Class: Authorization::DevelopmentSupport::ChangeAnalyzer
- Inherits:
-
AbstractAnalyzer
- Object
- AbstractAnalyzer
- Authorization::DevelopmentSupport::ChangeAnalyzer
- Defined in:
- lib/declarative_authorization/development_support/change_analyzer.rb
Overview
Ideas for improvement
-
Algorithm
-
Plan by tackling each condition separately
-
e.g. two users have a permission through the same role, one should lose that
-
-
Consider privilege hierarchy
-
Consider merging, splitting roles, role hierarchies
-
Add privilege to existing rules
-
-
Features
-
Show consequences from changes: which users are affected, show users in graph
-
restructure GUI layout: more room for analyzing suggestions
-
-
AI: planning: ADL-like, actions with preconditions and effects
-
Removing need of intention
-
Evaluation of approaches with Analyzer algorithms
-
Consider constraints
NOTE:
-
user.clone needs to clone role_symbols
-
user.role_symbols needs to respond to <<
-
user.login is needed
Defined Under Namespace
Classes: Approach, ApproachChecker, Step
Instance Attribute Summary
Attributes inherited from AbstractAnalyzer
Instance Method Summary collapse
Methods inherited from AbstractAnalyzer
Constructor Details
This class inherits a constructor from Authorization::DevelopmentSupport::AbstractAnalyzer
Instance Method Details
#find_approaches_for(change_action, type, options, &tests) ⇒ Object
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/declarative_authorization/development_support/change_analyzer.rb', line 30 def find_approaches_for (change_action, type, , &tests) raise ArgumentError, "Missing options" if ![:on] or ![:to] # * strategy for removing: [remove privilege, add privilege to different role] @seen_states = Set.new # * heurisic: change of failed tests; small number of policy items strategy = case [change_action, type] when [:remove, :permission] [:remove_role_from_user, :remove_privilege, :add_privilege, :add_role, :assign_role_to_user] when [:add, :permission] [:add_role, :add_privilege, :assign_role_to_user] else raise ArgumentError, "Unknown change action/type: #{[change_action, type].inspect}" end candidates = [] viable_approaches = [] approach_checker = ApproachChecker.new(self, tests) starting_candidate = Approach.new(@engine, [:users], []) if starting_candidate.check(approach_checker) viable_approaches << starting_candidate else candidates << starting_candidate end step_count = 0 while !candidates.empty? and step_count < 100 next_step(viable_approaches, candidates, approach_checker, [:to], [:on], strategy) step_count += 1 end # remove subsets viable_approaches.sort! end |