IUBLibTech · aploshay · Mar 27, 2026 · Mar 10, 2026
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -39,13 +39,13 @@ def custom_permissions
     # restrict depositing permissions
     if can_deposit?
       can [:create], DataSet
-      can [:doi], DataSet
       can [:create], FileSet
     else
       cannot [:create, :edit, :update, :destroy], DataSet
       cannot [:create, :edit, :update, :destroy], FileSet
     end
     if admin?
+      can [:doi], DataSet
       # can [:create, :show, :add_user, :remove_user, :index, :edit, :update, :destroy], Role  # uncomment to expose Role management in UI
     end 
   end

diff --git a/app/views/hyrax/base/_edit_panel.html.erb b/app/views/hyrax/base/_edit_panel.html.erb
@@ -14,7 +14,7 @@
                       data: { confirm: "Delete this #{@presenter.human_readable_type}?" },
                       method: :delete %>
         <% end %>
-        <% if @presenter.doi_minting_enabled? && !@presenter.doi_minted? %>
+        <% if @presenter.doi_minting_enabled? && !@presenter.doi_minted? && @presenter.current_ability.admin? %>
           <br/><br/>
           <% if @presenter.doi_pending? %>
             <button class="btn btn-primary disabled" title="DOI minting processing">

diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
@@ -18,6 +18,9 @@
         expect(ability.depositor?).to be false
         expect(ability.can? :create, DataSet).to be false
       end
+      it 'without doi access' do
+        expect(ability.can? :doi, DataSet).to be false
+      end
     end
     context 'when a depositor' do
       let(:depositing_role) { Sipity::Role.find_by_name(Hyrax::RoleRegistry::DEPOSITING) }
@@ -28,6 +31,9 @@
         expect(ability.depositor?).to be true
         expect(ability.can? :create, DataSet).to be true
       end
+      it 'without doi access' do
+        expect(ability.can? :doi, DataSet).to be false
+      end
     end
     context 'when an admin' do
       let(:user) { FactoryBot.create :admin }
@@ -36,6 +42,9 @@
         expect(ability.depositor?).to be false
         expect(ability.can? :create, DataSet).to be true
       end
+      it 'with doi access' do
+        expect(ability.can? :doi, DataSet).to be true
+      end
     end
   end
 end