Class: Ddr::Auth::Ability
- Inherits:
-
Object
- Object
- Ddr::Auth::Ability
- Includes:
- Hydra::PolicyAwareAbility
- Defined in:
- lib/ddr/auth/ability.rb
Class Method Summary collapse
Instance Method Summary collapse
- #action_aliases ⇒ Object
- #attachment_permissions ⇒ Object
- #children_permissions ⇒ Object
- #collection_permissions ⇒ Object
-
#discover_groups(pid) ⇒ Object
Mimics Hydra::Ability#read_groups.
-
#discover_groups_from_policy(policy_pid) ⇒ Object
Mimics Hydra::PolicyAwareAbility#read_groups_from_policy.
-
#discover_permissions ⇒ Object
Mimics Hydra::Ability#read_permissions.
-
#discover_persons(pid) ⇒ Object
Mimics Hydra::Ability#read_persons.
- #discover_persons_from_policy(policy_pid) ⇒ Object
- #download_permissions ⇒ Object
- #edit_permissions ⇒ Object
- #events_permissions ⇒ Object
- #read_permissions ⇒ Object
-
#test_discover(pid) ⇒ Object
Mimics Hydra::Ability#test_read + Hydra::PolicyAwareAbility#test_read in one method.
-
#test_discover_from_policy(object_pid) ⇒ Object
Mimics Hydra::PolicyAwareAbility#test_read_from_policy.
- #upload_permissions ⇒ Object
Class Method Details
.discover_group_field ⇒ Object
161 162 163 |
# File 'lib/ddr/auth/ability.rb', line 161 def self.discover_group_field Hydra.config[:permissions][:discover][:group] end |
.discover_person_field ⇒ Object
157 158 159 |
# File 'lib/ddr/auth/ability.rb', line 157 def self.discover_person_field Hydra.config[:permissions][:discover][:individual] end |
Instance Method Details
#action_aliases ⇒ Object
10 11 12 13 14 15 |
# File 'lib/ddr/auth/ability.rb', line 10 def action_aliases # read aliases alias_action :attachments, :collection_info, :components, :event, :events, :items, :targets, to: :read # edit/update aliases alias_action :permissions, :default_permissions, to: :update end |
#attachment_permissions ⇒ Object
94 95 96 97 98 |
# File 'lib/ddr/auth/ability.rb', line 94 def can :add_attachment, Ddr::Models::HasAttachments do |obj| can?(:edit, obj) end end |
#children_permissions ⇒ Object
72 73 74 75 76 |
# File 'lib/ddr/auth/ability.rb', line 72 def can :add_children, Ddr::Models::HasChildren do |obj| can?(:edit, obj) end end |
#collection_permissions ⇒ Object
17 18 19 |
# File 'lib/ddr/auth/ability.rb', line 17 def can :create, Collection if current_user.member_of?(Ddr::Auth.collection_creators_group) end |
#discover_groups(pid) ⇒ Object
Mimics Hydra::Ability#read_groups
123 124 125 126 127 128 129 |
# File 'lib/ddr/auth/ability.rb', line 123 def discover_groups(pid) doc = (pid) return [] if doc.nil? dg = edit_groups(pid) | read_groups(pid) | (doc[self.class.discover_group_field] || []) Rails.logger.debug("[CANCAN] discover_groups: #{dg.inspect}") return dg end |
#discover_groups_from_policy(policy_pid) ⇒ Object
Mimics Hydra::PolicyAwareAbility#read_groups_from_policy
132 133 134 135 136 137 138 |
# File 'lib/ddr/auth/ability.rb', line 132 def discover_groups_from_policy(policy_pid) = (policy_pid) discover_group_field = Hydra.config[:permissions][:inheritable][:discover][:group] dg = edit_groups_from_policy(policy_pid) | read_groups_from_policy(policy_pid) | (( == nil || .fetch(discover_group_field, nil) == nil) ? [] : .fetch(discover_group_field, nil)) Rails.logger.debug("[CANCAN] -policy- discover_groups: #{dg.inspect}") return dg end |
#discover_permissions ⇒ Object
Mimics Hydra::Ability#read_permissions
79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/ddr/auth/ability.rb', line 79 def can :discover, String do |pid| test_discover(pid) end can :discover, ActiveFedora::Base do |obj| test_discover(obj.pid) end can :discover, SolrDocument do |obj| cache.put(obj.id, obj) test_discover(obj.id) end end |
#discover_persons(pid) ⇒ Object
Mimics Hydra::Ability#read_persons
141 142 143 144 145 146 147 |
# File 'lib/ddr/auth/ability.rb', line 141 def discover_persons(pid) doc = (pid) return [] if doc.nil? dp = edit_users(pid) | read_users(pid) | (doc[self.class.discover_person_field] || []) Rails.logger.debug("[CANCAN] discover_persons: #{dp.inspect}") return dp end |
#discover_persons_from_policy(policy_pid) ⇒ Object
149 150 151 152 153 154 155 |
# File 'lib/ddr/auth/ability.rb', line 149 def discover_persons_from_policy(policy_pid) = (policy_pid) discover_individual_field = Hydra.config[:permissions][:inheritable][:discover][:individual] dp = edit_persons_from_policy(policy_pid) | read_persons_from_policy(policy_pid) | (( == nil || .fetch(discover_individual_field, nil) == nil) ? [] : .fetch(discover_individual_field, nil)) Rails.logger.debug("[CANCAN] -policy- discover_persons: #{dp.inspect}") return dp end |
#download_permissions ⇒ Object
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/ddr/auth/ability.rb', line 42 def can :download, ActiveFedora::Base do |obj| if obj.is_a? Component can?(:edit, obj) || (can?(:read, obj) && current_user.has_role?(obj, :downloader)) else can? :read, obj end end can :download, SolrDocument do |doc| if doc.active_fedora_model == "Component" can?(:edit, doc) || (can?(:read, doc) && current_user.has_role?(doc, :downloader)) else can? :read, doc end end can :download, ActiveFedora::Datastream do |ds| if ds.dsid == Ddr::Datastreams::CONTENT and ds.digital_object.original_class == Component can?(:edit, ds.pid) || (can?(:read, ds.pid) && current_user.has_role?(solr_doc(ds.pid), :downloader)) else can? :read, ds.pid end end end |
#edit_permissions ⇒ Object
28 29 30 31 32 33 |
# File 'lib/ddr/auth/ability.rb', line 28 def super can [:edit, :update, :destroy], ActiveFedora::Datastream do |action, ds| can? action, ds.pid end end |
#events_permissions ⇒ Object
35 36 37 38 39 40 |
# File 'lib/ddr/auth/ability.rb', line 35 def can :read, Ddr::Events::Event, user: current_user can :read, Ddr::Events::Event do |e| can? :read, e.pid end end |
#read_permissions ⇒ Object
21 22 23 24 25 26 |
# File 'lib/ddr/auth/ability.rb', line 21 def super can :read, ActiveFedora::Datastream do |ds| can? :read, ds.pid end end |
#test_discover(pid) ⇒ Object
Mimics Hydra::Ability#test_read + Hydra::PolicyAwareAbility#test_read in one method
101 102 103 104 105 106 |
# File 'lib/ddr/auth/ability.rb', line 101 def test_discover(pid) Rails.logger.debug("[CANCAN] Checking discover permissions for user: #{current_user.user_key} with groups: #{user_groups.inspect}") group_intersection = user_groups & discover_groups(pid) result = !group_intersection.empty? || discover_persons(pid).include?(current_user.user_key) result || test_discover_from_policy(pid) end |
#test_discover_from_policy(object_pid) ⇒ Object
Mimics Hydra::PolicyAwareAbility#test_read_from_policy
109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/ddr/auth/ability.rb', line 109 def test_discover_from_policy(object_pid) policy_pid = policy_pid_for(object_pid) if policy_pid.nil? return false else Rails.logger.debug("[CANCAN] -policy- Does the POLICY #{policy_pid} provide DISCOVER permissions for #{current_user.user_key}?") group_intersection = user_groups & discover_groups_from_policy(policy_pid) result = !group_intersection.empty? || discover_persons_from_policy(policy_pid).include?(current_user.user_key) Rails.logger.debug("[CANCAN] -policy- decision: #{result}") result end end |
#upload_permissions ⇒ Object
66 67 68 69 70 |
# File 'lib/ddr/auth/ability.rb', line 66 def can :upload, Ddr::Models::HasContent do |obj| can?(:edit, obj) end end |