hyrax 2.1.0.rc2 → 2.1.0.rc3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2f567b87262e35a9cb150d7155519d89714b19b0
-  data.tar.gz: 1ba5abb5d18be1edaacdb1bceb77030e1dfa1c66
+  metadata.gz: 025cc22285626454040035c0cf14f5d89d818fa8
+  data.tar.gz: 5669ec53c680bfe657ba9f1064102b43c5cd6efd
 SHA512:
-  metadata.gz: b72273e1c7ecb34223b97e5839232fcdcb5f26d036903bdb2e50f2ec45d437a52edcf88012fc88f2d6c0c14a4a7ac9bd46965b3cdeada506d6e553352f38418f
-  data.tar.gz: 389b8b29eee7704e80cf71cdceb6ed8f8e96c0bde66a312bb06f31a73cf3996f0e4afbeba6ae132b7f04132a15b036b6ba06e14385ec7c51ff90c8fab65572dd
+  metadata.gz: a301edaa82e5823d68d31c7e4dd547848fbac537ae1e30ff6db7de2fc45897d7a2b3171560a1a8f62f242e921d259f5e0ab1a682ff4e7393ba9f446c17745b6e
+  data.tar.gz: b034075731f730600bb4415a273e9ae2ed641615052275a91e6d15e52a77af64c15d55687a6922cab802e6cf64118fc365b0e00ab245aafbe0c5014611b2fc0c

data/README.md

@@ -63,7 +63,7 @@ The Samvera community is here to help. Please see our [support guide](./.github/
 # Getting started
 
 This document contains instructions specific to setting up an app with __Hyrax
-v2.1.0.rc2__. If you are looking for instructions on installing a different
+v2.1.0.rc3__. If you are looking for instructions on installing a different
 version, be sure to select the appropriate branch or tag from the drop-down
 menu above.
 
@@ -162,7 +162,7 @@ NOTE: The steps need to be done in order to create a new Hyrax based app.
 Generate a new Rails application using the template.
 
 ```
-rails _5.1.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.1.0.rc2/template.rb
+rails _5.1.6_ new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v2.1.0.rc3/template.rb
 ```
 
 Generating a new Rails application using Hyrax's template above takes cares of a number of steps for you, including:

data/app/assets/stylesheets/hyrax/_work-show.scss

@@ -4,7 +4,8 @@
   }
 }
 
-.no-preview, .social-media {
+.no-preview,
+.social-media {
   padding: $panel-body-padding;
 }
 
@@ -17,7 +18,8 @@ header > h1 .label {
   padding: $panel-body-padding;
 }
 
-.relationships, .attributes {
+.relationships,
+.attributes {
   tbody th {
     width: 20%;
   }
@@ -52,6 +54,13 @@ ul.tabular {
 .work-type {
   margin-bottom: 18px;
   margin-top: -8px;
+
+  .panel-body {
+    .work_description,
+    li.attribute {
+      word-break: break-word;
+    }
+  }
 }
 
 .panel-workflow {

data/app/controllers/hyrax/admin/admin_sets_controller.rb

@@ -2,8 +2,13 @@ module Hyrax
   class Admin::AdminSetsController < ApplicationController
     include Hyrax::CollectionsControllerBehavior
 
-    before_action :ensure_manager!
+    before_action :authenticate_user!
+    before_action :ensure_manager!, except: [:show]
     load_and_authorize_resource
+    before_action :ensure_viewer!, only: [:show]
+
+    # Catch permission errors
+    rescue_from Hydra::AccessDenied, CanCan::AccessDenied, with: :deny_adminset_access
 
     with_themed_layout 'dashboard'
     self.presenter_class = Hyrax::AdminSetPresenter
@@ -19,6 +24,15 @@ module Hyrax
     class_attribute :admin_set_create_service
     self.admin_set_create_service = AdminSetCreateService
 
+    def deny_adminset_access(exception)
+      if current_user && current_user.persisted?
+        redirect_to root_url, alert: exception.message
+      else
+        session['user_return_to'] = request.url
+        redirect_to main_app.new_user_session_url, alert: exception.message
+      end
+    end
+
     def show
       add_breadcrumb I18n.t('hyrax.controls.home'), hyrax.root_path
       add_breadcrumb t(:'hyrax.dashboard.title'), hyrax.dashboard_path
@@ -92,11 +106,18 @@ module Hyrax
       end
 
       def ensure_manager!
+        # TODO: Review for possible removal.  Doesn't appear to apply anymore.
         # Even though the user can view this admin set, they may not be able to view
         # it on the admin page.
         authorize! :manage_any, AdminSet
       end
 
+      def ensure_viewer!
+        # Even though the user can view this admin set, they may not be able to view
+        # it on the admin page if access is granted as a public or registered user only.
+        authorize! :view_admin_show, @admin_set
+      end
+
       def create_admin_set
         admin_set_create_service.call(admin_set: @admin_set, creating_user: current_user)
       end

data/app/jobs/import_url_job.rb

@@ -8,22 +8,27 @@ require 'browse_everything/retriever'
 # and CreateWithRemoteFilesActor when files are located in some other service.
 class ImportUrlJob < Hyrax::ApplicationJob
   queue_as Hyrax.config.ingest_queue_name
+  attr_reader :file_set, :operation
 
   before_enqueue do |job|
+    operation = job.arguments[1]
     operation.pending_job(job)
   end
 
-  # Retrieves the operation for the job
-  def operation
-    arguments.reduce(:merge).fetch(:operation)
-  end
-
   # @param [FileSet] file_set
   # @param [Hyrax::BatchCreateOperation] operation
   def perform(file_set, operation, headers = {})
     operation.performing!
     user = User.find_by_user_key(file_set.depositor)
     uri = URI(file_set.import_url)
+    @file_set = file_set
+    @operation = operation
+
+    unless HTTParty.head(file_set.import_url).success?
+      send_error('Expired URL')
+      return false
+    end
+
     # @todo Use Hydra::Works::AddExternalFileToFileSet instead of manually
     #       copying the file here. This will be gnarly.
     copy_remote_file(uri, headers) do |f|
@@ -33,13 +38,7 @@ class ImportUrlJob < Hyrax::ApplicationJob
       # FileSetActor operates synchronously so that this tempfile is available.
       # If asynchronous, the job might be invoked on a machine that did not have this temp file on its file system!
       # NOTE: The return status may be successful even if the content never attaches.
-      if Hyrax::Actors::FileSetActor.new(file_set, user).create_content(f, from_url: true)
-        operation.success!
-      else
-        # send message to user on download failure
-        Hyrax.config.callback.run(:after_import_url_failure, file_set, user)
-        operation.fail!(file_set.errors.full_messages.join(' '))
-      end
+      log_import_status(uri, f, user)
     end
   end
 
@@ -57,14 +56,47 @@ class ImportUrlJob < Hyrax::ApplicationJob
       Rails.logger.debug("ImportUrlJob: Copying <#{uri}> to #{dir}")
 
       File.open(File.join(dir, filename), 'wb') do |f|
-        retriever = BrowseEverything::Retriever.new
-        uri_spec = { 'url' => uri }.merge(headers)
-        retriever.retrieve(uri_spec) do |chunk|
-          f.write(chunk)
+        begin
+          write_file(uri, f, headers)
+          yield f
+        rescue StandardError => e
+          send_error(e.message)
         end
-        f.rewind
-        yield f
       end
       Rails.logger.debug("ImportUrlJob: Closing #{File.join(dir, filename)}")
     end
+
+    # Send message to user on download failure
+    # @param filename [String] the filename of the file to download
+    # @param error_message [String] the download error message
+    def send_error(error_message)
+      user = User.find_by_user_key(file_set.depositor)
+      @file_set.errors.add('Error:', error_message)
+      Hyrax.config.callback.run(:after_import_url_failure, @file_set, user)
+      @operation.fail!(@file_set.errors.full_messages.join(' '))
+    end
+
+    # Write file to the stream
+    # @param uri [URI] the uri of the file to download
+    # @param f [IO] the stream to write to
+    def write_file(uri, f, headers)
+      retriever = BrowseEverything::Retriever.new
+      uri_spec = { 'url' => uri }.merge(headers)
+      retriever.retrieve(uri_spec) do |chunk|
+        f.write(chunk)
+      end
+      f.rewind
+    end
+
+    # Set the import operation status
+    # @param uri [URI] the uri of the file to download
+    # @param f [IO] the stream to write to
+    # @param user [User]
+    def log_import_status(uri, f, user)
+      if Hyrax::Actors::FileSetActor.new(@file_set, user).create_content(f, from_url: true)
+        operation.success!
+      else
+        send_error(uri.path, nil)
+      end
+    end
 end

data/app/models/concerns/hyrax/ability/admin_set_ability.rb

@@ -9,7 +9,7 @@ module Hyrax
           can :view_admin_show_any, AdminSet
         else
           can :manage_any, AdminSet if Hyrax::Collections::PermissionsService.can_manage_any_admin_set?(ability: self)
-          can :create_any, AdminSet if Hyrax::CollectionTypes::PermissionsService.can_create_admin_set_collection_type?(ability: self)
+          can [:create_any, :create], AdminSet if Hyrax::CollectionTypes::PermissionsService.can_create_admin_set_collection_type?(ability: self)
           can :view_admin_show_any, AdminSet if Hyrax::Collections::PermissionsService.can_view_admin_show_for_any_admin_set?(ability: self)
 
           can [:edit, :update, :destroy], AdminSet do |admin_set| # for test by solr_doc, see solr_document_ability.rb

data/app/presenters/hyrax/file_set_presenter.rb

@@ -90,6 +90,10 @@ module Hyrax
                                                               presenter_args: current_ability).first
     end
 
+    def user_can_perform_any_action?
+      current_ability.can?(:edit, id) || current_ability.can?(:destroy, id) || current_ability.can?(:download, id)
+    end
+
     private
 
       def link_presenter_class

data/app/presenters/hyrax/work_show_presenter.rb

@@ -155,8 +155,8 @@ module Hyrax
 
     delegate :member_presenters, :file_set_presenters, :work_presenters, to: :member_presenter_factory
 
-    def exclude_unauthorized_file_sets
-      member_presenters.delete_if { |m| m.is_a?(Hyrax::FileSetPresenter) && !current_ability.can?(:read, m.id) }
+    def exclude_unauthorized_members
+      member_presenters.delete_if { |m| !current_ability.can?(:read, m.id) }
     end
 
     def manifest_url

data/app/services/hyrax/collections/permissions_create_service.rb

@@ -17,6 +17,29 @@ module Hyrax
         collection.reset_access_controls!
       end
 
+      # @api public
+      #
+      # Add access grants to a collection
+      #
+      # @param collection_id [String] id of a collection
+      # @param grants [Array<Hash>] array of grants to add to the collection
+      # @example grants
+      #   [ { agent_type: Hyrax::PermissionTemplateAccess::GROUP,
+      #       agent_id: 'my_group_name',
+      #       access: Hyrax::PermissionTemplateAccess::DEPOSIT } ]
+      # @see Hyrax::PermissionTemplateAccess for valid values for agent_type and access
+      def self.add_access(collection_id:, grants:)
+        collection = Collection.find(collection_id)
+        template = Hyrax::PermissionTemplate.find_by!(source_id: collection_id)
+        grants.each do |grant|
+          Hyrax::PermissionTemplateAccess.find_or_create_by(permission_template_id: template.id,
+                                                            agent_type: grant[:agent_type],
+                                                            agent_id: grant[:agent_id],
+                                                            access: grant[:access])
+        end
+        collection.reset_access_controls!
+      end
+
       # @api private
       #
       # Gather the default permissions needed for a new collection

data/app/services/hyrax/collections/permissions_service.rb

@@ -170,9 +170,11 @@ module Hyrax
       # @return [Boolean] true if the user has permission to view the admin show page for the collection
       # @note Several checks get the user's groups from the user's ability.  The same values can be retrieved directly from a passed in ability.
       def self.can_view_admin_show_for_collection?(collection_id:, ability:)
-        deposit_access_to_collection?(collection_id: collection_id, ability: ability) ||
-          manage_access_to_collection?(collection_id: collection_id, ability: ability) ||
-          view_access_to_collection?(collection_id: collection_id, ability: ability)
+        exclude_groups = [::Ability.registered_group_name,
+                          ::Ability.public_group_name]
+        manage_access_to_collection?(collection_id: collection_id, ability: ability) ||
+          deposit_access_to_collection?(collection_id: collection_id, ability: ability, exclude_groups: exclude_groups) ||
+          view_access_to_collection?(collection_id: collection_id, ability: ability, exclude_groups: exclude_groups)
       end
 
       # @api private
@@ -181,10 +183,11 @@ module Hyrax
       #
       # @param collection_id [String] id of the collection we are checking permissions on
       # @param ability [Ability] the ability coming from cancan ability check
+      # @param exclude_groups [Array<String>] name of groups to exclude from the results
       # @return [Boolean] true if the user has :deposit access to the collection
       # @note Several checks get the user's groups from the user's ability.  The same values can be retrieved directly from a passed in ability.
-      def self.deposit_access_to_collection?(collection_id:, ability: nil)
-        access_to_collection?(collection_id: collection_id, access: 'deposit', ability: ability)
+      def self.deposit_access_to_collection?(collection_id:, ability: nil, exclude_groups: [])
+        access_to_collection?(collection_id: collection_id, access: 'deposit', ability: ability, exclude_groups: exclude_groups)
       end
       private_class_method :deposit_access_to_collection?
 
@@ -194,10 +197,11 @@ module Hyrax
       #
       # @param collection_id [String] id of the collection we are checking permissions on
       # @param ability [Ability] the ability coming from cancan ability check
+      # @param exclude_groups [Array<String>] name of groups to exclude from the results
       # @return [Boolean] true if the user has :manage access to the collection
       # @note Several checks get the user's groups from the user's ability.  The same values can be retrieved directly from a passed in ability.
-      def self.manage_access_to_collection?(collection_id:, ability:)
-        access_to_collection?(collection_id: collection_id, access: 'manage', ability: ability)
+      def self.manage_access_to_collection?(collection_id:, ability:, exclude_groups: [])
+        access_to_collection?(collection_id: collection_id, access: 'manage', ability: ability, exclude_groups: exclude_groups)
       end
       private_class_method :manage_access_to_collection?
 
@@ -207,10 +211,11 @@ module Hyrax
       #
       # @param collection_id [String] id of the collection we are checking permissions on
       # @param ability [Ability] the ability coming from cancan ability check
+      # @param exclude_groups [Array<String>] name of groups to exclude from the results
       # @return [Boolean] true if the user has permission to view the collection
       # @note Several checks get the user's groups from the user's ability.  The same values can be retrieved directly from a passed in ability.
-      def self.view_access_to_collection?(collection_id:, ability:)
-        access_to_collection?(collection_id: collection_id, access: 'view', ability: ability)
+      def self.view_access_to_collection?(collection_id:, ability:, exclude_groups: [])
+        access_to_collection?(collection_id: collection_id, access: 'view', ability: ability, exclude_groups: exclude_groups)
       end
       private_class_method :view_access_to_collection?
 
@@ -221,13 +226,14 @@ module Hyrax
       # @param collection_id [String] id of the collection we are checking permissions on
       # @param access [Symbol] the access level to check
       # @param ability [Ability] the ability coming from cancan ability check
+      # @param exclude_groups [Array<String>] name of groups to exclude from the results
       # @return [Boolean] true if the user has permission to view the collection
       # @note Several checks get the user's groups from the user's ability.  The same values can be retrieved directly from a passed in ability.
-      def self.access_to_collection?(collection_id:, access:, ability:)
+      def self.access_to_collection?(collection_id:, access:, ability:, exclude_groups: [])
         return false unless collection_id
         template = Hyrax::PermissionTemplate.find_by!(source_id: collection_id)
         return true if ([ability.current_user.user_key] & template.agent_ids_for(agent_type: 'user', access: access)).present?
-        return true if (ability.user_groups & template.agent_ids_for(agent_type: 'group', access: access)).present?
+        return true if (ability.user_groups & (template.agent_ids_for(agent_type: 'group', access: access) - exclude_groups)).present?
         false
       end
       private_class_method :access_to_collection?

data/app/views/hyrax/base/_items.html.erb

@@ -1,5 +1,5 @@
 <h2><%= t('.header') %></h2>
-<%  members = Flipflop.hide_private_files? ? presenter.exclude_unauthorized_file_sets : presenter.member_presenters %>
+<%  members = Flipflop.hide_private_items? ? presenter.exclude_unauthorized_members : presenter.member_presenters %>
 <% if members.present? %>
   <table class="table table-striped related-files">
     <thead>
@@ -17,4 +17,6 @@
   </table>
 <% elsif can? :edit, presenter.id %>
     <div class="alert alert-warning" role="alert"><%= t('.empty', type: presenter.human_readable_type) %></div>
+<% else %>
+  <div class="alert alert-warning" role="alert"><%= t('.unauthorized', type: presenter.human_readable_type) %></div>
 <% end %>

data/app/views/hyrax/collections/_show_document_list_row.html.erb

@@ -13,7 +13,6 @@
       <div class="media-body">
         <p class="media-heading">
           <strong><%= link_to document.title_or_label, [main_app, document], id: "src_copy_link#{id}", class: "#{'document-title' if document.title_or_label == document.label}" %></strong>
-          <a href="#" class="small" title="Click for more details"><i id="expand_<%= id %>" class="glyphicon glyphicon-chevron-right"></i></a>
         </p>
         <%= render_collection_links(document) %>
       </div>
@@ -24,21 +23,3 @@
     <%= render_visibility_link(document) %>
   </td>
 </tr>
-<tr id="detail_<%= id %>"> <!--  document detail"> -->
-  <td colspan="6">
-    <dl class="expanded-details row">
-      <dt class="col-xs-3 col-lg-2">Creator:</dt>
-      <dd class="col-xs-9 col-lg-4"><%= document.creator.to_a.to_sentence %></dd>
-      <dt class="col-xs-3 col-lg-2">Depositor:</dt>
-      <dd class="col-xs-9 col-lg-4"><%= link_to_profile document.depositor %></dd>
-      <dt class="col-xs-3 col-lg-2">Edit Access:</dt>
-      <dd class="col-xs-9 col-lg-10">
-        <% if document.edit_groups.present? %>
-          Groups: <%= document.edit_groups.join(', ') %>
-          <br />
-        <% end %>
-        Users: <%= document.edit_people.join(', ') %>
-      </dd>
-    </dl>
-  </td>
-</tr>

data/app/views/hyrax/file_sets/_actions.html.erb

@@ -1,42 +1,44 @@
-<div class="btn-group">
+<% if file_set.user_can_perform_any_action? %>
+  <div class="btn-group">
 
-  <button class="btn btn-default dropdown-toggle" data-toggle="dropdown" type="button" id="dropdownMenu_<%= file_set.id %>" aria-haspopup="true">
-    <span class="sr-only">Press to </span>
-    Select an action
-    <span class="caret" aria-hidden="true"></span>
-  </button>
+    <button class="btn btn-default dropdown-toggle" data-toggle="dropdown" type="button" id="dropdownMenu_<%= file_set.id %>" aria-haspopup="true">
+      <span class="sr-only">Press to </span>
+      <%= t('.header') %>
+      <span class="caret" aria-hidden="true"></span>
+    </button>
 
-  <ul role="menu" class="dropdown-menu dropdown-menu-right" aria-labelledby="dropdownMenu_<%= file_set.id %>">
-  <% if can?(:edit, file_set.id) %>
-    <li role="menuitem" tabindex="-1">
-      <%= link_to 'Edit', edit_polymorphic_path([main_app, file_set]),
-        { title: "Edit #{file_set}" } %>
-    </li>
+    <ul role="menu" class="dropdown-menu dropdown-menu-right" aria-labelledby="dropdownMenu_<%= file_set.id %>">
+    <% if can?(:edit, file_set.id) %>
+      <li role="menuitem" tabindex="-1">
+        <%= link_to t('.edit'), edit_polymorphic_path([main_app, file_set]),
+          { title: t('.edit_title', file_set: file_set) } %>
+      </li>
 
-    <li role="menuitem" tabindex="-1">
-      <%= link_to 'Versions',  edit_polymorphic_path([main_app, file_set], anchor: 'versioning_display'),
-        { title: "Display previous versions" } %>
-    </li>
-  <% end %>
+      <li role="menuitem" tabindex="-1">
+        <%= link_to t('.versions'),  edit_polymorphic_path([main_app, file_set], anchor: 'versioning_display'),
+          { title: t('.versions_title') } %>
+      </li>
+    <% end %>
 
-  <% if can?(:destroy, file_set.id) %>
-    <li role="menuitem" tabindex="-1">
-      <%= link_to 'Delete', polymorphic_path([main_app, file_set]),
-        method: :delete, title: "Delete #{file_set}",
-        data: {confirm: "Deleting #{file_set} from #{application_name} is permanent. Click OK to delete this from #{application_name}, or Cancel to cancel this operation"} %>
-    </li>
-  <% end %>
+    <% if can?(:destroy, file_set.id) %>
+      <li role="menuitem" tabindex="-1">
+        <%= link_to t('.delete'), polymorphic_path([main_app, file_set]),
+          method: :delete, title: t('.delete_title', file_set: file_set),
+          data: { confirm: t('.delete_confirm', file_set: file_set, application_name: application_name) } %>
+      </li>
+    <% end %>
 
-  <% if can?(:download, file_set.id) %>
-    <li role="menuitem" tabindex="-1">
-      <%= link_to 'Download',
-                  hyrax.download_path(file_set),
-                  title: "Download #{file_set.to_s.inspect}",
-                  target: "_blank",
-                  id: "file_download",
-                  data: { label: file_set.id } %>
-    </li>
-  <% end %>
+    <% if can?(:download, file_set.id) %>
+      <li role="menuitem" tabindex="-1">
+        <%= link_to t('.download'),
+                    hyrax.download_path(file_set),
+                    title: t('.download_title', file_set: file_set),
+                    target: "_blank",
+                    id: "file_download",
+                    data: { label: file_set.id } %>
+      </li>
+    <% end %>
 
-  </ul>
-</div>
+    </ul>
+  </div>
+<% end %>