Module: Hydra::AccessControls::Permissions

Extended by:

ActiveSupport::Concern

Includes:

Visibility

Included in:

Hydra::AdminPolicy

Defined in:

app/models/concerns/hydra/access_controls/permissions.rb

Instance Method Summary

• #discover_groups ⇒ Object

  Return a list of groups that have discover permission.

• #discover_groups=(groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #discover_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #discover_groups_string=(groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #discover_users ⇒ Object
• #discover_users=(users) ⇒ Object

  Grant discover permissions to the users specified.

• #discover_users_string ⇒ Object

  Display the users as a comma delimeted string.

• #discover_users_string=(users) ⇒ Object

  Grant discover permissions to the groups specified.

• #edit_groups ⇒ Object

  Return a list of groups that have edit permission.

• #edit_groups=(groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #edit_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #edit_groups_string=(groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #edit_users ⇒ Object
• #edit_users=(users) ⇒ Object

  Grant edit permissions to the groups specified.

• #permissions_attributes_with_uniqueness=(attributes_collection) ⇒ Object

  When chaging a permission for an object/user, ensure an update is done, not a duplicate.

• #read_groups ⇒ Object

  Return a list of groups that have discover permission.

• #read_groups=(groups) ⇒ Object

  Grant read permissions to the groups specified.

• #read_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #read_groups_string=(groups) ⇒ Object

  Grant read permissions to the groups specified.

• #read_users ⇒ Object
• #read_users=(users) ⇒ Object

  Grant read permissions to the users specified.

• #read_users_string ⇒ Object

  Display the users as a comma delimeted string.

• #read_users_string=(users) ⇒ Object

  Grant read permissions to the groups specified.

• #set_discover_groups(groups, eligible_groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #set_discover_users(users, eligible_users) ⇒ Object

  Grant discover permissions to the users specified.

• #set_edit_groups(groups, eligible_groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #set_edit_users(users, eligible_users) ⇒ Object

  Grant edit permissions to the users specified.

• #set_read_groups(groups, eligible_groups) ⇒ Object

  Grant read permissions to the groups specified.

• #set_read_users(users, eligible_users) ⇒ Object

  Grant read permissions to the users specified.

• #to_solr(solr_doc = {}) ⇒ Object

Methods included from Visibility

#visibility, #visibility=, #visibility_changed?

Instance Method Details

#discover_groups ⇒ Object

Return a list of groups that have discover permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 54

def discover_groups
  search_by_type_and_mode(:group, Hydra::ACL.Discover).map { |p| p.agent_name }
end

#discover_groups=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups= ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 65

def discover_groups=(groups)
  set_discover_groups(groups, discover_groups)
end

#discover_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 81

def discover_groups_string
  self.discover_groups.join(', ')
end

#discover_groups_string=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups_string= 'one, two, three'
r.discover_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 76

def discover_groups_string=(groups)
  self.discover_groups=groups.split(/[\s,]+/)
end

#discover_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 104

def discover_users
  search_by_type_and_mode(:person, Hydra::ACL.Discover).map { |p| p.agent_name }
end

#discover_users=(users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users= ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 115

def discover_users=(users)
  set_discover_users(users, discover_users)
end

#discover_users_string ⇒ Object

Display the users as a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 131

def discover_users_string
  self.discover_users.join(', ')
end

#discover_users_string=(users) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users_string= 'one, two, three'
r.discover_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 126

def discover_users_string=(users)
  self.discover_users=users.split(/[\s,]+/)
end

#edit_groups ⇒ Object

Return a list of groups that have edit permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 257

def edit_groups
  search_by_type_and_mode(:group, ::ACL.Write).map { |p| p.agent_name }
end

#edit_groups=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups= ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 268

def edit_groups=(groups)
  set_edit_groups(groups, edit_groups)
end

#edit_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 284

def edit_groups_string
  self.edit_groups.join(', ')
end

#edit_groups_string=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups_string= 'one, two, three'
r.edit_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 279

def edit_groups_string=(groups)
  self.edit_groups=groups.split(/[\s,]+/)
end

#edit_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 307

def edit_users
  search_by_type_and_mode(:person, ::ACL.Write).map { |p| p.agent_name }
end

#edit_users=(users) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param users a list of usernames

Examples:

r.edit_users= ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 318

def edit_users=(users)
  set_edit_users(users, edit_users)
end

#permissions_attributes_with_uniqueness=(attributes_collection) ⇒ Object

When chaging a permission for an object/user, ensure an update is done, not a duplicate

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 26

def permissions_attributes_with_uniqueness=(attributes_collection)
  if attributes_collection.is_a? Hash
    keys = attributes_collection.keys
    attributes_collection = if keys.include?('id') || keys.include?(:id)
      Array(attributes_collection)
    else
      attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
    end
  end

  attributes_collection.each do |prop|
    existing = case prop[:type]
    when 'group'
      search_by_type(:group)
    when 'person'
      search_by_type(:person)
    end

    next unless existing
    selected = existing.find { |perm| perm.agent_name == prop[:name] }
    prop['id'] = selected.id if selected
  end

  self.permissions_attributes_without_uniqueness=attributes_collection
end

#read_groups ⇒ Object

Return a list of groups that have discover permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 155

def read_groups
  search_by_type_and_mode(:group, ::ACL.Read).map { |p| p.agent_name }
end

#read_groups=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups= ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 166

def read_groups=(groups)
  set_read_groups(groups, read_groups)
end

#read_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 182

def read_groups_string
  self.read_groups.join(', ')
end

#read_groups_string=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups_string= 'one, two, three'
r.read_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 177

def read_groups_string=(groups)
  self.read_groups=groups.split(/[\s,]+/)
end

#read_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 205

def read_users
  search_by_type_and_mode(:person, ::ACL.Read).map { |p| p.agent_name }
end

#read_users=(users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users= ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 216

def read_users=(users)
  set_read_users(users, read_users)
end

#read_users_string ⇒ Object

Display the users as a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 232

def read_users_string
  self.read_users.join(', ')
end

#read_users_string=(users) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users_string= 'one, two, three'
r.read_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 227

def read_users_string=(users)
  self.read_users=users.split(/[\s,]+/)
end

#set_discover_groups(groups, eligible_groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their discover permssion revoked.

Examples:

r.discover_groups = ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']
r.set_discover_groups(['one'], ['three'])
r.discover_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 100

def set_discover_groups(groups, eligible_groups)
  set_entities(:discover, :group, groups, eligible_groups)
end

#set_discover_users(users, eligible_users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their discover permssion revoked.

Examples:

r.discover_users = ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']
r.set_discover_users(['one'], ['three'])
r.discover_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 150

def set_discover_users(users, eligible_users)
  set_entities(:discover, :person, users, eligible_users)
end

#set_edit_groups(groups, eligible_groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their edit permssion revoked.

Examples:

r.edit_groups = ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']
r.set_edit_groups(['one'], ['three'])
r.edit_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 303

def set_edit_groups(groups, eligible_groups)
  set_entities(:edit, :group, groups, eligible_groups)
end

#set_edit_users(users, eligible_users) ⇒ Object

Grant edit permissions to the users specified. Revokes edit permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their edit permssion revoked.

Examples:

r.edit_users = ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']
r.set_edit_users(['one'], ['three'])
r.edit_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 337

def set_edit_users(users, eligible_users)
  set_entities(:edit, :person, users, eligible_users)
end

#set_read_groups(groups, eligible_groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their read permssion revoked.

Examples:

r.read_groups = ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']
r.set_read_groups(['one'], ['three'])
r.read_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 201

def set_read_groups(groups, eligible_groups)
  set_entities(:read, :group, groups, eligible_groups)
end

#set_read_users(users, eligible_users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their read permssion revoked.

Examples:

r.read_users = ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']
r.set_read_users(['one'], ['three'])
r.read_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 251

def set_read_users(users, eligible_users)
  set_entities(:read, :person, users, eligible_users)
end

#to_solr(solr_doc = {}) ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 14

def to_solr(solr_doc = {})
  super.tap do |doc|
    [:discover, :read, :edit].each do |access|
      vals = send("#{access}_groups")
      doc[Hydra.config.permissions[access].group] = vals unless vals.empty?
      vals = send("#{access}_users")
      doc[Hydra.config.permissions[access].individual] = vals unless vals.empty?
    end
  end
end