hyrax 3.0.0.pre.rc3 → 3.0.0.pre.rc4

data/app/models/concerns/hyrax/ability.rb

@@ -367,8 +367,8 @@ module Hyrax
                                     .select(:source_id)
                                     .distinct
                                     .pluck(:source_id)
-      query = "_query_:\"{!raw f=has_model_ssim}AdminSet\" AND {!terms f=id}#{ids.join(',')}"
-      Hyrax::SolrService.count(query).positive?
+
+      Hyrax.custom_queries.find_ids_by_model(model: Hyrax::AdministrativeSet, ids: ids).any?
     end
 
     def registered_user?

data/app/models/hyrax/contact_form.rb

@@ -24,13 +24,7 @@ module Hyrax
     end
 
     def self.issue_types_for_locale
-      [
-        I18n.t('hyrax.contact_form.issue_types.depositing'),
-        I18n.t('hyrax.contact_form.issue_types.changing'),
-        I18n.t('hyrax.contact_form.issue_types.browsing'),
-        I18n.t('hyrax.contact_form.issue_types.reporting'),
-        I18n.t('hyrax.contact_form.issue_types.general')
-      ]
+      I18n.t('hyrax.contact_form.issue_types').values.select(&:present?)
     end
   end
 end

data/app/models/hyrax/permission_template.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 module Hyrax
+  ##
   # Defines behavior that is applied to objects added as members of an AdminSet
   #
   #  * access rights to stamp on each object
@@ -14,10 +15,14 @@ module Hyrax
     has_many :access_grants, class_name: 'Hyrax::PermissionTemplateAccess', dependent: :destroy
     accepts_nested_attributes_for :access_grants, reject_if: :all_blank
 
+    ##
     # @api public
+    #
     # Retrieve the agent_ids associated with the given agent_type and access
+    #
     # @param [String] agent_type
     # @param [String] access
+    #
     # @return [Array<String>] of agent_ids that match the given parameters
     def agent_ids_for(agent_type:, access:)
       access_grants.where(agent_type: agent_type, access: access).pluck(:agent_id)
@@ -29,6 +34,15 @@ module Hyrax
     # In a perfect world, there would be a join table that enforced uniqueness on the ID.
     has_one :active_workflow, -> { where(active: true) }, class_name: 'Sipity::Workflow', foreign_key: :permission_template_id
 
+    ##
+    # @note this is a convenience method for +Hyrax.query_service.find_by(id: template.source_id)+
+    #
+    # @return [Hyrax::Resource] the collection this template is associated with
+    def source
+      Hyrax.query_service.find_by(id: source_id)
+    end
+
+    ##
     # A bit of an analogue for a `belongs_to :source_model` as it crosses from Fedora to the DB
     # @return [AdminSet, ::Collection]
     # @raise [Hyrax::ObjectNotFoundError] when neither an AdminSet or Collection is found

data/app/models/proxy_deposit_request.rb

@@ -42,7 +42,7 @@ class ProxyDepositRequest < ActiveRecord::Base
 
   validates :sending_user, :work_id, presence: true
   validate :transfer_to_should_be_a_valid_username
-  validate :sending_user_should_not_be_receiving_user
+  validate :sending_user_should_not_be_receiving_user, unless: :sender_is_admin?
   validate :should_not_be_already_part_of_a_transfer
 
   after_save :send_request_transfer_message
@@ -63,16 +63,20 @@ class ProxyDepositRequest < ActiveRecord::Base
   private
 
   def transfer_to_should_be_a_valid_username
-    errors.add(:transfer_to, "must be an existing user") unless receiving_user
+    errors.add(:transfer_to, I18n.t('hyrax.notifications.proxy_deposit_request.validation.valid_username')) unless receiving_user
   end
 
   def sending_user_should_not_be_receiving_user
-    errors.add(:transfer_to, 'specify a different user to receive the work') if receiving_user && receiving_user.user_key == sending_user.user_key
+    errors.add(:transfer_to, I18n.t('hyrax.notifications.proxy_deposit_request.validation.sender_is_not_receiver')) if receiving_user && receiving_user.user_key == sending_user.user_key
   end
 
   def should_not_be_already_part_of_a_transfer
     transfers = ProxyDepositRequest.where(work_id: work_id, status: PENDING)
-    errors.add(:open_transfer, 'must close open transfer on the work before creating a new one') unless transfers.blank? || (transfers.count == 1 && transfers[0].id == id)
+    errors.add(:open_transfer, I18n.t('hyrax.notifications.proxy_deposit_request.validation.open_transfer')) unless transfers.blank? || (transfers.count == 1 && transfers[0].id == id)
+  end
+
+  def sender_is_admin?
+    sending_user.ability.admin?
   end
 
   public

data/app/presenters/hyrax/file_set_presenter.rb

@@ -34,6 +34,10 @@ module Hyrax
              :original_file_id,
              to: :solr_document
 
+    def workflow
+      nil
+    end
+
     def single_use_links
       @single_use_links ||= SingleUseLink.where(item_id: id).map { |link| link_presenter_class.new(link) }
     end
@@ -90,6 +94,7 @@ module Hyrax
     end
 
     def user_can_perform_any_action?
+      Deprecation.warn("We're removing Hyrax::FileSetPresenter.user_can_perform_any_action? in Hyrax 4.0.0; Instead use can? in view contexts.")
       current_ability.can?(:edit, id) || current_ability.can?(:destroy, id) || current_ability.can?(:download, id)
     end
 
@@ -103,6 +108,11 @@ module Hyrax
       ids = Hyrax::SolrService.query("{!field f=member_ids_ssim}#{id}", fl: Hyrax.config.id_field)
                               .map { |x| x.fetch(Hyrax.config.id_field) }
       Hyrax.logger.warn("Couldn't find a parent work for FileSet: #{id}.") if ids.empty?
+      ids.each do |id|
+        doc = ::SolrDocument.find(id)
+        next if current_ability.can?(:edit, doc)
+        raise WorkflowAuthorizationException if doc.suppressed? && current_ability.can?(:read, doc)
+      end
       Hyrax::PresenterFactory.build_for(ids: ids,
                                         presenter_class: WorkShowPresenter,
                                         presenter_args: current_ability).first

data/app/presenters/hyrax/google_scholar_presenter.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module Hyrax
+  ##
+  # Handles presentation for google scholar meta tags.
+  #
+  # @example
+  #   my_book = Monograph.new(title: ['On Moomins'], creator: ['Tove', 'Lars'])
+  #   scholar = GoogleScholarPresenter.new(my_book)
+  #
+  #   scholar.title => 'On Moomins'
+  #
+  # @see https://scholar.google.com/intl/en/scholar/inclusion.html#overview
+  class GoogleScholarPresenter < Draper::Decorator
+    ##
+    # @note Scholar content inclusion docs indicate we should embed metadata
+    #   for "scholarly articles - journal papers, conference papers,
+    #   technical reports, or their drafts, dissertations, pre-prints,
+    #   post-prints, or abstracts." Implementations should try to return
+    #   `false` for other content.
+    #
+    # @return [Boolean] whether this content is "scholarly" for Google Scholar's
+    #   purposes. delegates to decorated object if possible.
+    #
+    # @see https://scholar.google.com/intl/en/scholar/inclusion.html#content
+    def scholarly?
+      return object.scholarly? if object.respond_to?(:scholarly?)
+
+      true
+    end
+
+    ##
+    # @note Google Scholar cares about author order. when possible, this should
+    #   return the othors in order. delegates to `#ordered_authors` when
+    #   available.
+    #
+    # @return [Array<String>] an ordered array of author names
+    def authors
+      return object.ordered_authors if object.respond_to?(:ordered_authors)
+
+      Array(object.creator)
+    end
+
+    ##
+    # @note falls back on {#title} if no description can be found. this
+    #   probably isn't great.
+    #
+    # @return [String] a description
+    def description
+      (Array(object.try(:description)).first || title).truncate(200)
+    end
+
+    ##
+    # @return [String] the keywords
+    def keywords
+      Array(object.try(:keyword)).join('; ')
+    end
+
+    ##
+    # @todo this should probably only return a present value if a PDF is
+    #   available!
+    #
+    # @return [#to_s]
+    def pdf_url
+      object.try(:download_url)
+    end
+
+    ##
+    # @return [String] the publication date
+    def publication_date
+      Array(object.try(:date_created)).first || ''
+    end
+
+    ##
+    # @return [String] a string representing the publisher
+    def publisher
+      Array(object.try(:publisher)).join('; ')
+    end
+
+    ##
+    # @return [String] exactly one title; the same one every time
+    def title
+      Array(object.try(:title)).sort.first || ""
+    end
+  end
+end

data/app/presenters/hyrax/work_show_presenter.rb

@@ -37,7 +37,7 @@ module Hyrax
     end
 
     # CurationConcern methods
-    delegate :stringify_keys, :human_readable_type, :collection?, :to_s,
+    delegate :stringify_keys, :human_readable_type, :collection?, :to_s, :suppressed?,
              to: :solr_document
 
     # Metadata Methods

data/app/search_builders/hyrax/dashboard/nested_collections_search_builder.rb

@@ -33,32 +33,8 @@ module Hyrax
         solr_parameters[:fq] += limit_clause if limit_clause # add limits to prevent illegal nesting arrangements
       end
 
-      # If :deposit access is requested, check to see which collections the user has
-      # deposit or manage access to.
-      # @return [Array<String>] a list of filters to apply to the solr query
-      def gated_discovery_filters(permission_types = discovery_permissions, ability = current_ability)
-        return super unless permission_types.include?("deposit")
-        ["{!terms f=id}#{collection_ids_for_deposit.join(',')}"]
-      end
-
       private
 
-      def collection_ids_for_deposit
-        Hyrax::Collections::PermissionsService.collection_ids_for_deposit(ability: current_ability)
-      end
-
-      # My intention in this implementation is that if I need at least edit access on the queried document,
-      # then I must have one of the following access-levels
-      ACCESS_LEVELS_FOR_LEVEL = ActiveSupport::HashWithIndifferentAccess.new(
-        edit: ["edit"],
-        deposit: ["deposit"],
-        read: ["edit", "read"],
-        discover: ["edit", "discover", "read"]
-      ).freeze
-      def extract_discovery_permissions(access)
-        ACCESS_LEVELS_FOR_LEVEL.fetch(access)
-      end
-
       def limit_ids
         # exclude current collection from returned list
         limit_ids = [@collection.id]

data/app/services/hyrax/admin_set_member_service.rb

@@ -18,7 +18,7 @@ module Hyrax
     delegate :repository, to: :scope
 
     ##
-    # @param [#repository] scope Typically acontroller object which responds to :repository
+    # @param [#repository] scope Typically a controller object which responds to +#repository+
     # @param [::Collection] collection an collection of type admin set
     # @param [ActionController::Parameters] params query params
     def initialize(scope:, collection:, params:)

data/app/services/hyrax/change_content_depositor_service.rb

@@ -1,9 +1,17 @@
 # frozen_string_literal: true
 module Hyrax
   class ChangeContentDepositorService
-    # @param [ActiveFedora::Base, Valkyrie::Resource] work
-    # @param [User] user
-    # @param [TrueClass, FalseClass] reset
+    # Set the given `user` as the depositor of the given `work`; If
+    # `reset` is true, first remove all previous permissions.
+    #
+    # @param work [ActiveFedora::Base, Valkyrie::Resource] the work
+    #             that is receiving a change of depositor
+    # @param user [User] the user that will "become" the depositor of
+    #             the given work
+    # @param reset [TrueClass, FalseClass] when true, first clear
+    #              permissions for the given work and contained file
+    #              sets; regardless of true/false make the given user
+    #              the depositor of the given work
     def self.call(work, user, reset)
       case work
       when ActiveFedora::Base
@@ -18,6 +26,7 @@ module Hyrax
       work.permissions = [] if reset
       work.apply_depositor_metadata(user)
       work.file_sets.each do |f|
+        f.permissions = [] if reset
         f.apply_depositor_metadata(user)
         f.save!
       end
@@ -26,6 +35,8 @@ module Hyrax
     end
     private_class_method :call_af
 
+    # @todo Should this include some dependency injection regarding
+    # the Hyrax.persister and Hyrax.custom_queries?
     def self.call_valkyrie(work, user, reset)
       if reset
         work.permission_manager.acl.permissions = []
@@ -35,19 +46,30 @@ module Hyrax
       work.proxy_depositor = work.depositor
       apply_depositor_metadata(work, user)
 
-      Hyrax.custom_queries.find_child_filesets(resource: work).each do |f|
-        apply_depositor_metadata(f, user)
-      end
+      apply_valkyrie_changes_to_file_sets(work: work, user: user, reset: reset)
 
+      Hyrax.persister.save(resource: work)
       work
     end
     private_class_method :call_valkyrie
 
     def self.apply_depositor_metadata(resource, depositor)
       depositor_id = depositor.respond_to?(:user_key) ? depositor.user_key : depositor
-      resource.depositor = depositor_id if resource.respond_to? :depositor
+      resource.depositor = depositor_id if resource.respond_to? :depositor=
       Hyrax::AccessControlList.new(resource: resource).grant(:edit).to(::User.find_by_user_key(depositor_id)).save
     end
     private_class_method :apply_depositor_metadata
+
+    def self.apply_valkyrie_changes_to_file_sets(work:, user:, reset:)
+      Hyrax.custom_queries.find_child_filesets(resource: work).each do |f|
+        if reset
+          f.permission_manager.acl.permissions = []
+          f.permission_manager.acl.save
+        end
+        apply_depositor_metadata(f, user)
+        Hyrax.persister.save(resource: f)
+      end
+    end
+    private_class_method :apply_valkyrie_changes_to_file_sets
   end
 end

data/app/services/hyrax/collections/permissions_service.rb

@@ -22,15 +22,14 @@ module Hyrax
 
       def self.filter_source(source_type:, ids:)
         return [] if ids.empty?
-        id_clause = "{!terms f=id}#{ids.join(',')}"
-        query = case source_type
+        model = case source_type
                 when 'admin_set'
-                  "_query_:\"{!raw f=has_model_ssim}AdminSet\""
+                  Hyrax::AdministrativeSet
                 when 'collection'
-                  "_query_:\"{!raw f=has_model_ssim}Collection\""
+                  Hyrax::PcdmCollection
                 end
-        query += " AND #{id_clause}"
-        Hyrax::SolrService.query(query, fl: 'id', rows: ids.count).map { |hit| hit['id'] }
+
+        Hyrax.custom_queries.find_ids_by_model(model: model, ids: ids).to_a
       end
       private_class_method :filter_source
 

data/app/services/hyrax/custom_queries/find_ids_by_model.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module Hyrax
+  module CustomQueries
+    ##
+    # @see https://github.com/samvera/valkyrie/wiki/Queries#custom-queries
+    class FindIdsByModel
+      def self.queries
+        [:find_ids_by_model]
+      end
+
+      def initialize(query_service:)
+        @query_service = query_service
+      end
+
+      attr_reader :query_service
+      delegate :resource_factory, to: :query_service
+
+      ##
+      # @note this is an unoptimized default implementation of this custom
+      #   query. it's Hyrax's policy to provide such implementations of custom
+      #   queries in use for cross-compatibility of Valkyrie query services.
+      #   it's advisable to provide an optimized query for the specific adapter.
+      #
+      # @param model [Class]
+      # @param ids [Enumerable<#to_s>, Symbol]
+      #
+      # @return [Enumerable<Valkyrie::ID>]
+      def find_ids_by_model(model:, ids: :all)
+        return query_service.find_all_of_model(model: model).map(&:id) if ids == :all
+
+        query_service.find_many_by_ids(ids: ids).select do |resource|
+          resource.is_a?(model)
+        end.map(&:id)
+      end
+    end
+  end
+end

data/app/services/hyrax/edit_permissions_service.rb

@@ -0,0 +1,201 @@
+# frozen_string_literal: true
+module Hyrax
+  # Encapsulates the logic to determine which object permissions may be edited by a given user
+  #  - user is permitted to update any work permissions coming ONLY from collections they manage
+  #  - user is not permitted to update a work permission if it comes from a collection they do not manage, even if also from a managed collection
+  #  - user is permitted to update only non-manager permissions from any Collections
+  #  - user is permitted to update any non-collection permissions
+  class EditPermissionsService
+    # @api public
+    # @since v3.0.0
+    #
+    # @param form [SimpleForm::FormBuilder]
+    # @param current_ability [Ability]
+    # @return [Hyrax::EditPermissionService]
+    #
+    # @note
+    #   form object.class = SimpleForm::FormBuilder
+    #     For works (i.e. GenericWork):
+    #     - form object.object = Hyrax::GenericWorkForm
+    #     - form object.object.model = GenericWork
+    #     - use the work itself
+    #     For file_sets:
+    #     - form object.object.class = FileSet
+    #     - use work the file_set is in
+    #     No other object types are supported by this view. %>
+    def self.build_service_object_from(form:, ability:)
+      if form.object.respond_to?(:model) && form.object.model.work?
+        new(object: form.object, ability: ability)
+      elsif form.object.file_set?
+        new(object: form.object.in_works.first, ability: ability)
+      end
+    end
+
+    attr_reader :depositor, :unauthorized_collection_managers
+
+    # @param object [#depositor, #admin_set_id, #member_of_collection_ids] GenericWorkForm (if called for object) or GenericWork (if called for file set)
+    # @param ability [Ability] user's current_ability
+    def initialize(object:, ability:)
+      @object = object
+      @ability = ability
+      @depositor = object.depositor
+      unauthorized = manager_permissions_to_block
+      @unauthorized_managers = unauthorized.unauthorized_managers
+      @unauthorized_collection_managers = unauthorized.unauthorized_collection_managers
+    end
+
+    # @api private
+    # @todo refactor this code to use "can_edit?"; Thinking in negations can be challenging.
+    #
+    # @param permission_hash [Hash] one set of permission fields for object {:name, :access}
+    # @return [Boolean] true if user cannot edit the given permissions
+    def cannot_edit_permissions?(permission_hash)
+      permission_hash.fetch(:access) == "edit" && @unauthorized_managers.include?(permission_hash.fetch(:name))
+    end
+
+    # @api private
+    #
+    # @param permission_hash [Hash] one set of permission fields for object {:name, :access}
+    # @return [Boolean] true if given permissions are one of fixed exclusions
+    def excluded_permission?(permission_hash)
+      exclude_from_display.include? permission_hash.fetch(:name).downcase
+    end
+
+    # @api public
+    #
+    # This method either:
+    #
+    # * returns false if the given permission_hash is part of the fixed exclusions.
+    # * yields a PermissionPresenter to provide additional logic and text for rendering
+    #
+    # @param permission_hash [Hash<:name, :access>]
+    # @return false if the given permission_hash is a fixed exclusion
+    # @yield PermissionPresenter
+    #
+    # @see #excluded_permission?
+    def with_applicable_permission(permission_hash:)
+      return false if excluded_permission?(permission_hash)
+      yield(PermissionPresenter.new(service: self, permission_hash: permission_hash))
+    end
+
+    # @api private
+    #
+    # A helper class to contain specific presentation logic related to
+    # the EditPermissionsService
+    class PermissionPresenter
+      # @param service [Hyrax::EditPermissionsService]
+      # @param permission_hash [Hash]
+      def initialize(service:, permission_hash:)
+        @service = service
+        @permission_hash = permission_hash
+      end
+
+      # A hint at how permissions are granted.
+      #
+      # @return String
+      # rubocop:disable Rails/OutputSafety
+      def granted_by_html_hint
+        html = ""
+        @service.unauthorized_collection_managers.each do |managers|
+          next unless name == managers.fetch(:name)
+          html += "<br />Access granted via collection #{managers.fetch(:id)}"
+        end
+        html.html_safe
+      end
+      # rubocop:enable Rails/OutputSafety
+
+      # @return String
+      def name
+        @permission_hash.fetch(:name)
+      end
+
+      # @return String
+      def access
+        @permission_hash.fetch(:access)
+      end
+
+      # @return Boolean
+      # @see EditPermissionsService#cannot_edit_permissions?
+      def can_edit?
+        !@service.cannot_edit_permissions?(@permission_hash)
+      end
+    end
+
+    private
+
+    # Fixed set of users & groups to exclude from "editable" section of display
+    def exclude_from_display
+      [::Ability.public_group_name, ::Ability.registered_group_name, ::Ability.admin_group_name, @depositor]
+    end
+
+    BlockedPermissions = Struct.new(:unauthorized_managers, :unauthorized_collection_managers)
+
+    # find all of the other managers of collections which a user cannot manage
+    #
+    #   Process used:
+    #   - find all of the work's collections which a user can manage
+    #   - find all of the work's collections (of a type which shares permissions) that a user cannot manage
+    #   - find all of the managers of these collections the user cannot manage
+    #   This gives us the manager permissions the user is not authorized to update.
+    #
+    # @return [Struct] BlockedPermissions
+    #   - unauthorized_managers [Array] ids of managers of all collections
+    #   - unauthorized_collection_managers [Array hashes] manager ids & collection_ids [{:name, :id}]
+    def manager_permissions_to_block
+      unauthorized_managers = []
+      unauthorized_collection_managers = []
+      object_unauthorized_collection_ids.each do |id|
+        Hyrax::PermissionTemplate.find_by(source_id: id).access_grants.each do |grant|
+          if grant.access == "manage"
+            unauthorized_managers << grant.agent_id
+            unauthorized_collection_managers += Array.wrap({ name: grant.agent_id }.merge(id: id))
+          end
+        end
+      end
+      BlockedPermissions.new(unauthorized_managers, unauthorized_collection_managers)
+    end
+
+    # find all of the work's collections a user can manage
+    # @return [Array] of collection ids
+    def object_managed_collection_ids
+      @object_managed_collection_ids ||= object_member_of & managed_collection_ids
+    end
+
+    # find all of the work's collections a user cannot manage
+    # note: if the collection type doesn't include "sharing_applies_to_new_works", we don't limit access
+    # @return [Array] of collection ids with limited access
+    def object_unauthorized_collection_ids
+      @object_unauthorized_collection_ids ||= begin
+                                                limited_access = []
+                                                unauthorized_collection_ids = object_member_of - object_managed_collection_ids
+                                                if unauthorized_collection_ids.any?
+                                                  unauthorized_collection_ids.each do |id|
+                                                    # TODO: Can we instead use a SOLR query?  This seems to be somewhat expensive.  However, as this is
+                                                    # used in administration instead of user front-end displays, I'm not as concerned.
+                                                    collection = ActiveFedora::Base.find(id)
+                                                    limited_access << id if (collection.instance_of? AdminSet) || collection.share_applies_to_new_works?
+                                                  end
+                                                end
+                                                limited_access
+                                              end
+    end
+
+    # find all of the collection ids an object is a member of
+    # @return [Array] array of collection ids
+    def object_member_of
+      @object_member_of ||= begin
+                              belongs_to = []
+                              # get all of work's collection ids from the form
+                              belongs_to += @object.member_of_collection_ids
+                              belongs_to << @object.admin_set_id if @object.admin_set_id.present?
+                              belongs_to
+                            end
+    end
+
+    # The list of all collections this user has manage rights on
+    # @return [Array] array of all collection ids that user can manage
+    def managed_collection_ids
+      Hyrax::Collections::PermissionsService.source_ids_for_manage(ability: @ability)
+    end
+  end
+end