Module: Hydra::PolicyAwareAccessControlsEnforcement
- Defined in:
- lib/hydra/policy_aware_access_controls_enforcement.rb
Overview
Repeats access controls evaluation methods, but checks against a governing “Policy” object (or “Collection” object) that provides inherited access controls.
Instance Method Summary collapse
-
#apply_gated_discovery(solr_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq.
- #apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
- #apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
-
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of its groups.
-
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects.
-
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user.
Instance Method Details
#apply_gated_discovery(solr_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq
8 9 10 11 12 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 8 def apply_gated_discovery(solr_parameters) solr_parameters[:fq] ||= [] solr_parameters[:fq] << gated_discovery_filters.join(' OR '.freeze) logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }") end |
#apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
33 34 35 36 37 38 39 40 41 42 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 33 def ( = ) # for groups user_access_filters = [] current_ability.user_groups.each_with_index do |group, i| .each do |type| user_access_filters << escape_filter(Hydra.config..inheritable[type.to_sym].group, group) end end user_access_filters end |
#apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
44 45 46 47 48 49 50 51 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 44 def ( = ) # for individual user access user = current_ability.current_user return [] unless user && user.user_key.present? .map do |type| escape_filter(Hydra.config..inheritable[type.to_sym].individual, user.user_key) end end |
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of its groups
22 23 24 25 26 27 28 29 30 31 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 22 def policies_with_access #### TODO -- Memoize this and put it in the session? user_access_filters = [] # Grant access based on user id & group user_access_filters += () user_access_filters += () result = policy_class.find_with_conditions( user_access_filters.join(" OR "), :fl => "id", :rows => policy_class.count ) logger.debug "get policies: #{result}\n\n" result.map {|h| h['id']} end |
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects. You can set this by overriding this method or setting Hydra.config[:policy_class] Defults to Hydra::AdminPolicy
56 57 58 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 56 def policy_class Hydra.config..policy_class || Hydra::AdminPolicy end |
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user
15 16 17 18 19 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 15 def policy_clauses policy_ids = policies_with_access return nil if policy_ids.empty? '(' + policy_ids.map {|id| ActiveFedora::SolrQueryBuilder.construct_query_for_rel(isGovernedBy: id)}.join(' OR '.freeze) + ')' end |