class Blacklight::AccessControls::SearchBuilder

SearchBuilder that restricts access via Solr.

Note: solr_access_filters_logic is an Array of Symbols. It sets defaults. Each symbol identifies a method that must be in this class, taking two parameters (permission_types, ability). Can be changed in local apps or by plugins, e.g.:

Blacklight::AccessControls::SearchBuilder.solr_access_filters_logic += [:new_method]
Blacklight::AccessControls::SearchBuilder.solr_access_filters_logic.delete(:we_dont_want)

Attributes

ability[R]
permission_types[R]

Public Class Methods

new(scope, ability:, permission_types: default_permission_types) click to toggle source

@param scope [Object] typically the controller instance @param ability [Ability] the current user ability @param permission_types [Array<String>] Which permission levels (logical OR) will grant you the ability to discover documents in a search.

Calls superclass method
# File lib/blacklight/access_controls/search_builder.rb, line 23
def initialize(scope, ability:, permission_types: default_permission_types)
  if self.class.included_modules.include? Blacklight::AccessControls::Enforcement
    raise 'You may not use Blacklight::AccessControls::SearchBuilder and ' \
          'include Blacklight::AccessControls::Enforcement on SearchBuilder at the same time'
  end
  super(scope)
  @ability = ability
  @permission_types = permission_types
end

Public Instance Methods

default_permission_types() click to toggle source
# File lib/blacklight/access_controls/search_builder.rb, line 35
def default_permission_types
  %w[discover read]
end

Private Instance Methods

apply_gated_discovery(solr_parameters) click to toggle source

Controller before_filter that sets up access-controlled lucene query to provide gated discovery behavior. Set solr_parameters to enforce appropriate permissions. @param [Hash{Object}] solr_parameters the current solr parameters, to be modified herein! @note Applies a lucene filter query to the solr :fq parameter for gated discovery.

# File lib/blacklight/access_controls/search_builder.rb, line 53
def apply_gated_discovery(solr_parameters)
  solr_parameters[:fq] ||= []
  solr_parameters[:fq] << gated_discovery_filters.reject(&:blank?).join(' OR ')
  Rails.logger.debug("Solr parameters: #{solr_parameters.inspect}")
end
apply_group_permissions() click to toggle source

For groups @return [Array{String}] values are lucence syntax term queries suitable for :fq @example

[ "({!terms f=discover_access_group_ssim}public,faculty,africana-faculty,registered)",
  "({!terms f=read_access_group_ssim}public,faculty,africana-faculty,registered)" ]
# File lib/blacklight/access_controls/search_builder.rb, line 64
def apply_group_permissions
  groups = ability.user_groups
  return [] if groups.empty?
  permission_types.map do |type|
    field = solr_field_for(type, 'group')
    "({!terms f=#{field}}#{groups.join(',')})" # parens required to properly OR the clauses together.
  end
end
apply_user_permissions() click to toggle source

For individual user access @return [Array{String}] values are lucence syntax term queries suitable for :fq @example ['discover_access_person_ssim:user_1@abc.com', 'read_access_person_ssim:user_1@abc.com']

# File lib/blacklight/access_controls/search_builder.rb, line 76
def apply_user_permissions
  user = ability.current_user
  return [] unless user && user.user_key.present?
  permission_types.map do |type|
    escape_filter(solr_field_for(type, 'user'), user.user_key)
  end
end
escape_filter(key, value) click to toggle source
# File lib/blacklight/access_controls/search_builder.rb, line 93
def escape_filter(key, value)
  [key, escape_value(value)].join(':')
end
escape_value(value) click to toggle source
# File lib/blacklight/access_controls/search_builder.rb, line 97
def escape_value(value)
  RSolr.solr_escape(value).gsub(/ /, '\ ')
end
gated_discovery_filters() click to toggle source

Grant access based on user id & group @return [Array{Array{String}}]

# File lib/blacklight/access_controls/search_builder.rb, line 43
def gated_discovery_filters
  solr_access_filters_logic.map { |method| send(method).reject(&:blank?) }.reject(&:empty?)
end
solr_field_for(permission_type, permission_category) click to toggle source

@param [#to_s] permission_type a single value, e.g. “read” or “discover” @param [#to_s] permission_category a single value, e.g. “group” or “person” @return [String] name of the solr field for this type of permission @example return values: “read_access_group_ssim” or “discover_access_person_ssim”

# File lib/blacklight/access_controls/search_builder.rb, line 88
def solr_field_for(permission_type, permission_category)
  method_name = "#{permission_type}_#{permission_category}_field".to_sym
  Blacklight::AccessControls.config.send(method_name)
end