Module: Hydra::AccessControls::Permissions

Extended by:
ActiveSupport::Concern
Includes:
Visibility
Included in:
Hydra::AdminPolicy
Defined in:
app/models/concerns/hydra/access_controls/permissions.rb

Instance Method Summary collapse

Instance Method Details

#discover_groupsObject

Return a list of groups that have discover permission



70
71
72
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 70

def discover_groups
  search_by_type_and_mode(:group, Hydra::ACL.Discover).map(&:agent_name)
end

#discover_groups=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups= ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']


81
82
83
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 81

def discover_groups=(groups)
  set_discover_groups(groups, discover_groups)
end

#discover_groups_stringObject

Display the groups a comma delimeted string



97
98
99
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 97

def discover_groups_string
  discover_groups.join(', ')
end

#discover_groups_string=(groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other groups. @param groups a list of group names

Examples:

r.discover_groups_string= 'one, two, three'
r.discover_groups
=> ['one', 'two', 'three']


92
93
94
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 92

def discover_groups_string=(groups)
  self.discover_groups = groups.split(/[\s,]+/)
end

#discover_usersObject



120
121
122
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 120

def discover_users
  search_by_type_and_mode(:person, Hydra::ACL.Discover).map(&:agent_name)
end

#discover_users=(users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users= ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']


131
132
133
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 131

def discover_users=(users)
  set_discover_users(users, discover_users)
end

#discover_users_stringObject

Display the users as a comma delimeted string



147
148
149
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 147

def discover_users_string
  discover_users.join(', ')
end

#discover_users_string=(users) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for all other users. @param users a list of usernames

Examples:

r.discover_users_string= 'one, two, three'
r.discover_users
=> ['one', 'two', 'three']


142
143
144
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 142

def discover_users_string=(users)
  self.discover_users = users.split(/[\s,]+/)
end

#edit_groupsObject

Return a list of groups that have edit permission



272
273
274
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 272

def edit_groups
  search_by_type_and_mode(:group, ::ACL.Write).map(&:agent_name)
end

#edit_groups=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups= ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']


283
284
285
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 283

def edit_groups=(groups)
  set_edit_groups(groups, edit_groups)
end

#edit_groups_stringObject

Display the groups a comma delimeted string



299
300
301
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 299

def edit_groups_string
  edit_groups.join(', ')
end

#edit_groups_string=(groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param groups a list of group names

Examples:

r.edit_groups_string= 'one, two, three'
r.edit_groups
=> ['one', 'two', 'three']


294
295
296
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 294

def edit_groups_string=(groups)
  self.edit_groups = groups.split(/[\s,]+/)
end

#edit_usersObject



322
323
324
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 322

def edit_users
  search_by_type_and_mode(:person, ::ACL.Write).map(&:agent_name)
end

#edit_users=(users) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for all other groups. @param users a list of usernames

Examples:

r.edit_users= ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']


333
334
335
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 333

def edit_users=(users)
  set_edit_users(users, edit_users)
end

#permission_delegateObject



24
25
26
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 24

def permission_delegate
  (access_control || build_access_control).tap { |d| d.owner = self }
end

#permissions_attributes=(attributes_collection) ⇒ Object

When chaging a permission for an object/user, ensure an update is done, not a duplicate



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 40

def permissions_attributes=(attributes_collection)
  if attributes_collection.is_a? Hash
    keys = attributes_collection.keys
    attributes_collection = if keys.include?('id') || keys.include?(:id)
                              Array(attributes_collection)
                            else
                              attributes_collection.sort_by { |i, _| i.to_i }.map { |_, attributes| attributes }
    end
  end

  attributes_collection = attributes_collection.map(&:with_indifferent_access)
  attributes_collection.each do |prop|
    existing = case prop[:type]
               when 'group'
                 search_by_type(:group)
               when 'person'
                 search_by_type(:person)
    end

    next if existing.blank?
    selected = existing.find { |perm| perm.agent_name == prop[:name] }
    prop['id'] = selected.id if selected
  end

  clean_collection = remove_bad_deletes(attributes_collection)

  self.permissions_attributes_without_uniqueness = clean_collection
end

#permissions_attributes_without_uniqueness=(attrs) ⇒ Object



20
21
22
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 20

def permissions_attributes_without_uniqueness=(attrs)
  permission_delegate.permissions_attributes = attrs
end

#read_groupsObject

Return a list of groups that have discover permission



171
172
173
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 171

def read_groups
  search_by_type_and_mode(:group, ::ACL.Read).map(&:agent_name)
end

#read_groups=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups= ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']


182
183
184
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 182

def read_groups=(groups)
  set_read_groups(groups, read_groups)
end

#read_groups_stringObject

Display the groups a comma delimeted string



198
199
200
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 198

def read_groups_string
  read_groups.join(', ')
end

#read_groups_string=(groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other groups. @param groups a list of group names

Examples:

r.read_groups_string= 'one, two, three'
r.read_groups
=> ['one', 'two', 'three']


193
194
195
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 193

def read_groups_string=(groups)
  self.read_groups = groups.split(/[\s,]+/)
end

#read_usersObject



221
222
223
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 221

def read_users
  search_by_type_and_mode(:person, ::ACL.Read).map(&:agent_name)
end

#read_users=(users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users= ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']


232
233
234
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 232

def read_users=(users)
  set_read_users(users, read_users)
end

#read_users_stringObject

Display the users as a comma delimeted string



248
249
250
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 248

def read_users_string
  read_users.join(', ')
end

#read_users_string=(users) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for all other users. @param users a list of usernames

Examples:

r.read_users_string= 'one, two, three'
r.read_users
=> ['one', 'two', 'three']


243
244
245
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 243

def read_users_string=(users)
  self.read_users = users.split(/[\s,]+/)
end

#set_discover_groups(groups, eligible_groups) ⇒ Object

Grant discover permissions to the groups specified. Revokes discover permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their discover permssion revoked.

Examples:

r.discover_groups = ['one', 'two', 'three']
r.discover_groups
=> ['one', 'two', 'three']
r.set_discover_groups(['one'], ['three'])
r.discover_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed


116
117
118
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 116

def set_discover_groups(groups, eligible_groups)
  set_entities(:discover, :group, groups, eligible_groups)
end

#set_discover_users(users, eligible_users) ⇒ Object

Grant discover permissions to the users specified. Revokes discover permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their discover permssion revoked.

Examples:

r.discover_users = ['one', 'two', 'three']
r.discover_users
=> ['one', 'two', 'three']
r.set_discover_users(['one'], ['three'])
r.discover_users
=> ['one', 'two']  ## 'two' was not eligible to be removed


166
167
168
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 166

def set_discover_users(users, eligible_users)
  set_entities(:discover, :person, users, eligible_users)
end

#set_edit_groups(groups, eligible_groups) ⇒ Object

Grant edit permissions to the groups specified. Revokes edit permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their edit permssion revoked.

Examples:

r.edit_groups = ['one', 'two', 'three']
r.edit_groups
=> ['one', 'two', 'three']
r.set_edit_groups(['one'], ['three'])
r.edit_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed


318
319
320
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 318

def set_edit_groups(groups, eligible_groups)
  set_entities(:edit, :group, groups, eligible_groups)
end

#set_edit_users(users, eligible_users) ⇒ Object

Grant edit permissions to the users specified. Revokes edit permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their edit permssion revoked.

Examples:

r.edit_users = ['one', 'two', 'three']
r.edit_users
=> ['one', 'two', 'three']
r.set_edit_users(['one'], ['three'])
r.edit_users
=> ['one', 'two']  ## 'two' was not eligible to be removed


352
353
354
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 352

def set_edit_users(users, eligible_users)
  set_entities(:edit, :person, users, eligible_users)
end

#set_read_groups(groups, eligible_groups) ⇒ Object

Grant read permissions to the groups specified. Revokes read permission for any of the eligible_groups that are not in groups. This may be used when different users are responsible for setting different groups. Supply the groups the current user is responsible for as the ‘eligible_groups’ @param groups a list of groups @param eligible_groups the groups that are eligible to have their read permssion revoked.

Examples:

r.read_groups = ['one', 'two', 'three']
r.read_groups
=> ['one', 'two', 'three']
r.set_read_groups(['one'], ['three'])
r.read_groups
=> ['one', 'two']  ## 'two' was not eligible to be removed


217
218
219
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 217

def set_read_groups(groups, eligible_groups)
  set_entities(:read, :group, groups, eligible_groups)
end

#set_read_users(users, eligible_users) ⇒ Object

Grant read permissions to the users specified. Revokes read permission for any of the eligible_users that are not in users. This may be used when different users are responsible for setting different users. Supply the users the current user is responsible for as the ‘eligible_users’ @param users a list of users @param eligible_users the users that are eligible to have their read permssion revoked.

Examples:

r.read_users = ['one', 'two', 'three']
r.read_users
=> ['one', 'two', 'three']
r.set_read_users(['one'], ['three'])
r.read_users
=> ['one', 'two']  ## 'two' was not eligible to be removed


267
268
269
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 267

def set_read_users(users, eligible_users)
  set_entities(:read, :person, users, eligible_users)
end

#to_solr(solr_doc = {}) ⇒ Object



28
29
30
31
32
33
34
35
36
37
# File 'app/models/concerns/hydra/access_controls/permissions.rb', line 28

def to_solr(solr_doc = {})
  super.tap do |doc|
    [:discover, :read, :edit].each do |access|
      vals = send("#{access}_groups")
      doc[Hydra.config.permissions[access].group] = vals unless vals.empty?
      vals = send("#{access}_users")
      doc[Hydra.config.permissions[access].individual] = vals unless vals.empty?
    end
  end
end