-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* HYC-1694 add override for dropdown view file * HYC-1694 try to find work * HYC-1694 add override to get related work * HYC-1694 add method to filesets presenter override * HYC-1694 delete unnecessary override * HYC-1694 find work the old way * HYC-1694 fix fileset permissions with overrides * HYC-1694 define work in the view * HYC-1694 trying restriction in another way * HYC-1694 move controller code to override class eval syntax * HYC-1694 try same logic in this partial * HYC-1694 only admins may delete filesets * HYC-1694 updating logic * HYC-1694 updating base file for override to 3.6 * HYC-1694 add view tests * HYC-1694 fix tests * HYC-1694 rubocop * HYC-1694 add test * HYC-1694 fix up tests * HYC-1694 stub virus checker * HYC-1694 fix GH tests * HYC-1694 move allow statement around --------- Co-authored-by: Sharon Luong <snluong@email.lib.unc.edu>
- Loading branch information
1 parent
be9cf57
commit 615cbb3
Showing
6 changed files
with
258 additions
and
0 deletions.
There are no files selected for viewing
13 changes: 13 additions & 0 deletions
13
app/overrides/controllers/hyrax/file_sets_controller_override.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# frozen_string_literal: true | ||
# https://github.com/samvera/hyrax/blob/3.5/app/controllers/hyrax/file_sets_controller.rb | ||
|
||
Hyrax::FileSetsController.class_eval do | ||
# [hyc-override] Only allow deletions by admins | ||
before_action :ensure_admin!, only: :destroy | ||
|
||
private | ||
|
||
def ensure_admin! | ||
authorize! :read, :admin_dashboard | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
<%# [hyc-override] Overriding to see if user can delete the work, to be able to delete the fileset %> | ||
<%# https://github.com/samvera/hyrax/blob/hyrax-v3.6.0/app/views/hyrax/file_sets/_actions.html.erb %> | ||
<% if (can?(:download, file_set.id) || can?(:destroy, file_set.id) || can?(:edit, file_set.id)) && !workflow_restriction?(@parent) %> | ||
<% if can?(:download, file_set.id) && !(can?(:edit, file_set.id) || can?(:destroy, file_set.id)) %> | ||
<%= link_to t('.download'), | ||
hyrax.download_path(file_set), | ||
class: 'btn btn-default btn-sm', | ||
title: t('.download_title', file_set: file_set), | ||
target: "_blank", | ||
id: "file_download", | ||
data: { label: file_set.id, work_id: @presenter.id, collection_ids: @presenter.member_of_collection_ids } %> | ||
<% else %> | ||
<div class="btn-group"> | ||
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown" type="button" id="dropdownMenu_<%= file_set.id %>" aria-haspopup="true" aria-expanded="false"> | ||
<span class="sr-only"><%= t('.press_to') %> </span> | ||
<%= t('.header') %> | ||
<span class="caret" aria-hidden="true"></span> | ||
</button> | ||
|
||
<ul role="menu" class="dropdown-menu dropdown-menu-right" aria-labelledby="dropdownMenu_<%= file_set.id %>"> | ||
<% if can?(:edit, file_set.id) %> | ||
<li role="menuitem" tabindex="-1"> | ||
<%= link_to t('.edit'), edit_polymorphic_path([main_app, file_set]), | ||
{ title: t('.edit_title', file_set: file_set) } %> | ||
</li> | ||
|
||
<li role="menuitem" tabindex="-1"> | ||
<%= link_to t('.versions'), edit_polymorphic_path([main_app, file_set], anchor: 'versioning_display'), | ||
{ title: t('.versions_title') } %> | ||
</li> | ||
<% end %> | ||
<%# [hyc-override] only admins may delete filesets %> | ||
<% if current_ability.admin? %> | ||
<li role="menuitem" tabindex="-1"> | ||
<%= link_to t('.delete'), polymorphic_path([main_app, file_set]), | ||
method: :delete, title: t('.delete_title', file_set: file_set), | ||
data: { confirm: t('.delete_confirm', file_set: file_set, application_name: application_name) } %> | ||
</li> | ||
<% end %> | ||
<% if can?(:download, file_set.id) %> | ||
<li role="menuitem" tabindex="-1"> | ||
<%= link_to t('.download'), | ||
hyrax.download_path(file_set), | ||
title: t('.download_title', file_set: file_set), | ||
target: "_blank", | ||
id: "file_download", | ||
class: "download", | ||
data: { label: file_set.id, work_id: @presenter.id, collection_ids: @presenter.member_of_collection_ids } %> | ||
</li> | ||
<% end %> | ||
|
||
</ul> | ||
</div> | ||
<% end %> | ||
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<%# [hyc-override] Overriding to make only admins able to delete a fileset %> | ||
<%# https://github.com/samvera/hyrax/blob/hyrax-v3.6.0/app/views/hyrax/file_sets/_show_actions.html.erb %> | ||
<div class="form-actions"> | ||
<% if Hyrax.config.analytics? && Hyrax.config.analytics_provider != 'ga4' %> | ||
<%# turbolinks needs to be turned off or the page will use the cache and the %> | ||
<%# analytics graph will not show unless the page is refreshed. %> | ||
<%= link_to t('.analytics'), @presenter.stats_path, id: 'stats', class: 'btn btn-default', data: { turbolinks: false } %> | ||
<% end %> | ||
<% if @presenter.editor? && !workflow_restriction?(@presenter) %> | ||
<%= link_to t(".edit_this", type: @presenter.human_readable_type), edit_polymorphic_path([main_app, @presenter]), | ||
class: 'btn btn-default' %> | ||
<%# [hyc-override] only admins may delete the fileset %> | ||
<% if current_ability.admin? %> | ||
<%= link_to t(".delete_this", type: @presenter.human_readable_type), [main_app, @presenter], | ||
class: 'btn btn-danger', data: { confirm: t(".confirm_delete_this", type: @presenter.human_readable_type) }, | ||
method: :delete %> | ||
<% end %> | ||
<% end %> | ||
<%= render 'social_media' %> | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# frozen_string_literal: true | ||
require 'rails_helper' | ||
require Rails.root.join('app/overrides/controllers/hyrax/file_sets_controller_override.rb') | ||
|
||
RSpec.describe Hyrax::FileSetsController do | ||
let(:user) { FactoryBot.create(:user) } | ||
let(:admin_user) { FactoryBot.create(:admin) } | ||
routes { Rails.application.routes } | ||
|
||
describe '#destroy' do | ||
let(:file_set) { FactoryBot.create(:file_set, :public, :with_original_file, user: user) } | ||
let(:work) { FactoryBot.create(:work, title: ['test title'], user: user) } | ||
|
||
before do | ||
allow(Hyrax::VirusCheckerService).to receive(:file_has_virus?) { false } | ||
work.ordered_members << file_set | ||
work.save! | ||
end | ||
|
||
context 'as a non-admin' do | ||
before do | ||
sign_in user | ||
end | ||
|
||
it 'is not successful' do | ||
delete :destroy, params: { id: file_set } | ||
expect(response).to redirect_to '/?locale=en' | ||
expect(flash[:alert]).to eq 'You are not authorized to access this page.' | ||
expect(response.status).to eq 302 | ||
end | ||
end | ||
|
||
context 'as an admin' do | ||
before do | ||
file_set | ||
sign_in admin_user | ||
expect(controller).to receive(:guard_for_workflow_restriction_on!).and_return(true) | ||
end | ||
|
||
it 'is successful' do | ||
expect { delete :destroy, params: { id: file_set } } | ||
.to change { FileSet.exists?(file_set.id) } | ||
.from(true) | ||
.to(false) | ||
expect(response).to redirect_to '/concern/generals/' + work.id + '?locale=en' | ||
expect(flash[:notice]).to eq 'The file has been deleted.' | ||
expect(response.status).to eq 302 | ||
end | ||
end | ||
|
||
context 'as an unauthenticated user' do | ||
it 'is not successful' do | ||
delete :destroy, params: { id: file_set } | ||
expect(response.status).to redirect_to '/users/sign_in' | ||
expect(flash[:alert]).to eq 'You need to sign in or sign up before continuing.' | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
# frozen_string_literal: true | ||
# [hyc-override] only admins may see delete option in fileset action dropdown | ||
require 'rails_helper' | ||
|
||
RSpec.describe 'hyrax/file_sets/_actions.html.erb', type: :view do | ||
let(:solr_document) { double('Solr Doc', id: 'file_set_id') } | ||
let(:file_set_model) { FactoryBot.create(:file_set) } | ||
let(:user) { FactoryBot.create(:user) } | ||
let(:ability) { Ability.new(user) } | ||
let(:file_set) { Hyrax::FileSetPresenter.new(solr_document, ability) } | ||
let(:work_solr_document) do | ||
SolrDocument.new(id: '900', title_tesim: ['My Title']) | ||
end | ||
let(:parent_presenter) { Hyrax::WorkShowPresenter.new(work_solr_document, ability) } | ||
|
||
before do | ||
allow(controller).to receive(:current_ability).and_return(ability) | ||
allow(file_set).to receive(:parent).and_return(:parent) | ||
allow(file_set).to receive(:id).and_return('fake') | ||
assign(:presenter, parent_presenter) | ||
allow(view).to receive(:workflow_restriction?).and_return(false) | ||
allow(view).to receive(:can?).with(:edit, file_set.id).and_return(true) | ||
allow(view).to receive(:can?).with(:destroy, file_set.id).and_return(true) | ||
allow(view).to receive(:can?).with(:download, file_set.id).and_return(true) | ||
allow(solr_document).to receive(:to_model).and_return(file_set_model) | ||
end | ||
|
||
context 'as an admin' do | ||
before do | ||
allow(ability).to receive(:admin?).and_return(true) | ||
render 'hyrax/file_sets/actions', file_set: file_set | ||
end | ||
|
||
it 'shows delete action in dropdown' do | ||
expect(rendered).to have_link('Delete') | ||
end | ||
end | ||
|
||
context 'as a regular user' do | ||
before do | ||
allow(ability).to receive(:admin?).and_return(false) | ||
render 'hyrax/file_sets/actions', file_set: file_set | ||
end | ||
|
||
it 'does not show delete action in dropdown' do | ||
expect(rendered).not_to have_link('Delete') | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# frozen_string_literal: true | ||
# [hyc-override] only admins may view delete filesets button | ||
require 'rails_helper' | ||
|
||
RSpec.describe 'hyrax/file_sets/_show_actions.html.erb', type: :view do | ||
let(:user) { FactoryBot.create(:user) } | ||
let(:object_profile) { ["{'id':'999'}"] } | ||
let(:contributor) { ['Frodo'] } | ||
let(:creator) { ['Bilbo'] } | ||
let(:solr_document) do | ||
SolrDocument.new( | ||
id: '999', | ||
object_profile_ssm: object_profile, | ||
has_model_ssim: ['FileSet'], | ||
human_readable_type_tesim: ['File'], | ||
contributor_tesim: contributor, | ||
creator_tesim: creator, | ||
rights_tesim: ['http://creativecommons.org/licenses/by/3.0/us/'] | ||
) | ||
end | ||
let(:decorated_solr_document) { Hyrax::SolrDocument::OrderedMembers.decorate(solr_document) } | ||
let(:ability) { Ability.new(user) } | ||
let(:presenter) do | ||
Hyrax::WorkShowPresenter.new(solr_document, ability) | ||
end | ||
let(:page) { Capybara::Node::Simple.new(rendered) } | ||
|
||
before do | ||
allow(controller).to receive(:current_ability).and_return(ability) | ||
allow(presenter).to receive(:editor?).and_return(true) | ||
allow(view).to receive(:workflow_restriction?).and_return(false) | ||
assign(:presenter, presenter) | ||
end | ||
|
||
context 'as an admin' do | ||
before do | ||
allow(ability).to receive(:admin?).and_return(true) | ||
view.lookup_context.view_paths.push 'app/views/hyrax/base' | ||
render | ||
end | ||
|
||
it 'shows delete button' do | ||
expect(page).to have_link('Delete This File') | ||
end | ||
end | ||
|
||
context 'as a regular user' do | ||
before do | ||
allow(ability).to receive(:admin?).and_return(false) | ||
view.lookup_context.view_paths.push 'app/views/hyrax/base' | ||
render | ||
end | ||
|
||
it 'does not show delete button' do | ||
expect(page).not_to have_link('Delete This File') | ||
end | ||
end | ||
end |