Module: Ddr::Auth::RoleBasedAccessControlsEnforcement
- Defined in:
- lib/ddr/auth/role_based_access_controls_enforcement.rb
Overview
Hydra controller mixin for role-based access control
Overrides Hydra::AccessControlsEnforcement#gated_discovery_filters to apply role filters instead of permissions filters.
Class Method Summary collapse
Instance Method Summary collapse
- #current_ability ⇒ Object
-
#enforce_show_permissions ⇒ Object
Overrides Hydra::AccessControlsEnforcement.
- #gated_discovery_filters ⇒ Object
- #policy_role_filters ⇒ Object
-
#policy_role_policies ⇒ Object
List of URIs for policies on which any of the current user’s agent has a role in policy scope.
- #resource_role_filters ⇒ Object
Class Method Details
.included(controller) ⇒ Object
11 12 13 14 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 11 def self.included(controller) controller.delegate :authorized_to_act_as_superuser?, to: :current_ability controller.helper_method :authorized_to_act_as_superuser? end |
Instance Method Details
#current_ability ⇒ Object
16 17 18 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 16 def current_ability @current_ability ||= AbilityFactory.call(current_user, request.env) end |
#enforce_show_permissions ⇒ Object
Overrides Hydra::AccessControlsEnforcement
50 51 52 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 50 def :read, params[:id] end |
#gated_discovery_filters ⇒ Object
45 46 47 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 45 def gated_discovery_filters [resource_role_filters, policy_role_filters].compact end |
#policy_role_filters ⇒ Object
32 33 34 35 36 37 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 32 def policy_role_filters if policy_role_policies.present? rels = policy_role_policies.map { |pid| [:is_governed_by, pid] } ActiveFedora::SolrService.construct_query_for_rel(rels, "OR") end end |
#policy_role_policies ⇒ Object
List of URIs for policies on which any of the current user’s agent has a role in policy scope
21 22 23 24 25 26 27 28 29 30 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 21 def policy_role_policies @policy_role_policies ||= Array.new.tap do |uris| filters = current_ability.agents.map do |agent| "#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\"" end.join(" OR ") query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})" results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::INTERNAL_URI) results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::INTERNAL_URI] } end end |
#resource_role_filters ⇒ Object
39 40 41 42 43 |
# File 'lib/ddr/auth/role_based_access_controls_enforcement.rb', line 39 def resource_role_filters current_ability.agents.map do |agent| ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent) end.join(" OR ") end |