user') +
-                   permission_template.agent_ids_for(access: 'deposit', agent_type: 'user')
-      read_groups = (permission_template.agent_ids_for(access: 'view', agent_type: 'group') +
-                     permission_template.agent_ids_for(access: 'deposit', agent_type: 'group') +
-                     visibility_group).uniq
-      update!(edit_users: edit_users,
-              edit_groups: edit_groups,
-              read_users: read_users,
-              read_groups: read_groups)
+      update!(edit_users: permission_template_edit_users,
+              edit_groups: permission_template_edit_groups,
+              read_users: permission_template_read_users,
+              read_groups: (permission_template_read_groups + visibility_group).uniq)
     end
 
     private
 
+      def permission_template_edit_users
+        permission_template.agent_ids_for(access: 'manage', agent_type: 'user')
+      end
+
+      def permission_template_edit_groups
+        permission_template.agent_ids_for(access: 'manage', agent_type: 'group')
+      end
+
+      def permission_template_read_users
+        (permission_template.agent_ids_for(access: 'view', agent_type: 'user') +
+          permission_template.agent_ids_for(access: 'deposit', agent_type: 'user')).uniq
+      end
+
+      def permission_template_read_groups
+        (permission_template.agent_ids_for(access: 'view', agent_type: 'group') +
+          permission_template.agent_ids_for(access: 'deposit', agent_type: 'group')).uniq -
+          [::Ability.registered_group_name, ::Ability.public_group_name]
+      end
+
       def visibility_group
         return [Hydra::AccessControls::AccessRight::PERMISSION_TEXT_VALUE_PUBLIC] if visibility == Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
         return [Hydra::AccessControls::AccessRight::PERMISSION_TEXT_VALUE_AUTHENTICATED] if visibility == Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_AUTHENTICATED

data/app/models/concerns/hyrax/collection_nesting.rb

@@ -22,18 +22,18 @@ module Hyrax
 
       def after_update_nested_collection_relationship_indices
         @during_save = false
-        Hyrax.config.nested_relationship_reindexer.call(id: id)
+        reindex_nested_relationships_for(id: id, extent: reindex_extent)
       end
 
       def update_nested_collection_relationship_indices
         return if @during_save
-        Hyrax.config.nested_relationship_reindexer.call(id: id)
+        reindex_nested_relationships_for(id: id, extent: reindex_extent)
       end
 
       def update_child_nested_collection_relationship_indices
         children = find_children_of(destroyed_id: id)
         children.each do |child|
-          Hyrax.config.nested_relationship_reindexer.call(id: child.id)
+          reindex_nested_relationships_for(id: child.id, extent: Hyrax::Adapters::NestingIndexAdapter::FULL_REINDEX)
         end
       end
     end
@@ -46,8 +46,27 @@ module Hyrax
       ActiveFedora::SolrService.query(ActiveFedora::SolrQueryBuilder.construct_query(member_of_collection_ids_ssim: destroyed_id))
     end
 
+    # Only models which include Hyrax::CollectionNesting will respond to this method.
+    # Used to determine whether a model gets reindexed via Samvera::NestingIndexer during full repository reindexing,
     def use_nested_reindexing?
       true
     end
+
+    # The following methods allow an option to reindex an object only if the nesting indexer fields are not
+    # already in the object's solr document. Added to prevent unnecessary indexing of all ancestors of a parent
+    # when one child gets added to the parent. By default, we do the full graph indexing.
+    def reindex_extent
+      @reindex_extent ||= Hyrax::Adapters::NestingIndexAdapter::FULL_REINDEX
+    end
+
+    def reindex_extent=(val)
+      @reindex_extent = val
+    end
+
+    private
+
+      def reindex_nested_relationships_for(id:, extent:)
+        Hyrax.config.nested_relationship_reindexer.call(id: id, extent: extent)
+      end
   end
 end

data/app/models/hyrax/permission_template_access.rb

@@ -15,6 +15,9 @@ module Hyrax
     DEPOSIT = 'deposit'.freeze
     MANAGE = 'manage'.freeze
 
+    GROUP = 'group'.freeze
+    USER = 'user'.freeze
+
     enum(
       access: {
         VIEW => VIEW,
@@ -41,7 +44,7 @@ module Hyrax
     end
 
     def label
-      return agent_id unless agent_type == 'group'
+      return agent_id unless agent_type == GROUP
       case agent_id
       when 'registered'
         I18n.t('hyrax.admin.admin_sets.form_participant_table.registered_users')
@@ -53,7 +56,7 @@ module Hyrax
     end
 
     def admin_group?
-      agent_type == 'group' && agent_id == ::Ability.admin_group_name
+      agent_type == GROUP && agent_id == ::Ability.admin_group_name
     end
 
     # @api private
@@ -67,7 +70,7 @@ module Hyrax
     #   If calling from Abilities, pass the ability.  If you try to get the ability from the user, you end up in an infinit loop.
     def self.user_where(access:, ability:)
       where_clause = {}
-      where_clause[:agent_type] = 'user'
+      where_clause[:agent_type] = USER
       where_clause[:agent_id] = ability.current_user.user_key
       where_clause[:access] = access
       where_clause
@@ -86,7 +89,7 @@ module Hyrax
     #   If calling from Abilities, pass the ability.  If you try to get the ability from the user, you end up in an infinit loop.
     def self.group_where(access:, ability:, exclude_groups: [])
       where_clause = {}
-      where_clause[:agent_type] = 'group'
+      where_clause[:agent_type] = GROUP
       where_clause[:agent_id] = ability.user_groups - exclude_groups
       where_clause[:access] = access
       where_clause

data/app/presenters/hyrax/admin_set_presenter.rb

@@ -30,5 +30,26 @@ module Hyrax
     def available_parent_collections(*)
       []
     end
+
+    # For the Managed Collections tab, determine the label to use for the level of access the user has for this admin set.
+    # Checks from most permissive to most restrictive.
+    # @return String the access label (e.g. Manage, Deposit, View)
+    def managed_access
+      return I18n.t('hyrax.dashboard.my.collection_list.managed_access.manage') if current_ability.can?(:edit, solr_document)
+      return I18n.t('hyrax.dashboard.my.collection_list.managed_access.deposit') if current_ability.can?(:deposit, solr_document)
+      return I18n.t('hyrax.dashboard.my.collection_list.managed_access.view') if current_ability.can?(:read, solr_document)
+      ''
+    end
+
+    # Determine if the user can perform batch operations on this admin set.  Currently, the only
+    # batch operation allowed is deleting, so this is equivalent to checking if the user can delete
+    # the admin set determined by criteria...
+    # * user must be able to edit the admin set to be able to delete it
+    # * the admin set itself must be able to be deleted (i.e., there cannot be any works in the admin set)
+    # @return Boolean true if the user can perform batch actions; otherwise, false
+    def allow_batch?
+      return false unless current_ability.can?(:edit, solr_document)
+      !disable_delete?
+    end
   end
 end

data/app/presenters/hyrax/collection_presenter.rb

@@ -3,6 +3,7 @@ module Hyrax
     include ModelProxy
     include PresentsAttributes
     include ActionView::Helpers::NumberHelper
+    include ActionView::Helpers::TagHelper
     attr_accessor :solr_document, :current_ability, :request
     attr_reader :subcollection_count
     attr_accessor :parent_collections # This is expected to be a Blacklight::Solr::Response with all of the parent collections
@@ -80,7 +81,7 @@ module Hyrax
     end
 
     def collection_type_badge
-      collection_type.title
+      content_tag(:span, collection_type.title, class: "label", style: "background-color: " + collection_type.badge_color + ";")
     end
 
     # The total number of parents that this collection belongs to, visible or not.
@@ -158,5 +159,26 @@ module Hyrax
     def subcollection_count=(total)
       @subcollection_count = total unless total.nil?
     end
+
+    # For the Managed Collections tab, determine the label to use for the level of access the user has for this admin set.
+    # Checks from most permissive to most restrictive.
+    # @return String the access label (e.g. Manage, Deposit, View)
+    def managed_access
+      return I18n.t('hyrax.dashboard.my.collection_list.managed_access.manage') if current_ability.can?(:edit, solr_document)
+      return I18n.t('hyrax.dashboard.my.collection_list.managed_access.deposit') if current_ability.can?(:deposit, solr_document)
+      return I18n.t('hyrax.dashboard.my.collection_list.managed_access.view') if current_ability.can?(:read, solr_document)
+      ''
+    end
+
+    # Determine if the user can perform batch operations on this collection.  Currently, the only
+    # batch operation allowed is deleting, so this is equivalent to checking if the user can delete
+    # the collection determined by criteria...
+    # * user must be able to edit the collection to be able to delete it
+    # * the collection does not have to be empty
+    # @return Boolean true if the user can perform batch actions; otherwise, false
+    def allow_batch?
+      return true if current_ability.can?(:edit, solr_document)
+      false
+    end
   end
 end

data/app/presenters/hyrax/dashboard/user_presenter.rb

@@ -41,6 +41,10 @@ module Hyrax
         link_to t('hyrax.dashboard.additional_notifications'), hyrax.notifications_path
       end
 
+      def link_to_manage_proxies
+        link_to t('hyrax.dashboard.manage_proxies'), hyrax.depositors_path
+      end
+
       private
 
         attr_reader :current_user, :view_context, :since

data/app/presenters/hyrax/presents_attributes.rb

@@ -1,7 +1,7 @@
 module Hyrax
   module PresentsAttributes
     ##
-    # Present the attribute as an HTML table row.
+    # Present the attribute as an HTML table row or dl row.
     #
     # @param [Hash] options
     # @option options [Symbol] :render_as use an alternate renderer
@@ -18,7 +18,11 @@ module Hyrax
         return
       end
 
-      renderer_for(field, options).new(field, send(field), options).render
+      if options[:html_dl]
+        renderer_for(field, options).new(field, send(field), options).render_dl_row
+      else
+        renderer_for(field, options).new(field, send(field), options).render
+      end
     end
 
     def permission_badge

data/app/presenters/hyrax/work_show_presenter.rb

@@ -152,6 +152,10 @@ module Hyrax
 
     delegate :member_presenters, :file_set_presenters, :work_presenters, to: :member_presenter_factory
 
+    def exclude_unauthorized_file_sets
+      member_presenters.delete_if { |m| m.is_a?(Hyrax::FileSetPresenter) && !current_ability.can?(:read, m.id) }
+    end
+
     def manifest_url
       manifest_helper.polymorphic_url([:manifest, self])
     end

data/app/renderers/hyrax/renderers/attribute_renderer.rb

@@ -33,6 +33,20 @@ module Hyrax
         markup.html_safe
       end
 
+      # Draw the dl row for the attribute
+      def render_dl_row
+        markup = ''
+
+        return markup if values.blank? && !options[:include_empty]
+        markup << %(<dt>#{label}</dt>\n<dd><ul class='tabular'>)
+        attributes = microdata_object_attributes(field).merge(class: "attribute attribute-#{field}")
+        Array(values).each do |value|
+          markup << "<li#{html_attributes(attributes)}>#{attribute_value_to_html(value.to_s)}</li>"
+        end
+        markup << %(</ul></dd>)
+        markup.html_safe
+      end
+
       # @return The human-readable label for this field.
       # @note This is a central location for determining the label of a field
       #   name. Can be overridden if more complicated logic is needed.