Module: Hydra::AccessControls::Permissions

Extended by:

ActiveSupport::Concern

Includes:

Visibility

Included in:

Hydra::AdminPolicy

Defined in:

app/models/concerns/hydra/access_controls/permissions.rb

Instance Method Summary

• #discover_groups ⇒ Object

  Return a list of groups that have discover permission.

• #discover_groups=(groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #discover_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #discover_groups_string=(groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #discover_users ⇒ Object
• #discover_users=(users) ⇒ Object

  Grant discover permissions to the users specified.

• #discover_users_string ⇒ Object

  Display the users as a comma delimeted string.

• #discover_users_string=(users) ⇒ Object

  Grant discover permissions to the groups specified.

• #edit_groups ⇒ Object

  Return a list of groups that have edit permission.

• #edit_groups=(groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #edit_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #edit_groups_string=(groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #edit_users ⇒ Object
• #edit_users=(users) ⇒ Object

  Grant edit permissions to the groups specified.

• #permission_delegate ⇒ Object
• #permissions_attributes=(attributes_collection) ⇒ Object

  When chaging a permission for an object/user, ensure an update is done, not a duplicate.

• #permissions_attributes_without_uniqueness=(attrs) ⇒ Object
• #read_groups ⇒ Object

  Return a list of groups that have discover permission.

• #read_groups=(groups) ⇒ Object

  Grant read permissions to the groups specified.

• #read_groups_string ⇒ Object

  Display the groups a comma delimeted string.

• #read_groups_string=(groups) ⇒ Object

  Grant read permissions to the groups specified.

• #read_users ⇒ Object
• #read_users=(users) ⇒ Object

  Grant read permissions to the users specified.

• #read_users_string ⇒ Object

  Display the users as a comma delimeted string.

• #read_users_string=(users) ⇒ Object

  Grant read permissions to the groups specified.

• #set_discover_groups(groups, eligible_groups) ⇒ Object

  Grant discover permissions to the groups specified.

• #set_discover_users(users, eligible_users) ⇒ Object

  Grant discover permissions to the users specified.

• #set_edit_groups(groups, eligible_groups) ⇒ Object

  Grant edit permissions to the groups specified.

• #set_edit_users(users, eligible_users) ⇒ Object

  Grant edit permissions to the users specified.

• #set_read_groups(groups, eligible_groups) ⇒ Object

  Grant read permissions to the groups specified.

• #set_read_users(users, eligible_users) ⇒ Object

  Grant read permissions to the users specified.

• #to_solr(solr_doc = {}) ⇒ Object

Methods included from Visibility

#visibility, #visibility=, #visibility_changed?

Instance Method Details

#discover_groups ⇒ Object

Return a list of groups that have discover permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 70

def discover_groups
  search_by_type_and_mode(:group, Hydra::ACL.Discover).map(&:agent_name)
end

#discover_groups=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups= ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 81

def discover_groups=(groups)
  set_discover_groups(groups, discover_groups)
end

#discover_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 97

def discover_groups_string
  discover_groups.join(', ')
end

#discover_groups_string=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups_string= 'one, two, three'
r.discover_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 92

def discover_groups_string=(groups)
  self.discover_groups = groups.split(/[\s,]+/)
end

#discover_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 120

def discover_users
  search_by_type_and_mode(:person, Hydra::ACL.Discover).map(&:agent_name)
end

#discover_users=(users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users= ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 131

def discover_users=(users)
  set_discover_users(users, discover_users)
end

#discover_users_string ⇒ Object

Display the users as a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 147

def discover_users_string
  discover_users.join(', ')
end

#discover_users_string=(users) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users_string= 'one, two, three'
r.discover_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 142

def discover_users_string=(users)
  self.discover_users = users.split(/[\s,]+/)
end

#edit_groups ⇒ Object

Return a list of groups that have edit permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 272

def edit_groups
  search_by_type_and_mode(:group, ::ACL.Write).map(&:agent_name)
end

#edit_groups=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups= ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 283

def edit_groups=(groups)
  set_edit_groups(groups, edit_groups)
end

#edit_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 299

def edit_groups_string
  edit_groups.join(', ')
end

#edit_groups_string=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups_string= 'one, two, three'
r.edit_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 294

def edit_groups_string=(groups)
  self.edit_groups = groups.split(/[\s,]+/)
end

#edit_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 322

def edit_users
  search_by_type_and_mode(:person, ::ACL.Write).map(&:agent_name)
end

#edit_users=(users) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param users a list of usernames

Examples:

r.edit_users= ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 333

def edit_users=(users)
  set_edit_users(users, edit_users)
end

#permission_delegate ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 24

def permission_delegate
  (access_control || build_access_control).tap { |d| d.owner = self }
end

#permissions_attributes=(attributes_collection) ⇒ Object

When chaging a permission for an object/user, ensure an update is done, not a duplicate

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 40

def permissions_attributes=(attributes_collection)
  if attributes_collection.is_a? Hash
    keys = attributes_collection.keys
    attributes_collection = if keys.include?('id') || keys.include?(:id)
                              Array(attributes_collection)
                            else
                              attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
    end
  end

  attributes_collection = attributes_collection.map(&:with_indifferent_access)
  attributes_collection.each do |prop|
    existing = case prop[:type]
               when 'group'
                 search_by_type(:group)
               when 'person'
                 search_by_type(:person)
    end

    next if existing.blank?
    selected = existing.find { |perm| perm.agent_name == prop[:name] }
    prop['id'] = selected.id if selected
  end

  clean_collection = remove_bad_deletes(attributes_collection)

  self.permissions_attributes_without_uniqueness = clean_collection
end

#permissions_attributes_without_uniqueness=(attrs) ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 20

def permissions_attributes_without_uniqueness=(attrs)
  permission_delegate.permissions_attributes = attrs
end

#read_groups ⇒ Object

Return a list of groups that have discover permission

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 171

def read_groups
  search_by_type_and_mode(:group, ::ACL.Read).map(&:agent_name)
end

#read_groups=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups= ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 182

def read_groups=(groups)
  set_read_groups(groups, read_groups)
end

#read_groups_string ⇒ Object

Display the groups a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 198

def read_groups_string
  read_groups.join(', ')
end

#read_groups_string=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups_string= 'one, two, three'
r.read_groups
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 193

def read_groups_string=(groups)
  self.read_groups = groups.split(/[\s,]+/)
end

#read_users ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 221

def read_users
  search_by_type_and_mode(:person, ::ACL.Read).map(&:agent_name)
end

#read_users=(users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users= ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 232

def read_users=(users)
  set_read_users(users, read_users)
end

#read_users_string ⇒ Object

Display the users as a comma delimeted string

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 248

def read_users_string
  read_users.join(', ')
end

#read_users_string=(users) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users_string= 'one, two, three'
r.read_users
=> ['one', 'two', 'three']

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 243

def read_users_string=(users)
  self.read_users = users.split(/[\s,]+/)
end

#set_discover_groups(groups, eligible_groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their discover permssion revoked.

Examples:

r.discover_groups = ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']
r.set_discover_groups(['one'], ['three'])
r.discover_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 116

def set_discover_groups(groups, eligible_groups)
  set_entities(:discover, :group, groups, eligible_groups)
end

#set_discover_users(users, eligible_users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their discover permssion revoked.

Examples:

r.discover_users = ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']
r.set_discover_users(['one'], ['three'])
r.discover_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 166

def set_discover_users(users, eligible_users)
  set_entities(:discover, :person, users, eligible_users)
end

#set_edit_groups(groups, eligible_groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their edit permssion revoked.

Examples:

r.edit_groups = ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']
r.set_edit_groups(['one'], ['three'])
r.edit_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 318

def set_edit_groups(groups, eligible_groups)
  set_entities(:edit, :group, groups, eligible_groups)
end

#set_edit_users(users, eligible_users) ⇒ Object

Grant edit permissions to the users specified. Revokes edit permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their edit permssion revoked.

Examples:

r.edit_users = ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']
r.set_edit_users(['one'], ['three'])
r.edit_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 352

def set_edit_users(users, eligible_users)
  set_entities(:edit, :person, users, eligible_users)
end

#set_read_groups(groups, eligible_groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their read permssion revoked.

Examples:

r.read_groups = ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']
r.set_read_groups(['one'], ['three'])
r.read_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 217

def set_read_groups(groups, eligible_groups)
  set_entities(:read, :group, groups, eligible_groups)
end

#set_read_users(users, eligible_users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their read permssion revoked.

Examples:

r.read_users = ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']
r.set_read_users(['one'], ['three'])
r.read_users
=> ['one', 'two']  ## 'two' was not eligible to be removed

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 267

def set_read_users(users, eligible_users)
  set_entities(:read, :person, users, eligible_users)
end

#to_solr(solr_doc = {}) ⇒ Object

# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 28

def to_solr(solr_doc = {})
  super.tap do |doc|
    [:discover, :read, :edit].each do |access|
      vals = send("#{access}_groups")
      doc[Hydra.config.permissions[access].group] = vals unless vals.empty?
      vals = send("#{access}_users")
      doc[Hydra.config.permissions[access].individual] = vals unless vals.empty?
    end
  end
end