send basic access restriction info along with successful auth check r…

…esponse useful for indicating restrictions that would apply for other users even if current user is logged in
sul-dlss · Dec 1, 2023 · 5e28867 · 5e28867
1 parent eeaa66b
commit 5e28867
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
@@ -48,7 +48,16 @@ def allowed_params
 
   def hash_for_auth_check
     if can? :stream, current_media
-      { status: :success, token: URI.encode_www_form_component(encrypted_token) }
+      {
+        status: :success,
+        token: URI.encode_www_form_component(encrypted_token),
+        access_restrictions: {
+          stanford_restricted: current_media.stanford_restricted?,
+          restricted_by_location: current_media.restricted_by_location?,
+          embargoed: current_media.embargoed?,
+          embargo_release_date: current_media.embargo_release_date
+        }
+      }
     else
       MediaAuthenticationJson.new(
         user: current_user,

diff --git a/spec/controllers/media_controller_spec.rb b/spec/controllers/media_controller_spec.rb
@@ -98,6 +98,15 @@
       before do
         allow(controller).to receive(:can?).and_return(true)
         allow(StacksMediaToken).to receive(:new).and_return(token)
+
+        next unless Settings.features.cocina # below mocking is only needed if cocina is being parsed instead of legacy rights XML
+
+        # We could be more integration-y and instead e.g. stub_request(:get, "https://purl.stanford.edu/bd786fy6312.json").to_return(...).
+        # But the StacksMediaStream code (and the metadata fetching/parsing code it uses) that'd be exercised by that approach is already
+        # tested elsewhere. This approach is a bit more readable, and less brittle since it doesn't break the StacksMediaStream abstraction.
+        stacks_media_stream = instance_double(StacksMediaStream, stanford_restricted?: false, restricted_by_location?: false,
+                                                                 embargoed?: false, embargo_release_date: nil)
+        allow(controller).to receive(:current_media).and_return(stacks_media_stream)
       end
 
       it 'returns json that indicates a successful auth check (including token)' do
@@ -106,6 +115,17 @@
         expect(body['status']).to eq 'success'
         expect(body['token']).to eq 'sekret-token'
       end
+
+      it 'returns info about applicable access restrictions' do
+        get :auth_check, params: { id:, file_name:, format: :js }
+        body = JSON.parse(response.body)
+        expect(body['access_restrictions']).to eq({
+                                                    'stanford_restricted' => false,
+                                                    'restricted_by_location' => false,
+                                                    'embargoed' => false,
+                                                    'embargo_release_date' => nil
+                                                  })
+      end
     end
   end
 end
diff --git a/spec/requests/media_auth_request_spec.rb b/spec/requests/media_auth_request_spec.rb
@@ -68,6 +68,11 @@
       expect(response.parsed_body['status']).to eq 'success'
       expect(response.parsed_body['token']).to match(/^[%a-zA-Z0-9]+/)
     end
+
+    it 'indicates that the object is stanford restricted' do
+      get "/media/#{druid}/file.#{format}/auth_check"
+      expect(response.parsed_body['access_restrictions']['stanford_restricted']).to eq true
+    end
   end
 
   context 'when the user is not authenticated' do