hyrax 2.1.0.beta2 → 2.1.0.rc1

data/spec/controllers/hyrax/dashboard/collections_controller_spec.rb

@@ -39,6 +39,9 @@ RSpec.describe Hyrax::Dashboard::CollectionsController, :clean_repo do
         post :create, params: {
           collection: collection_attrs.merge(
             visibility: 'open',
+            # TODO: Tests with old approach to sharing a collection which is deprecated and
+            # will be removed in 3.0.  New approach creates a PermissionTemplate with
+            # source_id = the collection's id.
             permissions_attributes: [{ type: 'person',
                                        name: 'archivist1',
                                        access: 'edit' }]

data/spec/controllers/hyrax/downloads_controller_spec.rb

@@ -19,16 +19,37 @@ RSpec.describe Hyrax::DownloadsController do
 
       before { sign_in another_user }
 
-      it 'redirects to the default image' do
+      it 'returns :unauthorized status with image content' do
         get :show, params: { id: file_set.to_param }
-        expect(response).to redirect_to default_image
+        expect(response).to have_http_status(:unauthorized)
+        expect(response).not_to redirect_to default_image
+        expect(response.content_type).to eq 'image/png'
       end
     end
 
     context "when user isn't logged in" do
-      it 'redirects to the default image' do
-        get :show, params: { id: file_set.to_param }
-        expect(response).to redirect_to default_image
+      context "and the unauthorized image exists" do
+        before do
+          allow(File).to receive(:exist?).and_return(true)
+        end
+
+        it 'returns :unauthorized status with image content' do
+          get :show, params: { id: file_set.to_param }
+          expect(response).to have_http_status(:unauthorized)
+          expect(response).not_to redirect_to default_image
+          expect(response.content_type).to eq 'image/png'
+        end
+      end
+
+      context "and the unauthorized image doesn't exist" do
+        before do
+          allow(File).to receive(:exist?).and_return(false)
+        end
+
+        it 'redirects to the default image' do
+          get :show, params: { id: file_set.to_param }
+          expect(response).to redirect_to default_image
+        end
       end
 
       it 'authorizes the resource using only the id' do

data/spec/controllers/hyrax/file_sets_controller_spec.rb

@@ -6,10 +6,6 @@ RSpec.describe Hyrax::FileSetsController do
   context "when signed in" do
     before do
       sign_in user
-      # allow_any_instance_of(User).to receive(:groups).and_return([])
-      # prevents characterization and derivative creation
-      allow(CharacterizeJob).to receive(:perform_later)
-      allow(CreateDerivativesJob).to receive(:perform_later)
     end
 
     describe "#destroy" do
@@ -100,7 +96,7 @@ RSpec.describe Hyrax::FileSetsController do
           allow(Hyrax::Actors::FileActor).to receive(:new).and_return(actor)
         end
 
-        it "spawns a ContentNewVersionEventJob" do
+        it "spawns a ContentNewVersionEventJob", perform_enqueued: [IngestJob] do
           expect(ContentNewVersionEventJob).to receive(:perform_later).with(file_set, user)
           expect(actor).to receive(:ingest_file).with(JobIoWrapper).and_return(true)
           file = fixture_file_upload('/world.png', 'image/png')
@@ -109,7 +105,7 @@ RSpec.describe Hyrax::FileSetsController do
         end
       end
 
-      context "with two existing versions from different users" do
+      context "with two existing versions from different users", :perform_enqueued do
         let(:file1)       { "world.png" }
         let(:file2)       { "image.jpg" }
         let(:second_user) { create(:user) }
@@ -118,6 +114,7 @@ RSpec.describe Hyrax::FileSetsController do
         let(:actor2)      { Hyrax::Actors::FileSetActor.new(file_set, second_user) }
 
         before do
+          ActiveJob::Base.queue_adapter.filter = [IngestJob]
           actor1.create_content(fixture_file_upload(file1))
           actor2.create_content(fixture_file_upload(file2))
         end

data/spec/controllers/hyrax/generic_works_controller_json_spec.rb

@@ -8,7 +8,9 @@ RSpec.describe Hyrax::GenericWorksController do
   before { sign_in user }
 
   context "JSON" do
-    let(:resource) { create(:private_generic_work, user: user) }
+    let(:admin_set) { create(:admin_set, id: 'admin_set_1', with_permission_template: { with_active_workflow: true }) }
+
+    let(:resource) { create(:private_generic_work, user: user, admin_set_id: admin_set.id) }
     let(:resource_request) { get :show, params: { id: resource, format: :json } }
 
     subject { response }
@@ -81,9 +83,7 @@ RSpec.describe Hyrax::GenericWorksController do
     end
 
     describe 'failed update' do
-      before do
-        post :update, params: { id: resource, generic_work: { title: [''] }, format: :json }
-      end
+      before { post :update, params: { id: resource, generic_work: { title: [''] }, format: :json } }
       it "returns 422 and the errors" do
         expect(response).to respond_unprocessable_entity(errors: { title: ["Your work must have a title."] })
       end

data/spec/controllers/hyrax/generic_works_controller_spec.rb

@@ -68,6 +68,7 @@ RSpec.describe Hyrax::GenericWorksController do
         end
 
         it "sets breadcrumbs to authorized pages" do
+          expect(controller).to receive(:add_breadcrumb).with('Home', main_app.root_path(locale: 'en'))
           expect(controller).not_to receive(:add_breadcrumb).with('Dashboard', hyrax.dashboard_path(locale: 'en'))
           expect(controller).not_to receive(:add_breadcrumb).with('Your Works', hyrax.my_works_path(locale: 'en'))
           expect(controller).to receive(:add_breadcrumb).with('public thing', main_app.hyrax_generic_work_path(work.id, locale: 'en'))
@@ -169,10 +170,12 @@ RSpec.describe Hyrax::GenericWorksController do
         before do
           allow(controller).to receive(:presenter).and_return(presenter)
           allow(presenter).to receive(:export_as_ttl).and_return("ttl graph")
+          allow(presenter).to receive(:editor?).and_return(true)
         end
 
         it 'renders a turtle file' do
           get :show, params: { id: '99999999', format: :ttl }
+
           expect(response).to be_successful
           expect(response.body).to eq "ttl graph"
           expect(response.content_type).to eq 'text/turtle'
@@ -260,20 +263,9 @@ RSpec.describe Hyrax::GenericWorksController do
     context 'when create fails' do
       let(:work) { create(:work) }
       let(:create_status) { false }
-      let(:errors) { double }
-      let(:messages) { double }
-      let(:error_messages) { ['Error: foo bar'] }
-
-      before do
-        allow(controller).to receive(:curation_concern).and_return(work)
-        allow(work).to receive(:errors).and_return(errors)
-        allow(errors).to receive(:messages).and_return(messages)
-        allow(messages).to receive(:[]).with(:collections).and_return(error_messages)
-      end
 
       it 'draws the form again' do
         post :create, params: { generic_work: { title: ['a title'] } }
-        expect(flash[:error]).to eq error_messages.to_sentence
         expect(response.status).to eq 422
         expect(assigns[:form]).to be_kind_of Hyrax::GenericWorkForm
         expect(response).to render_template 'new'
@@ -493,21 +485,9 @@ RSpec.describe Hyrax::GenericWorksController do
 
       describe 'update failed' do
         let(:actor) { double(update: false) }
-        let(:work) { create(:work) }
-        let(:errors) { double }
-        let(:messages) { double }
-        let(:error_messages) { ['Error: foo bar'] }
-
-        before do
-          allow(controller).to receive(:curation_concern).and_return(work)
-          allow(work).to receive(:errors).and_return(errors)
-          allow(errors).to receive(:messages).and_return(messages)
-          allow(messages).to receive(:[]).with(:collections).and_return(error_messages)
-        end
 
         it 'renders the form' do
           patch :update, params: { id: work, generic_work: {} }
-          expect(flash[:error]).to eq error_messages.to_sentence
           expect(assigns[:form]).to be_kind_of Hyrax::GenericWorkForm
           expect(response).to render_template('edit')
         end

data/spec/controllers/hyrax/transfers_controller_spec.rb

@@ -78,7 +78,7 @@ RSpec.describe Hyrax::TransfersController, type: :controller do
       end
     end
 
-    describe "#accept" do
+    describe "#accept", perform_enqueued: [ContentDepositorChangeEventJob] do
       context "when I am the receiver" do
         let!(:incoming_work) do
           GenericWork.new(title: ['incoming']) do |w|

data/spec/factories/admin_sets_lw.rb

@@ -0,0 +1,215 @@
+FactoryBot.define do
+  # Tests that create a Fedora Object are very slow.  This factory lets you control which parts of the object ecosystem
+  # get built.
+  #
+  # PREFERRED: Use build whenever possible.  You can control the creation of the permission template and solr document
+  #            by passing parameters to the build(:admin_set_lw) method.  That way you can build only the parts needed
+  #            for a specific test.
+  #
+  # AVOID: Do not use create unless absolutely necessary.  It will create everything including the Fedora object.
+  #
+  # @example Simple build of an admin set with no additional parts created.  Lightest weight.
+  #          NOTE: A user is automatically created as the owner of the admin set.
+  #   let(:adminset) { build(:adminset_lw) }
+  #
+  # @example Simple build of an admin set with no additional parts created.  User is the owner of the admin set.  Lightest weight.
+  #   let(:adminset) { build(:adminset_lw, user:) }
+  #
+  # @example Simple build of an admin set with only solr-document.  Owner is given edit-access in solr-document. Light weight.
+  #   let(:adminset) { build(:adminset_lw, with_solr_document: true) }
+  #
+  # @example Simple build of an admin set with only a permission template created.  Owner is set as a manager.  Light weight.
+  #   let(:adminset) { build(:adminset_lw, with_permission_template: true) }
+  #
+  # @example Build an admin set with only a permission template created.  Permissions are set based on
+  #          attributes set for `with_permission_template`.  Middle weight.
+  #   # permissions passed thru `with_permission_template` can be any of the following in any combination
+  #   let(:permissions) { { manage_users: [user.user_key],  # multiple users can be listed
+  #                         deposit_users: [user.user_key],
+  #                         view_users: [user.user_key],
+  #                         manage_groups: [group_name],    # multiple groups can be listed
+  #                         deposit_groups: [group_name],
+  #                         view_groups: [group_name],  } }
+  #   let(:adminset) { build(:adminset_lw, user: , with_permission_template: permissions) }
+  #
+  # @example Build an admin set with permission template and solr-document created.  Permissions are set based on
+  #          attributes set for `with_permission_template`.  Solr-document includes read/edit access defined based
+  #          on attributes passed thru `with_permission_template`.  Middle weight.
+  #   # permissions passed thru `with_permission_template` can be any of the following in any combination
+  #   let(:permissions) { { manage_users: [user.user_key],  # multiple users can be listed
+  #                         deposit_users: [user.user_key],
+  #                         view_users: [user.user_key],
+  #                         manage_groups: [group_name],    # multiple groups can be listed
+  #                         deposit_groups: [group_name],
+  #                         view_groups: [group_name],  } }
+  #   let(:adminset) { build(:adminset_lw, user: , with_permission_template: permissions, with_solr_document: true) }
+  #
+  # @example Create an admin set with everything.  Extreme heavy weight.  This is very slow and should be avoided.
+  #          NOTE: Everything gets created.
+  #          NOTE: Build options effect created admin sets as follows...
+  #                 * `with_permission_template` can specify user/group permissions.  A permission template is always created.
+  #                 * `with_solr_document` is ignored.  A solr document is always created.
+  #   let(:adminset) { create(:adminset_lw) }
+  #
+  # @example Build the default admin set with permission template, solr doc, and default adminset's metadata.
+  #   let(:default_adminset) { build(:default_adminset) }
+
+  factory :adminset_lw, class: AdminSet do
+    transient do
+      user { create(:user) }
+
+      with_permission_template false
+      with_solr_document false
+    end
+    sequence(:title) { |n| ["Collection Title #{n}"] }
+
+    after(:build) do |adminset, evaluator|
+      adminset.creator = [evaluator.user.user_key]
+
+      AdminSetFactoryHelper.process_with_permission_template(adminset, evaluator)
+      AdminSetFactoryHelper.process_with_solr_document(adminset, evaluator)
+    end
+
+    before(:create) do |adminset, evaluator|
+      # force create a permission template if it doesn't exist for the newly created admin set
+      AdminSetFactoryHelper.process_with_permission_template(adminset, evaluator, true) unless evaluator.with_permission_template
+    end
+
+    after(:create) do |adminset, _evaluator|
+      adminset.reset_access_controls!
+    end
+
+    factory :default_adminset, class: AdminSet do
+      transient do
+        with_permission_template do
+          {
+            deposit_groups: [::Ability.registered_group_name],
+            manage_groups: [::Ability.admin_group_name]
+          }
+        end
+        with_solr_document true
+      end
+      id AdminSet::DEFAULT_ID
+      title AdminSet::DEFAULT_TITLE
+    end
+  end
+
+  factory :no_solr_grants_adminset, class: AdminSet do
+    # Builds a pre-Hyrax 2.1.0 adminset without edit/view grants on the admin set.
+    # Do not use with create because the save will cause the solr grants to be created.
+    transient do
+      user { create(:user) }
+      with_permission_template true
+      with_solr_document true
+    end
+
+    sequence(:title) { |n| ["No Solr Grant Admin Set Title #{n}"] }
+
+    after(:build) do |adminset, evaluator|
+      adminset.creator = [evaluator.user.user_key]
+      AdminSetFactoryHelper.process_with_permission_template(adminset, evaluator, true)
+      AdminSetFactoryHelper.process_with_solr_document(adminset, evaluator, true)
+    end
+  end
+
+  class AdminSetFactoryHelper
+    # @returns array of user keys
+    def self.permission_from_template(permission_template_attributes, permission_key)
+      permissions = []
+      return permissions if permission_template_attributes.blank?
+      return permissions unless permission_template_attributes.is_a? Hash
+      return permissions unless permission_template_attributes.key?(permission_key)
+      permission_template_attributes[permission_key]
+    end
+    private_class_method :permission_from_template
+
+    # @param [Hash] permission_template_attributes where names identify the role and value are the user keys for that role
+    # @parem [String] creator_user is the user who created the new admin set
+    # @param [Boolean] include_creator, when true, adds the creator_user as a manager
+    # @returns array of user keys
+    def self.user_managers(permission_template_attributes, creator_user)
+      managers = permission_from_template(permission_template_attributes, :manage_users)
+      managers << creator_user
+      managers.uniq
+    end
+
+    # @param [Hash] permission_template_attributes where names identify the role and value are the user keys for that role
+    # @returns array of user keys
+    def self.group_managers(permission_template_attributes)
+      permission_from_template(permission_template_attributes, :manage_groups).uniq
+    end
+
+    # @param [Hash] permission_template_attributes where names identify the role and value are the user keys for that role
+    # @returns array of user keys
+    def self.user_depositors(permission_template_attributes)
+      permission_from_template(permission_template_attributes, :deposit_users).uniq
+    end
+
+    # @param [Hash] permission_template_attributes where names identify the role and value are the user keys for that role
+    # @returns array of user keys
+    def self.group_depositors(permission_template_attributes)
+      permission_from_template(permission_template_attributes, :deposit_groups).uniq
+    end
+
+    # @param [Hash] permission_template_attributes where names identify the role and value are the user keys for that role
+    # @returns array of user keys
+    def self.user_viewers(permission_template_attributes)
+      permission_from_template(permission_template_attributes, :view_users).uniq
+    end
+
+    # @param [Hash] permission_template_attributes where names identify the role and value are the user keys for that role
+    # @returns array of user keys
+    def self.group_viewers(permission_template_attributes)
+      permission_from_template(permission_template_attributes, :view_groups).uniq
+    end
+
+    # Process the with_permission_template transient property such that...
+    # * a permission template is created for the admin set
+    # * a permission template access is created for the admin set creator
+    # * additional permission template accesses are created for each user/group identified in the attributes
+    #   of with_permission_template (created by the permission_template factory)
+    # @param [AdminSet] admin set object being built/created by the factory
+    # @param [Class] evaluator holding the transient properties for the current build/creation process
+    # @param [Boolean] if true, force the permission template to be created
+    def self.process_with_permission_template(adminset, evaluator, force = false)
+      return unless force || evaluator.with_permission_template
+      adminset.id ||= FactoryBot.generate(:object_id)
+      attributes = { source_id: adminset.id }
+      attributes[:manage_users] = user_managers(evaluator.with_permission_template, evaluator.user)
+      attributes = evaluator.with_permission_template.merge(attributes) if evaluator.with_permission_template.respond_to?(:merge)
+      FactoryBot.create(:permission_template, attributes) unless Hyrax::PermissionTemplate.find_by(source_id: adminset.id)
+    end
+
+    # Process the with_solr_document transient property such that...
+    # * a solr document is created for the admin set
+    # * permissions identified by with_permission_template, if any, are added to the solr fields
+    # @param [AdminSet] adminset object being built/created by the factory
+    # @param [Class] evaluator holding the transient properties for the current build/creation process
+    def self.process_with_solr_document(adminset, evaluator, creator_only = false)
+      return unless creator_only || evaluator.with_solr_document
+      ActiveFedora::SolrService.add(solr_document_with_permissions(adminset, evaluator, creator_only), commit: true)
+    end
+
+    # Return the admin set's solr document with permissions added, such that...
+    # * permissions identified by with_permission_template, if any, are added to the solr fields
+    # @param [AdminSet] adminset object being built/created by the factory
+    # @param [Class] evaluator holding the transient properties for the current build/creation process
+    # @returns the admin set's solr document with permissions added
+    def self.solr_document_with_permissions(adminset, evaluator, creator_only)
+      adminset.id ||= FactoryBot.generate(:object_id)
+      if creator_only
+        adminset.edit_users = [evaluator.user]
+      else
+        adminset.edit_users = user_managers(evaluator.with_permission_template, evaluator.user)
+        adminset.edit_groups = group_managers(evaluator.with_permission_template)
+        adminset.read_users = user_viewers(evaluator.with_permission_template) +
+                              user_depositors(evaluator.with_permission_template)
+        adminset.read_groups = group_viewers(evaluator.with_permission_template) +
+                               group_depositors(evaluator.with_permission_template) -
+                               [::Ability.registered_group_name, ::Ability.public_group_name]
+      end
+      adminset.to_solr
+    end
+    private_class_method :solr_document_with_permissions
+  end
+end

data/spec/factories/collections.rb

@@ -10,16 +10,16 @@ FactoryBot.define do
   #
   # @example Simple build of a collection with no additional parts created.  Lightest weight.
   #          NOTE: A user is automatically created as the owner of the collection.
-  #   let(:collection) { build(:collection_lw)
+  #   let(:collection) { build(:collection_lw) }
   #
   # @example Simple build of a collection with no additional parts created.  User is the owner of the collection.  Lightest weight.
-  #   let(:collection) { build(:collection_lw, user:)
+  #   let(:collection) { build(:collection_lw, user:) }
   #
   # @example Simple build of a collection with only solr-document.  Owner is given edit-access in solr-document. Light weight.
-  #   let(:collection) { build(:collection_lw, with_solr_document: true)
+  #   let(:collection) { build(:collection_lw, with_solr_document: true) }
   #
   # @example Simple build of a collection with only a permission template created.  Owner is set as a manager.  Light weight.
-  #   let(:collection) { build(:collection_lw, with_permission_template: true)
+  #   let(:collection) { build(:collection_lw, with_permission_template: true) }
   #
   # @example Build a collection with only a permission template created.  Permissions are set based on
   #          attributes set for `with_permission_template`.  Middle weight.
@@ -30,7 +30,7 @@ FactoryBot.define do
   #                         manage_groups: [group_name],    # multiple groups can be listed
   #                         deposit_groups: [group_name],
   #                         view_groups: [group_name],  } }
-  #   let(:collection) { build(:collection_lw, user: , with_permission_template: permissions)
+  #   let(:collection) { build(:collection_lw, user: , with_permission_template: permissions) }
   #
   # @example Build a collection with permission template and solr-document created.  Permissions are set based on
   #          attributes set for `with_permission_template`.  Solr-document includes read/edit access defined based
@@ -42,7 +42,7 @@ FactoryBot.define do
   #                         manage_groups: [group_name],    # multiple groups can be listed
   #                         deposit_groups: [group_name],
   #                         view_groups: [group_name],  } }
-  #   let(:collection) { build(:collection_lw, user: , with_permission_template: permissions, with_solr_document: true)
+  #   let(:collection) { build(:collection_lw, user: , with_permission_template: permissions, with_solr_document: true) }
   #
   # @example Build a collection generating its collection type with specific settings. Light Weight.
   #          NOTE: Do not use this approach if you need access to the collection type in the test.
@@ -68,8 +68,8 @@ FactoryBot.define do
   #                      :sharable,                  # OR :not_sharable OR :sharable_no_work_permissions
   #                      :allow_multiple_membership, # OR :not_allow_multiple_membership
   #                    ] }
-  #   let(:collection_type) { create(:collection_lw_type, settings)}
-  #   let(:collection) { build(:collection_lw, collection_type_gid: collection_type.gid)}
+  #   let(:collection_type) { create(:collection_lw_type, settings) }
+  #   let(:collection) { build(:collection_lw, collection_type_gid: collection_type.gid) }
   #
   # @example Build a collection with nesting fields set in the solr document.  Light weight.
   #          NOTE: The property `with_nesting_attributes` is only supported for building collections.  The attributes will
@@ -77,7 +77,7 @@ FactoryBot.define do
   #   let(:collection) { build(:collection_lw, with_nesting_attributes: { ancestors: ['Parent_1'],
   #                                                                       parent_ids: ['Parent_1'],
   #                                                                       pathnames: ['Parent_1/Collection123'],
-  #                                                                       depth: 2 })
+  #                                                                       depth: 2 }) }
   #
   # @example Create a collection with everything.  Extreme heavy weight.  This is very slow and should be avoided.
   #          NOTE: Everything gets created.
@@ -87,7 +87,7 @@ FactoryBot.define do
   #                 * `with_solr_document` is ignored.  A solr document is always created.
   #                 * `with_nested_attributes` is ignored.
   #          NOTE: Additional process is required for testing nested collections with Fedora objects.  See next example.
-  #   let(:collection) { create(:collection_lw)
+  #   let(:collection) { create(:collection_lw) }
   #
   # @example Create collections for use with nested collection index testing.
   #          NOTE: For light weight nested collection testing using solr documents only, see `with_nested_attributes` above