Module: AuthorizationRulesHelper
- Defined in:
- app/helpers/authorization_rules_helper.rb
Instance Method Summary collapse
- #affected_users_count(approach) ⇒ Object
- #auth_usage_info_classes(auth_info) ⇒ Object
- #auth_usage_info_title(auth_info) ⇒ Object
- #describe_step(step, options = {}) ⇒ Object
- #has_changed(*args) ⇒ Object
- #link_to_graph(title, options = {}) ⇒ Object
- #navigation ⇒ Object
- #policy_analysis_hints(marked_up, policy_data) ⇒ Object
- #privilege_color(privilege, context, role) ⇒ Object
- #prohibit_link(step, text, title, options) ⇒ Object
- #readable_step_info(info) ⇒ Object
- #role_color(role, fill = false) ⇒ Object
- #role_fill_color(role) ⇒ Object
- #serialize_action(step) ⇒ Object
- #serialize_changes(approach) ⇒ Object
- #serialize_relevant_roles(approach) ⇒ Object
- #syntax_highlight(rules) ⇒ Object
Instance Method Details
#affected_users_count(approach) ⇒ Object
152 153 154 |
# File 'app/helpers/authorization_rules_helper.rb', line 152 def affected_users_count (approach) @affected_users[approach] end |
#auth_usage_info_classes(auth_info) ⇒ Object
156 157 158 159 160 161 162 163 164 165 166 167 168 169 |
# File 'app/helpers/authorization_rules_helper.rb', line 156 def auth_usage_info_classes (auth_info) classes = [] if auth_info[:controller_permissions] if auth_info[:controller_permissions][0] classes << "catch-all" if auth_info[:controller_permissions][0].actions.include?(:all) classes << "default-privilege" unless auth_info[:controller_permissions][0].privilege classes << "default-context" unless auth_info[:controller_permissions][0].context classes << "no-attribute-check" unless auth_info[:controller_permissions][0].attribute_check end else classes << "unprotected" end classes * " " end |
#auth_usage_info_title(auth_info) ⇒ Object
171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'app/helpers/authorization_rules_helper.rb', line 171 def auth_usage_info_title (auth_info) titles = [] if auth_usage_info_classes(auth_info) =~ /unprotected/ titles << "No filter_access_to call protects this action" end if auth_usage_info_classes(auth_info) =~ /no-attribute-check/ titles << "Action is not protected with attribute check" end if auth_usage_info_classes(auth_info) =~ /default-privilege/ titles << "Privilege set automatically from action name by :all rule" end if auth_usage_info_classes(auth_info) =~ /default-context/ titles << "Context set automatically from controller name by filter_access_to call without :context option" end titles * ". " end |
#describe_step(step, options = {}) ⇒ Object
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'app/helpers/authorization_rules_helper.rb', line 87 def describe_step (step, = {}) = {:with_removal => false}.merge() case step[0] when :add_privilege dont_assign = prohibit_link(step[0,3], "Add privilege <strong>#{h step[1].to_sym.inspect} #{h step[2].to_sym.inspect}</strong> to any role", "Don't suggest adding #{h step[1].to_sym.inspect} #{h step[2].to_sym.inspect}.", ) "Add privilege <strong>#{h step[1].inspect} #{h step[2].inspect}</strong>#{dont_assign} to role <strong>#{h step[3].to_sym.inspect}</strong>" when :remove_privilege dont_remove = prohibit_link(step[0,3], "Remove privilege <strong>#{h step[1].to_sym.inspect} #{h step[2].to_sym.inspect}</strong> from any role", "Don't suggest removing #{h step[1].to_sym.inspect} #{h step[2].to_sym.inspect}.", ) "Remove privilege <strong>#{h step[1].inspect} #{h step[2].inspect}</strong>#{dont_remove} from role <strong>#{h step[3].to_sym.inspect}</strong>" when :add_role "New role <strong>#{h step[1].to_sym.inspect}</strong>" when :assign_role_to_user dont_assign = prohibit_link(step[0,2], "Assign role <strong>#{h step[1].to_sym.inspect}</strong> to any user", "Don't suggest assigning #{h step[1].to_sym.inspect}.", ) "Assign role <strong>#{h step[1].to_sym.inspect}</strong>#{dont_assign} to <strong>#{h readable_step_info(step[2])}</strong>" when :remove_role_from_user dont_remove = prohibit_link(step[0,2], "Remove role <strong>#{h step[1].to_sym.inspect}</strong> from any user", "Don't suggest removing #{h step[1].to_sym.inspect}.", ) "Remove role <strong>#{h step[1].to_sym.inspect}</strong>#{dont_remove} from <strong>#{h readable_step_info(step[2])}</strong>" else step.collect {|info| readable_step_info(info) }.map {|str| h str } * ', ' end + prohibit_link(step, [:with_removal] ? "#{escape_javascript(describe_step(step))}" : '', "Don't suggest this action.", ) end |
#has_changed(*args) ⇒ Object
148 149 150 |
# File 'app/helpers/authorization_rules_helper.rb', line 148 def has_changed (*args) @changes && @changes[args[0]] && @changes[args[0]].include?(args[1..-1]) end |
#link_to_graph(title, options = {}) ⇒ Object
42 43 44 45 |
# File 'app/helpers/authorization_rules_helper.rb', line 42 def link_to_graph (title, = {}) type = [:type] || '' link_to_function title, "$$('object')[0].data = '#{url_for :action => 'index', :format => 'svg', :type => type}'" end |
#navigation ⇒ Object
47 48 49 50 51 52 53 54 |
# File 'app/helpers/authorization_rules_helper.rb', line 47 def link_to("Rules", ) << ' | ' << link_to("Change Support", ) << ' | ' << link_to("Graphical view", ) << ' | ' << link_to("Usages", ) #<< ' | ' << # 'Edit | ' << # link_to("XACML export", :action => 'index', :format => 'xacml') end |
#policy_analysis_hints(marked_up, policy_data) ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'app/helpers/authorization_rules_helper.rb', line 25 def policy_analysis_hints (marked_up, policy_data) analyzer = Authorization::DevelopmentSupport::Analyzer.new(controller.) analyzer.analyze(policy_data) marked_up_by_line = marked_up.split("\n") reports_by_line = analyzer.reports.inject({}) do |memo, report| memo[report.line || 1] ||= [] memo[report.line || 1] << report memo end reports_by_line.each do |line, reports| text = reports.collect {|report| "#{report.type}: #{report.}"} * " " note = %Q{<span class="note" title="#{h text}">[i]</span>} marked_up_by_line[line - 1] = note + marked_up_by_line[line - 1] end marked_up_by_line * "\n" end |
#privilege_color(privilege, context, role) ⇒ Object
81 82 83 84 85 |
# File 'app/helpers/authorization_rules_helper.rb', line 81 def privilege_color (privilege, context, role) has_changed(:add_privilege, privilege, context, role) ? '#00dd00' : (has_changed(:remove_privilege, privilege, context, role) ? '#dd0000' : role_color(role)) end |
#prohibit_link(step, text, title, options) ⇒ Object
119 120 121 122 123 124 |
# File 'app/helpers/authorization_rules_helper.rb', line 119 def prohibit_link (step, text, title, ) [:with_removal] ? link_to_function("[x]", "prohibit_action('#{serialize_action(step)}', '#{text}')", :class => 'prohibit', :title => title) : '' end |
#readable_step_info(info) ⇒ Object
126 127 128 129 130 131 132 |
# File 'app/helpers/authorization_rules_helper.rb', line 126 def readable_step_info (info) case info when Symbol then info.inspect when User then info.login else info.to_sym.inspect end end |
#role_color(role, fill = false) ⇒ Object
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'app/helpers/authorization_rules_helper.rb', line 56 def role_color (role, fill = false) if @has_changes if has_changed(:add_role, role) fill ? '#ddffdd' : '#000000' elsif has_changed(:remove_role, role) fill ? '#ffdddd' : '#000000' else fill ? '#ddddff' : '#000000' end else fill_colors = %w{#ffdddd #ddffdd #ddddff #ffffdd #ffddff #ddffff} colors = %w{#dd0000 #00dd00 #0000dd #dddd00 #dd00dd #00dddd} @@role_colors ||= {} @@role_colors[role] ||= begin idx = @@role_colors.length % colors.length [colors[idx], fill_colors[idx]] end @@role_colors[role][fill ? 1 : 0] end end |
#role_fill_color(role) ⇒ Object
77 78 79 |
# File 'app/helpers/authorization_rules_helper.rb', line 77 def role_fill_color (role) role_color(role, true) end |
#serialize_action(step) ⇒ Object
139 140 141 |
# File 'app/helpers/authorization_rules_helper.rb', line 139 def serialize_action (step) step.collect {|info| readable_step_info(info) } * ',' end |
#serialize_changes(approach) ⇒ Object
134 135 136 137 |
# File 'app/helpers/authorization_rules_helper.rb', line 134 def serialize_changes (approach) changes = approach.changes.collect {|step| step.to_a.first.is_a?(Enumerable) ? step.to_a : [step.to_a]} changes.collect {|multi_step| multi_step.collect {|step| serialize_action(step) }}.flatten * ';' end |
#serialize_relevant_roles(approach) ⇒ Object
143 144 145 146 |
# File 'app/helpers/authorization_rules_helper.rb', line 143 def serialize_relevant_roles (approach) {:filter_roles => (Authorization::DevelopmentSupport::AnalyzerEngine.relevant_roles(approach.engine, approach.users). map(&:to_sym) + [:new_role_for_change_analyzer]).uniq}.to_param end |
#syntax_highlight(rules) ⇒ Object
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# File 'app/helpers/authorization_rules_helper.rb', line 2 def syntax_highlight (rules) regexps = { :constant => [/(:)(\w+)/], :proc => ['role', 'authorization', 'privileges'], :statement => ['has_permission_on', 'if_attribute', 'if_permitted_to', 'includes', 'privilege', 'to'], :operator => ['is', 'contains', 'is_in', 'is_not', 'is_not_in', 'intersects'], :special => ['user', 'true', 'false'], :preproc => ['do', 'end', /()(=>)/, /()(\{)/, /()(\})/, /()(\[)/, /()(\])/], :comment => [/()(#.*$)/]#, #:privilege => [:read], #:context => [:conferences] } regexps.each do |name, res| res.each do |re| rules.gsub!( re.is_a?(String) ? Regexp.new("(^|[^:])\\b(#{Regexp.escape(re)})\\b") : (re.is_a?(Symbol) ? Regexp.new("()(:#{Regexp.escape(re.to_s)})\\b") : re), "\\1<span class=\"#{name}\">\\2</span>") end end rules end |