Revise roles permitted to act on APOs and Items.

A permitted 'role' is distinguished from a work-'group'.  Argo has a
User#roles method that can translate from workgroups to roles, which is
the input to the `can*` public methods.  This also simplifies all these
methods by using constants for role names.  In case the role definitions
need to change, the private role_which` methods can be modified as
necessary.  Some of these are alias_methods because they use the same
roles as the target method.  All of the `roles_which*` methods should be
private, subordinate to the public `can*` methods.

Also removed deprecated roles for `dor-administrator` and `dor-viewer`

This implements the specs, at the time written, in this Consul document:
https://consul.stanford.edu/display/chimera/Repository+Roles+and+Permissions

This should fix for #146

dor-services.gemspec

@@ -7,8 +7,8 @@ Gem::Specification.new do |s|
   s.name        = 'dor-services'
   s.version     = Dor::VERSION
   s.platform    = Gem::Platform::RUBY
-  s.authors     = ['Michael Klein', 'Willy Mene', 'Chris Fitzpatrick', 'Richard Anderson', 'Renzo Sanchez-Silva', 'Joseph Atzberger', 'Johnathan Martin']
-  s.email       = ['mbklein@stanford.edu']
+  s.authors     = ['Michael Klein', 'Willy Mene', 'Chris Fitzpatrick', 'Richard Anderson', 'Renzo Sanchez-Silva', 'Joseph Atzberger', 'Johnathan Martin', 'Darren Weber']
+  s.email       = ['dlss-developers@lists.stanford.edu']
   s.summary     = 'Ruby implmentation of DOR services used by the SULAIR Digital Library'
   s.description = 'Contains classes to register objects and initialize workflows'
   s.licenses    = ['ALv2', 'Stanford University']

lib/dor-services.rb

@@ -107,6 +107,7 @@ def root
   autoload :Publishable,  'dor/models/publishable'
   autoload :Shelvable,    'dor/models/shelvable'
   autoload :Embargoable,  'dor/models/embargoable'
+  autoload :Permissable,  'dor/models/permissable'
   autoload :Preservable,  'dor/models/preservable'
   autoload :Assembleable, 'dor/models/assembleable'
   autoload :Upgradable,   'dor/models/upgradable'

lib/dor/models/admin_policy_object.rb

@@ -4,6 +4,7 @@ class AdminPolicyObject < ::ActiveFedora::Base
     include Governable
     include Editable
     include Describable
+    include Permissable
     include Processable
     include Versionable
 

lib/dor/models/collection.rb

@@ -4,6 +4,7 @@ class Collection < ::ActiveFedora::Base
     include Processable
     include Governable
     include Describable
+    include Permissable
     include Publishable
     include Versionable
     include Releaseable

lib/dor/models/governable.rb

@@ -27,7 +27,7 @@ def default_workflow_lane
     end
 
     def reset_to_apo_default
-      rightsMetadata.content = admin_policy_object.rightsMetadata.ng_xml
+      rightsMetadata.content = admin_policy_object.rightsMetadata.ng_xml.to_s
     end
 
     def set_read_rights(rights)
@@ -52,14 +52,15 @@ def remove_collection(collection_or_druid)
         when Dor::Collection
           collection_or_druid
       end
-
       collections.delete(collection)
       sets.delete(collection)
     end
+
     # set the rights metadata datastream to the content of the APO's default object rights
     def reapplyAdminPolicyObjectDefaults
       rightsMetadata.content = admin_policy_object.datastreams['defaultObjectRights'].content
     end
+
     def rights
       return nil unless self.respond_to? :rightsMetadata
       return nil if rightsMetadata.nil?
@@ -75,56 +76,5 @@ def rights
         'None'
       end
     end
-    def groups_which_manage_item
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor']
-    end
-    def groups_which_manage_desc_metadata
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor', 'dor-apo-metadata']
-    end
-    def groups_which_manage_system_metadata
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor']
-    end
-    def groups_which_manage_content
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor']
-    end
-    def groups_which_manage_rights
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor']
-    end
-    def groups_which_manage_embargo
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor']
-    end
-    def groups_which_view_content
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor', 'dor-viewer', 'sdr-viewer']
-    end
-    def groups_which_view_metadata
-      ['dor-administrator', 'sdr-administrator', 'dor-apo-manager', 'dor-apo-depositor', 'dor-viewer', 'sdr-viewer']
-    end
-    def intersect(arr1, arr2)
-      (arr1 & arr2).length > 0
-    end
-    def can_manage_item?(roles)
-      intersect roles, groups_which_manage_item
-    end
-    def can_manage_desc_metadata?(roles)
-      intersect roles, groups_which_manage_desc_metadata
-    end
-    def can_manage_system_metadata?(roles)
-      intersect roles, groups_which_manage_system_metadata
-    end
-    def can_manage_content?(roles)
-      intersect roles, groups_which_manage_content
-    end
-    def can_manage_rights?(roles)
-      intersect roles, groups_which_manage_rights
-    end
-    def can_manage_embargo?(roles)
-      intersect roles, groups_which_manage_embargo
-    end
-    def can_view_content?(roles)
-      intersect roles, groups_which_view_content
-    end
-    def can_view_metadata?(roles)
-      intersect roles, groups_which_view_metadata
-    end
   end
 end

lib/dor/models/permissable.rb

@@ -0,0 +1,160 @@
+module Dor
+  module Permissable
+    extend ActiveSupport::Concern
+
+    # General documentation about roles and permissions is on SUL Consul at
+    # https://consul.stanford.edu/display/chimera/Repository+Roles+and+Permissions
+    # All these constants are frozen arrays so the methods that use them can
+    # easily add them to return arrays.
+    SDR_ADMINS = %w(sdr-administrator).freeze
+    SDR_MANAGERS = %w(sdr-manager).freeze
+    SDR_VIEWERS = %w(sdr-viewer).freeze
+
+    APO_MANAGERS = %w(dor-apo-manager).freeze
+    APO_DEPOSITORS = %w(dor-apo-depositor).freeze
+    APO_METADATA = %w(dor-apo-metadata).freeze
+    APO_VIEWERS = %w(dor-apo-viewer).freeze
+
+    # A complete set of known roles.  This can be used by clients to
+    # inspect all the possible roles available.
+    KNOWN_ROLES = (
+      SDR_ADMINS + SDR_MANAGERS + SDR_VIEWERS +
+      APO_MANAGERS + APO_DEPOSITORS + APO_METADATA + APO_VIEWERS
+    ).freeze
+
+    # ---
+    # APO permissions
+
+    def can_create_apo?(roles)
+      intersect roles, roles_which_create_apo
+    end
+
+    def can_manage_apo?(roles)
+      intersect roles, roles_which_manage_apo
+    end
+
+    def can_manage_collections?(roles)
+      intersect roles, roles_which_manage_collections
+    end
+
+    def can_manage_roles?(roles)
+      intersect roles, roles_which_manage_roles
+    end
+
+    def can_manage_sets?(roles)
+      intersect roles, roles_which_manage_sets
+    end
+
+    def can_release_objects?(roles)
+      intersect roles, roles_which_release_objects
+    end
+
+    # ---
+    # Item permissions
+
+    def can_manage_item?(roles)
+      intersect roles, roles_which_manage_item
+    end
+
+    def can_register_item?(roles)
+      intersect roles, roles_which_register_item
+    end
+
+    def can_manage_desc_metadata?(roles)
+      intersect roles, roles_which_manage_desc_md
+    end
+
+    def can_manage_system_metadata?(roles)
+      intersect roles, roles_which_manage_sys_md
+    end
+
+    def can_manage_contents?(roles)
+      intersect roles, roles_which_manage_contents
+    end
+
+    def can_manage_rights?(roles)
+      intersect roles, roles_which_manage_rights
+    end
+
+    def can_manage_workflows?(roles)
+      intersect roles, roles_which_manage_workflows
+    end
+
+    def can_manage_embargo?(roles)
+      intersect roles, roles_which_manage_embargo
+    end
+
+    # ---
+    # Common viewing permissions
+
+    def can_view_content?(roles)
+      intersect roles, roles_which_view_content
+    end
+
+    def can_view_metadata?(roles)
+      intersect roles, roles_which_view_metadata
+    end
+
+    private
+
+    # ---
+    # APO roles
+
+    def roles_which_create_apo
+      SDR_ADMINS + SDR_MANAGERS
+    end
+
+    def roles_which_manage_apo
+      SDR_ADMINS + SDR_MANAGERS + APO_MANAGERS
+    end
+
+    # When more granular roles are defined for APOs, these aliases
+    # could be redefined as stand-alone methods.
+    alias roles_which_manage_roles roles_which_manage_apo
+    alias roles_which_manage_collections roles_which_manage_apo
+    alias roles_which_manage_sets roles_which_manage_apo
+
+    def roles_which_release_objects
+      SDR_ADMINS + SDR_MANAGERS + APO_MANAGERS + APO_DEPOSITORS
+    end
+
+    # ---
+    # Item roles
+
+    def roles_which_manage_item
+      # exclude SDR_MANAGERS
+      SDR_ADMINS + APO_MANAGERS + APO_DEPOSITORS
+    end
+
+    def roles_which_manage_desc_md
+      SDR_ADMINS + APO_MANAGERS + APO_DEPOSITORS + APO_METADATA
+    end
+
+    # When more granular management roles are defined, these aliases
+    # should be redefined as stand-alone methods.
+    alias roles_which_register_item roles_which_manage_item
+    alias roles_which_manage_sys_md roles_which_manage_item
+    alias roles_which_manage_contents roles_which_manage_item
+    alias roles_which_manage_rights roles_which_manage_item
+    alias roles_which_manage_workflows roles_which_manage_item
+    alias roles_which_manage_embargo roles_which_manage_item
+
+    # ---
+    # Viewer roles (apply to both APO and Item)
+
+    # All roles can view metadata
+    def roles_which_view_metadata
+      KNOWN_ROLES
+    end
+
+    # Only SDR_MANAGERS cannot view content
+    def roles_which_view_content
+      SDR_ADMINS + SDR_VIEWERS +
+      APO_MANAGERS + APO_DEPOSITORS + APO_METADATA + APO_VIEWERS
+    end
+
+    def intersect(arr1, arr2)
+      (arr1 & arr2).length > 0
+    end
+  end
+end

lib/dor/models/publishable.rb

@@ -7,6 +7,7 @@ module Publishable
     include Governable
     include Describable
     include Itemizable
+    include Permissable
     include Rightsable
 
     def public_relationships

lib/dor/models/set.rb

@@ -4,6 +4,7 @@ class Set < ::ActiveFedora::Base
     include Processable
     include Governable
     include Describable
+    include Permissable
     include Publishable
     include Versionable
 

lib/dor/models/workflow_object.rb

@@ -4,6 +4,7 @@ module Dor
   class WorkflowObject < ::ActiveFedora::Base
     include Identifiable
     include Governable
+    include Permissable
     @@xml_cache  = {}
     @@repo_cache = {}