Class Authorization::DevelopmentSupport::ChangeSupporter
In: lib/declarative_authorization/development_support/change_supporter.rb
Parent: AbstractAnalyzer

Ideas for improvement

  • Algorithm
    • Objective function:
      • affected user count,
      • as specific as possible (roles, privileges)
      • as little changes as necessary
    • Modify role, privilege hierarchy
    • Merge, split roles
    • Add privilege to existing rules
  • Features
    • Improve review facts: impact, affected users count
    • group similar candidates: only show abstract methods?
    • restructure GUI layout: more room for analyzing suggestions
    • changelog, previous tests, etc.
    • multiple permissions in tests
  • Evaluation of approaches with Analyzer algorithms
  • Authorization constraints

Algorithm

  • for each candidate
    • abstract actions: solving first failing test (remove privilege from role)
    • for each abstract action
      • specific actions: concrete steps (remove privilege from specific role)
      • for each specific action
        • next if reversal action of previous step
        • apply specific action on candidate
        • save as solution if no failing tests on changed_candidate
        • else: queue as candidate
  • equivalent states

NOTE:

  • user.clone needs to clone role_symbols
  • user.role_symbols needs to respond to <<
  • user.login is needed

Methods

Classes and Modules

Class Authorization::DevelopmentSupport::ChangeSupporter::AbstractAction
Class Authorization::DevelopmentSupport::ChangeSupporter::AbstractCompoundAction
Class Authorization::DevelopmentSupport::ChangeSupporter::AddPrivilegeAndAssignRoleToUserAction
Class Authorization::DevelopmentSupport::ChangeSupporter::Approach
Class Authorization::DevelopmentSupport::ChangeSupporter::ApproachChecker
Class Authorization::DevelopmentSupport::ChangeSupporter::AssignPrivilegeToRoleAction
Class Authorization::DevelopmentSupport::ChangeSupporter::AssignRoleToUserAction
Class Authorization::DevelopmentSupport::ChangeSupporter::CreateAndAssignRoleToUserAction
Class Authorization::DevelopmentSupport::ChangeSupporter::GroupedApproach
Class Authorization::DevelopmentSupport::ChangeSupporter::RemovePrivilegeFromRoleAction
Class Authorization::DevelopmentSupport::ChangeSupporter::RemoveRoleFromUserAction
Class Authorization::DevelopmentSupport::ChangeSupporter::Test

Protected Class methods

Public Instance methods

Returns a list of possible approaches for changes to the current authorization rules that achieve a given goal. The goal is given as permission tests in the block. The instance method users is available when the block is executed to refer to the then-current users, whose roles might have changed as one suggestion.

Returns an array of GroupedApproaches for the given array of approaches. Only groups directly adjacent approaches

Protected Instance methods

[Validate]