Class: Authorization::DevelopmentSupport::ChangeSupporter
- Inherits:
-
AbstractAnalyzer
- Object
- AbstractAnalyzer
- Authorization::DevelopmentSupport::ChangeSupporter
- Defined in:
- lib/declarative_authorization/development_support/change_supporter.rb
Overview
Ideas for improvement
-
Algorithm
-
Objective function:
-
affected user count,
-
as specific as possible (roles, privileges) -> counter-productive?
-
as little changes as necessary
-
-
Modify role, privilege hierarchy
-
Merge, split roles
-
Add privilege to existing rules
-
-
Features
-
Improve review facts: impact, affected users count
-
group similar candidates: only show abstract methods?
-
restructure GUI layout: more room for analyzing suggestions
-
changelog, previous tests, etc.
-
different permissions in tests
-
-
Evaluation of approaches with Analyzer algorithms
-
Authorization constraints
Algorithm
-
for each candidate
-
abstract actions: solving first failing test (remove privilege from role)
-
for each abstract action
-
specific actions: concrete steps (remove privilege from specific role)
-
for each specific action
-
next if reversal action of previous step
-
apply specific action on candidate
-
save as solution if no failing tests on changed_candidate
-
else: queue as candidate
-
-
-
-
equivalent states
NOTE:
-
user.clone needs to clone role_symbols
-
user.role_symbols needs to respond to <<
-
user.login is needed
Defined Under Namespace
Classes: AbstractAction, AbstractCompoundAction, AddPrivilegeAndAssignRoleToUserAction, Approach, ApproachChecker, AssignPrivilegeToRoleAction, AssignRoleToUserAction, CreateAndAssignRoleToUserAction, RemovePrivilegeFromRoleAction, RemoveRoleFromUserAction, Test
Instance Attribute Summary
Attributes inherited from AbstractAnalyzer
Instance Method Summary collapse
Methods inherited from AbstractAnalyzer
Constructor Details
This class inherits a constructor from Authorization::DevelopmentSupport::AbstractAnalyzer
Instance Method Details
#find_approaches_for(options, &tests) ⇒ Object
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/declarative_authorization/development_support/change_supporter.rb', line 44 def find_approaches_for (, &tests) @prohibited_actions = ([:prohibited_actions] || []).to_set @approaches_by_actions = {} candidates = [] suggestions = [] approach_checker = ApproachChecker.new(self, tests) starting_candidate = Approach.new(@engine, [:users], []) if starting_candidate.check(approach_checker) suggestions << starting_candidate else candidates << starting_candidate end checked_candidates = 0 while !candidates.empty? and checked_candidates < 200 checked_candidates += next_step(suggestions, candidates, approach_checker) end # remove subsets suggestions.sort! end |