-
Notifications
You must be signed in to change notification settings - Fork 41
Lesson Looking up Which Groups a User Belongs To
This Tutorial is known to work with hydra-head version 6.4.0.
Please update this wiki to reflect any other versions that have been tested.
- Use Hydra's RoleMapper to list a User's roles (aka. group memberships)
- Read the YAML files that the default RoleMapper uses to look up roles associated with a User ID
In the console, call RoleMapper.roles and pass in your email address as the argument. For example:
RoleMapper.roles("[email protected]")
[]The method returned an empty Array, meaning that your email address isn't associated with any roles.
From the command line in the project directory's root:
rails serverThen go to http://localhost:3000/ and:
- Click "Login"
- Click "Sign Up"
- Fill out the form with username "[email protected]" and an 8 character password.
- Click "Create"
Step: List the roles associated with [email protected]
Now pass "[email protected]" into RoleMapper.roles
RoleMapper.roles("[email protected]")
["archivist", "admin_policy_object_editor", "registered"]Why does RoleMapper return three roles for that email address? Because it's listed in the config files that the default RoleMapper loads role information from.
The Hydra RoleMapper is designed to be overridden. It provides the one spot in your code that has to be overridden in order to make your Hydra Head retrieve user role info from the source of your choice (ie. an LDAP server, Shibboleth, etc.). For cases where you have not (yet) overridden it, the default RoleMapper simply looks in YAML files in your application's config directory to figure out which users belong to which groups.
The location appears to have changed between hydra-head version 6.4.0 and hydra-head version 7.2.2.
For hydra-head version 6.4.0 open up config/role_map_development.yml. The contents should look like this
uva-only:
- uva-only
archivist:
- [email protected]
donor:
- [email protected]
researcher:
- [email protected]
patron:
- [email protected]
admin_policy_object_editor:
- [email protected]
There are also role_map YAML files for each of the other Rails environments (production, test, etc.), but since the rails console runs in the development environment by default role_map_development.yml is the one we want to look at.
As you can see, [email protected] is listed under two different groups/roles: "archivist" and "admin_policy_object_editor". That's why those two roles are returned when you call RoleMapper.roles("[email protected]"). The third role, "registered" is automatically included because it refers to all users who are logged into the application.
For hydra-head version 7.2.2 open up config/role_map.yml. The contents of this configuration file has separate sections for the development and test environments like this
development:
archivist:
- [email protected]
test:
archivist:
- [email protected]
- [email protected]
- [email protected]
admin_policy_object_editor:
- [email protected]
donor:
- [email protected]
- [email protected]
researcher:
- [email protected]
- [email protected]
patron:
- [email protected]
- [email protected]
You rarely need to call RoleMapper.roles directly. Instead, you will rely on methods in Hydra API that are using that method to figure out which groups a user is a member of. In the next few lessons, you will see examples of this group-membership-aware functionality.
Go on to Lesson - Gated Discovery - Filter search results based on permissions or return to the Access Controls with Hydra tutorial.