Skip to content

Commit

Permalink
Merge pull request #1010 from sul-dlss/agent-rights
Browse files Browse the repository at this point in the history
  • Loading branch information
mjgiarlo authored Nov 6, 2023
2 parents 9ea66c0 + dc726ba commit 0e629d0
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 163 deletions.
14 changes: 0 additions & 14 deletions app/models/ability.rb
Original file line number Diff line number Diff line change
Expand Up @@ -70,20 +70,6 @@ def initialize(user)
end
end

if user.app_user?
can :download, downloadable_models do |f|
value, rule = f.rights.agent_rights_for_file f.file_name, user.id

value && (rule.nil? || rule != Dor::RightsAuth::NO_DOWNLOAD_RULE)
end

can [:access], access_models do |f|
value, _rule = f.rights.agent_rights_for_file f.file_name, user.id

value
end
end

if user.locations.present?
can :download, downloadable_models do |f|
user.locations.any? do |location|
Expand Down
149 changes: 0 additions & 149 deletions spec/abilities/ability_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -369,96 +369,6 @@
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with a world-readable file that also has agent rights' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<world />
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with a stanford-restricted file that also has agent rights' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<group>Stanford</group>
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with an agent-only file' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with an agent-only file with a no-download rule' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<agent rule="no-download">a</group>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.not_to be_able_to(:download, file) }
it { is_expected.not_to be_able_to(:download, image) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end
end

context 'for an anonymous user' do
Expand Down Expand Up @@ -832,65 +742,6 @@
it { is_expected.to be_able_to(:read, square_thumbnail) }
end
end

context 'with an object defaults to read access from location2, but file is agent-only' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<location>location2</location>
</machine>
</access>
<access type="read">
<file>file.csv</file>
<machine>
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end

context 'as an anonymous user in location2' do
let(:user) { User.new(ip_address: 'ip.address3') }

it { is_expected.not_to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.not_to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'as a stanford webauth user' do
let(:user) { User.new(id: 'a', webauth_user: true, ldap_groups: %w(stanford:stanford)) }

it { is_expected.not_to be_able_to(:download, file) }
it { is_expected.not_to be_able_to(:download, image) }
it { is_expected.not_to be_able_to(:read, tile) }
it { is_expected.not_to be_able_to(:stream, media) }
it { is_expected.not_to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'as an app user' do
let(:user) { User.new(id: 'a', app_user: true) }

it { is_expected.to be_able_to(:download, file) }
it { is_expected.not_to be_able_to(:download, image) }
it { is_expected.not_to be_able_to(:read, tile) }
it { is_expected.not_to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end
end
end

describe 'for an object with CDL rights' do
Expand Down

0 comments on commit 0e629d0

Please sign in to comment.