Module: Hydra::PolicyAwareAccessControlsEnforcement
- Extended by:
- Deprecation
- Defined in:
- lib/hydra/policy_aware_access_controls_enforcement.rb
Overview
Repeats access controls evaluation methods, but checks against a governing “Policy” object (or “Collection” object) that provides inherited access controls.
Instance Method Summary collapse
-
#apply_gated_discovery(solr_parameters, user_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq.
- #apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
- #apply_policy_individual_permissions(permission_types = discovery_permissions) ⇒ Object
- #apply_policy_role_permissions(permission_types = discovery_permissions) ⇒ Object
- #apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
-
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of its groups.
-
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects.
-
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user.
Instance Method Details
#apply_gated_discovery(solr_parameters, user_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq
9 10 11 12 13 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 9 def apply_gated_discovery(solr_parameters, user_parameters) solr_parameters[:fq] ||= [] solr_parameters[:fq] << gated_discovery_filters.join(" OR ") logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }") end |
#apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
39 40 41 42 43 44 45 46 47 48 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 39 def ( = ) # for groups user_access_filters = [] current_ability.user_groups.each_with_index do |group, i| .each do |type| user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer ), group) end end user_access_filters end |
#apply_policy_individual_permissions(permission_types = discovery_permissions) ⇒ Object
50 51 52 53 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 50 def ( = ) Deprecation.warn(Hydra::PolicyAwareAccessControlsEnforcement, "The method apply_policy_individual_permissions is deprecated and will be removed from Hydra::PolicyAwareAccessControlsEnforcement in hydra-head 8.0. Use apply_policy_user_permissions instead.", caller) () end |
#apply_policy_role_permissions(permission_types = discovery_permissions) ⇒ Object
34 35 36 37 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 34 def ( = ) Deprecation.warn(Hydra::PolicyAwareAccessControlsEnforcement, "The method apply_policy_role_permissions is deprecated and will be removed from Hydra::PolicyAwareAccessControlsEnforcement in hydra-head 8.0. Use apply_policy_group_permissions instead.", caller) () end |
#apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
55 56 57 58 59 60 61 62 63 64 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 55 def ( = ) # for individual user access user_access_filters = [] if current_user .each do |type| user_access_filters << escape_filter(ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer ), current_user.user_key) end end user_access_filters end |
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of its groups
23 24 25 26 27 28 29 30 31 32 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 23 def policies_with_access #### TODO -- Memoize this and put it in the session? user_access_filters = [] # Grant access based on user id & group user_access_filters += () user_access_filters += () result = policy_class.find_with_conditions( user_access_filters.join(" OR "), :fl => "id", :rows => policy_class.count ) logger.debug "get policies: #{result}\n\n" result.map {|h| h['id']} end |
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects. You can set this by overriding this method or setting Hydra.config[:policy_class] Defults to Hydra::AdminPolicy
69 70 71 72 73 74 75 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 69 def policy_class if Hydra.config[:permissions][:policy_class].nil? return Hydra::AdminPolicy else return Hydra.config[:permissions][:policy_class] end end |
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user
16 17 18 19 20 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 16 def policy_clauses policy_pids = policies_with_access return nil if policy_pids.empty? '(' + policy_pids.map {|pid| ActiveFedora::SolrService.construct_query_for_rel(is_governed_by: "info:fedora/#{pid}")}.join(' OR ') + ')' end |