Skip to content

Commit

Permalink
Remove agent rights
Browse files Browse the repository at this point in the history 
These are no longer supported by SDR
  • Loading branch information
@jcoyne
jcoyne committed Nov 4, 2023
1 parent c7218fc commit e18adc9
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 191 deletions.
14 changes: 0 additions & 14 deletions app/models/ability.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,20 +69,6 @@ def initialize(user)
end
end

if user.app_user?
can [:download, :read], models do |f|
value, rule = f.rights.agent_rights_for_file f.file_name, user.id

value && (rule.nil? || rule != Dor::RightsAuth::NO_DOWNLOAD_RULE)
end

can [:access], models do |f|
value, _rule = f.rights.agent_rights_for_file f.file_name, user.id

value
end
end

if user.locations.present?
can [:download, :read], models do |f|
user.locations.any? do |location|
Expand Down
177 changes: 0 additions & 177 deletions spec/abilities/ability_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,112 +417,6 @@
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with a world-readable file that also has agent rights' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<world />
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:download, media) }
it { is_expected.to be_able_to(:read, file) }
it { is_expected.to be_able_to(:read, image) }
it { is_expected.to be_able_to(:read, media) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with a stanford-restricted file that also has agent rights' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<group>Stanford</group>
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:download, media) }
it { is_expected.to be_able_to(:read, file) }
it { is_expected.to be_able_to(:read, image) }
it { is_expected.to be_able_to(:read, media) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with an agent-only file' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:download, media) }
it { is_expected.to be_able_to(:read, file) }
it { is_expected.to be_able_to(:read, image) }
it { is_expected.to be_able_to(:read, media) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'with an agent-only file with a no-download rule' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<agent rule="no-download">a</group>
</machine>
</access>
</rightsMetadata>
EOF
end
it { is_expected.not_to be_able_to(:download, file) }
it { is_expected.not_to be_able_to(:download, image) }
it { is_expected.not_to be_able_to(:download, media) }
it { is_expected.not_to be_able_to(:read, file) }
it { is_expected.not_to be_able_to(:read, image) }
it { is_expected.not_to be_able_to(:read, media) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end
end

context 'for an anonymous user' do
Expand Down Expand Up @@ -968,77 +862,6 @@
it { is_expected.to be_able_to(:read, square_thumbnail) }
end
end

context 'with an object defaults to read access from location2, but file is agent-only' do
let(:rights_xml) do
<<-EOF.strip_heredoc
<rightsMetadata>
<access type="read">
<machine>
<location>location2</location>
</machine>
</access>
<access type="read">
<file>file.csv</file>
<machine>
<agent>a</agent>
</machine>
</access>
</rightsMetadata>
EOF
end

context 'as an anonymous user in location2' do
let(:user) { User.new(ip_address: 'ip.address3') }

it { is_expected.not_to be_able_to(:download, file) }
it { is_expected.to be_able_to(:download, image) }
it { is_expected.to be_able_to(:download, media) }
it { is_expected.not_to be_able_to(:read, file) }
it { is_expected.to be_able_to(:read, image) }
it { is_expected.to be_able_to(:read, media) }
it { is_expected.to be_able_to(:read, tile) }
it { is_expected.to be_able_to(:stream, media) }
it { is_expected.not_to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'as a stanford webauth user' do
let(:user) { User.new(id: 'a', webauth_user: true, ldap_groups: %w(stanford:stanford)) }

it { is_expected.not_to be_able_to(:download, file) }
it { is_expected.not_to be_able_to(:download, image) }
it { is_expected.not_to be_able_to(:download, media) }
it { is_expected.not_to be_able_to(:read, file) }
it { is_expected.not_to be_able_to(:read, image) }
it { is_expected.not_to be_able_to(:read, media) }
it { is_expected.not_to be_able_to(:read, tile) }
it { is_expected.not_to be_able_to(:stream, media) }
it { is_expected.not_to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end

context 'as an app user' do
let(:user) { User.new(id: 'a', app_user: true) }

it { is_expected.to be_able_to(:download, file) }
it { is_expected.not_to be_able_to(:download, image) }
it { is_expected.not_to be_able_to(:download, media) }
it { is_expected.to be_able_to(:read, file) }
it { is_expected.not_to be_able_to(:read, image) }
it { is_expected.not_to be_able_to(:read, media) }
it { is_expected.not_to be_able_to(:read, tile) }
it { is_expected.not_to be_able_to(:stream, media) }
it { is_expected.to be_able_to(:access, file) }
it { is_expected.to be_able_to(:read_metadata, image) }
it { is_expected.to be_able_to(:read, thumbnail) }
it { is_expected.to be_able_to(:read, square_thumbnail) }
end
end
end

describe 'for an object with CDL rights' do
Expand Down

0 comments on commit e18adc9

Please sign in to comment.