Module: Hydra::PolicyAwareAccessControlsEnforcement
- Defined in:
- lib/hydra/policy_aware_access_controls_enforcement.rb
Overview
Repeats access controls evaluation methods, but checks against a governing “Policy” object (or “Collection” object) that provides inherited access controls.
Instance Method Summary collapse
-
#apply_gated_discovery(solr_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq.
- #apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
- #apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
-
#discovery_permissions ⇒ Object
Override method from blacklight-access_controls.
-
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of its groups.
-
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects.
-
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user.
Instance Method Details
#apply_gated_discovery(solr_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq
8 9 10 11 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 8 def apply_gated_discovery(solr_parameters) super logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }") end |
#apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
32 33 34 35 36 37 38 39 40 41 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 32 def ( = ) # for groups user_access_filters = [] current_ability.user_groups.each_with_index do |group, i| .each do |type| user_access_filters << escape_filter(Hydra.config..inheritable[type.to_sym].group, group) end end user_access_filters end |
#apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
43 44 45 46 47 48 49 50 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 43 def ( = ) # for individual user access user = current_ability.current_user return [] unless user && user.user_key.present? .map do |type| escape_filter(Hydra.config..inheritable[type.to_sym].individual, user.user_key) end end |
#discovery_permissions ⇒ Object
Override method from blacklight-access_controls
53 54 55 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 53 def @discovery_permissions ||= ["edit", "discover", "read"] end |
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of its groups
21 22 23 24 25 26 27 28 29 30 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 21 def policies_with_access #### TODO -- Memoize this and put it in the session? user_access_filters = [] # Grant access based on user id & group user_access_filters += () user_access_filters += () result = policy_class.search_with_conditions( user_access_filters.join(" OR "), fl: "id", rows: policy_class.count ) logger.debug "get policies: #{result}\n\n" result.map {|h| h['id']} end |
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects. You can set this by overriding this method or setting Hydra.config[:policy_class] Defults to Hydra::AdminPolicy
60 61 62 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 60 def policy_class Hydra.config..policy_class || Hydra::AdminPolicy end |
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user
14 15 16 17 18 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 14 def policy_clauses policy_ids = policies_with_access return nil if policy_ids.empty? '(' + policy_ids.map {|id| ActiveFedora::SolrQueryBuilder.construct_query_for_rel(isGovernedBy: id)}.join(' OR '.freeze) + ')' end |