Skip to content

Commit

Permalink
When setting permissions, if the name of the user is an email address…
Browse files Browse the repository at this point in the history 
…, then switch it to being the uid since we are storing agents with just the uid rather than the email address
  • Loading branch information
@bbpennel
bbpennel committed Nov 20, 2023
1 parent 6ef179c commit e4f5552
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 37 deletions.
82 changes: 46 additions & 36 deletions app/overrides/actors/hyrax/actors/base_actor_override.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
Hyrax::Actors::BaseActor.class_eval do
alias_method :original_create, :create
def create(env)
original_create(env) && apply_work_specific_permissions(env)
original_create(env)# && apply_work_specific_permissions(env)
end

# @param [Hyrax::Actors::Environment] env
Expand All @@ -15,7 +15,7 @@ def update(env)
log_deleted_people_objects(env.attributes, env.curation_concern.id)
apply_save_data_to_curation_concern(env)
# [hyc-override] Apply work specific permissions
apply_work_specific_permissions(env)
# apply_work_specific_permissions(env)
next_actor.update(env) && save(env) && run_callbacks(:after_update_metadata, env)
end

Expand Down Expand Up @@ -49,7 +49,12 @@ def clean_attributes(attributes)
else
v
end
if v['name']&.include?('@')
permission_attrs[k]['name'] = ::User.find_by(email: v['name']).uid
Rails.logger.debug("BaseActor.clean_attributes removed email suffix, new id is #{permission_attrs[k]['name']}")
end
end
# Rails.logger.error("===clean_attributes Setting perms #{permission_attrs}")
attributes['permissions_attributes'] = permission_attrs
end
remove_blank_attributes!(attributes).except('file_set')
Expand All @@ -70,43 +75,48 @@ def log_deleted_people_objects(attributes, work_id)
end

# [hyc-override] added this method to allow work-specific permissions to work
def apply_work_specific_permissions(env)
permissions_attributes = env.attributes['permissions_attributes']
return true if permissions_attributes.blank?
# File sets don't have admin sets. So updating them independently of their work should skip this update.
# It doesn't seem possible for a FileSet to reach here, since they have their own actor that doesn't inherit from BaseActor?
return true unless env.curation_concern.respond_to? :admin_set
# def apply_work_specific_permissions(env)
# true
# Rails.logger.error("===Calling updated apply_work_specific_permissions")
# permissions_attributes = env.attributes['permissions_attributes']
# return true if permissions_attributes.blank?
# # File sets don't have admin sets. So updating them independently of their work should skip this update.
# # It doesn't seem possible for a FileSet to reach here, since they have their own actor that doesn't inherit from BaseActor?
# return true unless env.curation_concern.respond_to? :admin_set

workflow = Sipity::Workflow.where(permission_template_id: env.curation_concern.admin_set.permission_template.id,
active: true).first
entity = Sipity::Entity.where(proxy_for_global_id: env.curation_concern.to_global_id.to_s).first_or_create!
permissions_attributes.each do |_k, permission|
# skip the pre-existing permissions since they have already been applied
next unless permission['id'].blank?
# workflow = Sipity::Workflow.where(permission_template_id: env.curation_concern.admin_set.permission_template.id,
# active: true).first
# entity = Sipity::Entity.where(proxy_for_global_id: env.curation_concern.to_global_id.to_s).first_or_create!
# permissions_attributes.each do |_k, permission|
# # skip the pre-existing permissions since they have already been applied
# next unless permission['id'].blank?

if permission['type'] == 'person'
agent_type = 'User'
agent_id = ::User.find_by(email: permission['name'])
else
agent_type = 'Hyrax::Group'
agent_id = permission['name']
end
agents = [Sipity::Agent.where(proxy_for_id: agent_id, proxy_for_type: agent_type).first_or_create]
# if permission['type'] == 'person'
# agent_type = 'User'
# agent_id = ::User.find_by(email: permission['name'])
# else
# agent_type = 'Hyrax::Group'
# agent_id = permission['name']
# end
# agents = [Sipity::Agent.where(proxy_for_id: agent_id, proxy_for_type: agent_type).first_or_create]

roles = if permission['access'] == 'edit'
'approving'
else
'viewing'
end
create_workflow_permissions(entity, agents, roles, workflow)
end
end
# roles = if permission['access'] == 'edit'
# 'approving'
# else
# 'viewing'
# end
# puts "===base_actor create_workflow_permissions #{agents}"
# result = create_workflow_permissions(entity, agents, roles, workflow)
# puts "===base_actor finished"
# result
# end
# end

# [hyc-override] added this method to allow work-specific permissions to work
def create_workflow_permissions(entity, agents, roles, workflow)
Hyrax::Workflow::PermissionGenerator.call(entity: entity,
agents: agents,
roles: roles,
workflow: workflow)
end
# def create_workflow_permissions(entity, agents, roles, workflow)
# Hyrax::Workflow::PermissionGenerator.call(entity: entity,
# agents: agents,
# roles: roles,
# workflow: workflow)
# end
end
2 changes: 1 addition & 1 deletion spec/actors/hyrax/actors/base_actor_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
env = Hyrax::Actors::Environment.new(work, ability, attributes)
middleware.update(env)

user_perm = work.permissions.to_a.find { |perm| perm.agent.first.id == "http://projecthydra.org/ns/auth/person##{basic_user.email}" }
user_perm = work.permissions.to_a.find { |perm| perm.agent.first.id == "http://projecthydra.org/ns/auth/person##{basic_user.uid}" }
expect(user_perm.mode.first.id).to eq 'http://www.w3.org/ns/auth/acl#Read'
end
end
Expand Down

0 comments on commit e4f5552

Please sign in to comment.