class Blacklight::AccessControls::SearchBuilder
SearchBuilder
that restricts access via Solr.
Note: solr_access_filters_logic is an Array of Symbols. It sets defaults. Each symbol identifies a method that must be in this class, taking two parameters (permission_types
, ability). Can be changed in local apps or by plugins, e.g.:
Blacklight::AccessControls::SearchBuilder.solr_access_filters_logic += [:new_method] Blacklight::AccessControls::SearchBuilder.solr_access_filters_logic.delete(:we_dont_want)
Attributes
Public Class Methods
@param scope [Object] typically the controller instance @param ability [Ability] the current user ability @param permission_types
[Array<String>] Which permission levels (logical OR) will grant you the ability to discover documents in a search.
# File lib/blacklight/access_controls/search_builder.rb, line 23 def initialize(scope, ability:, permission_types: default_permission_types) if self.class.included_modules.include? Blacklight::AccessControls::Enforcement raise 'You may not use Blacklight::AccessControls::SearchBuilder and ' \ 'include Blacklight::AccessControls::Enforcement on SearchBuilder at the same time' end super(scope) @ability = ability @permission_types = permission_types end
Public Instance Methods
# File lib/blacklight/access_controls/search_builder.rb, line 35 def default_permission_types %w[discover read] end
Private Instance Methods
Controller before_filter that sets up access-controlled lucene query to provide gated discovery behavior. Set solr_parameters to enforce appropriate permissions. @param [Hash{Object}] solr_parameters the current solr parameters, to be modified herein! @note Applies a lucene filter query to the solr :fq parameter for gated discovery.
# File lib/blacklight/access_controls/search_builder.rb, line 53 def apply_gated_discovery(solr_parameters) solr_parameters[:fq] ||= [] solr_parameters[:fq] << gated_discovery_filters.reject(&:blank?).join(' OR ') Rails.logger.debug("Solr parameters: #{solr_parameters.inspect}") end
For groups @return [Array{String}] values are lucence syntax term queries suitable for :fq @example
[ "({!terms f=discover_access_group_ssim}public,faculty,africana-faculty,registered)", "({!terms f=read_access_group_ssim}public,faculty,africana-faculty,registered)" ]
# File lib/blacklight/access_controls/search_builder.rb, line 64 def apply_group_permissions groups = ability.user_groups return [] if groups.empty? permission_types.map do |type| field = solr_field_for(type, 'group') "({!terms f=#{field}}#{groups.join(',')})" # parens required to properly OR the clauses together. end end
For individual user access @return [Array{String}] values are lucence syntax term queries suitable for :fq @example ['discover_access_person_ssim:user_1@abc.com', 'read_access_person_ssim:user_1@abc.com']
# File lib/blacklight/access_controls/search_builder.rb, line 76 def apply_user_permissions user = ability.current_user return [] unless user && user.user_key.present? permission_types.map do |type| escape_filter(solr_field_for(type, 'user'), user.user_key) end end
# File lib/blacklight/access_controls/search_builder.rb, line 93 def escape_filter(key, value) [key, escape_value(value)].join(':') end
# File lib/blacklight/access_controls/search_builder.rb, line 97 def escape_value(value) RSolr.solr_escape(value).gsub(/ /, '\ ') end
Grant access based on user id & group @return [Array{Array{String}}]
# File lib/blacklight/access_controls/search_builder.rb, line 43 def gated_discovery_filters solr_access_filters_logic.map { |method| send(method).reject(&:blank?) }.reject(&:empty?) end
@param [#to_s] permission_type a single value, e.g. “read” or “discover” @param [#to_s] permission_category a single value, e.g. “group” or “person” @return [String] name of the solr field for this type of permission @example return values: “read_access_group_ssim” or “discover_access_person_ssim”
# File lib/blacklight/access_controls/search_builder.rb, line 88 def solr_field_for(permission_type, permission_category) method_name = "#{permission_type}_#{permission_category}_field".to_sym Blacklight::AccessControls.config.send(method_name) end