require 'spec_helper' describe Hydra::AdminPolicy do before do Hydra.stub(:config).and_return({:permissions=>{ :discover => {:group =>"discover_access_group_ssim", :individual=>"discover_access_person_ssim"}, :read => {:group =>"read_access_group_ssim", :individual=>"read_access_person_ssim"}, :edit => {:group =>"edit_access_group_ssim", :individual=>"edit_access_person_ssim"}, :owner => "depositor_ssim", :embargo_release_date => "embargo_release_date_dtsi", :inheritable => { :discover => {:group =>"inheritable_discover_access_group_ssim", :individual=>"inheritable_discover_access_person_ssim"}, :read => {:group =>"inheritable_read_access_group_ssim", :individual=>"inheritable_read_access_person_ssim"}, :edit => {:group =>"inheritable_edit_access_group_ssim", :individual=>"inheritable_edit_access_person_ssim"}, :owner => "inheritable_depositor_ssim", :embargo_release_date => "inheritable_embargo_release_date_dtsi" } }}) end its(:defaultRights) { should be_kind_of Hydra::Datastream::InheritableRightsMetadata} its(:rightsMetadata) { should be_kind_of Hydra::Datastream::RightsMetadata} its(:descMetadata) { should be_kind_of ActiveFedora::QualifiedDublinCoreDatastream} describe "when setting attributes" do before do subject.title = "My title" subject.description = "My description" subject.license_title = "My license" subject.license_description = "My license desc" subject.license_url = "My url" end its(:title) { should == "My title"} its(:description) { should == "My description"} its(:license_title) { should == "My license"} its(:license_description) { should == "My license desc"} its(:license_url) { should == "My url"} end describe "to_solr" do subject { Hydra::AdminPolicy.new(:title=>"Foobar").to_solr } it "should have title_ssim" do subject[ActiveFedora::SolrService.solr_name('title', type: :string)].should == "Foobar" end end describe "updating default permissions" do it "should create new group permissions" do subject.default_permissions = [{:name=>'group1', :access=>'discover', :type=>'group'}] subject.default_permissions.should == [{:type=>'group', :access=>'discover', :name=>'group1'}] end it "should create new user permissions" do subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'user'}] subject.default_permissions.should == [{:type=>'user', :access=>'discover', :name=>'user1'}] end it "should not replace existing groups" do subject.default_permissions = [{:name=>'group1', :access=>'discover', :type=>'group'}] subject.default_permissions = [{:name=>'group2', :access=>'discover', :type=>'group'}] subject.default_permissions.should == [{:type=>'group', :access=>'discover', :name=>'group1'}, {:type=>'group', :access=>'discover', :name=>'group2'}] end it "should not replace existing users" do subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'user'}] subject.default_permissions = [{:name=>'user2', :access=>'discover', :type=>'user'}] subject.default_permissions.should == [{:type=>'user', :access=>'discover', :name=>'user1'}, {:type=>'user', :access=>'discover', :name=>'user2'}] end it "should update permissions on existing users" do subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'user'}] subject.default_permissions = [{:name=>'user1', :access=>'edit', :type=>'user'}] subject.default_permissions.should == [{:type=>'user', :access=>'edit', :name=>'user1'}] end it "should update permissions on existing groups" do subject.default_permissions = [{:name=>'group1', :access=>'discover', :type=>'group'}] subject.default_permissions = [{:name=>'group1', :access=>'edit', :type=>'group'}] subject.default_permissions.should == [{:type=>'group', :access=>'edit', :name=>'group1'}] end it "should assign user permissions when :type == 'person'" do subject.default_permissions = [{:name=>'user1', :access=>'discover', :type=>'person'}] subject.default_permissions.should == [{:type=>'user', :access=>'discover', :name=>'user1'}] end it "should raise an ArgumentError when the :type hashkey is invalid" do expect{subject.default_permissions = [{:name=>'user1', :access=>'read', :type=>'foo'}]}.to raise_error(ArgumentError) end end describe "Inheritable rights" do before do @policy = Hydra::AdminPolicy.new @policy.default_permissions = [{:name=>"africana-faculty", :access=>"edit", :type=>"group"}, {:name=>"cool-kids", :access=>"edit", :type=>"group"}, {:name=>"julius_caesar", :access=>"edit", :type=>"user"}] @policy.default_permissions = [{:name=>"slightlycoolkids", :access=>"read", :type=>"group"}, {:name=>"nero", :access=>"read", :type=>"user"}] @policy.default_permissions = [{:name=>"posers", :access=>"discover", :type=>"group"}, {:name=>"constantine", :access=>"discover", :type=>"user"}] @policy.defaultRights.embargo_release_date = "2102-10-01" end describe "to_solr" do subject {@policy.to_solr} it "should not affect normal solr permissions fields" do subject.should_not have_key( Hydra.config[:permissions][:discover][:group] ) subject.should_not have_key( Hydra.config[:permissions][:discover][:individual] ) subject.should_not have_key( Hydra.config[:permissions][:read][:group] ) subject.should_not have_key( Hydra.config[:permissions][:read][:individual] ) subject.should_not have_key( Hydra.config[:permissions][:edit][:group] ) subject.should_not have_key( Hydra.config[:permissions][:edit][:individual] ) subject.should_not have_key( Hydra.config[:permissions][:embargo_release_date] ) end it "should provide prefixed/inherited solr permissions fields" do subject[Hydra.config[:permissions][:inheritable][:discover][:group] ].should == ["posers"] subject[Hydra.config[:permissions][:inheritable][:discover][:individual] ].should == ["constantine"] subject[Hydra.config[:permissions][:inheritable][:read][:group] ].should == ["slightlycoolkids"] subject[Hydra.config[:permissions][:inheritable][:read][:individual] ].should == ["nero"] inheritable_group = Hydra.config[:permissions][:inheritable][:edit][:group] subject[inheritable_group].length.should == 2 subject[inheritable_group].should include("africana-faculty", "cool-kids") subject[Hydra.config[:permissions][:inheritable][:edit][:individual] ].should == ["julius_caesar"] subject[Hydra.config[:permissions][:inheritable][:embargo_release_date] ].should == "2102-10-01" end end end # # Policy-based Access Controls # describe "When accessing assets with Policies associated" do before do @user = FactoryGirl.build(:martia_morocco) RoleMapper.stub(:roles).with(@user.user_key).and_return(@user.roles) end subject { Ability.new(@user) } context "Given a policy grants read access to a group I belong to" do before do @policy = Hydra::AdminPolicy.new @policy.default_permissions = [{:type=>"group", :access=>"read", :name=>"africana-faculty"}] @policy.save end after { @policy.delete } context "And a subscribing asset does not grant access" do before do @asset = ModsAsset.new() @asset.admin_policy = @policy @asset.save end after { @asset.delete } it "Then I should be able to view the asset" do subject.can?(:read, @asset).should be_true end it "Then I should not be able to edit, update and destroy the asset" do subject.can?(:edit, @asset).should be_false subject.can?(:update, @asset).should be_false subject.can?(:destroy, @asset).should be_false end end end context "Given a policy grants edit access to a group I belong to" do before do @policy = Hydra::AdminPolicy.new @policy.default_permissions = [{:type=>"group", :access=>"edit", :name=>"africana-faculty"}] @policy.save end after { @policy.delete } context "And a subscribing asset does not grant access" do before do @asset = ModsAsset.new() @asset.admin_policy = @policy @asset.save end after { @asset.delete } it "Then I should be able to view the asset" do subject.can?(:read, @asset).should be_true end it "Then I should be able to edit/update/destroy the asset" do subject.can?(:edit, @asset).should be_true subject.can?(:update, @asset).should be_true subject.can?(:destroy, @asset).should be_true end end context "And a subscribing asset grants read access to me as an individual" do before do @asset = ModsAsset.new() @asset.read_users = [@user.uid] @asset.admin_policy = @policy @asset.save end after { @asset.delete } it "Then I should be able to view the asset" do subject.can?(:read, @asset).should be_true end it "Then I should be able to edit/update/destroy the asset" do subject.can?(:edit, @asset).should be_true subject.can?(:update, @asset).should be_true subject.can?(:destroy, @asset).should be_true end end end context "Given a policy does not grant access to any group I belong to" do before do @policy = Hydra::AdminPolicy.new @policy.save end after { @policy.delete } context "And a subscribing asset does not grant access" do before do @asset = ModsAsset.new() @asset.admin_policy = @policy @asset.save end after { @asset.delete } it "Then I should not be able to view the asset" do subject.can?(:read, @asset).should be_false end it "Then I should not be able to edit/update/destroy the asset" do subject.can?(:edit, @asset).should be_false subject.can?(:update, @asset).should be_false subject.can?(:destroy, @asset).should be_false end end context "And a subscribing asset grants read access to me as an individual" do before do @asset = ModsAsset.new() @asset.read_users = [@user.uid] @asset.admin_policy = @policy @asset.save end after { @asset.delete } it "Then I should be able to view the asset" do subject.can?(:read, @asset).should be_true end it "Then I should not be able to edit/update/destroy the asset" do subject.can?(:edit, @asset).should be_false subject.can?(:update, @asset).should be_false subject.can?(:destroy, @asset).should be_false end end end end end