Module: Hydra::AccessControls::Permissions

Extended by:

ActiveSupport::Concern

Includes:

Visibility

Included in:

Hydra::AdminPolicy

Defined in:

app/models/concerns/hydra/access_controls/permissions.rb

Instance Method Summary

• #discover_groups ⇒ Object

  Return a list of groups that have discover permission.

• #discover_groups=(groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #discover_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #discover_groups_string=(groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #discover_users ⇒ Object
• #discover_users=(users) ⇒ Object

  Grant discover permissions to the users specified.

• #discover_users_string ⇒ Object

  Display the users as a comma delimeted string.

• #discover_users_string=(users) ⇒ Object

  Grant discover permissions to the groups specified.

• #edit_groups ⇒ Object

  Return a list of groups that have edit permission.

• #edit_groups=(groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #edit_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #edit_groups_string=(groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #edit_users ⇒ Object
• #edit_users=(users) ⇒ Object

  Grant edit permissions to the groups specified.

• #permission_delegate ⇒ Object
• #permissions_attributes=(attributes_collection) ⇒ Object

  When chaging a permission for an object/user, ensure an update is done, not a duplicate.

• #permissions_attributes_without_uniqueness=(attrs) ⇒ Object
• #read_groups ⇒ Object

  Return a list of groups that have discover permission.

• #read_groups=(groups) ⇒ Object

  Grant read permissions to the groups specified.

• #read_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #read_groups_string=(groups) ⇒ Object

  Grant read permissions to the groups specified.

• #read_users ⇒ Object
• #read_users=(users) ⇒ Object

  Grant read permissions to the users specified.

• #read_users_string ⇒ Object

  Display the users as a comma delimeted string.

• #read_users_string=(users) ⇒ Object

  Grant read permissions to the groups specified.

• #set_discover_groups(groups, eligible_groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #set_discover_users(users, eligible_users) ⇒ Object

  Grant discover permissions to the users specified.

• #set_edit_groups(groups, eligible_groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #set_edit_users(users, eligible_users) ⇒ Object

  Grant edit permissions to the users specified.

• #set_read_groups(groups, eligible_groups) ⇒ Object

  Grant read permissions to the groups specified.

• #set_read_users(users, eligible_users) ⇒ Object

  Grant read permissions to the users specified.

• #to_solr(solr_doc = {}) ⇒ Object

Methods included from Visibility

#visibility, #visibility=, #visibility_changed?

Instance Method Details

#discover_groups ⇒ Object

Return a list of groups that have discover permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 68

def discover_groups
  search_by_type_and_mode(:group, Hydra::ACL.Discover).map(&:agent_name)
end

#discover_groups=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups= ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 79

def discover_groups=(groups)
  set_discover_groups(groups, discover_groups)
end

#discover_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 95

def discover_groups_string
  discover_groups.join(', ')
end

#discover_groups_string=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups_string= 'one, two, three'
r.discover_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 90

def discover_groups_string=(groups)
  self.discover_groups = groups.split(/[\s,]+/)
end

#discover_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 118

def discover_users
  search_by_type_and_mode(:person, Hydra::ACL.Discover).map(&:agent_name)
end

#discover_users=(users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users= ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 129

def discover_users=(users)
  set_discover_users(users, discover_users)
end

#discover_users_string ⇒ Object

Display the users as a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 145

def discover_users_string
  discover_users.join(', ')
end

#discover_users_string=(users) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users_string= 'one, two, three'
r.discover_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 140

def discover_users_string=(users)
  self.discover_users = users.split(/[\s,]+/)
end

#edit_groups ⇒ Object

Return a list of groups that have edit permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 270

def edit_groups
  search_by_type_and_mode(:group, ::ACL.Write).map(&:agent_name)
end

#edit_groups=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups= ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 281

def edit_groups=(groups)
  set_edit_groups(groups, edit_groups)
end

#edit_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 297

def edit_groups_string
  edit_groups.join(', ')
end

#edit_groups_string=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups_string= 'one, two, three'
r.edit_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 292

def edit_groups_string=(groups)
  self.edit_groups = groups.split(/[\s,]+/)
end

#edit_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 320

def edit_users
  search_by_type_and_mode(:person, ::ACL.Write).map(&:agent_name)
end

#edit_users=(users) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param users a list of usernames

Examples:

r.edit_users= ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 331

def edit_users=(users)
  set_edit_users(users, edit_users)
end

#permission_delegate ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 24

def permission_delegate
  (access_control || create_access_control).tap { |d| d.owner = self }
end

#permissions_attributes=(attributes_collection) ⇒ Object

When chaging a permission for an object/user, ensure an update is done, not a duplicate

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 40

def permissions_attributes=(attributes_collection)
  if attributes_collection.is_a? Hash
    keys = attributes_collection.keys
    attributes_collection = if keys.include?('id') || keys.include?(:id)
                              Array(attributes_collection)
                            else
                              attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
    end
  end

  attributes_collection = attributes_collection.map(&:with_indifferent_access)
  attributes_collection.each do |prop|
    existing = case prop[:type]
               when 'group'
                 search_by_type(:group)
               when 'person'
                 search_by_type(:person)
    end

    next if existing.blank?
    selected = existing.find { |perm| perm.agent_name == prop[:name] }
    prop['id'] = selected.id if selected
  end

  self.permissions_attributes_without_uniqueness = attributes_collection
end

#permissions_attributes_without_uniqueness=(attrs) ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 20

def permissions_attributes_without_uniqueness=(attrs)
  permission_delegate.permissions_attributes = attrs
end

#read_groups ⇒ Object

Return a list of groups that have discover permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 169

def read_groups
  search_by_type_and_mode(:group, ::ACL.Read).map(&:agent_name)
end

#read_groups=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups= ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 180

def read_groups=(groups)
  set_read_groups(groups, read_groups)
end

#read_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 196

def read_groups_string
  read_groups.join(', ')
end

#read_groups_string=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups_string= 'one, two, three'
r.read_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 191

def read_groups_string=(groups)
  self.read_groups = groups.split(/[\s,]+/)
end

#read_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 219

def read_users
  search_by_type_and_mode(:person, ::ACL.Read).map(&:agent_name)
end

#read_users=(users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users= ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 230

def read_users=(users)
  set_read_users(users, read_users)
end

#read_users_string ⇒ Object

Display the users as a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 246

def read_users_string
  read_users.join(', ')
end

#read_users_string=(users) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users_string= 'one, two, three'
r.read_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 241

def read_users_string=(users)
  self.read_users = users.split(/[\s,]+/)
end

#set_discover_groups(groups, eligible_groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their discover permssion revoked.

Examples:

r.discover_groups = ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']
r.set_discover_groups(['one'], ['three'])
r.discover_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 114

def set_discover_groups(groups, eligible_groups)
  set_entities(:discover, :group, groups, eligible_groups)
end

#set_discover_users(users, eligible_users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their discover permssion revoked.

Examples:

r.discover_users = ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']
r.set_discover_users(['one'], ['three'])
r.discover_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 164

def set_discover_users(users, eligible_users)
  set_entities(:discover, :person, users, eligible_users)
end

#set_edit_groups(groups, eligible_groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their edit permssion revoked.

Examples:

r.edit_groups = ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']
r.set_edit_groups(['one'], ['three'])
r.edit_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 316

def set_edit_groups(groups, eligible_groups)
  set_entities(:edit, :group, groups, eligible_groups)
end

#set_edit_users(users, eligible_users) ⇒ Object

Grant edit permissions to the users specified. Revokes edit permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their edit permssion revoked.

Examples:

r.edit_users = ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']
r.set_edit_users(['one'], ['three'])
r.edit_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 350

def set_edit_users(users, eligible_users)
  set_entities(:edit, :person, users, eligible_users)
end

#set_read_groups(groups, eligible_groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their read permssion revoked.

Examples:

r.read_groups = ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']
r.set_read_groups(['one'], ['three'])
r.read_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 215

def set_read_groups(groups, eligible_groups)
  set_entities(:read, :group, groups, eligible_groups)
end

#set_read_users(users, eligible_users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their read permssion revoked.

Examples:

r.read_users = ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']
r.set_read_users(['one'], ['three'])
r.read_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 265

def set_read_users(users, eligible_users)
  set_entities(:read, :person, users, eligible_users)
end

#to_solr(solr_doc = {}) ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 28

def to_solr(solr_doc = {})
  super.tap do |doc|
    [:discover, :read, :edit].each do |access|
      vals = send("#{access}_groups")
      doc[Hydra.config.permissions[access].group] = vals unless vals.empty?
      vals = send("#{access}_users")
      doc[Hydra.config.permissions[access].individual] = vals unless vals.empty?
    end
  end
end