Skip to content

Commit

Permalink
Add access control enforcement for Item Record.
Browse files Browse the repository at this point in the history
Closes #233
  • Loading branch information
Trey Terrell committed Aug 4, 2015
1 parent 9bf88a1 commit e991c12
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 3 deletions.
14 changes: 12 additions & 2 deletions app/controllers/catalog_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,12 @@

class CatalogController < ApplicationController

include Blacklight::Catalog
include Hydra::Catalog
include Hydra::Controller::ControllerBehavior
include Hydra::Controller::SearchBuilder
# This applies appropriate access controls to all solr queries
self.search_params_logic += [:add_access_controls_to_solr_params]
# Apply access controls to show.
before_filter :enforce_show_permissions, :only => :show

def blacklight_config
@blacklight_config ||= config_builder.configuration
Expand All @@ -16,4 +17,13 @@ def blacklight_config
def config_builder
@config_builder ||= BlacklightConfig.new(GenericAsset, self.class.blacklight_config)
end

private

def enforce_show_permissions
permissions = current_ability.permissions_doc(params[:id])
unless can? :read, permissions
raise Hydra::AccessDenied.new("You do not have sufficient access privileges to read this document, which has been marked private.", :read, params[:id])
end
end
end
13 changes: 12 additions & 1 deletion spec/controllers/catalog_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,24 @@
context "when given an image" do
render_views
it "should render the image show view" do
i = Image.create
i = Image.create(:read_groups => ["public"])

get 'show', :id => i.id

expect(response).to render_template "catalog/_show_image"
end
end
describe "permissions" do
context "when the user has no permission" do
it "should redirect" do
i = Image.create

get 'show', :id => i.id

expect(response).to be_redirect
end
end
end
describe "nt" do
it "should return ntriples" do
title = ["yo"]
Expand Down

0 comments on commit e991c12

Please sign in to comment.