Module: AuthorizationRulesHelper
- Defined in:
- app/helpers/authorization_rules_helper.rb
Instance Method Summary collapse
- #affected_users_count(approach) ⇒ Object
- #auth_usage_info_classes(auth_info) ⇒ Object
- #auth_usage_info_title(auth_info) ⇒ Object
- #describe_step(step, options = {}) ⇒ Object
- #has_changed(*args) ⇒ Object
- #human_context(context) ⇒ Object
- #human_privilege(privilege) ⇒ Object
- #human_privilege_context(privilege, context) ⇒ Object
- #human_role(role) ⇒ Object
- #link_to_graph(title, options = {}) ⇒ Object
- #navigation ⇒ Object
- #policy_analysis_hints(marked_up, policy_data) ⇒ Object
- #privilege_color(privilege, context, role) ⇒ Object
- #prohibit_link(step, text, title, options) ⇒ Object
- #readable_step_info(info) ⇒ Object
- #role_color(role, fill = false) ⇒ Object
- #role_fill_color(role) ⇒ Object
- #serialize_action(step) ⇒ Object
- #serialize_changes(approach) ⇒ Object
- #serialize_relevant_roles(approach) ⇒ Object
- #syntax_highlight(rules) ⇒ Object
Instance Method Details
#affected_users_count(approach) ⇒ Object
183 184 185 |
# File 'app/helpers/authorization_rules_helper.rb', line 183 def affected_users_count (approach) @affected_users[approach] end |
#auth_usage_info_classes(auth_info) ⇒ Object
187 188 189 190 191 192 193 194 195 196 197 198 199 200 |
# File 'app/helpers/authorization_rules_helper.rb', line 187 def auth_usage_info_classes (auth_info) classes = [] if auth_info[:controller_permissions] if auth_info[:controller_permissions][0] classes << "catch-all" if auth_info[:controller_permissions][0].actions.include?(:all) classes << "default-privilege" unless auth_info[:controller_permissions][0].privilege classes << "default-context" unless auth_info[:controller_permissions][0].context classes << "no-attribute-check" unless auth_info[:controller_permissions][0].attribute_check end else classes << "unprotected" end classes * " " end |
#auth_usage_info_title(auth_info) ⇒ Object
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'app/helpers/authorization_rules_helper.rb', line 202 def auth_usage_info_title (auth_info) titles = [] if auth_usage_info_classes(auth_info) =~ /unprotected/ titles << "No filter_access_to call protects this action" end if auth_usage_info_classes(auth_info) =~ /no-attribute-check/ titles << "Action is not protected with attribute check" end if auth_usage_info_classes(auth_info) =~ /default-privilege/ titles << "Privilege set automatically from action name by :all rule" end if auth_usage_info_classes(auth_info) =~ /default-context/ titles << "Context set automatically from controller name by filter_access_to call without :context option" end titles * ". " end |
#describe_step(step, options = {}) ⇒ Object
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
# File 'app/helpers/authorization_rules_helper.rb', line 118 def describe_step (step, = {}) = {:with_removal => false}.merge() case step[0] when :add_privilege dont_assign = prohibit_link(step[0,3], "Add privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong> to any role", "Don't suggest adding #{h human_privilege_context(step[1], step[2])}.", ) "Add privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong>#{dont_assign} to role <strong>#{h human_role(step[3].to_sym)}</strong>" when :remove_privilege dont_remove = prohibit_link(step[0,3], "Remove privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong> from any role", "Don't suggest removing #{h human_privilege_context(step[1], step[2])}.", ) "Remove privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong>#{dont_remove} from role <strong>#{h human_role(step[3].to_sym)}</strong>" when :add_role "New role <strong>#{h human_role(step[1].to_sym)}</strong>" when :assign_role_to_user dont_assign = prohibit_link(step[0,2], "Assign role <strong>#{h human_role(step[1].to_sym)}</strong> to any user", "Don't suggest assigning #{h human_role(step[1].to_sym)}.", ) "Assign role <strong>#{h human_role(step[1].to_sym)}</strong>#{dont_assign} to <strong>#{h readable_step_info(step[2])}</strong>" when :remove_role_from_user dont_remove = prohibit_link(step[0,2], "Remove role <strong>#{h human_role(step[1].to_sym)}</strong> from any user", "Don't suggest removing #{h human_role(step[1].to_sym)}.", ) "Remove role <strong>#{h human_role(step[1].to_sym)}</strong>#{dont_remove} from <strong>#{h readable_step_info(step[2])}</strong>" else step.collect {|info| readable_step_info(info) }.map {|str| h str } * ', ' end + prohibit_link(step, [:with_removal] ? "#{escape_javascript(describe_step(step))}" : '', "Don't suggest this action.", ) end |
#has_changed(*args) ⇒ Object
179 180 181 |
# File 'app/helpers/authorization_rules_helper.rb', line 179 def has_changed (*args) @changes && @changes[args[0]] && @changes[args[0]].include?(args[1..-1]) end |
#human_context(context) ⇒ Object
95 96 97 98 99 100 101 |
# File 'app/helpers/authorization_rules_helper.rb', line 95 def human_context (context) begin context.to_s.classify.constantize.human_name rescue context.to_s end end |
#human_privilege(privilege) ⇒ Object
87 88 89 90 91 92 93 |
# File 'app/helpers/authorization_rules_helper.rb', line 87 def human_privilege (privilege) begin I18n.t(privilege, :scope => [:declarative_authorization, :privilege], :raise => true) rescue privilege.to_s end end |
#human_privilege_context(privilege, context) ⇒ Object
103 104 105 106 107 108 109 110 111 112 |
# File 'app/helpers/authorization_rules_helper.rb', line 103 def human_privilege_context (privilege, context) human = [human_privilege(privilege), human_context(context)] begin unless I18n.t(:verb_in_front_of_object, :scope => :declarative_authorization, :raise => true) human.reverse! end rescue end human * " " end |
#human_role(role) ⇒ Object
114 115 116 |
# File 'app/helpers/authorization_rules_helper.rb', line 114 def human_role (role) Authorization::Engine.instance.title_for(role) or role.to_s end |
#link_to_graph(title, options = {}) ⇒ Object
42 43 44 45 |
# File 'app/helpers/authorization_rules_helper.rb', line 42 def link_to_graph (title, = {}) type = [:type] || '' link_to_function title, "$$('object')[0].data = '#{url_for :action => 'index', :format => 'svg', :type => type}'" end |
#navigation ⇒ Object
47 48 49 50 51 52 53 54 |
# File 'app/helpers/authorization_rules_helper.rb', line 47 def link_to("Rules", ) << ' | ' << link_to("Change Support", ) << ' | ' << link_to("Graphical view", ) << ' | ' << link_to("Usages", ) #<< ' | ' << # 'Edit | ' << # link_to("XACML export", :action => 'index', :format => 'xacml') end |
#policy_analysis_hints(marked_up, policy_data) ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'app/helpers/authorization_rules_helper.rb', line 25 def policy_analysis_hints (marked_up, policy_data) analyzer = Authorization::DevelopmentSupport::Analyzer.new(controller.) analyzer.analyze(policy_data) marked_up_by_line = marked_up.split("\n") reports_by_line = analyzer.reports.inject({}) do |memo, report| memo[report.line || 1] ||= [] memo[report.line || 1] << report memo end reports_by_line.each do |line, reports| text = reports.collect {|report| "#{report.type}: #{report.}"} * " " note = %Q{<span class="note" title="#{h text}">[i]</span>} marked_up_by_line[line - 1] = note + marked_up_by_line[line - 1] end (marked_up_by_line * "\n").html_safe end |
#privilege_color(privilege, context, role) ⇒ Object
81 82 83 84 85 |
# File 'app/helpers/authorization_rules_helper.rb', line 81 def privilege_color (privilege, context, role) has_changed(:add_privilege, privilege, context, role) ? '#00dd00' : (has_changed(:remove_privilege, privilege, context, role) ? '#dd0000' : role_color(role)) end |
#prohibit_link(step, text, title, options) ⇒ Object
150 151 152 153 154 155 |
# File 'app/helpers/authorization_rules_helper.rb', line 150 def prohibit_link (step, text, title, ) [:with_removal] ? link_to_function("[x]", "prohibit_action('#{serialize_action(step)}', '#{text}')", :class => 'prohibit', :title => title) : '' end |
#readable_step_info(info) ⇒ Object
157 158 159 160 161 162 163 |
# File 'app/helpers/authorization_rules_helper.rb', line 157 def readable_step_info (info) case info when Symbol then info.inspect when User then info.login else info.to_sym.inspect end end |
#role_color(role, fill = false) ⇒ Object
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'app/helpers/authorization_rules_helper.rb', line 56 def role_color (role, fill = false) if @has_changes if has_changed(:add_role, role) fill ? '#ddffdd' : '#000000' elsif has_changed(:remove_role, role) fill ? '#ffdddd' : '#000000' else fill ? '#ddddff' : '#000000' end else fill_colors = %w{#ffdddd #ddffdd #ddddff #ffffdd #ffddff #ddffff} colors = %w{#dd0000 #00dd00 #0000dd #dddd00 #dd00dd #00dddd} @@role_colors ||= {} @@role_colors[role] ||= begin idx = @@role_colors.length % colors.length [colors[idx], fill_colors[idx]] end @@role_colors[role][fill ? 1 : 0] end end |
#role_fill_color(role) ⇒ Object
77 78 79 |
# File 'app/helpers/authorization_rules_helper.rb', line 77 def role_fill_color (role) role_color(role, true) end |
#serialize_action(step) ⇒ Object
170 171 172 |
# File 'app/helpers/authorization_rules_helper.rb', line 170 def serialize_action (step) step.collect {|info| readable_step_info(info) } * ',' end |
#serialize_changes(approach) ⇒ Object
165 166 167 168 |
# File 'app/helpers/authorization_rules_helper.rb', line 165 def serialize_changes (approach) changes = approach.changes.collect {|step| step.to_a.first.is_a?(Enumerable) ? step.to_a : [step.to_a]} changes.collect {|multi_step| multi_step.collect {|step| serialize_action(step) }}.flatten * ';' end |
#serialize_relevant_roles(approach) ⇒ Object
174 175 176 177 |
# File 'app/helpers/authorization_rules_helper.rb', line 174 def serialize_relevant_roles (approach) {:filter_roles => (Authorization::DevelopmentSupport::AnalyzerEngine.relevant_roles(approach.engine, approach.users). map(&:to_sym) + [:new_role_for_change_analyzer]).uniq}.to_param end |
#syntax_highlight(rules) ⇒ Object
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# File 'app/helpers/authorization_rules_helper.rb', line 2 def syntax_highlight (rules) regexps = { :constant => [/(:)(\w+)/], :proc => ['role', 'authorization', 'privileges'], :statement => ['has_permission_on', 'if_attribute', 'if_permitted_to', 'includes', 'privilege', 'to'], :operator => ['is', 'contains', 'is_in', 'is_not', 'is_not_in', 'intersects'], :special => ['user', 'true', 'false'], :preproc => ['do', 'end', /()(=>)/, /()(\{)/, /()(\})/, /()(\[)/, /()(\])/], :comment => [/()(#.*$)/]#, #:privilege => [:read], #:context => [:conferences] } regexps.each do |name, res| res.each do |re| rules.gsub!( re.is_a?(String) ? Regexp.new("(^|[^:])\\b(#{Regexp.escape(re)})\\b") : (re.is_a?(Symbol) ? Regexp.new("()(:#{Regexp.escape(re.to_s)})\\b") : re), "\\1<span class=\"#{name}\">\\2</span>") end end rules end |