sufia 2.0.1 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +111 -0
- data/Gemfile +4 -4
- data/History.md +126 -0
- data/README.md +23 -5
- data/SUFIA_VERSION +1 -1
- data/app/assets/javascripts/sufia/multiForm.js +10 -2
- data/app/assets/stylesheets/{application-bootstrap.css → application-bootstrap.css.erb} +7 -7
- data/app/assets/stylesheets/{bootstrap.min.css → bootstrap.min.css.erb} +1 -1
- data/app/controllers/concerns/sufia/users_controller_behavior.rb +9 -3
- data/app/controllers/single_use_link_controller.rb +1 -1
- data/app/helpers/sufia_helper.rb +7 -1
- data/app/models/contact_form.rb +0 -14
- data/app/views/_user_util_links.html.erb +0 -15
- data/app/views/batch_edits/_check_all.html.erb +2 -2
- data/app/views/batch_edits/_delete_selected.html.erb +1 -1
- data/app/views/layouts/{_head-tag-content.html.erb → _head_tag_content.html.erb} +0 -0
- data/app/views/layouts/homepage.html.erb +2 -2
- data/app/views/layouts/sufia-one-column.html.erb +1 -1
- data/app/views/layouts/sufia-two-column.html.erb +1 -1
- data/app/views/users/edit.html.erb +1 -1
- data/app/views/users/show.html.erb +1 -17
- data/config/routes.rb +31 -33
- data/lib/generators/sufia/sufia_generator.rb +5 -3
- data/lib/generators/sufia/templates/catalog_controller.rb +5 -1
- data/lib/generators/sufia/templates/config/redis_config.rb +1 -14
- data/lib/sufia/batch_edits_controller_behavior.rb +1 -1
- data/lib/sufia/controller.rb +1 -1
- data/lib/sufia/dashboard_controller_behavior.rb +8 -2
- data/lib/sufia/files_controller_behavior.rb +1 -2
- data/lib/sufia/version.rb +1 -1
- data/spec/active_fedora/unsaved_digital_object_spec.rb +1 -15
- data/spec/controllers/authorities_controller_spec.rb +1 -15
- data/spec/controllers/batch_controller_spec.rb +10 -16
- data/spec/controllers/batch_edits_controller_spec.rb +1 -1
- data/spec/controllers/catalog_controller_spec.rb +1 -15
- data/spec/controllers/dashboard_controller_spec.rb +23 -17
- data/spec/controllers/downloads_controller_spec.rb +1 -15
- data/spec/controllers/generic_files_controller_spec.rb +18 -32
- data/spec/controllers/mailbox_controller_spec.rb +1 -15
- data/spec/controllers/single_use_link_controller_spec.rb +6 -13
- data/spec/controllers/users_controller_spec.rb +27 -41
- data/spec/factories/users.rb +5 -14
- data/spec/features/browse_dashboard_files.rb +21 -0
- data/spec/features/browse_files.rb +31 -0
- data/spec/features/contact_form.rb +99 -0
- data/spec/features/display_dashboard.rb +46 -0
- data/spec/features/ingest_upload_files.rb +24 -0
- data/spec/features/users_spec.rb +25 -0
- data/spec/helpers/generic_file_helper_spec.rb +10 -3
- data/spec/helpers/sufia_helper_spec.rb +1 -1
- data/spec/lib/sufia/id_service_spec.rb +1 -15
- data/spec/models/audit_job_spec.rb +1 -15
- data/spec/models/batch_spec.rb +1 -15
- data/spec/models/batch_update_job_spec.rb +3 -16
- data/spec/models/characterize_job_spec.rb +4 -4
- data/spec/models/checksum_audit_log_spec.rb +1 -15
- data/spec/models/event_jobs_spec.rb +1 -15
- data/spec/models/file_content_datastream_spec.rb +5 -19
- data/spec/models/fits_datastream_spec.rb +1 -15
- data/spec/models/generic_file/web_form_spec.rb +34 -0
- data/spec/models/generic_file_spec.rb +11 -39
- data/spec/models/local_authority_spec.rb +3 -15
- data/spec/models/properties_datastream_spec.rb +1 -1
- data/spec/models/single_use_link_spec.rb +1 -1
- data/spec/models/solr_document_spec.rb +1 -1
- data/spec/models/transcode_audio_job_spec.rb +1 -1
- data/spec/models/transcode_video_job_spec.rb +1 -1
- data/spec/models/trophy_spec.rb +1 -1
- data/spec/models/unzip_job_spec.rb +1 -15
- data/spec/models/user_spec.rb +1 -15
- data/spec/rake/sufia_fixtures_spec.rb +3 -17
- data/spec/routing/route_spec.rb +7 -21
- data/spec/spec_helper.rb +8 -20
- data/spec/support/features.rb +6 -0
- data/spec/support/features/session_helpers.rb +21 -0
- data/spec/support/lib/generators/test_app_generator.rb +4 -0
- data/spec/views/batch_edits/check_all_spec.rb +6 -4
- data/sufia-models/app/models/checksum_audit_log.rb +1 -15
- data/sufia-models/app/models/domain_term.rb +3 -15
- data/sufia-models/app/models/geo_names_resource.rb +1 -13
- data/sufia-models/app/models/local_authority.rb +12 -17
- data/sufia-models/app/models/local_authority_entry.rb +1 -15
- data/sufia-models/app/models/single_use_link.rb +2 -3
- data/sufia-models/app/models/trophy.rb +1 -1
- data/sufia-models/app/models/version_committer.rb +1 -15
- data/sufia-models/lib/sufia/models.rb +6 -2
- data/sufia-models/lib/sufia/models/engine.rb +1 -1
- data/sufia-models/lib/sufia/models/generic_file.rb +3 -0
- data/sufia-models/lib/sufia/models/generic_file/accessible_attributes.rb +87 -0
- data/sufia-models/lib/sufia/models/generic_file/permissions.rb +2 -1
- data/sufia-models/lib/sufia/models/generic_file/web_form.rb +4 -1
- data/sufia-models/lib/sufia/models/user.rb +9 -2
- data/sufia-models/lib/sufia/models/version.rb +1 -1
- data/{lib → sufia-models/lib}/tasks/resque.rake +0 -0
- data/sufia-models/sufia-models.gemspec +13 -11
- data/sufia.gemspec +1 -3
- data/tasks/sufia-dev.rake +21 -10
- metadata +30 -84
- data/config/cucumber.yml +0 -8
- data/features/browse_dashboard_files.feature +0 -16
- data/features/browse_files.feature +0 -16
- data/features/contact_form.feature +0 -86
- data/features/display_dashboard.feature +0 -42
- data/features/ingest_upload_files.feature +0 -21
- data/features/step_definitions/edit_metadata_steps.rb +0 -89
- data/features/step_definitions/fixture_steps.rb +0 -35
- data/features/step_definitions/show_document_steps.rb +0 -103
- data/features/step_definitions/sufia.rb +0 -69
- data/features/step_definitions/user_steps.rb +0 -58
- data/features/step_definitions/web_steps.rb +0 -235
- data/features/support/cleanup.rb +0 -19
- data/features/support/env.rb +0 -90
- data/features/support/headless.rb +0 -26
- data/features/support/paths.rb +0 -101
- data/features/users.feature +0 -18
- data/spec/lib/sufia/role_mapper_spec.rb +0 -28
- data/spec/support/Gemfile +0 -24
- data/spec/views/single_user_link/download.html.erb_spec.rb +0 -5
- data/spec/views/single_user_link/generate_download.html.erb_spec.rb +0 -5
- data/spec/views/single_user_link/generate_show.html.erb_spec.rb +0 -5
- data/spec/views/single_user_link/show.html.erb_spec.rb +0 -5
- data/tasks/cucumber.rake +0 -72
data/spec/spec_helper.rb
CHANGED
@@ -1,17 +1,3 @@
|
|
1
|
-
# Copyright © 2012 The Pennsylvania State University
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
1
|
# This file is copied to spec/ when you run 'rails generate rspec:install'
|
16
2
|
ENV["RAILS_ENV"] ||= 'test'
|
17
3
|
|
@@ -21,6 +7,8 @@ require 'rspec/autorun'
|
|
21
7
|
require 'capybara/rspec'
|
22
8
|
require 'capybara/rails'
|
23
9
|
|
10
|
+
require File.expand_path('../support/features', __FILE__)
|
11
|
+
|
24
12
|
if ENV['COVERAGE']
|
25
13
|
require 'simplecov'
|
26
14
|
SimpleCov.start 'rails'
|
@@ -47,9 +35,11 @@ Resque.inline = Rails.env.test?
|
|
47
35
|
FactoryGirl.definition_file_paths = [File.expand_path("../factories", __FILE__)]
|
48
36
|
FactoryGirl.find_definitions
|
49
37
|
|
50
|
-
|
51
|
-
|
52
|
-
|
38
|
+
module EngineRoutes
|
39
|
+
def self.included(base)
|
40
|
+
base.routes { Sufia::Engine.routes }
|
41
|
+
end
|
42
|
+
end
|
53
43
|
|
54
44
|
RSpec.configure do |config|
|
55
45
|
# Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
|
@@ -66,9 +56,7 @@ RSpec.configure do |config|
|
|
66
56
|
config.infer_base_class_for_anonymous_controllers = false
|
67
57
|
|
68
58
|
config.include Devise::TestHelpers, :type => :controller
|
69
|
-
|
70
|
-
# see https://github.com/rails/journey/issues/39
|
71
|
-
config.before(:each, :type=>"controller") { @routes = Sufia::Engine.routes }
|
59
|
+
config.include EngineRoutes, :type => :controller
|
72
60
|
end
|
73
61
|
|
74
62
|
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# spec/support/features/session_helpers.rb
|
2
|
+
module Features
|
3
|
+
module SessionHelpers
|
4
|
+
def sign_up_with(email, password)
|
5
|
+
Capybara.exact = true
|
6
|
+
visit new_user_registration_path
|
7
|
+
fill_in 'Email', with: email
|
8
|
+
fill_in 'Password', with: password
|
9
|
+
fill_in 'Password confirmation', with: password
|
10
|
+
click_button 'Sign up'
|
11
|
+
end
|
12
|
+
|
13
|
+
def sign_in(who = :user)
|
14
|
+
user = FactoryGirl.create(who)
|
15
|
+
visit new_user_session_path
|
16
|
+
fill_in 'Email', with: user.email
|
17
|
+
fill_in 'Password', with: user.password
|
18
|
+
click_button 'Sign in'
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
require 'spec_helper'
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
2
|
|
3
3
|
describe 'Check All' do
|
4
4
|
before (:all) do
|
@@ -8,15 +8,17 @@ describe 'Check All' do
|
|
8
8
|
end
|
9
9
|
|
10
10
|
it 'should render batch edits actions' do
|
11
|
+
controller.stub(:controller_name).and_return('batch_edits')
|
11
12
|
controller.prepend_view_path "app/views/batch_edits"
|
12
|
-
html = render :
|
13
|
+
html = render partial: 'batch_edits/check_all'
|
13
14
|
html.should have_selector("li[data-behavior='batch-edit-select-abc']")
|
14
15
|
end
|
15
16
|
|
16
17
|
it 'should render dashboard actions' do
|
18
|
+
controller.stub(:controller_name).and_return('dashboard')
|
17
19
|
controller.prepend_view_path "app/views/dashboard"
|
18
|
-
html = render :
|
20
|
+
html = render partial: 'batch_edits/check_all'
|
19
21
|
html.should have_selector("li[data-behavior='batch-edit-select-none']")
|
20
22
|
html.should have_selector("li[data-behavior='batch-edit-select-page']")
|
21
23
|
end
|
22
|
-
end
|
24
|
+
end
|
@@ -1,19 +1,5 @@
|
|
1
|
-
# Copyright © 2012 The Pennsylvania State University
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
1
|
class ChecksumAuditLog < ActiveRecord::Base
|
16
|
-
attr_accessible :pass, :pid, :dsid, :version, :created_at
|
2
|
+
attr_accessible :pass, :pid, :dsid, :version, :created_at if Rails::VERSION::MAJOR == 3
|
17
3
|
|
18
4
|
def ChecksumAuditLog.get_audit_log(version)
|
19
5
|
ChecksumAuditLog.find_or_create_by_pid_and_dsid_and_version(:pid => version.pid,
|
@@ -1,18 +1,6 @@
|
|
1
|
-
# Copyright © 2012 The Pennsylvania State University
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
1
|
class DomainTerm < ActiveRecord::Base
|
16
|
-
attr_accessible :model, :term
|
2
|
+
attr_accessible :model, :term if Rails::VERSION::MAJOR == 3
|
3
|
+
|
4
|
+
# TODO we should add an index on this join table and remove the uniq query
|
17
5
|
has_and_belongs_to_many :local_authorities, :uniq=> true
|
18
6
|
end
|
@@ -1,16 +1,4 @@
|
|
1
|
-
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
1
|
+
require 'active_resource'
|
14
2
|
|
15
3
|
class GeoNamesResource < ActiveResource::Base
|
16
4
|
self.site = "http://api.geonames.org/"
|
@@ -1,22 +1,9 @@
|
|
1
|
-
# Copyright © 2012 The Pennsylvania State University
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
1
|
require 'rdf'
|
16
2
|
require 'rdf/rdfxml'
|
17
3
|
|
18
4
|
class LocalAuthority < ActiveRecord::Base
|
19
|
-
attr_accessible :name
|
5
|
+
attr_accessible :name if Rails::VERSION::MAJOR == 3
|
6
|
+
# TODO we should add an index on this join table and remove the uniq query
|
20
7
|
has_and_belongs_to_many :domain_terms, :uniq=> true
|
21
8
|
has_many :local_authority_entries
|
22
9
|
|
@@ -37,7 +24,11 @@ class LocalAuthority < ActiveRecord::Base
|
|
37
24
|
end
|
38
25
|
end
|
39
26
|
end
|
40
|
-
LocalAuthorityEntry.import
|
27
|
+
if LocalAuthorityEntry.respond_to? :import
|
28
|
+
LocalAuthorityEntry.import entries
|
29
|
+
else
|
30
|
+
entries.each { |e| e.save! }
|
31
|
+
end
|
41
32
|
end
|
42
33
|
|
43
34
|
def self.harvest_tsv(name, sources, opts = {})
|
@@ -55,7 +46,11 @@ class LocalAuthority < ActiveRecord::Base
|
|
55
46
|
end
|
56
47
|
end
|
57
48
|
end
|
58
|
-
LocalAuthorityEntry.import
|
49
|
+
if LocalAuthorityEntry.respond_to? :import
|
50
|
+
LocalAuthorityEntry.import entries
|
51
|
+
else
|
52
|
+
entries.each { |e| e.save! }
|
53
|
+
end
|
59
54
|
end
|
60
55
|
|
61
56
|
def self.register_vocabulary(model, term, name)
|
@@ -1,18 +1,4 @@
|
|
1
|
-
# Copyright © 2012 The Pennsylvania State University
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
1
|
class LocalAuthorityEntry < ActiveRecord::Base
|
16
2
|
belongs_to :local_authority
|
17
|
-
attr_accessible :local_authority, :label, :uri
|
3
|
+
attr_accessible :local_authority, :label, :uri if Rails::VERSION::MAJOR == 3
|
18
4
|
end
|
@@ -1,7 +1,6 @@
|
|
1
1
|
class SingleUseLink < ActiveRecord::Base
|
2
2
|
|
3
|
-
attr_accessible :downloadKey, :expires, :itemId, :path
|
4
|
-
|
3
|
+
attr_accessible :downloadKey, :expires, :itemId, :path if Rails::VERSION::MAJOR == 3
|
5
4
|
|
6
5
|
|
7
6
|
def self.create_show(item_id)
|
@@ -20,7 +19,7 @@ class SingleUseLink < ActiveRecord::Base
|
|
20
19
|
protected
|
21
20
|
def self.create_path(itemId, path)
|
22
21
|
expires = DateTime.now.advance(hours:24)
|
23
|
-
key = Digest::SHA2.new <<
|
22
|
+
key = Digest::SHA2.new << rand(1000000000).to_s
|
24
23
|
return create({downloadKey:key.to_s, expires:expires, path:path, itemId:itemId} )
|
25
24
|
end
|
26
25
|
end
|
@@ -1,17 +1,3 @@
|
|
1
|
-
# Copyright © 2012 The Pennsylvania State University
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
1
|
class VersionCommitter < ActiveRecord::Base
|
16
|
-
attr_accessible :obj_id, :datastream_id, :version_id, :committer_login
|
2
|
+
attr_accessible :obj_id, :datastream_id, :version_id, :committer_login if Rails::VERSION::MAJOR == 3
|
17
3
|
end
|
@@ -1,13 +1,17 @@
|
|
1
1
|
require "sufia/models/version"
|
2
2
|
require "sufia/models/engine"
|
3
3
|
require 'hydra/head'
|
4
|
-
require 'devise'
|
5
4
|
require 'nest'
|
6
5
|
require 'mailboxer'
|
7
6
|
require 'acts_as_follower'
|
8
7
|
require 'paperclip'
|
9
8
|
require 'RMagick'
|
10
|
-
|
9
|
+
begin
|
10
|
+
# activerecord-import 0.3.1 does not support rails 4, so we don't require it.
|
11
|
+
require 'activerecord-import'
|
12
|
+
rescue LoadError
|
13
|
+
$stderr.puts "Sufia-models is unable to load activerecord-import"
|
14
|
+
end
|
11
15
|
require 'resque/server'
|
12
16
|
|
13
17
|
module Sufia
|
@@ -36,7 +36,7 @@ module Sufia
|
|
36
36
|
initializer "patches" do
|
37
37
|
require 'sufia/models/active_fedora/redis'
|
38
38
|
require 'sufia/models/active_record/redis'
|
39
|
-
require 'sufia/models/active_support/core_ext/marshal'
|
39
|
+
require 'sufia/models/active_support/core_ext/marshal' unless Rails::VERSION::MAJOR == 4
|
40
40
|
end
|
41
41
|
|
42
42
|
initializer 'requires' do
|
@@ -9,6 +9,7 @@ module Sufia
|
|
9
9
|
autoload :Actions
|
10
10
|
autoload :Permissions
|
11
11
|
autoload :WebForm, 'sufia/models/generic_file/web_form'
|
12
|
+
autoload :AccessibleAttributes, 'sufia/models/generic_file/accessible_attributes'
|
12
13
|
include Sufia::ModelMethods
|
13
14
|
include Sufia::Noid
|
14
15
|
include Sufia::GenericFile::Thumbnail
|
@@ -35,6 +36,8 @@ module Sufia
|
|
35
36
|
|
36
37
|
around_save :characterize_if_changed, :retry_warming
|
37
38
|
before_destroy :cleanup_trophies
|
39
|
+
|
40
|
+
attr_accessible *(ds_specs['descMetadata'][:type].fields + [:permissions])
|
38
41
|
end
|
39
42
|
|
40
43
|
|
@@ -0,0 +1,87 @@
|
|
1
|
+
module Sufia
|
2
|
+
module GenericFile
|
3
|
+
module AccessibleAttributes
|
4
|
+
extend ActiveSupport::Concern
|
5
|
+
included do
|
6
|
+
class_attribute :_accessible_attributes
|
7
|
+
self._accessible_attributes = {}
|
8
|
+
end
|
9
|
+
|
10
|
+
def accessible_attributes(role = :default)
|
11
|
+
self.class._accessible_attributes[role] || []
|
12
|
+
end
|
13
|
+
|
14
|
+
# Sanitize the provided attributes using only those that are specified
|
15
|
+
# as accessible by attr_accessor
|
16
|
+
# @param [Hash] attributes the raw parameters
|
17
|
+
# @param [Hash] args a hash of options
|
18
|
+
# @option args [Symbol] :as (:default) the role to use
|
19
|
+
# @return A sanitized hash of parameters
|
20
|
+
def sanitize_attributes(attributes = {}, args = {})
|
21
|
+
role = args[:as] || :default
|
22
|
+
attributes.select { |k,v| accessible_attributes.include?(k.to_sym)}
|
23
|
+
end
|
24
|
+
|
25
|
+
module ClassMethods
|
26
|
+
# Specifies a white list of model attributes that can be set via
|
27
|
+
# mass-assignment.
|
28
|
+
#
|
29
|
+
# Like +attr_protected+, a role for the attributes is optional,
|
30
|
+
# if no role is provided then :default is used. A role can be defined by
|
31
|
+
# using the :as option.
|
32
|
+
#
|
33
|
+
# Mass-assignment will only set attributes in this list, to assign to
|
34
|
+
# the rest of # attributes you can use direct writer methods. This is
|
35
|
+
# meant to protect sensitive attributes from being overwritten by
|
36
|
+
# malicious users # tampering with URLs or forms.
|
37
|
+
#
|
38
|
+
# class Customer
|
39
|
+
# include ActiveModel::MassAssignmentSecurity
|
40
|
+
#
|
41
|
+
# attr_accessor :name, :credit_rating
|
42
|
+
#
|
43
|
+
# attr_accessible :name
|
44
|
+
# attr_accessible :name, :credit_rating, :as => :admin
|
45
|
+
#
|
46
|
+
# def assign_attributes(values, options = {})
|
47
|
+
# sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
|
48
|
+
# send("#{k}=", v)
|
49
|
+
# end
|
50
|
+
# end
|
51
|
+
# end
|
52
|
+
#
|
53
|
+
# When using the :default role:
|
54
|
+
#
|
55
|
+
# customer = Customer.new
|
56
|
+
# customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
|
57
|
+
# customer.name # => "David"
|
58
|
+
# customer.credit_rating # => nil
|
59
|
+
#
|
60
|
+
# customer.credit_rating = "Average"
|
61
|
+
# customer.credit_rating # => "Average"
|
62
|
+
#
|
63
|
+
# And using the :admin role:
|
64
|
+
#
|
65
|
+
# customer = Customer.new
|
66
|
+
# customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
|
67
|
+
# customer.name # => "David"
|
68
|
+
# customer.credit_rating # => "Excellent"
|
69
|
+
#
|
70
|
+
# Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
|
71
|
+
# +attr_accessible+ to sanitize attributes provides basically the same
|
72
|
+
# functionality, but it makes a bit tricky to deal with nested attributes.
|
73
|
+
def attr_accessible(*args)
|
74
|
+
options = args.extract_options!
|
75
|
+
role = options[:as] || :default
|
76
|
+
|
77
|
+
self._accessible_attributes ||= {}
|
78
|
+
|
79
|
+
Array.wrap(role).each do |name|
|
80
|
+
self._accessible_attributes[name] = args.map &:to_sym
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -37,7 +37,8 @@ module Sufia
|
|
37
37
|
params[:new_group_name].each { |name, access| perm_hash['group'][name] = access } if params[:new_group_name].present?
|
38
38
|
|
39
39
|
params[:user].each { |name, access| perm_hash['person'][name] = access} if params[:user]
|
40
|
-
params[:group].each { |name, access| perm_hash['group'][name] = access} if params[:group]
|
40
|
+
params[:group].each { |name, access| perm_hash['group'][name] = access if ['read', 'edit'].include?(access)} if params[:group]
|
41
|
+
|
41
42
|
rightsMetadata.update_permissions(perm_hash)
|
42
43
|
end
|
43
44
|
|