samvera
accessible_by is a monkey patch
Two monkey patches, actually:
ActiveFedora::QueryMethods.module_eval do
extend ActiveSupport::Concern
included do
include Hydra::AccessControlsEnforcement
end
def accessible_by(ability, action = :index)
permission_types = case action
when :index then [:discover, :read, :edit]
when :show, :read then [:read, :edit]
when :update, :edit, :create, :new, :destroy then [:edit]
end
filters = gated_discovery_filters(permission_types, ability).join(" OR ")
spawn.where!(filters)
end
end
ActiveFedora::Querying.module_eval do
delegate :accessible_by, :to=>:all
end
This is pretty poor form for code that is intended to enact security controls. We're reaching into AF:QueryMethods and declaring that its includers get an additional method with hardcoded permissions levels and Hydra::AccessControlsEnforcement.
The application of the monkey patches is not controlled by any invocation, and it is not avoidable or reversible.
The modules targeted:
- https://github.com/projecthydra/active_fedora/blob/master/lib/active_fedora/relation/query_methods.rb
- https://github.com/projecthydra/active_fedora/blob/master/lib/active_fedora/querying.rb
I think this was following the pattern put forward by cancan: https://github.com/CanCanCommunity/cancancan/blob/fbff9a114ccb76205b164c85a9b2f7d211e95171/lib/cancan/model_adapters/active_record_adapter.rb#L146-L148
I think this could be refactored to get rid of at least one of the monkey patches though, but I don't think this feature is something often used, because Fedora is slow, so we typically fulfill this use case by querying only Solr (and not Fedora)