From 27bd577bce52ee5a953ba04f8c88f3d8eaf0093b Mon Sep 17 00:00:00 2001
From: Johnathan Martin <john.martin@stanford.edu>
Date: Mon, 20 Nov 2023 09:52:19 -0800
Subject: [PATCH] send basic access restriction info along with successful auth
 check response

useful for indicating restrictions that would apply for other users even if current user is logged in
---
 app/controllers/media_controller.rb       | 11 ++++++++++-
 spec/controllers/media_controller_spec.rb | 11 +++++++++++
 spec/requests/media_auth_request_spec.rb  |  5 +++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index 76ea5ad8..6bb0c918 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -48,7 +48,16 @@ def allowed_params
 
   def hash_for_auth_check
     if can? :stream, current_media
-      { status: :success, token: URI.encode_www_form_component(encrypted_token) }
+      {
+        status: :success,
+        token: URI.encode_www_form_component(encrypted_token),
+        access_restrictions: {
+          stanford_restricted: current_media.stanford_restricted?,
+          restricted_by_location: current_media.restricted_by_location?,
+          embargoed: current_media.embargoed?,
+          embargo_release_date: current_media.embargo_release_date
+        }
+      }
     else
       MediaAuthenticationJson.new(
         user: current_user,
diff --git a/spec/controllers/media_controller_spec.rb b/spec/controllers/media_controller_spec.rb
index 0a3ea892..93398088 100644
--- a/spec/controllers/media_controller_spec.rb
+++ b/spec/controllers/media_controller_spec.rb
@@ -106,6 +106,17 @@
         expect(body['status']).to eq 'success'
         expect(body['token']).to eq 'sekret-token'
       end
+
+      it 'still returns info about applicable access restrictions' do
+        get :auth_check, params: { id:, file_name:, format: :js }
+        body = JSON.parse(response.body)
+        expect(body['access_restrictions']).to eq({
+                                                    'stanford_restricted' => false,
+                                                    'restricted_by_location' => false,
+                                                    'embargoed' => false,
+                                                    'embargo_release_date' => nil
+                                                  })
+      end
     end
   end
 end
diff --git a/spec/requests/media_auth_request_spec.rb b/spec/requests/media_auth_request_spec.rb
index aab43d67..d47ac063 100644
--- a/spec/requests/media_auth_request_spec.rb
+++ b/spec/requests/media_auth_request_spec.rb
@@ -68,6 +68,11 @@
       expect(response.parsed_body['status']).to eq 'success'
       expect(response.parsed_body['token']).to match(/^[%a-zA-Z0-9]+/)
     end
+
+    it 'still indicates that the object is stanford restricted' do
+      get "/media/#{druid}/file.#{format}/auth_check"
+      expect(response.parsed_body['access_restrictions']['stanford_restricted']).to eq true
+    end
   end
 
   context 'when the user is not authenticated' do