Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privgroups #657

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,7 @@ Layout/IndentFirstHashElement:
Style/WordArray:
Exclude:
- 'config/application.rb'

Naming/PredicateName:
Exclude:
- 'app/models/user.rb'
2 changes: 1 addition & 1 deletion app/controllers/application_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ def current_user?
def patron
return unless current_user?

@patron ||= Patron.new(patron_info_response)
@patron ||= Patron.new(patron_info_response, current_user)
end

def patron_or_group
Expand Down
6 changes: 4 additions & 2 deletions app/models/patron.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

# Class to model Patron information
class Patron
attr_reader :record
attr_reader :record, :user

CHARGE_LIMIT_THRESHOLD = 25_000

Expand All @@ -21,8 +21,9 @@ class Patron
'MXFEE-NO25' => 'Fee borrower'
}.freeze

def initialize(record)
def initialize(record, user = nil)
@record = record
@user = user
end

def key
Expand Down Expand Up @@ -156,6 +157,7 @@ def to_partial_path

def borrow_direct_requests
return [] if proxy_borrower? # Proxies can't submit borrow direct requests, so don't check.
return [] unless user&.has_borrow_direct_access?

BorrowDirectRequests.new(self).requests
end
Expand Down
12 changes: 10 additions & 2 deletions app/models/user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,21 @@
# :nodoc:
class User
include ActiveModel::Model
attr_accessor :username, :patron_key, :shibboleth
attr_accessor :username, :patron_key, :privgroups, :shibboleth

# FIXME: This is temporary code and can be removed after everyone who has logged into -dev
# has logged out and logged in.
def initialize(attributes)
super(attributes.with_indifferent_access.slice(:username, :patron_key, :shibboleth))
super(attributes.with_indifferent_access.slice(:username, :patron_key, :privgroups, :shibboleth))
end

alias shibboleth? shibboleth

def has_borrow_direct_access?
((privgroups || []) & Settings.auth.borrow_direct_privgroups).any?
end

def has_eresources_access?
((privgroups || []) & Settings.auth.eresources_privgroups).any?
end
end
10 changes: 10 additions & 0 deletions app/views/patron/_patron.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,14 @@
<dt class="col-4 col-md-2 font-weight-normal">Email:</dt>
<dd class="col-8 col-md-10 email"><%= patron.email %></dd>
<% end %>

<% unless current_user.has_eresources_access? || patron.proxy_borrower? %>
<dt class="col-4 col-md-2 font-weight-normal">eResource access:</dt>
<dd class="col-8 col-md-10 patron-status">In-library only</dd>
<% end %>

<% if current_user.privgroups %>
<dt class="col-4 col-md-2 font-weight-normal">Privgroups:</dt>
<dd class="col-8 col-md-10 email"><%= current_user.privgroups.inspect %></dd>
<% end %>
</dl>
1 change: 1 addition & 0 deletions config/deploy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,4 @@

# update shared_configs before restarting app
before 'deploy:restart', 'shared_configs:update'
set :branch, 'privgroups'
22 changes: 19 additions & 3 deletions config/initializers/warden.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ def authenticate!
response = SymphonyClient.new.login_by_sunetid(uid)

if response && response['key']
u = { username: uid, patron_key: response['key'], shibboleth: true }
u = { username: uid, patron_key: response['key'], privgroups: privgroups, shibboleth: true }
success!(u)
else
fail!('Could not log in')
Expand All @@ -21,6 +21,14 @@ def authenticate!
def uid
env['uid']
end

def privgroups
if env['eduPersonEntitlement'].present?
env['eduPersonEntitlement'].split(';')
else
[]
end
end
end

Warden::Strategies.add(:development_shibboleth_stub) do
Expand All @@ -32,7 +40,7 @@ def authenticate!
response = SymphonyClient.new.login_by_sunetid(uid)

if response && response['key']
u = { username: uid, patron_key: response['key'] }
u = { username: uid, patron_key: response['key'], privgroups: privgroups }
success!(u)
else
fail!('Could not log in')
Expand All @@ -44,6 +52,14 @@ def authenticate!
def uid
ENV['uid']
end

def privgroups
if ENV['privgroups'].present?
ENV['privgroups'].split(';')
else
Settings.auth.default_privgroups
end
end
end

Warden::Strategies.add(:library_id) do
Expand All @@ -55,7 +71,7 @@ def authenticate!
response = SymphonyClient.new.login(params['library_id'], params['pin'])

if response['patronKey']
u = { username: params['library_id'], patron_key: response['patronKey'] }
u = { username: params['library_id'], patron_key: response['patronKey'], privgroups: [] }
success!(u)
else
fail!('Could not log in')
Expand Down
14 changes: 13 additions & 1 deletion config/settings.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,16 @@ ACCESS_SERVICES_EMAIL: [email protected]
RECAPTCHA:
SITE_KEY: 6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy
SECRET_KEY: 6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx


auth:
default_privgroups: []
borrow_direct_privgroups:
- stanford:stanford
- stanford:academic
eresources_privgroups:
- stanford:stanford
- stanford:academic
- stanford:administrative
- organization:sumc
- sulair:proxy-access
- lane:proxy-access
3 changes: 3 additions & 0 deletions config/settings/development.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
auth:
default_privgroups:
- stanford:stanford
15 changes: 14 additions & 1 deletion spec/models/patron_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,15 @@
{
key: '1',
fields: fields
}.with_indifferent_access
}.with_indifferent_access,
mock_user
)
end

let(:mock_user) do
instance_double(User, has_borrow_direct_access?: true)
end

let(:fields) do
{
firstName: 'Student',
Expand Down Expand Up @@ -347,6 +352,14 @@
it 'includes requests that come from the BorrowDirectRequests class' do
expect(patron.requests.last[:key]).to be 2
end

context 'without borrow direct access' do
let(:mock_user) { instance_double(User, has_borrow_direct_access?: false) }

it 'excludes requests from BorrowDirect' do
expect(patron.requests).to have_attributes(length: 1).and(match([have_attributes(key: 1)]))
end
end
end
end

Expand Down
28 changes: 28 additions & 0 deletions spec/models/user_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,32 @@
expect(user).to be_shibboleth
end
end

describe '#has_borrow_direct_access?' do
context 'with a user in an appropriate privgroup' do
let(:user_attributes) { { username: 'sunetid', patron_key: '123', privgroups: ['stanford:stanford'] } }

it 'is has access' do
expect(user).to have_borrow_direct_access
end
end

it 'is has no access' do
expect(user).not_to have_borrow_direct_access
end
end

describe '#has_eresources_access?' do
context 'with a user in an appropriate privgroup' do
let(:user_attributes) { { username: 'sunetid', patron_key: '123', privgroups: ['stanford:stanford'] } }

it 'is has access' do
expect(user).to have_eresources_access
end
end

it 'is has no access' do
expect(user).not_to have_eresources_access
end
end
end
26 changes: 25 additions & 1 deletion spec/views/patron/_patron.html.erb_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,21 @@
**patron_options
)
end
let(:user) { instance_double(User, has_eresources_access?: true, privgroups: []) }

before do
controller.singleton_class.class_eval do
protected

def patron; end

helper_method :patron
def current_user; end

helper_method :patron, :current_user
end

allow(view).to receive(:patron).and_return(patron)
allow(view).to receive(:current_user).and_return(user)
end

describe 'Privileges expire' do
Expand All @@ -51,4 +55,24 @@ def patron; end
it { expect(rendered).to have_css('dt', text: 'Privileges expire') }
end
end

describe 'eresources access' do
before { render }

context 'when the user has access' do
it { expect(rendered).not_to have_css('dt', text: 'eResource access') }
end

context 'when the user is a proxy borrower' do
let(:patron_options) { { proxy_borrower?: true } }

it { expect(rendered).not_to have_css('dt', text: 'eResource access') }
end

context 'when the user has no access' do
let(:user) { instance_double(User, has_eresources_access?: false, privgroups: []) }

it { expect(rendered).to have_css('dt', text: 'eResource access') }
end
end
end
7 changes: 6 additions & 1 deletion spec/views/summaries/index.html.erb_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,22 @@
)
end

let(:user) { instance_double(User, has_eresources_access?: true, privgroups: []) }

before do
controller.singleton_class.class_eval do
protected

def patron_or_group; end

helper_method :patron_or_group
def current_user; end

helper_method :patron_or_group, :current_user
end

stub_template 'shared/_navigation.html.erb' => 'Navigation'
allow(view).to receive(:patron_or_group).and_return(patron)
allow(view).to receive(:current_user).and_return(user)
end

context 'when the patron is barred' do
Expand Down