RubygemsResearch

Sha256: 3981d759ec34a431f6162dc9786aae3e6f57b07702c0847f85952d5db29158ee

Contents?: true

Size: 1.9 KB

Versions: 3

Compression:

Stored size: 1.9 KB

module Ddr
  module Auth
    #
    # Hydra controller mixin for role-based access control
    #
    # Overrides Hydra::AccessControlsEnforcement#gated_discovery_filters
    # to apply role filters instead of permissions filters.
    #
    module RoleBasedAccessControlsEnforcement

      def self.included(controller)
        controller.delegate :authorized_to_act_as_superuser?, to: :current_ability
        controller.helper_method :authorized_to_act_as_superuser?
      end

      def current_ability
        @current_ability ||= AbilityFactory.call(current_user, request.env)
      end

      # List of IDs for policies on which any of the current user's agent has a role in policy scope
      def policy_role_policies
        @policy_role_policies ||= Array.new.tap do |uris|
          filters = current_ability.agents.map do |agent|
            "#{Ddr::Index::Fields::POLICY_ROLE}:\"#{agent}\""
          end.join(" OR ")
          query = "#{Ddr::Index::Fields::ACTIVE_FEDORA_MODEL}:Collection AND (#{filters})"
          results = ActiveFedora::SolrService.query(query, rows: Collection.count, fl: Ddr::Index::Fields::ID)
          results.each_with_object(uris) { |r, memo| memo << r[Ddr::Index::Fields::ID] }
        end
      end

      def policy_role_filters
        if policy_role_policies.present?
          rels = policy_role_policies.map { |pid| [:isGovernedBy, pid] }
          ActiveFedora::SolrService.construct_query_for_rel(rels, " OR ")
        end
      end

      def resource_role_filters
        current_ability.agents.map do |agent|
          ActiveFedora::SolrService.raw_query(Ddr::Index::Fields::RESOURCE_ROLE, agent)
        end.join(" OR ")
      end

      def gated_discovery_filters
        [resource_role_filters, policy_role_filters].compact
      end

      # Overrides Hydra::AccessControlsEnforcement
      def enforce_show_permissions
        authorize! :read, params[:id]
      end

    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version	Path
ddr-models-3.0.0.alpha.3	lib/ddr/auth/role_based_access_controls_enforcement.rb
ddr-models-3.0.0.alpha.2	lib/ddr/auth/role_based_access_controls_enforcement.rb
ddr-models-3.0.0.alpha.1	lib/ddr/auth/role_based_access_controls_enforcement.rb