Add additional triples for implied permissions, return effective mode…

…s by default
samvera · Feb 8, 2016 · 0eda849 · jcoyne · Feb 8, 2016 · awead
1 parent 1b4b635
commit 0eda849
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 5 deletions.
diff --git a/hydra-access-controls/app/models/hydra/access_controls/permission.rb b/hydra-access-controls/app/models/hydra/access_controls/permission.rb
@@ -49,6 +49,49 @@ def type
       parsed_agent.first
     end
 
+    # @param (optional) [Hash] opts will return the actual modes if { actual: true } is supplied
+    def mode(opts={})
+      return super if opts.fetch(:actual, false)
+      effective_mode(super)
+    end
+
+    def effective_mode(actual_modes)
+      [ModeMap.new(actual_modes).resulting_mode]
+    end
+
+    # Internal class used to determine the resulting mode, either ACL.Write, ACL.Read, or Hydra::ACL.Discover,
+    # based on the actual modes found in Hydra::AccessControls::Permission::mode
+    # The resulting mode versus the actual modes are defined as follows:
+    #   Actual modes                             | Resulting mode
+    #   ---------------------------------------- | --------------------          
+    #   Hydra::ACL.Discover                      | Hydra::ACL.Discover
+    #   Hydra::ACL.Discover, ACL.Read            | ACL.Read
+    #   Hydra::ACL.Discover, ACL.Read, ACL.Write | ACL.Write
+    class ModeMap
+      attr_reader :modes
+      def initialize(modes)
+        @modes = modes
+      end
+
+      def resulting_mode
+        return map[ACL.Write.to_s] if map.keys.include?(ACL.Write)
+        return map[ACL.Read.to_s] if map.keys.include?(ACL.Read)
+        return map[Hydra::ACL.Discover.to_s] if map.keys.include?(Hydra::ACL.Discover)
+        modes
+      end
+
+      def map
+        @map ||= new_map
+      end
+
+      private
+        def new_map
+          result = {}
+          modes.each { |mode| result[mode.id] = mode }
+          result
+        end
+    end
+
     protected
 
       def parsed_agent
@@ -71,9 +114,9 @@ def build_access(access)
         raise "Can't build access #{inspect}" unless access
         self.mode = case access
                     when "read"
-                      Mode.new(::ACL.Read)
+                      [Mode.new(::ACL.Read), Mode.new(Hydra::ACL.Discover)]
                     when "edit"
-                      Mode.new(::ACL.Write)
+                      [Mode.new(::ACL.Write), Mode.new(::ACL.Read), Mode.new(Hydra::ACL.Discover)]
                     when "discover"
                       Mode.new(Hydra::ACL.Discover)
                     else

diff --git a/hydra-access-controls/spec/unit/permission_spec.rb b/hydra-access-controls/spec/unit/permission_spec.rb
@@ -4,10 +4,34 @@
 
   describe "an initialized instance" do
     let(:permission) { described_class.new(type: 'person', name: 'bob', access: 'read') }
+    let(:agents) { permission.agent.map(&:rdf_subject) }
+    let(:effective_modes) { permission.mode.map(&:rdf_subject) }
+    let(:actual_modes) { permission.mode(actual: true).map(&:rdf_subject) }
 
-    it "should set predicates" do
-      expect(permission.agent.first.rdf_subject).to eq ::RDF::URI.new('http://projecthydra.org/ns/auth/person#bob')
-      expect(permission.mode.first.rdf_subject).to eq ACL.Read
+    context "with read access" do
+      it "sets predicates for both read and discover" do
+        expect(agents).to contain_exactly ::RDF::URI.new('http://projecthydra.org/ns/auth/person#bob')
+        expect(actual_modes).to eq [ACL.Read, Hydra::ACL.Discover]
+        expect(effective_modes).to eq [ACL.Read]
+      end
+    end
+
+    context "with edit access" do
+      let(:permission) { described_class.new(type: 'person', name: 'joe', access: 'edit') }
+      it "sets predicates for edit, read, and discover" do
+        expect(agents).to contain_exactly ::RDF::URI.new('http://projecthydra.org/ns/auth/person#joe')
+        expect(actual_modes).to eq [ACL.Write, ACL.Read, Hydra::ACL.Discover]
+        expect(effective_modes).to eq [ACL.Write]
+      end
+    end
+
+    context "with discover access" do
+      let(:permission) { described_class.new(type: 'person', name: 'dave', access: 'discover') }
+      it "sets predicates for discover" do
+        expect(agents).to contain_exactly ::RDF::URI.new('http://projecthydra.org/ns/auth/person#dave')
+        expect(actual_modes).to eq [Hydra::ACL.Discover]
+        expect(effective_modes).to eq [Hydra::ACL.Discover]
+      end
     end
 
     describe "#to_hash" do