StacksMediaStream is never authorized for read or download

So we don't need to grant these permissions in the Ability class
sul-dlss · Nov 4, 2023 · f4036d0 · f4036d0
1 parent c7218fc
commit f4036d0
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 89 deletions.
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -41,57 +41,58 @@ def initialize(user)
     # NOTE: the below ability definitions which reference StacksFile also implicitly
     # cover StacksImage and StacksMediaStream, and any other subclasses of StacksFile.
 
-    models = [StacksFile, StacksImage, StacksMediaStream]
+    downloadable_models = [StacksFile, StacksImage]
+    access_models = downloadable_models + [StacksMediaStream]
 
-    can [:download, :read], models do |f|
+    can [:download, :read], downloadable_models do |f|
       value, rule = f.rights.world_rights_for_file f.file_name
 
       value && (rule.nil? || rule != Dor::RightsAuth::NO_DOWNLOAD_RULE)
     end
 
-    can [:access], models do |f|
+    can [:access], access_models do |f|
       value, _rule = f.rights.world_rights_for_file f.file_name
 
       value
     end
 
     if user.stanford?
-      can [:download, :read], models do |f|
+      can [:download, :read], downloadable_models do |f|
         value, rule = f.rights.stanford_only_rights_for_file f.file_name
 
         value && (rule.nil? || rule != Dor::RightsAuth::NO_DOWNLOAD_RULE)
       end
 
-      can [:access], models do |f|
+      can [:access], access_models do |f|
         value, _rule = f.rights.stanford_only_rights_for_file f.file_name
 
         value
       end
     end
 
     if user.app_user?
-      can [:download, :read], models do |f|
+      can [:download, :read], downloadable_models do |f|
         value, rule = f.rights.agent_rights_for_file f.file_name, user.id
 
         value && (rule.nil? || rule != Dor::RightsAuth::NO_DOWNLOAD_RULE)
       end
 
-      can [:access], models do |f|
+      can [:access], access_models do |f|
         value, _rule = f.rights.agent_rights_for_file f.file_name, user.id
 
         value
       end
     end
 
     if user.locations.present?
-      can [:download, :read], models do |f|
+      can [:download, :read], downloadable_models do |f|
         user.locations.any? do |location|
           value, rule = f.rights.location_rights_for_file(f.file_name, location)
           value && (rule.nil? || rule != Dor::RightsAuth::NO_DOWNLOAD_RULE)
         end
       end
 
-      can [:access], models do |f|
+      can [:access], access_models do |f|
         user.locations.any? do |location|
           value, _rule = f.rights.location_rights_for_file(f.file_name, location)
           value
@@ -105,7 +106,7 @@ def initialize(user)
       #   ...
       # end
 
-      can [:access], models do |f|
+      can [:access], access_models do |f|
         value, _rule = f.rights.cdl_rights_for_file(f.file_name)
         next unless value
 
@@ -125,7 +126,7 @@ def initialize(user)
       (projection.tile? || projection.thumbnail?) && can?(:access, projection.image)
     end
 
-    can [:access], Projection do |projection|
+    can :access, Projection do |projection|
       can?(:access, projection.image)
     end
 
@@ -135,10 +136,7 @@ def initialize(user)
       projection.thumbnail? && projection.object_thumbnail?
     end
 
-    can :stream, StacksMediaStream do |f|
-      can? :access, f
-    end
-
+    alias_action :stream, to: :access
     can :read_metadata, StacksImage
   end
 end