Module: AuthorizationRulesHelper

Defined in:

app/helpers/authorization_rules_helper.rb

Instance Method Summary

• #affected_users_count(approach) ⇒ Object
• #auth_usage_info_classes(auth_info) ⇒ Object
• #auth_usage_info_title(auth_info) ⇒ Object
• #describe_step(step, options = {}) ⇒ Object
• #has_changed(*args) ⇒ Object
• #human_context(context) ⇒ Object
• #human_privilege(privilege) ⇒ Object
• #human_privilege_context(privilege, context) ⇒ Object
• #human_role(role) ⇒ Object
• #link_to_graph(title, options = {}) ⇒ Object
• #navigation ⇒ Object
• #policy_analysis_hints(marked_up, policy_data) ⇒ Object
• #privilege_color(privilege, context, role) ⇒ Object
• #prohibit_link(step, text, title, options) ⇒ Object
• #readable_step_info(info) ⇒ Object
• #role_color(role, fill = false) ⇒ Object
• #role_fill_color(role) ⇒ Object
• #serialize_action(step) ⇒ Object
• #serialize_changes(approach) ⇒ Object
• #serialize_relevant_roles(approach) ⇒ Object
• #syntax_highlight(rules) ⇒ Object

Instance Method Details

#affected_users_count(approach) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 183

def affected_users_count (approach)
  @affected_users[approach]
end

#auth_usage_info_classes(auth_info) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 187

def auth_usage_info_classes (auth_info)
  classes = []
  if auth_info[:controller_permissions]
    if auth_info[:controller_permissions][0]
      classes << "catch-all" if auth_info[:controller_permissions][0].actions.include?(:all)
      classes << "default-privilege" unless auth_info[:controller_permissions][0].privilege
      classes << "default-context" unless auth_info[:controller_permissions][0].context
      classes << "no-attribute-check" unless auth_info[:controller_permissions][0].attribute_check
    end
  else
    classes << "unprotected"
  end
  classes * " "
end

#auth_usage_info_title(auth_info) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 202

def auth_usage_info_title (auth_info)
  titles = []
  if auth_usage_info_classes(auth_info) =~ /unprotected/
    titles << "No filter_access_to call protects this action"
  end
  if auth_usage_info_classes(auth_info) =~ /no-attribute-check/
    titles << "Action is not protected with attribute check"
  end
  if auth_usage_info_classes(auth_info) =~ /default-privilege/
    titles << "Privilege set automatically from action name by :all rule"
  end
  if auth_usage_info_classes(auth_info) =~ /default-context/
    titles << "Context set automatically from controller name by filter_access_to call without :context option"
  end
  titles * ". "
end

#describe_step(step, options = {}) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 118

def describe_step (step, options = {})
  options = {:with_removal => false}.merge(options)

  case step[0]
  when :add_privilege
    dont_assign = prohibit_link(step[0,3],
        "Add privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong> to any role",
        "Don't suggest adding #{h human_privilege_context(step[1], step[2])}.", options)
    "Add privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong>#{dont_assign} to role <strong>#{h human_role(step[3].to_sym)}</strong>"
  when :remove_privilege
    dont_remove = prohibit_link(step[0,3], 
        "Remove privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong> from any role",
        "Don't suggest removing #{h human_privilege_context(step[1], step[2])}.", options)
    "Remove privilege <strong>#{h human_privilege_context(step[1], step[2])}</strong>#{dont_remove} from role <strong>#{h human_role(step[3].to_sym)}</strong>"
  when :add_role
    "New role <strong>#{h human_role(step[1].to_sym)}</strong>"
  when :assign_role_to_user
    dont_assign = prohibit_link(step[0,2],
        "Assign role <strong>#{h human_role(step[1].to_sym)}</strong> to any user",
        "Don't suggest assigning #{h human_role(step[1].to_sym)}.", options)
    "Assign role <strong>#{h human_role(step[1].to_sym)}</strong>#{dont_assign} to <strong>#{h readable_step_info(step[2])}</strong>"
  when :remove_role_from_user
    dont_remove = prohibit_link(step[0,2],
        "Remove role <strong>#{h human_role(step[1].to_sym)}</strong> from any user",
        "Don't suggest removing #{h human_role(step[1].to_sym)}.", options)
    "Remove role <strong>#{h human_role(step[1].to_sym)}</strong>#{dont_remove} from <strong>#{h readable_step_info(step[2])}</strong>"
  else
    step.collect {|info| readable_step_info(info) }.map {|str| h str } * ', '
  end + prohibit_link(step, options[:with_removal] ? "#{escape_javascript(describe_step(step))}" : '',
                      "Don't suggest this action.", options)
end

#has_changed(*args) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 179

def has_changed (*args)
  @changes && @changes[args[0]] && @changes[args[0]].include?(args[1..-1])
end

#human_context(context) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 95

def human_context (context)
  begin
    context.to_s.classify.constantize.human_name
  rescue
    context.to_s
  end
end

#human_privilege(privilege) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 87

def human_privilege (privilege)
  begin
    I18n.t(privilege, :scope => [:declarative_authorization, :privilege], :raise => true)
  rescue
    privilege.to_s
  end
end

#human_privilege_context(privilege, context) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 103

def human_privilege_context (privilege, context)
  human = [human_privilege(privilege), human_context(context)]
  begin
    unless I18n.t(:verb_in_front_of_object, :scope => :declarative_authorization, :raise => true)
      human.reverse!
    end
  rescue
  end
  human * " "
end

#human_role(role) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 114

def human_role (role)
  Authorization::Engine.instance.title_for(role) or role.to_s
end

#link_to_graph(title, options = {}) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 42

def link_to_graph (title, options = {})
  type = options[:type] || ''
  link_to_function title, "$$('object')[0].data = '#{url_for :action => 'index', :format => 'svg', :type => type}'"
end

#navigation ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 47

def navigation
  link_to("Rules", authorization_rules_path) << ' | ' <<
  link_to("Change Support", change_authorization_rules_path) << ' | ' <<
  link_to("Graphical view", graph_authorization_rules_path) << ' | ' <<
  link_to("Usages", authorization_usages_path) #<< ' | ' <<
#  'Edit | ' <<
#  link_to("XACML export", :action => 'index', :format => 'xacml')
end

#policy_analysis_hints(marked_up, policy_data) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 25

def policy_analysis_hints (marked_up, policy_data)
  analyzer = Authorization::DevelopmentSupport::Analyzer.new(controller.authorization_engine)
  analyzer.analyze(policy_data)
  marked_up_by_line = marked_up.split("\n")
  reports_by_line = analyzer.reports.inject({}) do |memo, report|
    memo[report.line || 1] ||= []
    memo[report.line || 1] << report
    memo
  end
  reports_by_line.each do |line, reports|
    text = reports.collect {|report| "#{report.type}: #{report.message}"} * " "
    note = %Q{<span class="note" title="#{h text}">[i]</span>}
    marked_up_by_line[line - 1] = note + marked_up_by_line[line - 1]
  end
  marked_up_by_line * "\n"
end

#privilege_color(privilege, context, role) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 81

def privilege_color (privilege, context, role)
  has_changed(:add_privilege, privilege, context, role) ? '#00dd00' :
      (has_changed(:remove_privilege, privilege, context, role) ? '#dd0000' :
        role_color(role))
end

#prohibit_link(step, text, title, options) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 150

def prohibit_link (step, text, title, options)
  options[:with_removal] ?
        link_to_function("[x]", "prohibit_action('#{serialize_action(step)}', '#{text}')",
                  :class => 'prohibit', :title => title) :
        ''
end

#readable_step_info(info) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 157

def readable_step_info (info)
  case info
  when Symbol   then info.inspect
  when User     then info.login
  else               info.to_sym.inspect
  end
end

#role_color(role, fill = false) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 56

def role_color (role, fill = false)
  if @has_changes
    if has_changed(:add_role, role)
      fill ? '#ddffdd' : '#000000'
    elsif has_changed(:remove_role, role)
      fill ? '#ffdddd' : '#000000'
    else
      fill ? '#ddddff' : '#000000'
    end
  else
    fill_colors = %w{#ffdddd #ddffdd #ddddff #ffffdd #ffddff #ddffff}
    colors = %w{#dd0000 #00dd00 #0000dd #dddd00 #dd00dd #00dddd}
    @@role_colors ||= {}
    @@role_colors[role] ||= begin
      idx = @@role_colors.length % colors.length
      [colors[idx], fill_colors[idx]]
    end
    @@role_colors[role][fill ? 1 : 0]
  end
end

#role_fill_color(role) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 77

def role_fill_color (role)
  role_color(role, true)
end

#serialize_action(step) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 170

def serialize_action (step)
  step.collect {|info| readable_step_info(info) } * ','
end

#serialize_changes(approach) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 165

def serialize_changes (approach)
  changes = approach.changes.collect {|step| step.to_a.first.is_a?(Enumerable) ? step.to_a : [step.to_a]}
  changes.collect {|multi_step| multi_step.collect {|step| serialize_action(step) }}.flatten * ';'
end

#serialize_relevant_roles(approach) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 174

def serialize_relevant_roles (approach)
  {:filter_roles => (Authorization::DevelopmentSupport::AnalyzerEngine.relevant_roles(approach.engine, approach.users).
      map(&:to_sym) + [:new_role_for_change_analyzer]).uniq}.to_param
end

#syntax_highlight(rules) ⇒ Object

# File 'app/helpers/authorization_rules_helper.rb', line 2

def syntax_highlight (rules)
  regexps = {
    :constant => [/(:)(\w+)/], 
    :proc => ['role', 'authorization', 'privileges'],
    :statement => ['has_permission_on', 'if_attribute', 'if_permitted_to', 'includes', 'privilege', 'to'],
    :operator => ['is', 'contains', 'is_in', 'is_not', 'is_not_in', 'intersects'],
    :special => ['user', 'true', 'false'],
    :preproc => ['do', 'end', /()(=>)/, /()(\{)/, /()(\})/, /()(\[)/, /()(\])/],
    :comment => [/()(#.*$)/]#,
    #:privilege => [:read],
    #:context => [:conferences]
  }
  regexps.each do |name, res|
    res.each do |re|
      rules.gsub!(
        re.is_a?(String) ? Regexp.new("(^|[^:])\\b(#{Regexp.escape(re)})\\b") :
           (re.is_a?(Symbol) ? Regexp.new("()(:#{Regexp.escape(re.to_s)})\\b") : re), 
        "\\1<span class=\"#{name}\">\\2</span>")
    end
  end
  rules
end