From e4f55524b86e12726f5e3b7e4c194d376d5f3edc Mon Sep 17 00:00:00 2001 From: Ben Pennell Date: Mon, 20 Nov 2023 17:16:48 -0500 Subject: [PATCH] When setting permissions, if the name of the user is an email address, then switch it to being the uid since we are storing agents with just the uid rather than the email address --- .../hyrax/actors/base_actor_override.rb | 82 +++++++++++-------- spec/actors/hyrax/actors/base_actor_spec.rb | 2 +- 2 files changed, 47 insertions(+), 37 deletions(-) diff --git a/app/overrides/actors/hyrax/actors/base_actor_override.rb b/app/overrides/actors/hyrax/actors/base_actor_override.rb index c6d7e42d9..fe70a2cf3 100644 --- a/app/overrides/actors/hyrax/actors/base_actor_override.rb +++ b/app/overrides/actors/hyrax/actors/base_actor_override.rb @@ -4,7 +4,7 @@ Hyrax::Actors::BaseActor.class_eval do alias_method :original_create, :create def create(env) - original_create(env) && apply_work_specific_permissions(env) + original_create(env)# && apply_work_specific_permissions(env) end # @param [Hyrax::Actors::Environment] env @@ -15,7 +15,7 @@ def update(env) log_deleted_people_objects(env.attributes, env.curation_concern.id) apply_save_data_to_curation_concern(env) # [hyc-override] Apply work specific permissions - apply_work_specific_permissions(env) + # apply_work_specific_permissions(env) next_actor.update(env) && save(env) && run_callbacks(:after_update_metadata, env) end @@ -49,7 +49,12 @@ def clean_attributes(attributes) else v end + if v['name']&.include?('@') + permission_attrs[k]['name'] = ::User.find_by(email: v['name']).uid + Rails.logger.debug("BaseActor.clean_attributes removed email suffix, new id is #{permission_attrs[k]['name']}") + end end + # Rails.logger.error("===clean_attributes Setting perms #{permission_attrs}") attributes['permissions_attributes'] = permission_attrs end remove_blank_attributes!(attributes).except('file_set') @@ -70,43 +75,48 @@ def log_deleted_people_objects(attributes, work_id) end # [hyc-override] added this method to allow work-specific permissions to work - def apply_work_specific_permissions(env) - permissions_attributes = env.attributes['permissions_attributes'] - return true if permissions_attributes.blank? - # File sets don't have admin sets. So updating them independently of their work should skip this update. - # It doesn't seem possible for a FileSet to reach here, since they have their own actor that doesn't inherit from BaseActor? - return true unless env.curation_concern.respond_to? :admin_set + # def apply_work_specific_permissions(env) + # true + # Rails.logger.error("===Calling updated apply_work_specific_permissions") + # permissions_attributes = env.attributes['permissions_attributes'] + # return true if permissions_attributes.blank? + # # File sets don't have admin sets. So updating them independently of their work should skip this update. + # # It doesn't seem possible for a FileSet to reach here, since they have their own actor that doesn't inherit from BaseActor? + # return true unless env.curation_concern.respond_to? :admin_set - workflow = Sipity::Workflow.where(permission_template_id: env.curation_concern.admin_set.permission_template.id, - active: true).first - entity = Sipity::Entity.where(proxy_for_global_id: env.curation_concern.to_global_id.to_s).first_or_create! - permissions_attributes.each do |_k, permission| - # skip the pre-existing permissions since they have already been applied - next unless permission['id'].blank? + # workflow = Sipity::Workflow.where(permission_template_id: env.curation_concern.admin_set.permission_template.id, + # active: true).first + # entity = Sipity::Entity.where(proxy_for_global_id: env.curation_concern.to_global_id.to_s).first_or_create! + # permissions_attributes.each do |_k, permission| + # # skip the pre-existing permissions since they have already been applied + # next unless permission['id'].blank? - if permission['type'] == 'person' - agent_type = 'User' - agent_id = ::User.find_by(email: permission['name']) - else - agent_type = 'Hyrax::Group' - agent_id = permission['name'] - end - agents = [Sipity::Agent.where(proxy_for_id: agent_id, proxy_for_type: agent_type).first_or_create] + # if permission['type'] == 'person' + # agent_type = 'User' + # agent_id = ::User.find_by(email: permission['name']) + # else + # agent_type = 'Hyrax::Group' + # agent_id = permission['name'] + # end + # agents = [Sipity::Agent.where(proxy_for_id: agent_id, proxy_for_type: agent_type).first_or_create] - roles = if permission['access'] == 'edit' - 'approving' - else - 'viewing' - end - create_workflow_permissions(entity, agents, roles, workflow) - end - end + # roles = if permission['access'] == 'edit' + # 'approving' + # else + # 'viewing' + # end + # puts "===base_actor create_workflow_permissions #{agents}" + # result = create_workflow_permissions(entity, agents, roles, workflow) + # puts "===base_actor finished" + # result + # end + # end # [hyc-override] added this method to allow work-specific permissions to work - def create_workflow_permissions(entity, agents, roles, workflow) - Hyrax::Workflow::PermissionGenerator.call(entity: entity, - agents: agents, - roles: roles, - workflow: workflow) - end + # def create_workflow_permissions(entity, agents, roles, workflow) + # Hyrax::Workflow::PermissionGenerator.call(entity: entity, + # agents: agents, + # roles: roles, + # workflow: workflow) + # end end diff --git a/spec/actors/hyrax/actors/base_actor_spec.rb b/spec/actors/hyrax/actors/base_actor_spec.rb index d848ce04d..58ee9826c 100644 --- a/spec/actors/hyrax/actors/base_actor_spec.rb +++ b/spec/actors/hyrax/actors/base_actor_spec.rb @@ -71,7 +71,7 @@ env = Hyrax::Actors::Environment.new(work, ability, attributes) middleware.update(env) - user_perm = work.permissions.to_a.find { |perm| perm.agent.first.id == "http://projecthydra.org/ns/auth/person##{basic_user.email}" } + user_perm = work.permissions.to_a.find { |perm| perm.agent.first.id == "http://projecthydra.org/ns/auth/person##{basic_user.uid}" } expect(user_perm.mode.first.id).to eq 'http://www.w3.org/ns/auth/acl#Read' end end