Module: Hydra::PolicyAwareAccessControlsEnforcement
- Defined in:
- lib/hydra/policy_aware_access_controls_enforcement.rb
Overview
Repeats access controls evaluation methods, but checks against a governing “Policy” object (or “Collection” object) that provides inherited access controls.
Instance Method Summary collapse
-
#apply_gated_discovery(solr_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access.
-
#apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
for groups.
-
#apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
for individual user access.
-
#discovery_permissions ⇒ Object
Override method from blacklight-access_controls.
-
#policies_with_access ⇒ Object
Find all the policies that grant discover/read/edit permissions to this user or any of its groups.
-
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects.
-
#policy_clauses ⇒ String?
Solr query for finding all objects whose policies grant discover access to current_user.
Instance Method Details
#apply_gated_discovery(solr_parameters) ⇒ Object
Extends Hydra::AccessControlsEnforcement.apply_gated_discovery to reflect policy-provided access. Appends the result of policy_clauses into the :fq
7 8 9 10 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 7 def apply_gated_discovery(solr_parameters) super logger.debug("POLICY-aware Solr parameters: #{ solr_parameters.inspect }") end |
#apply_policy_group_permissions(permission_types = discovery_permissions) ⇒ Object
for groups
33 34 35 36 37 38 39 40 41 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 33 def ( = ) user_access_filters = [] current_ability.user_groups.each_with_index do |group, i| .each do |type| user_access_filters << escape_filter(Hydra.config..inheritable[type.to_sym].group, group) end end user_access_filters end |
#apply_policy_user_permissions(permission_types = discovery_permissions) ⇒ Object
for individual user access
45 46 47 48 49 50 51 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 45 def ( = ) user = current_ability.current_user return [] unless user && user.user_key.present? .map do |type| escape_filter(Hydra.config..inheritable[type.to_sym].individual, user.user_key) end end |
#discovery_permissions ⇒ Object
Override method from blacklight-access_controls
54 55 56 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 54 def @discovery_permissions ||= ["edit", "discover", "read"] end |
#policies_with_access ⇒ Object
Find all the policies that grant discover/read/edit permissions to this user or any of its groups. Grant access based on user id & group
21 22 23 24 25 26 27 28 29 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 21 def policies_with_access #### TODO -- Memoize this and put it in the session? user_access_filters = [] user_access_filters += () user_access_filters += () result = policy_class.search_with_conditions( user_access_filters.join(" OR "), fl: "id", rows: policy_class.count ) logger.debug "get policies: #{result}\n\n" result.map {|h| h['id']} end |
#policy_class ⇒ Object
Returns the Model used for AdminPolicy objects. You can set this by overriding this method or setting Hydra.config[:policy_class] Defults to Hydra::AdminPolicy
61 62 63 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 61 def policy_class Hydra.config..policy_class || Hydra::AdminPolicy end |
#policy_clauses ⇒ String?
Returns solr query for finding all objects whose policies grant discover access to current_user.
13 14 15 16 17 |
# File 'lib/hydra/policy_aware_access_controls_enforcement.rb', line 13 def policy_clauses policy_ids = policies_with_access return nil if policy_ids.empty? '(' + policy_ids.map {|id| ActiveFedora::SolrQueryBuilder.construct_query_for_rel(isGovernedBy: id)}.join(' OR '.freeze) + ')' end |