Module: Hydra::PolicyAwareAccessControlsEnforcement
- Defined in:
- lib/hydra/policy_aware_access_controls_enforcement.rb
Overview
Repeats access controls evaluation methods, but checks against a governing “Policy” object (or “Collection” object) that provides inherited access controls.
Instance Method Summary collapse
-
#apply_gated_discovery(solr_parameters, user_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq.
- #apply_policy_individual_permissions(permission_types) ⇒ Object
- #apply_policy_role_permissions(permission_types) ⇒ Object
-
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of it’s groups.
-
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects.
-
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user.
Instance Method Details
#apply_gated_discovery(solr_parameters, user_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access appends the result of policy_clauses into the :fq
8 9 10 11 12 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 8 def apply_gated_discovery(solr_parameters, user_parameters) solr_parameters[:fq] ||= [] solr_parameters[:fq] << gated_discovery_filters.join(" OR ") logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }") end |
#apply_policy_individual_permissions(permission_types) ⇒ Object
48 49 50 51 52 53 54 55 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 48 def () # for individual person access user_access_filters = [] .each do |type| user_access_filters << ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_person", Hydra::Datastream::RightsMetadata.indexer ) + ":#{current_user.user_key}" end user_access_filters end |
#apply_policy_role_permissions(permission_types) ⇒ Object
37 38 39 40 41 42 43 44 45 46 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 37 def () # for roles user_access_filters = [] current_ability.user_groups.each_with_index do |role, i| .each do |type| user_access_filters << ActiveFedora::SolrService.solr_name("inheritable_#{type}_access_group", Hydra::Datastream::RightsMetadata.indexer ) + ":#{role}" end end user_access_filters end |
#policies_with_access ⇒ Object
find all the policies that grant discover/read/edit permissions to this user or any of it’s groups
24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 24 def policies_with_access #### TODO -- Memoize this and put it in the session? return [] unless current_user user_access_filters = [] # Grant access based on user id & role user_access_filters += () user_access_filters += () result = policy_class.find_with_conditions( user_access_filters.join(" OR "), :fl => "id" ) logger.debug "get policies: #{result}\n\n" result.map {|h| h['id']} end |
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects. You can set this by overriding this method or setting Hydra.config[:policy_class] Defults to Hydra::AdminPolicy
60 61 62 63 64 65 66 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 60 def policy_class if Hydra.config[:permissions][:policy_class].nil? return Hydra::AdminPolicy else return Hydra.config[:permissions][:policy_class] end end |
#policy_clauses ⇒ Object
returns solr query for finding all objects whose policies grant discover access to current_user
16 17 18 19 20 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 16 def policy_clauses policy_pids = policies_with_access return nil if policy_pids.empty? '(' + policy_pids.map {|pid| ActiveFedora::SolrService.solr_name("is_governed_by", :symbol) + ":info\\:fedora/#{pid.gsub(/:/, '\\\\:')}"}.join(' OR ') + ')' end |