Class: ArchivesSpaceService

Inherits:

Sinatra::Base

Object
Sinatra::Base
ArchivesSpaceService

show all

Includes:

AuthHelpers, ComponentTransfer::ResponseHelpers, CrudHelpers, Exceptions::ResponseMappings, ExportHelpers, RESTHelpers, RESTHelpers::ResponseHelpers, URIResolver

Defined in:

backend/app/main.rb,
backend/app/controllers/job.rb,
backend/app/controllers/term.rb,
backend/app/controllers/event.rb,
backend/app/controllers/group.rb,
backend/app/controllers/users.rb,
backend/app/controllers/search.rb,
backend/app/controllers/system.rb,
backend/app/controllers/exports.rb,
backend/app/controllers/reports.rb,
backend/app/controllers/subject.rb,
backend/app/controllers/version.rb,
backend/app/controllers/location.rb,
backend/app/controllers/resource.rb,
backend/app/controllers/accession.rb,
backend/app/controllers/container.rb,
backend/app/controllers/permission.rb,
backend/app/controllers/repository.rb,
backend/app/controllers/vocabulary.rb,
backend/app/controllers/enumeration.rb,
backend/app/controllers/external_id.rb,
backend/app/controllers/preferences.rb,
backend/app/controllers/suppression.rb,
backend/app/controllers/update_feed.rb,
backend/app/controllers/agent_family.rb,
backend/app/controllers/agent_person.rb,
backend/app/controllers/batch_import.rb,
backend/app/controllers/merge_request.rb,
backend/app/controllers/notifications.rb,
backend/app/controllers/rde_templates.rb,
backend/app/controllers/agent_software.rb,
backend/app/controllers/classification.rb,
backend/app/controllers/default_values.rb,
backend/app/controllers/delete_request.rb,
backend/app/controllers/digital_object.rb,
backend/app/controllers/update_monitor.rb,
backend/app/controllers/archival_object.rb,
backend/app/controllers/container_profile.rb,
backend/app/controllers/extent_calculator.rb,
backend/app/controllers/component_transfer.rb,
backend/app/controllers/classification_term.rb,
backend/app/controllers/repository_transfer.rb,
backend/app/controllers/id_lookup_controller.rb,
backend/app/controllers/agent_corporate_entity.rb,
backend/app/controllers/component_add_children.rb,
backend/app/controllers/digital_object_component.rb,
backend/app/lib/bootstrap_access_control.rb

Defined Under Namespace

Classes: RequestWrappingMiddleware

Constant Summary

BASE_SEARCH_PARAMS =

[["q", String, "A search query string",
:optional => true],
     ["aq", JSONModel(:advanced_query), "A json string containing the advanced query",
:optional => true],
     ["type",
[String],
"The record type to search (defaults to all types if not specified)",
:optional => true],
     ["sort",
String,
"The attribute to sort and the direction e.g. &sort=title desc&...",
:optional => true],
     ["facet",
[String],
"The list of the fields to produce facets for",
:optional => true],
     ["filter_term", [String], "A json string containing the term/value pairs to be applied as filters.  Of the form: {\"fieldname\": \"fieldvalue\"}.",
:optional => true],
     ["simple_filter", [String], "A simple direct filter to be applied as a filter. Of the form 'primary_type:accession OR primary_type:agent_person'.",
:optional => true],
["exclude",
[String],
"A list of document IDs that should be excluded from results",
:optional => true],
["hl",
BooleanParam,
"Whether to use highlighting",
:optional => true],
     ["root_record",
String,
"Search within a collection of records (defined by the record at the root of the tree)",
:optional => true]]

ALLOWED_PERMISSION_LEVELS =

["repository", "global", "all"]

Class Method Summary (collapse)

+ (Object) create_group(group_code, description, users_to_add, permissions)
+ (Object) create_hidden_system_user(username, name, password)
+ (Object) create_public_user
+ (Object) create_search_user
+ (Object) create_staff_user
+ (Object) create_system_user(username, name, password, hidden = false)
+ (Object) loaded_hook(&block)
+ (Object) set_up_base_permissions

Class Method Details

+ (`Object`) create_group(group_code, description, users_to_add, permissions)

# File 'backend/app/lib/bootstrap_access_control.rb', line 25

def self.create_group(group_code, description, users_to_add, permissions)
  global_repo = Repository[:repo_code => Repository.GLOBAL]

  RequestContext.open(:repo_id => global_repo.id) do
    if Group[:group_code => group_code].nil?
      created_group = Group.create_from_json(JSONModel(:group).from_hash(:group_code => group_code,
                                                                         :description => description),
                                             :is_system_user => 1)
      users_to_add.each do |user|
        created_group.add_user(User[:username => user])
      end

      permissions.each do |permission|
        created_group.grant(permission)
      end

      return true
    end
  end

  false
end

+ (`Object`) create_hidden_system_user(username, name, password)



20
21
22

# File 'backend/app/lib/bootstrap_access_control.rb', line 20

def self.create_hidden_system_user(username, name, password)
  self.create_system_user(username, name, password, true)
end

+ (`Object`) create_public_user

# File 'backend/app/lib/bootstrap_access_control.rb', line 276

def self.create_public_user
  self.create_hidden_system_user(User.PUBLIC_USERNAME, "Public Interface Anonymous", AppConfig[:search_user_secret])
  DBAuth.set_password(User.PUBLIC_USERNAME, AppConfig[:public_user_secret])
  self.create_group(Group.PUBLIC_GROUP_CODE, "Public Anonymous", [User.PUBLIC_USERNAME],
                    ["view_repository", "view_all_records"])
end

+ (`Object`) create_search_user

# File 'backend/app/lib/bootstrap_access_control.rb', line 268

def self.create_search_user
  self.create_hidden_system_user(User.SEARCH_USERNAME, "Search Indexer", AppConfig[:search_user_secret])
  DBAuth.set_password(User.SEARCH_USERNAME, AppConfig[:search_user_secret])
  self.create_group(Group.SEARCHINDEX_GROUP_CODE, "Search index", [User.SEARCH_USERNAME],
                    ["view_repository", "view_suppressed", "view_all_records", "index_system"])
end

+ (`Object`) create_staff_user

# File 'backend/app/lib/bootstrap_access_control.rb', line 284

def self.create_staff_user
  self.create_hidden_system_user(User.STAFF_USERNAME, "Staff System User", AppConfig[:search_user_secret])
  DBAuth.set_password(User.STAFF_USERNAME, AppConfig[:staff_user_secret])
  self.create_group(Group.STAFF_GROUP_CODE, "Staff System Group", [User.STAFF_USERNAME],
                    ["mediate_edits"])
end

+ (`Object`) create_system_user(username, name, password, hidden = false)

# File 'backend/app/lib/bootstrap_access_control.rb', line 3

def self.create_system_user(username, name, password, hidden = false)
  if User[:username => username].nil?
    User.create_from_json(JSONModel(:user).from_hash(:username => username,
                                                     :name => name),
                          {
                            :source => "local",
                            :is_system_user => 1
                          }.merge(hidden ? {:is_hidden_user => 1} : {}))
    DBAuth.set_password(username, password)

    return true
  end

  false
end

+ (`Object`) loaded_hook(&block)

# File 'backend/app/main.rb', line 47

def self.loaded_hook(&block)
  if @archivesspace_loaded
    block.call
  else
    @loaded_hooks << block
  end
end

+ (`Object`) set_up_base_permissions

# File 'backend/app/lib/bootstrap_access_control.rb', line 49

def self.set_up_base_permissions

  if not Repository[:repo_code => Repository.GLOBAL]
    Repository.create(:repo_code => Repository.GLOBAL,
                      :name => "Global repository",
                      :json_schema_version => JSONModel(:repository).schema_version,
                      :hidden => 1)
  end

  AgentSoftware.ensure_correctly_versioned_archivesspace_record


  # Create the admin user
  self.create_system_user(User.ADMIN_USERNAME, "Administrator", AppConfig[:default_admin_password])
  self.create_group(Group.ADMIN_GROUP_CODE, "Administrators", [User.ADMIN_USERNAME], [])


  ## Standard permissions
  Permission.define("system_config",
                    "The ability to manage system configuration options",
                    :level => "global")

  Permission.define("administer_system",
                    "The ability to act as a system administrator",
                    :level => "global")

  Permission.define("manage_users",
                    "The ability to manage user accounts while logged in",
                    :level => "global")

  Permission.define("become_user",
                    "The ability to masquerade as another user",
                    :level => "global")

  Permission.define("view_all_records",
                    "The ability to view any record in the system",
                    :level => "global",
                    :system => true)

  Permission.define("create_repository",
                    "The ability to create new repositories",
                    :level => "global")

  Permission.define("delete_repository",
                    "The ability to delete a repository",
                    :level => "global")

  Permission.define("transfer_repository",
                    "The ability to transfer the contents of a repository",
                    :level => "repository")

  Permission.define("index_system",
                    "The ability to read any record for indexing",
                    :level => "global",
                    :system => true)

  Permission.define("manage_repository",
                    "The ability to manage a given repository",
                    :level => "repository")

  Permission.define("update_accession_record",
                    "The ability to create and modify accessions records",
                    :level => "repository")

  Permission.define("update_resource_record",
                    "The ability to create and modify resources records",
                    :level => "repository")

  Permission.define("update_digital_object_record",
                    "The ability to create and modify digital objects records",
                    :level => "repository")

  Permission.define("update_event_record",
                    "The ability to create and modify event records",
                    :level => "repository")

  Permission.define("delete_event_record",
                    "The ability to delete event records",
                    :level => "repository")

  Permission.define("suppress_archival_record",
                    "The ability to suppress the major archival record types: accessions/resources/digital objects/components/collection management/events",
                    :level => "repository")

  Permission.define("transfer_archival_record",
                    "The ability to transfer records between different repositories",
                    :level => "repository")

  Permission.define("delete_archival_record",
                    "The ability to delete the major archival record types: accessions/resources/digital objects/components/collection management/events",
                    :level => "repository")

  Permission.define("view_suppressed",
                    "The ability to view suppressed records in a given repository",
                    :level => "repository")

  Permission.define("view_repository",
                    "The ability to view a given repository",
                    :level => "repository")

  Permission.define("update_classification_record",
                    "The ability to create and modify classification records",
                    :level => "repository")

  Permission.define("delete_classification_record",
                    "The ability to delete classification records",
                    :level => "repository")

  Permission.define("mediate_edits",
                    "Track concurrent updates to records",
                    :level => "global",
                    :system => true)

  Permission.define("import_records",
                    "The ability to initiate an importer job",
                    :level => "repository")

  Permission.define("cancel_importer_job",
                    "The ability to cancel a queued or running importer job",
                    :level => "repository")


  # Updates and deletes to locations, subjects and agents are a bit funny: they're
  # global objects, but users are granted permission to modify them by being
  # associated with a group within a repository.
  Permission.define("manage_subject_record",
                    "The ability to create, modify and delete a subject record",
                    :level => "repository")

  Permission.define("update_subject_record",
                    "The ability to create and modify subject records",
                    :implied_by => 'manage_subject_record',
                    :level => "global")

  Permission.define("manage_agent_record",
                    "The ability to create, modify and delete an agent record",
                    :level => "repository")

  Permission.define("update_agent_record",
                    "The ability to create and modify agent records",
                    :implied_by => 'manage_agent_record',
                    :level => "global")

  Permission.define("manage_vocabulary_record",
                    "The ability to create, modify and delete a vocabulary record",
                    :level => "repository")

  Permission.define("update_vocabulary_record",
                    "The ability to create and modify vocabulary records",
                    :implied_by => 'manage_vocabulary_record',
                    :level => "global")

  Permission.define("update_location_record",
                    "The ability to create and modify location records",
                    :implied_by => 'manage_repository',
                    :level => "global")

  Permission.define("delete_agent_record",
                    "The ability to delete agent records",
                    :implied_by => 'manage_agent_record',
                    :level => "global")

  Permission.define("delete_subject_record",
                    "The ability to delete subject records",
                    :implied_by => 'manage_subject_record',
                    :level => "global")

  Permission.define("delete_vocabulary_record",
                    "The ability to delete vocabulary records",
                    :implied_by => 'delete_archival_record',
                    :level => "global")


  # Merge permissions are special too.  A user with merge_agents_and_subjects
  # in any repository is granted merge_agent_record and merge_subject_record
  Permission.define("merge_agents_and_subjects",
                    "The ability to merge agent/subject records",
                    :level => "repository")


  Permission.define("merge_subject_record",
                    "The ability to merge subject records",
                    :implied_by => 'merge_agents_and_subjects',
                    :level => "global")

  Permission.define("merge_agent_record",
                    "The ability to merge agent records",
                    :implied_by => 'merge_agents_and_subjects',
                    :level => "global")

  Permission.define("merge_archival_record",
                    "The ability to merge archival records records",
                    :level => "repository")


  Permission.define("manage_rde_templates",
                    "The ability to create and delete RDE templates",
                    :level => "repository")

  Permission.define("update_container_record",
                "The ability to create and update container records",
                :level => "repository")

  Permission.define("manage_container_record",
                "The ability to delete and bulk update container records",
                :level => "repository")

  Permission.define("manage_container_profile_record",
                "The ability to create, modify and delete a container profile record",
                :level => "repository")

  Permission.define("update_container_profile_record",
                "The ability to create/update/delete container profile records",
                :implied_by => 'manage_container_profile_record',
                :level => "global")

end

Instance Method Details

- (`Object`) check_permissions(params)

# File 'backend/app/controllers/preferences.rb', line 101

def check_permissions(params)
  if (params.has_key?(:preference))
    user_id = params[:preference]['user_id']
    repo_id = params[:preference]['repo_id']
  else
    user_id = Preference[params[:id]].user_id
    repo_id = params[:repo_id]
  end

  # trying to edit global prefs
  if user_id.nil? &&
      repo_id == Repository.global_repo_id &&
      !current_user.can?(:administer_system)
    raise AccessDeniedException.new
  end

  # trying to edit repo prefs
  if user_id.nil? &&
      !current_user.can?(:manage_repository)
    raise AccessDeniedException.new
  end

  # trying to edit user prefs
  if user_id && user_id != current_user.id
    raise AccessDeniedException.new
  end
end

- (`Object`) current_user



232
233
234

# File 'backend/app/main.rb', line 232

def current_user
  env[:aspace_user]
end

- (`Boolean`) high_priority_request?

Returns:

(Boolean)



237
238
239

# File 'backend/app/main.rb', line 237

def high_priority_request?
  env["HTTP_X_ARCHIVESSPACE_PRIORITY"] && (env["HTTP_X_ARCHIVESSPACE_PRIORITY"].downcase == "high")
end

- (`Object`) session



227
228
229

# File 'backend/app/main.rb', line 227

def session
  env[:aspace_session]
end

Class: ArchivesSpaceService

Defined Under Namespace

Constant Summary

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from ComponentTransfer::ResponseHelpers

Methods included from ExportHelpers

Methods included from AuthHelpers

Methods included from Exceptions::ResponseMappings

Methods included from RESTHelpers::ResponseHelpers

Methods included from CrudHelpers

Methods included from RESTHelpers

Methods included from JSONModel

Methods included from URIResolver

Class Method Details

+ (Object) create_group(group_code, description, users_to_add, permissions)

+ (Object) create_hidden_system_user(username, name, password)

+ (Object) create_public_user

+ (Object) create_search_user

+ (Object) create_staff_user

+ (Object) create_system_user(username, name, password, hidden = false)

+ (Object) loaded_hook(&block)

+ (Object) set_up_base_permissions