Class: Authorization::DevelopmentSupport::ChangeSupporter

Inherits:
AbstractAnalyzer show all
Defined in:
lib/declarative_authorization/development_support/change_supporter.rb

Overview

Ideas for improvement

  • Algorithm

    • Objective function:

      • affected user count,

      • as specific as possible (roles, privileges) -> counter-productive?

      • as little changes as necessary

    • Modify role, privilege hierarchy

    • Merge, split roles

    • Add privilege to existing rules

  • Features

    • Improve review facts: impact, affected users count

    • group similar candidates: only show abstract methods?

    • restructure GUI layout: more room for analyzing suggestions

    • changelog, previous tests, etc.

    • different permissions in tests

  • Evaluation of approaches with Analyzer algorithms

  • Authorization constraints

Algorithm

  • for each candidate

    • abstract actions: solving first failing test (remove privilege from role)

    • for each abstract action

      • specific actions: concrete steps (remove privilege from specific role)

      • for each specific action

        • next if reversal action of previous step

        • apply specific action on candidate

        • save as solution if no failing tests on changed_candidate

        • else: queue as candidate

  • equivalent states

NOTE:

  • user.clone needs to clone role_symbols

  • user.role_symbols needs to respond to <<

  • user.login is needed

Defined Under Namespace

Classes: AbstractAction, AbstractCompoundAction, AddPrivilegeAndAssignRoleToUserAction, Approach, ApproachChecker, AssignPrivilegeToRoleAction, AssignRoleToUserAction, CreateAndAssignRoleToUserAction, RemovePrivilegeFromRoleAction, RemoveRoleFromUserAction, Test

Instance Attribute Summary

Attributes inherited from AbstractAnalyzer

#engine

Instance Method Summary collapse

Methods inherited from AbstractAnalyzer

#initialize, #roles, #rules

Constructor Details

This class inherits a constructor from Authorization::DevelopmentSupport::AbstractAnalyzer

Instance Method Details

#find_approaches_for(options, &tests) ⇒ Object



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'lib/declarative_authorization/development_support/change_supporter.rb', line 44

def find_approaches_for (options, &tests)
  @prohibited_actions = (options[:prohibited_actions] || []).to_set

  @approaches_by_actions = {}

  candidates = []
  suggestions = []
  approach_checker = ApproachChecker.new(self, tests)

  starting_candidate = Approach.new(@engine, options[:users], [])
  if starting_candidate.check(approach_checker)
    suggestions << starting_candidate
  else
    candidates << starting_candidate
  end

  checked_candidates = 0
  while !candidates.empty? and checked_candidates < 200
    checked_candidates += next_step(suggestions, candidates, approach_checker)
  end

  # remove subsets

  suggestions.sort!
end