Module: Ddr::Auth::RoleBasedAccessControlsEnforcement
- Defined in:
- lib/ddr/auth/role_based_access_controls_enforcement.rb
Overview
Hydra controller mixin for role-based access control
Overrides Hydra::AccessControlsEnforcement#gated_discovery_filters to apply role filters instead of permissions filters.
Instance Method Summary collapse
- #gated_discovery_filters ⇒ Object
- #policy_role_filters ⇒ Object
- #resource_role_filters ⇒ Object
-
#role_policies ⇒ Object
List of PIDs for policies on which any of the current user’s principals has a policy role.
Instance Method Details
#gated_discovery_filters ⇒ Object
28 29 30 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 28 def gated_discovery_filters [resource_role_filters, policy_role_filters] end |
#policy_role_filters ⇒ Object
19 20 21 22 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 19 def policy_role_filters rels = role_policies.map { |pid| [:is_governed_by, pid] } ActiveFedora::SolrService.construct_query_for_rel(rels, "OR") end |
#resource_role_filters ⇒ Object
24 25 26 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 24 def resource_role_filters current_user.agents.map { |agent| "resource_role_sim:\"#{agent}\"" }.join(" OR ") end |
#role_policies ⇒ Object
List of PIDs for policies on which any of the current user’s principals has a policy role
12 13 14 15 16 17 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 12 def role_policies filters = current_user.agents.map { |agent| "policy_role_sim:\"#{agent}\"" }.join(" OR ") query = "#{Ddr::IndexFields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})" results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: "id") results.map { |r| r["id"] } end |