From 5e28867e7085684e1201f7216fa3afe2df92c823 Mon Sep 17 00:00:00 2001 From: Johnathan Martin Date: Mon, 20 Nov 2023 09:52:19 -0800 Subject: [PATCH] send basic access restriction info along with successful auth check response useful for indicating restrictions that would apply for other users even if current user is logged in --- app/controllers/media_controller.rb | 11 ++++++++++- spec/controllers/media_controller_spec.rb | 20 ++++++++++++++++++++ spec/requests/media_auth_request_spec.rb | 5 +++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb index 76ea5ad8..6bb0c918 100644 --- a/app/controllers/media_controller.rb +++ b/app/controllers/media_controller.rb @@ -48,7 +48,16 @@ def allowed_params def hash_for_auth_check if can? :stream, current_media - { status: :success, token: URI.encode_www_form_component(encrypted_token) } + { + status: :success, + token: URI.encode_www_form_component(encrypted_token), + access_restrictions: { + stanford_restricted: current_media.stanford_restricted?, + restricted_by_location: current_media.restricted_by_location?, + embargoed: current_media.embargoed?, + embargo_release_date: current_media.embargo_release_date + } + } else MediaAuthenticationJson.new( user: current_user, diff --git a/spec/controllers/media_controller_spec.rb b/spec/controllers/media_controller_spec.rb index 0a3ea892..dd2e88c1 100644 --- a/spec/controllers/media_controller_spec.rb +++ b/spec/controllers/media_controller_spec.rb @@ -98,6 +98,15 @@ before do allow(controller).to receive(:can?).and_return(true) allow(StacksMediaToken).to receive(:new).and_return(token) + + next unless Settings.features.cocina # below mocking is only needed if cocina is being parsed instead of legacy rights XML + + # We could be more integration-y and instead e.g. stub_request(:get, "https://purl.stanford.edu/bd786fy6312.json").to_return(...). + # But the StacksMediaStream code (and the metadata fetching/parsing code it uses) that'd be exercised by that approach is already + # tested elsewhere. This approach is a bit more readable, and less brittle since it doesn't break the StacksMediaStream abstraction. + stacks_media_stream = instance_double(StacksMediaStream, stanford_restricted?: false, restricted_by_location?: false, + embargoed?: false, embargo_release_date: nil) + allow(controller).to receive(:current_media).and_return(stacks_media_stream) end it 'returns json that indicates a successful auth check (including token)' do @@ -106,6 +115,17 @@ expect(body['status']).to eq 'success' expect(body['token']).to eq 'sekret-token' end + + it 'returns info about applicable access restrictions' do + get :auth_check, params: { id:, file_name:, format: :js } + body = JSON.parse(response.body) + expect(body['access_restrictions']).to eq({ + 'stanford_restricted' => false, + 'restricted_by_location' => false, + 'embargoed' => false, + 'embargo_release_date' => nil + }) + end end end end diff --git a/spec/requests/media_auth_request_spec.rb b/spec/requests/media_auth_request_spec.rb index aab43d67..74fe8a27 100644 --- a/spec/requests/media_auth_request_spec.rb +++ b/spec/requests/media_auth_request_spec.rb @@ -68,6 +68,11 @@ expect(response.parsed_body['status']).to eq 'success' expect(response.parsed_body['token']).to match(/^[%a-zA-Z0-9]+/) end + + it 'indicates that the object is stanford restricted' do + get "/media/#{druid}/file.#{format}/auth_check" + expect(response.parsed_body['access_restrictions']['stanford_restricted']).to eq true + end end context 'when the user is not authenticated' do