sufia 2.0.1 → 3.0.0

data/spec/spec_helper.rb

@@ -1,17 +1,3 @@
-# Copyright © 2012 The Pennsylvania State University
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 # This file is copied to spec/ when you run 'rails generate rspec:install'
 ENV["RAILS_ENV"] ||= 'test'
 
@@ -21,6 +7,8 @@ require 'rspec/autorun'
 require 'capybara/rspec'
 require 'capybara/rails'
 
+require File.expand_path('../support/features', __FILE__)
+
 if ENV['COVERAGE']
   require 'simplecov'
   SimpleCov.start 'rails'
@@ -47,9 +35,11 @@ Resque.inline = Rails.env.test?
 FactoryGirl.definition_file_paths = [File.expand_path("../factories", __FILE__)]
 FactoryGirl.find_definitions
 
-# Requires supporting ruby files with custom matchers and macros, etc,
-# in spec/support/ and its subdirectories.
-#Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
+module EngineRoutes
+  def self.included(base)
+    base.routes { Sufia::Engine.routes }
+  end
+end
 
 RSpec.configure do |config|
   # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
@@ -66,9 +56,7 @@ RSpec.configure do |config|
   config.infer_base_class_for_anonymous_controllers = false
 
   config.include Devise::TestHelpers, :type => :controller
-
-  # see https://github.com/rails/journey/issues/39
-  config.before(:each, :type=>"controller") { @routes = Sufia::Engine.routes }
+  config.include EngineRoutes, :type => :controller
 end
 
 

data/spec/support/features.rb

@@ -0,0 +1,6 @@
+# spec/support/features.rb
+require File.expand_path('../features/session_helpers', __FILE__)
+
+RSpec.configure do |config|
+  config.include Features::SessionHelpers, type: :feature
+end

data/spec/support/features/session_helpers.rb

@@ -0,0 +1,21 @@
+# spec/support/features/session_helpers.rb
+module Features
+  module SessionHelpers
+    def sign_up_with(email, password)
+      Capybara.exact = true
+      visit new_user_registration_path
+      fill_in 'Email', with: email
+      fill_in 'Password', with: password
+      fill_in 'Password confirmation', with: password
+      click_button 'Sign up'
+    end
+
+    def sign_in(who = :user)
+      user = FactoryGirl.create(who)
+      visit new_user_session_path
+      fill_in 'Email', with: user.email
+      fill_in 'Password', with: user.password
+      click_button 'Sign in'
+    end
+  end
+end

data/spec/support/lib/generators/test_app_generator.rb

@@ -26,5 +26,9 @@ class TestAppGenerator < Rails::Generators::Base
   def remove_index_page
     remove_file 'public/index.html'
   end
+
+  def copy_rspec_rake_task
+    copy_file "lib/tasks/rspec.rake"
+  end
   
 end

data/spec/views/batch_edits/check_all_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper'
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
 
 describe 'Check All' do
   before (:all) do
@@ -8,15 +8,17 @@ describe 'Check All' do
   end
 
   it 'should render batch edits actions' do
+    controller.stub(:controller_name).and_return('batch_edits')
     controller.prepend_view_path "app/views/batch_edits"
-    html = render :partial=>'/batch_edits/check_all'
+    html = render partial: 'batch_edits/check_all'
     html.should have_selector("li[data-behavior='batch-edit-select-abc']")
   end
 
   it 'should render dashboard actions' do
+    controller.stub(:controller_name).and_return('dashboard')
     controller.prepend_view_path "app/views/dashboard"
-    html = render :partial=>'/batch_edits/check_all'
+    html = render partial: 'batch_edits/check_all'
     html.should have_selector("li[data-behavior='batch-edit-select-none']")
     html.should have_selector("li[data-behavior='batch-edit-select-page']")
   end
-end
+end

data/sufia-models/app/models/checksum_audit_log.rb

@@ -1,19 +1,5 @@
-# Copyright © 2012 The Pennsylvania State University
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 class ChecksumAuditLog < ActiveRecord::Base
-  attr_accessible :pass, :pid, :dsid, :version, :created_at
+  attr_accessible :pass, :pid, :dsid, :version, :created_at if Rails::VERSION::MAJOR == 3
 
   def ChecksumAuditLog.get_audit_log(version)
     ChecksumAuditLog.find_or_create_by_pid_and_dsid_and_version(:pid => version.pid,

data/sufia-models/app/models/domain_term.rb

@@ -1,18 +1,6 @@
-# Copyright © 2012 The Pennsylvania State University
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 class DomainTerm < ActiveRecord::Base
-  attr_accessible :model, :term
+  attr_accessible :model, :term if Rails::VERSION::MAJOR == 3
+
+  # TODO we should add an index on this join table and remove the uniq query
   has_and_belongs_to_many :local_authorities, :uniq=> true 
 end

data/sufia-models/app/models/geo_names_resource.rb

@@ -1,16 +1,4 @@
-# Copyright © 2012 The Pennsylvania State University
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+require 'active_resource'
 
 class GeoNamesResource < ActiveResource::Base
   self.site = "http://api.geonames.org/"

data/sufia-models/app/models/local_authority.rb

@@ -1,22 +1,9 @@
-# Copyright © 2012 The Pennsylvania State University
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 require 'rdf'
 require 'rdf/rdfxml'
 
 class LocalAuthority < ActiveRecord::Base
-  attr_accessible :name
+  attr_accessible :name if Rails::VERSION::MAJOR == 3
+  # TODO we should add an index on this join table and remove the uniq query
   has_and_belongs_to_many :domain_terms, :uniq=> true 
   has_many :local_authority_entries
 
@@ -37,7 +24,11 @@ class LocalAuthority < ActiveRecord::Base
         end
       end
     end
-    LocalAuthorityEntry.import entries
+    if LocalAuthorityEntry.respond_to? :import
+      LocalAuthorityEntry.import entries
+    else
+      entries.each { |e| e.save! }
+    end
   end
 
   def self.harvest_tsv(name, sources, opts = {})
@@ -55,7 +46,11 @@ class LocalAuthority < ActiveRecord::Base
         end
       end
     end
-    LocalAuthorityEntry.import entries
+    if LocalAuthorityEntry.respond_to? :import
+      LocalAuthorityEntry.import entries
+    else
+      entries.each { |e| e.save! }
+    end
   end
 
   def self.register_vocabulary(model, term, name)

data/sufia-models/app/models/local_authority_entry.rb

@@ -1,18 +1,4 @@
-# Copyright © 2012 The Pennsylvania State University
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 class LocalAuthorityEntry < ActiveRecord::Base
   belongs_to :local_authority
-  attr_accessible :local_authority, :label, :uri
+  attr_accessible :local_authority, :label, :uri if Rails::VERSION::MAJOR == 3
 end

data/sufia-models/app/models/single_use_link.rb

@@ -1,7 +1,6 @@
 class SingleUseLink < ActiveRecord::Base
 
-  attr_accessible :downloadKey, :expires, :itemId, :path
-
+  attr_accessible :downloadKey, :expires, :itemId, :path if Rails::VERSION::MAJOR == 3
     
   
   def self.create_show(item_id)
@@ -20,7 +19,7 @@ class SingleUseLink < ActiveRecord::Base
   protected
   def self.create_path(itemId, path)
      expires = DateTime.now.advance(hours:24)
-     key = Digest::SHA2.new << DateTime.now.to_f.to_s      
+     key = Digest::SHA2.new << rand(1000000000).to_s
      return create({downloadKey:key.to_s, expires:expires, path:path, itemId:itemId} )
   end
 end

data/sufia-models/app/models/trophy.rb

@@ -1,5 +1,5 @@
 class Trophy < ActiveRecord::Base
-  attr_accessible :generic_file_id, :user_id
+  attr_accessible :generic_file_id, :user_id if Rails::VERSION::MAJOR == 3
 
   validate :count_within_limit, :on => :create
 

data/sufia-models/app/models/version_committer.rb

@@ -1,17 +1,3 @@
-# Copyright © 2012 The Pennsylvania State University
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 class VersionCommitter < ActiveRecord::Base
-  attr_accessible :obj_id, :datastream_id, :version_id, :committer_login
+  attr_accessible :obj_id, :datastream_id, :version_id, :committer_login if Rails::VERSION::MAJOR == 3
 end

data/sufia-models/lib/sufia/models.rb

@@ -1,13 +1,17 @@
 require "sufia/models/version"
 require "sufia/models/engine"
 require 'hydra/head'
-require 'devise'
 require 'nest'
 require 'mailboxer'
 require 'acts_as_follower'
 require 'paperclip'
 require 'RMagick'
-require 'activerecord-import'
+begin
+  # activerecord-import 0.3.1 does not support rails 4, so we don't require it.
+  require 'activerecord-import'
+rescue LoadError
+  $stderr.puts "Sufia-models is unable to load activerecord-import"
+end
 require 'resque/server'
 
 module Sufia

data/sufia-models/lib/sufia/models/engine.rb

@@ -36,7 +36,7 @@ module Sufia
       initializer "patches" do
         require 'sufia/models/active_fedora/redis'
         require 'sufia/models/active_record/redis'
-        require 'sufia/models/active_support/core_ext/marshal'
+        require 'sufia/models/active_support/core_ext/marshal' unless Rails::VERSION::MAJOR == 4
       end
 
       initializer 'requires' do

data/sufia-models/lib/sufia/models/generic_file.rb

@@ -9,6 +9,7 @@ module Sufia
     autoload :Actions
     autoload :Permissions
     autoload :WebForm, 'sufia/models/generic_file/web_form'
+    autoload :AccessibleAttributes, 'sufia/models/generic_file/accessible_attributes'
     include Sufia::ModelMethods
     include Sufia::Noid
     include Sufia::GenericFile::Thumbnail
@@ -35,6 +36,8 @@ module Sufia
 
       around_save :characterize_if_changed, :retry_warming
       before_destroy :cleanup_trophies
+
+      attr_accessible *(ds_specs['descMetadata'][:type].fields + [:permissions])
     end
 
 

data/sufia-models/lib/sufia/models/generic_file/accessible_attributes.rb

@@ -0,0 +1,87 @@
+module Sufia
+  module GenericFile
+    module AccessibleAttributes
+      extend ActiveSupport::Concern
+      included do
+        class_attribute :_accessible_attributes
+        self._accessible_attributes = {}
+      end
+
+      def accessible_attributes(role = :default)
+         self.class._accessible_attributes[role] || []
+      end
+
+      # Sanitize the provided attributes using only those that are specified
+      # as accessible by attr_accessor
+      # @param [Hash] attributes the raw parameters
+      # @param [Hash] args a hash of options
+      # @option args [Symbol] :as (:default) the role to use
+      # @return A sanitized hash of parameters
+      def sanitize_attributes(attributes = {}, args = {})
+        role = args[:as] || :default
+        attributes.select { |k,v| accessible_attributes.include?(k.to_sym)}
+      end
+
+      module ClassMethods
+        # Specifies a white list of model attributes that can be set via
+        # mass-assignment.
+        #
+        # Like +attr_protected+, a role for the attributes is optional,
+        # if no role is provided then :default is used. A role can be defined by
+        # using the :as option.
+        #
+        # Mass-assignment will only set attributes in this list, to assign to
+        # the rest of # attributes you can use direct writer methods. This is
+        # meant to protect sensitive attributes from being overwritten by 
+        # malicious users # tampering with URLs or forms. 
+        #
+        #   class Customer
+        #     include ActiveModel::MassAssignmentSecurity
+        #
+        #     attr_accessor :name, :credit_rating
+        #
+        #     attr_accessible :name
+        #     attr_accessible :name, :credit_rating, :as => :admin
+        #
+        #     def assign_attributes(values, options = {})
+        #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
+        #         send("#{k}=", v)
+        #       end
+        #     end
+        #   end
+        #
+        # When using the :default role:
+        #
+        #   customer = Customer.new
+        #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
+        #   customer.name          # => "David"
+        #   customer.credit_rating # => nil
+        #
+        #   customer.credit_rating = "Average"
+        #   customer.credit_rating # => "Average"
+        #
+        # And using the :admin role:
+        #
+        #   customer = Customer.new
+        #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
+        #   customer.name          # => "David"
+        #   customer.credit_rating # => "Excellent"
+        #
+        # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
+        # +attr_accessible+ to sanitize attributes provides basically the same
+        # functionality, but it makes a bit tricky to deal with nested attributes.
+        def attr_accessible(*args)
+          options = args.extract_options!
+          role = options[:as] || :default
+
+          self._accessible_attributes ||= {}
+
+          Array.wrap(role).each do |name|
+            self._accessible_attributes[name] = args.map &:to_sym
+          end
+        end
+
+      end
+    end
+  end
+end

data/sufia-models/lib/sufia/models/generic_file/permissions.rb

@@ -37,7 +37,8 @@ module Sufia
         params[:new_group_name].each { |name, access| perm_hash['group'][name] = access } if params[:new_group_name].present?
 
         params[:user].each { |name, access| perm_hash['person'][name] = access} if params[:user]
-        params[:group].each { |name, access| perm_hash['group'][name] = access} if params[:group]
+        params[:group].each { |name, access| perm_hash['group'][name] = access if ['read', 'edit'].include?(access)} if params[:group]
+
         rightsMetadata.update_permissions(perm_hash)
       end