From bc9fe8b7b24b0bc856bfc70c2ed72762c0ad0891 Mon Sep 17 00:00:00 2001
From: Ben Pennell <bbpennel@email.unc.edu>
Date: Tue, 7 Nov 2023 18:07:01 -0500
Subject: [PATCH 1/3] Share ftp folders between sidekiq and web in docker

---
 docker-compose.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index c25e00110..623358a96 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,6 +20,7 @@ services:
       - mount-gems:/hyc-gems
       - fcrepo_data:/opt/fedora/
       - hyrax_data:/opt/hyrax
+      - ftp_data:/opt/data/ftp
     stdin_open: true
     tty: true
     networks:
@@ -44,6 +45,7 @@ services:
       - mount-gems:/hyc-gems
       - fcrepo_data:/opt/fedora/
       - hyrax_data:/opt/hyrax
+      - ftp_data:/opt/data/ftp
     networks:
       - hycdev
   clamav:
@@ -113,6 +115,7 @@ volumes:
   fcrepo_data:
   redis_data:
   hyrax_data:
+  ftp_data:
 
 networks:
   hycdev:

From 9b83acbc25a1d96faeaceb790dfe7aca301edbf3 Mon Sep 17 00:00:00 2001
From: Ben Pennell <bbpennel@email.unc.edu>
Date: Tue, 7 Nov 2023 18:08:09 -0500
Subject: [PATCH 2/3] Assign group permissions to proquest files and add test
 to verify

---
 app/services/tasks/proquest_ingest_service.rb |  4 +--
 .../tasks/proquest_ingest_service_spec.rb     | 30 +++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/app/services/tasks/proquest_ingest_service.rb b/app/services/tasks/proquest_ingest_service.rb
index b223a6d18..11b3a220e 100644
--- a/app/services/tasks/proquest_ingest_service.rb
+++ b/app/services/tasks/proquest_ingest_service.rb
@@ -95,6 +95,7 @@ def process_package(package_path)
           file_set = ingest_proquest_file(parent: resource,
                                           resource: metadata.merge({ title: [f] }),
                                           f: file_path)
+          file_set.update permissions_attributes: group_permissions
           ordered_members << file_set if file_set
         end
       end
@@ -106,8 +107,7 @@ def process_package(package_path)
 
       # Force visibility to private since it seems to be saving as public
       fileset.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
-      fileset.permissions_attributes = group_permissions
-      fileset.save
+      fileset.update permissions_attributes: group_permissions
 
       resource.ordered_members << fileset
 
diff --git a/spec/services/tasks/proquest_ingest_service_spec.rb b/spec/services/tasks/proquest_ingest_service_spec.rb
index 4d3f97266..4bd9d02a5 100644
--- a/spec/services/tasks/proquest_ingest_service_spec.rb
+++ b/spec/services/tasks/proquest_ingest_service_spec.rb
@@ -136,8 +136,22 @@
   # most processing functionality is tested in process_all_packages
   # this test is to make sure only selected packages are processed
   describe '#process_packages' do
+    let(:manager) do
+      FactoryBot.create(:user, email: 'manager@example.com', guest: false, uid: 'manager')
+    end
+    let(:manager_agent) { Sipity::Agent.where(proxy_for_id: 'dissertation_manager', proxy_for_type: 'Hyrax::Group').first_or_create }
+
     before do
       Dissertation.delete_all
+
+      Hyrax::PermissionTemplateAccess.create(permission_template: permission_template,
+                                             agent_type: 'group',
+                                             agent_id: 'dissertation_manager',
+                                             access: 'manage')
+      Hyrax::Workflow::PermissionGenerator.call(roles: 'managing', workflow: workflow, agents: manager_agent)
+      manager_role = Role.where(name: 'dissertation_manager').first_or_create
+      manager_role.users << manager
+      manager_role.save
     end
 
     let(:filepath_array) { ['spec/fixtures/proquest/proquest-attach0.zip'] }
@@ -152,6 +166,22 @@
       expect(package1['status']).to eq 'Complete'
       expect(package1['status_timestamp']).to_not be_nil
       expect(package1['error']).to be_nil
+
+      # Dissertation and both of its files should have the manager role assigned to it
+      dissertation = Dissertation.first
+      expect_to_have_manager_permission(dissertation)
+
+      diss_file_sets = dissertation.file_sets
+      expect(diss_file_sets.length).to eq 2
+      expect_to_have_manager_permission(diss_file_sets[0])
+      expect_to_have_manager_permission(diss_file_sets[1])
+      expect(diss_file_sets[1].visibility).to eq Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PRIVATE
+    end
+
+    def expect_to_have_manager_permission(item)
+      perm = item.permissions.first
+      expect(perm.agent.first.id).to eq 'http://projecthydra.org/ns/auth/group#dissertation_manager'
+      expect(perm.mode.first.id).to eq 'http://www.w3.org/ns/auth/acl#Write'
     end
   end
 

From 344cd250183dc2c74ac6f34fe9a0c9110c4df660 Mon Sep 17 00:00:00 2001
From: Ben Pennell <bbpennel@email.unc.edu>
Date: Tue, 7 Nov 2023 19:15:30 -0500
Subject: [PATCH 3/3] Add group permissions to sage articles when ingested

---
 .../tasks/sage_new_article_ingester.rb        | 14 ++++++-
 .../tasks/sage_ingest_service_spec.rb         | 38 +++++++++++++++++++
 2 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/app/services/tasks/sage_new_article_ingester.rb b/app/services/tasks/sage_new_article_ingester.rb
index 74398c7ea..179dd8571 100644
--- a/app/services/tasks/sage_new_article_ingester.rb
+++ b/app/services/tasks/sage_new_article_ingester.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 module Tasks
+  require 'tasks/migration_helper'
+
   class SageNewArticleIngester < SageBaseArticleIngester
     attr_accessor :admin_set
 
@@ -11,9 +13,12 @@ def process_package
       # Add PDF file to Article (including FileSets)
       pdf_path = pdf_file_path
 
-      attach_pdf_to_work(art_with_meta, pdf_path)
+      pdf_file = attach_pdf_to_work(art_with_meta, pdf_path)
+      pdf_file.update permissions_attributes: group_permissions
+
       # Add xml metadata file to Article
-      attach_xml_to_work(art_with_meta, @jats_ingest_work.xml_path)
+      xml_file = attach_xml_to_work(art_with_meta, @jats_ingest_work.xml_path)
+      xml_file.update permissions_attributes: group_permissions
       art_with_meta.id
     end
 
@@ -37,9 +42,14 @@ def article_with_metadata
       art.admin_set = @admin_set
       populate_article_metadata(art)
       art.visibility = Hydra::AccessControls::AccessRight::VISIBILITY_TEXT_VALUE_PUBLIC
+      art.permissions_attributes = group_permissions
       art.save!
       # return the Article object
       art
     end
+
+    def group_permissions
+      @group_permissions ||= MigrationHelper.get_permissions_attributes(@admin_set.id)
+    end
   end
 end
diff --git a/spec/services/tasks/sage_ingest_service_spec.rb b/spec/services/tasks/sage_ingest_service_spec.rb
index 5ecdf00fb..bc20ef838 100644
--- a/spec/services/tasks/sage_ingest_service_spec.rb
+++ b/spec/services/tasks/sage_ingest_service_spec.rb
@@ -88,8 +88,26 @@
       let(:updated_creator) { 'Nakayama, Don K.' }
 
       context 'revision with no existing work' do
+        let(:manager) do
+          FactoryBot.create(:user, email: 'manager@example.com', guest: false, uid: 'manager')
+        end
+        let(:manager_agent) { Sipity::Agent.where(proxy_for_id: 'oa_manager', proxy_for_type: 'Hyrax::Group').first_or_create }
+
         let(:package_name) { 'ASU_2022_88_10_10.1177_00031348221074228.r2022-12-22.zip' }
 
+        before do
+          Article.delete_all
+
+          Hyrax::PermissionTemplateAccess.create(permission_template: permission_template,
+                                             agent_type: 'group',
+                                             agent_id: 'oa_manager',
+                                             access: 'manage')
+          Hyrax::Workflow::PermissionGenerator.call(roles: 'managing', workflow: workflow, agents: manager_agent)
+          manager_role = Role.where(name: 'oa_manager').first_or_create
+          manager_role.users << manager
+          manager_role.save
+        end
+
         it 'creates the work as if it were new' do
           work_id = nil
           expect { work_id = service.process_package("spec/fixtures/sage/revisions/both_changed/#{package_name}") }
@@ -101,6 +119,26 @@
           expect(status['status']).to eq 'In Progress'
           expect(status['error'][0]['message']).to eq "Package #{package_name} indicates that it is a revision, but no existing work with DOI https://doi.org/10.1177/00031348221074228 was found. Creating a new work instead."
           expect(status['error'][0]['trace']).to be_nil
+
+          article = Article.first
+          expect_to_have_manager_permission(article)
+          expect_to_have_public_permission(article)
+
+          article_file_sets = article.file_sets
+          expect(article_file_sets.length).to eq 2
+          expect_to_have_manager_permission(article_file_sets[0])
+          expect_to_have_public_permission(article_file_sets[0])
+          expect_to_have_manager_permission(article_file_sets[1])
+        end
+
+        def expect_to_have_manager_permission(item)
+          manager_perm = item.permissions.to_a.find { |perm| perm.agent.first.id == 'http://projecthydra.org/ns/auth/group#oa_manager' }
+          expect(manager_perm.mode.first.id).to eq 'http://www.w3.org/ns/auth/acl#Write'
+        end
+
+        def expect_to_have_public_permission(item)
+          pub_perm = item.permissions.to_a.find { |perm| perm.agent.first.id == 'http://projecthydra.org/ns/auth/group#public' }
+          expect(pub_perm.mode.first.id).to eq 'http://www.w3.org/ns/auth/acl#Read'
         end
       end