viva-declarative_authorization 0.3.2.2.1

data/lib/declarative_authorization/development_support/change_supporter.rb

@@ -0,0 +1,620 @@
+require File.join(File.dirname(__FILE__), %w{development_support})
+
+module Authorization
+
+  module DevelopmentSupport
+    # Ideas for improvement
+    # * Algorithm
+    #   * Objective function:
+    #     * affected user count,
+    #     * as specific as possible (roles, privileges)
+    #     * as little changes as necessary
+    #   * Modify role, privilege hierarchy
+    #   * Merge, split roles
+    #   * Add privilege to existing rules
+    # * Features
+    #   * Improve review facts: impact, affected users count
+    #   * group similar candidates: only show abstract methods?
+    #   * restructure GUI layout: more room for analyzing suggestions
+    #   * changelog, previous tests, etc.
+    #   * multiple permissions in tests
+    # * Evaluation of approaches with Analyzer algorithms
+    # * Authorization constraints
+    #
+    # Algorithm
+    # * for each candidate
+    #   * abstract actions: solving first failing test (remove privilege from role)
+    #   * for each abstract action
+    #     * specific actions: concrete steps (remove privilege from specific role)
+    #     * for each specific action
+    #       * next if reversal action of previous step
+    #       * apply specific action on candidate
+    #       * save as solution if no failing tests on changed_candidate
+    #       * else: queue as candidate
+    # * equivalent states
+    #
+    # NOTE:
+    # * user.clone needs to clone role_symbols
+    # * user.role_symbols needs to respond to <<
+    # * user.login is needed
+    #
+    class ChangeSupporter < AbstractAnalyzer
+
+      # Returns a list of possible approaches for changes to the current
+      # authorization rules that achieve a given goal.  The goal is given as
+      # permission tests in the block.  The instance method +users+ is available
+      # when the block is executed to refer to the then-current users, whose
+      # roles might have changed as one suggestion.
+      def find_approaches_for (options, &tests)
+        @prohibited_actions = (options[:prohibited_actions] || []).to_set
+
+        @approaches_by_actions = {}
+
+        candidates = []
+        suggestions = []
+        approach_checker = ApproachChecker.new(self, tests)
+
+        starting_candidate = Approach.new(@engine, options[:users], [])
+        if starting_candidate.check(approach_checker)
+          suggestions << starting_candidate
+        else
+          candidates << starting_candidate
+        end
+
+        checked_candidates = 0
+        while !candidates.empty? and checked_candidates < 200
+          checked_candidates += next_step(suggestions, candidates, approach_checker)
+        end
+
+        # remove subsets
+        suggestions.sort!
+      end
+
+      # Returns an array of GroupedApproaches for the given array of approaches.
+      # Only groups directly adjacent approaches
+      def group_approaches (approaches)
+        approaches.each_with_object([]) do |approach, grouped|
+          if grouped.last and grouped.last.approach.similar_to(approach)
+            grouped.last.similar_approaches << approach
+          else
+            grouped << GroupedApproach.new(approach)
+          end
+        end
+      end
+
+      class GroupedApproach
+        attr_accessor :approach, :similar_approaches
+        def initialize (approach)
+          @approach = approach
+          @similar_approaches = []
+        end
+      end
+
+      class ApproachChecker
+        attr_reader :users, :failed_tests
+
+        def initialize (analyzer, tests)
+          @analyzer, @tests = analyzer, tests
+        end
+
+        def check (engine, users)
+          @current_engine = engine
+          @failed_tests = []
+          @current_test_args = nil
+          @current_permit_result = nil
+          @users = users
+          @ok = true
+          instance_eval(&@tests)
+          @ok
+        end
+
+        def assert (ok)
+          @failed_tests << Test.new(*([!@current_permit_result] + @current_test_args)) unless ok
+          @ok &&= ok
+        end
+
+        def permit? (*args)
+          @current_test_args = args
+          @current_permit_result = @current_engine.permit?(
+              *(args[0...-1] + [args.last.merge(:skip_attribute_test => true)]))
+        end
+      end
+
+      class Test
+        attr_reader :positive, :privilege, :context, :user
+        def initialize (positive, privilege, options = {})
+          @positive, @privilege = positive, privilege
+          @context = options[:context]
+          @user = options[:user]
+        end
+      end
+
+      class Approach
+        attr_reader :steps, :engine, :users, :failed_tests
+        def initialize (engine, users, steps)
+          @engine, @users, @steps = engine, users, steps
+        end
+
+        def check (approach_checker)
+          res = approach_checker.check(@engine, @users)
+          @failed_tests = approach_checker.failed_tests
+          #puts "CHECKING #{inspect} (#{res}, #{sort_value})"
+          res
+        end
+
+        def affected_users (original_engine, original_users, privilege, context)
+          (0...@users.length).select do |i|
+            original_engine.permit?(privilege, :context => context,
+              :skip_attribute_test => true, :user => original_users[i]) !=
+                @engine.permit?(privilege, :context => context,
+                  :skip_attribute_test => true, :user => @users[i])
+          end.collect {|i| original_users[i]}
+        end
+
+        def initialize_copy (other)
+          @engine = @engine.clone
+          @users = @users.clone
+          @steps = @steps.clone
+        end
+
+        def changes
+          @steps
+        end
+
+        def abstract_actions
+          if failed_tests.first.positive
+            [
+              AssignPrivilegeToRoleAction,
+              AssignRoleToUserAction,
+              CreateAndAssignRoleToUserAction,
+              AddPrivilegeAndAssignRoleToUserAction
+            ]
+          else
+            [
+              RemovePrivilegeFromRoleAction,
+              RemoveRoleFromUserAction
+            ]
+          end
+        end
+
+        def reverse_of_previous? (specific_action)
+          changes.any? {|step| step.reverse?(specific_action)}
+        end
+
+        def apply (action)
+          ok = action.apply(self)
+          @steps << action if ok
+          ok
+        end
+
+        def subset? (other_approach)
+          other_approach.changes.length >= changes.length &&
+              changes.all? {|step| other_approach.changes.any? {|step_2| step_2.eql?(step)} }
+        end
+
+        def state_hash
+          @state_hash ||= @engine.auth_rules.inject(0) do |memo, rule|
+              memo + rule.privileges.hash + rule.contexts.hash +
+                  rule.attributes.hash + rule.role.hash
+            end +
+              @users.inject(0) {|memo, user| memo + user.role_symbols.hash } +
+              @engine.privileges.hash + @engine.privilege_hierarchy.hash +
+              @engine.roles.hash + @engine.role_hierarchy.hash
+        end
+
+        def sort_value
+          weight + @failed_tests.length
+        end
+
+        def weight
+          changes.sum(&:weight)
+        end
+
+        def similar_to (other)
+          other.weight == weight and
+              other.changes.map {|change| change.class.name}.sort ==
+                changes.map {|change| change.class.name}.sort
+        end
+
+        def inspect
+          "Approach: Steps: #{changes.map(&:inspect) * ', '}"# +
+             # "\n  Roles: #{AnalyzerEngine.roles(@engine).map(&:to_sym).inspect}; " +
+             # "\n  Users: #{@users.map(&:role_symbols).inspect}"
+        end
+
+        def <=> (other)
+          sort_value <=> other.sort_value
+        end
+      end
+
+      class AbstractAction
+        def weight
+          1
+        end
+
+        # returns a list of instances of the action that may be applied
+        def self.specific_actions (candidate)
+          raise NotImplementedError, "Not yet?"
+        end
+
+        # applies the specific action on the given candidate
+        def apply (candidate)
+          raise NotImplementedError, "Not yet?"
+        end
+
+        def eql? (other)
+          other.class == self.class and hash == other.hash
+        end
+
+        def hash
+          @hash ||= to_a.hash
+        end
+
+        def reverse? (other)
+          false
+        end
+
+        def inspect
+          "#{self.class.name.demodulize} #{hash} #{to_a.hash} (#{to_a[1..-1].collect {|info| self.class.readable_info(info)} * ','})"
+        end
+
+        def to_a
+          [:abstract]
+        end
+
+        def resembles? (spec)
+          min_length = [spec.length, to_a.length].min
+          to_a[0,min_length] == spec[0,min_length]
+        end
+
+        def resembles_any? (specs)
+          specs.any? {|spec| resembles?(spec) }
+        end
+
+        def self.readable_info (info)
+          if info.respond_to?(:to_sym)
+            info.to_sym.inspect
+          else
+            info.inspect
+          end
+        end
+      end
+
+      class AbstractCompoundAction < AbstractAction
+        def weight
+          @actions.sum(&:weight) + 1
+        end
+
+        def apply (candidate)
+          @actions.all? {|action| action.apply(candidate)}
+        end
+
+        def reverse? (other)
+          @actions.any? {|action| action.reverse?(other)}
+        end
+
+        def to_a
+          @actions.inject([]) {|memo, action| memo += action.to_a.first.is_a?(Enumerable) ? action.to_a : [action.to_a]; memo }
+        end
+
+        def hash
+          @hash ||= @actions.inject(0) {|memo, action| memo += action.hash }
+        end
+
+        def resembles? (spec)
+          @actions.any? {|action| action.resembles?(spec) } or
+            to_a.any? do |array|
+              min_length = [spec.length, array.length].min
+              array[0,min_length] == spec[0,min_length]
+            end
+        end
+      end
+
+      class AssignPrivilegeToRoleAction < AbstractAction
+        def self.specific_actions (candidate)
+          privilege = AnalyzerEngine::Privilege.for_sym(
+              candidate.failed_tests.first.privilege, candidate.engine)
+          context = candidate.failed_tests.first.context
+          user = candidate.failed_tests.first.user
+          ([privilege] + privilege.ancestors).collect do |ancestor_privilege|
+            user.role_symbols.collect {|role_sym| AnalyzerEngine::Role.for_sym(role_sym, candidate.engine) }.
+                collect {|role| [role] + role.ancestors}.flatten.uniq.collect do |role|
+              # apply checks later if privilege is already present in that role
+              new(ancestor_privilege.to_sym, context, role.to_sym)
+            end
+          end.flatten
+        end
+
+        attr_reader :privilege, :context, :role
+        def initialize (privilege_sym, context, role_sym)
+          @privilege, @context, @role = privilege_sym, context, role_sym
+        end
+
+        def apply (candidate)
+          AnalyzerEngine.apply_change(candidate.engine, to_a)
+        end
+
+        def reverse? (other)
+          other.is_a?(RemovePrivilegeFromRoleAction) and
+              other.privilege == @privilege and
+              other.context == @context and
+              other.role == @role
+        end
+
+        def to_a
+          [:add_privilege, @privilege, @context, @role]
+        end
+      end
+
+      class AssignRoleToUserAction < AbstractAction
+        def self.specific_actions (candidate)
+          privilege = candidate.failed_tests.first.privilege
+          context = candidate.failed_tests.first.context
+          user = candidate.failed_tests.first.user
+          AnalyzerEngine::Role.all_for_privilege(privilege, context, candidate.engine).collect do |role|
+            new(user, role.to_sym)
+          end
+        end
+
+        attr_reader :user, :role
+        def initialize (user, role_sym)
+          @user, @role = user, role_sym
+        end
+
+        def apply (candidate)
+          if candidate.engine.roles_with_hierarchy_for(@user).include?(@role)
+            false
+          else
+            # beware of shallow copies!
+            cloned_user = @user.clone
+            user_index = candidate.users.index(@user)
+            raise "Cannot find #{@user.inspect} in users array" unless user_index
+            candidate.users[user_index] = cloned_user
+            # possible on real user objects?
+            cloned_user.role_symbols << @role
+            raise "User#role_symbols immutable or user only shallowly cloned!" if cloned_user.role_symbols == @user.role_symbols
+            true
+          end
+        end
+
+        def hash
+          to_a[0,2].hash + @user.login.hash
+        end
+
+        def reverse? (other)
+          other.is_a?(RemoveRoleFromUserAction) and
+              other.user.login == @user.login and
+              other.role == @role
+        end
+
+        def resembles? (spec)
+          super(spec[0,2]) and (spec.length == 2 or spec[2] == @user.login)
+        end
+
+        def to_a
+          [:assign_role_to_user, @role, @user]
+        end
+      end
+
+      class CreateAndAssignRoleToUserAction < AbstractCompoundAction
+        def self.specific_actions (candidate)
+          privilege = AnalyzerEngine::Privilege.for_sym(
+              candidate.failed_tests.first.privilege, candidate.engine)
+          context = candidate.failed_tests.first.context
+          user = candidate.failed_tests.first.user
+          role = AnalyzerEngine::Role.for_sym(:change_supporter_new_role, candidate.engine)
+          ([privilege] + privilege.ancestors).collect do |ancestor_privilege|
+            new(user, ancestor_privilege.to_sym, context, role.to_sym)
+          end
+        end
+
+        attr_reader :user, :privilege, :context, :role
+        def initialize (user, privilege_sym, context_sym, role_sym)
+          @user, @privilege, @context, @role = user, privilege_sym, context_sym, role_sym
+          @actions = [AddPrivilegeAndAssignRoleToUserAction.new(@user, @privilege, @context, role_sym)]
+        end
+
+        def apply (candidate)
+          if AnalyzerEngine.apply_change(candidate.engine, [:add_role, @role])
+            super(candidate)
+          else
+            false
+          end
+        end
+
+        def hash
+          to_a[0].hash + super
+        end
+
+        def to_a
+          [[:add_role, @role]] + super
+        end
+      end
+
+      class AddPrivilegeAndAssignRoleToUserAction < AbstractCompoundAction
+        def self.specific_actions (candidate)
+          privilege = AnalyzerEngine::Privilege.for_sym(
+              candidate.failed_tests.first.privilege, candidate.engine)
+          context = candidate.failed_tests.first.context
+          user = candidate.failed_tests.first.user
+          ([privilege] + privilege.ancestors).collect do |ancestor_privilege|
+            AnalyzerEngine::Role.all(candidate.engine).collect do |role|
+              new(user, ancestor_privilege.to_sym, context, role.to_sym)
+            end
+          end.flatten
+        end
+
+        attr_reader :user, :privilege, :context, :role
+        def initialize (user, privilege_sym, context, role_sym)
+          @user, @privilege, @context, @role = user, privilege_sym, context, role_sym
+          @actions = [
+            AssignRoleToUserAction.new(@user, @role),
+            AssignPrivilegeToRoleAction.new(@privilege, @context, @role)
+          ]
+        end
+      end
+
+      class RemovePrivilegeFromRoleAction < AbstractAction
+        def self.specific_actions (candidate)
+          privilege = AnalyzerEngine::Privilege.for_sym(
+              candidate.failed_tests.first.privilege, candidate.engine)
+          context = candidate.failed_tests.first.context
+          user = candidate.failed_tests.first.user
+          ([privilege] + privilege.ancestors).collect do |ancestor_privilege|
+            user.role_symbols.collect {|role_sym| AnalyzerEngine::Role.for_sym(role_sym, candidate.engine) }.
+                collect {|role| [role] + role.ancestors}.flatten.uniq.collect do |role|
+              new(ancestor_privilege.to_sym, context, role.to_sym)
+            end
+          end.flatten
+        end
+
+        attr_reader :privilege, :context, :role
+        def initialize (privilege_sym, context, role_sym)
+          @privilege, @context, @role = privilege_sym, context, role_sym
+        end
+
+        def apply (candidate)
+          AnalyzerEngine.apply_change(candidate.engine, to_a)
+        end
+        
+        def reverse? (other)
+          (other.is_a?(AssignPrivilegeToRoleAction) or
+              other.is_a?(AbstractCompoundAction)) and
+                other.reverse?(self)
+        end
+
+        def to_a
+          [:remove_privilege, @privilege, @context, @role]
+        end
+      end
+
+      class RemoveRoleFromUserAction < AbstractAction
+        def self.specific_actions (candidate)
+          privilege = candidate.failed_tests.first.privilege
+          context = candidate.failed_tests.first.context
+          user = candidate.failed_tests.first.user
+          roles_for_privilege = AnalyzerEngine::Role.all_for_privilege(privilege, context, candidate.engine).map(&:to_sym)
+          user.role_symbols.collect {|role_sym| AnalyzerEngine::Role.for_sym(role_sym, candidate.engine)}.
+              select {|role| roles_for_privilege.include?(role.to_sym)}.
+              collect do |role|
+            new(user, role.to_sym)
+          end
+        end
+
+        attr_reader :user, :role
+        def initialize (user, role_sym)
+          @user, @role = user, role_sym
+        end
+
+        def apply (candidate)
+          # beware of shallow copies!
+          cloned_user = @user.clone
+          user_index = candidate.users.index(@user)
+          raise "Cannot find #{@user.inspect} in users array" unless user_index
+          candidate.users[user_index] = cloned_user
+          cloned_user.role_symbols.delete(@role)
+          raise "User#role_symbols immutable or user only shallowly cloned!" if cloned_user.role_symbols == @user.role_symbols
+          true
+        end
+
+        def hash
+          to_a[0,2].hash + @user.login.hash
+        end
+
+        def reverse? (other)
+          (other.is_a?(AssignRoleToUserAction) or
+              other.is_a?(AbstractCompoundAction)) and
+                other.reverse?(self)
+        end
+
+        def resembles? (spec)
+          super(spec[0,2]) and (spec.length == 2 or spec[2] == @user.login)
+        end
+
+        def to_a
+          [:remove_role_from_user, @role, @user]
+        end
+      end
+
+      protected
+      def next_step (viable_approaches, candidates, approach_checker)
+        candidate = candidates.shift
+
+        child_candidates = generate_child_candidates(candidate)
+        check_child_candidates!(approach_checker, viable_approaches, candidates, child_candidates)
+
+        candidates.sort!
+        child_candidates.length
+      end
+
+      def generate_child_candidates (candidate)
+        child_candidates = []
+        abstract_actions = candidate.abstract_actions
+        abstract_actions.each do |abstract_action|
+          abstract_action.specific_actions(candidate).each do |specific_action|
+            child_candidate = candidate.dup
+            if !specific_action.resembles_any?(@prohibited_actions) and
+                  !child_candidate.reverse_of_previous?(specific_action) and
+                  child_candidate.apply(specific_action)
+              child_candidates << child_candidate
+            end
+          end
+        end
+        child_candidates
+      end
+
+      def check_child_candidates! (approach_checker, viable_approaches, candidates, child_candidates)
+        child_candidates.each do |child_candidate|
+          if child_candidate.check(approach_checker)
+            unless superset_of_existing?(child_candidate)
+              remove_supersets!(viable_approaches, child_candidate)
+              viable_approaches << child_candidate
+              add_to_approaches_by_action!(child_candidate)
+            end
+          else
+            candidates << child_candidate
+          end
+          child_candidate.freeze
+        end
+      end
+
+      def superset_of_existing? (candidate)
+        candidate.changes.any? do |action|
+          (@approaches_by_actions[action] ||= []).any? {|approach| approach.subset?(candidate)}
+        end
+      end
+
+      def remove_supersets! (existing, candidate)
+        candidate.changes.inject([]) do |memo, action|
+          memo += (@approaches_by_actions[action] ||= []).select do |approach|
+            candidate.subset?(approach)
+          end
+        end.uniq.each do |approach|
+          existing.delete(approach)
+          remove_from_approaches_by_action!(approach)
+        end
+      end
+
+      def add_to_approaches_by_action! (candidate)
+        candidate.changes.each do |action|
+          (@approaches_by_actions[action] ||= []) << candidate
+        end
+      end
+
+      def remove_from_approaches_by_action! (candidate)
+        candidate.changes.each do |action|
+          (@approaches_by_actions[action] ||= []).delete(candidate)
+        end
+      end
+
+      def relevant_roles (approach)
+        self.class.relevant_roles(approach)
+      end
+      def self.relevant_roles (approach)
+        (AnalyzerEngine.relevant_roles(approach.engine, approach.users) +
+            (approach.engine.roles.include?(:new_role_for_change_analyzer) ?
+               [AnalyzerEngine::Role.for_sym(:new_role_for_change_analyzer, approach.engine)] : [])).uniq
+      end
+    end
+  end
+end