Class: Authorization::DevelopmentSupport::ChangeSupporter
- Inherits:
-
AbstractAnalyzer
- Object
- AbstractAnalyzer
- Authorization::DevelopmentSupport::ChangeSupporter
- Defined in:
- lib/declarative_authorization/development_support/change_supporter.rb
Overview
Ideas for improvement
-
Algorithm
-
Objective function:
-
affected user count,
-
as specific as possible (roles, privileges)
-
as little changes as necessary
-
-
Modify role, privilege hierarchy
-
Merge, split roles
-
Add privilege to existing rules
-
-
Features
-
Improve review facts: impact, affected users count
-
group similar candidates: only show abstract methods?
-
restructure GUI layout: more room for analyzing suggestions
-
changelog, previous tests, etc.
-
multiple permissions in tests
-
-
Evaluation of approaches with Analyzer algorithms
-
Authorization constraints
Algorithm
-
for each candidate
-
abstract actions: solving first failing test (remove privilege from role)
-
for each abstract action
-
specific actions: concrete steps (remove privilege from specific role)
-
for each specific action
-
next if reversal action of previous step
-
apply specific action on candidate
-
save as solution if no failing tests on changed_candidate
-
else: queue as candidate
-
-
-
-
equivalent states
NOTE:
-
user.clone needs to clone role_symbols
-
user.role_symbols needs to respond to <<
-
user.login is needed
Defined Under Namespace
Classes: AbstractAction, AbstractCompoundAction, AddPrivilegeAndAssignRoleToUserAction, Approach, ApproachChecker, AssignPrivilegeToRoleAction, AssignRoleToUserAction, CreateAndAssignRoleToUserAction, GroupedApproach, RemovePrivilegeFromRoleAction, RemoveRoleFromUserAction, Test
Instance Attribute Summary
Attributes inherited from AbstractAnalyzer
Instance Method Summary collapse
-
#find_approaches_for(options, &tests) ⇒ Object
Returns a list of possible approaches for changes to the current authorization rules that achieve a given goal.
-
#group_approaches(approaches) ⇒ Object
Returns an array of GroupedApproaches for the given array of approaches.
Methods inherited from AbstractAnalyzer
Constructor Details
This class inherits a constructor from Authorization::DevelopmentSupport::AbstractAnalyzer
Instance Method Details
#find_approaches_for(options, &tests) ⇒ Object
Returns a list of possible approaches for changes to the current authorization rules that achieve a given goal. The goal is given as permission tests in the block. The instance method users
is available when the block is executed to refer to the then-current users, whose roles might have changed as one suggestion.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/declarative_authorization/development_support/change_supporter.rb', line 48 def find_approaches_for (, &tests) @prohibited_actions = ([:prohibited_actions] || []).to_set @approaches_by_actions = {} candidates = [] suggestions = [] approach_checker = ApproachChecker.new(self, tests) starting_candidate = Approach.new(@engine, [:users], []) if starting_candidate.check(approach_checker) suggestions << starting_candidate else candidates << starting_candidate end checked_candidates = 0 while !candidates.empty? and checked_candidates < 200 checked_candidates += next_step(suggestions, candidates, approach_checker) end # remove subsets suggestions.sort! end |
#group_approaches(approaches) ⇒ Object
Returns an array of GroupedApproaches for the given array of approaches. Only groups directly adjacent approaches
75 76 77 78 79 80 81 82 83 |
# File 'lib/declarative_authorization/development_support/change_supporter.rb', line 75 def group_approaches (approaches) approaches.each_with_object([]) do |approach, grouped| if grouped.last and grouped.last.approach.similar_to(approach) grouped.last.similar_approaches << approach else grouped << GroupedApproach.new(approach) end end end |