Class: SuperAuth::GraphController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• SuperAuth::GraphController

Defined in:

app/controllers/super_auth/graph_controller.rb

Instance Method Summary

• #authorize ⇒ Object
• #compile_authorizations ⇒ Object
• #create_edge ⇒ Object
• #create_group ⇒ Object
• #create_permission ⇒ Object
• #create_resource ⇒ Object
• #create_role ⇒ Object
• #create_user ⇒ Object
• #data ⇒ Object
• #delete_edge ⇒ Object
• #delete_group ⇒ Object
• #delete_permission ⇒ Object
• #delete_resource ⇒ Object
• #delete_role ⇒ Object
• #delete_user ⇒ Object
• #index ⇒ Object
• #orphaned ⇒ Object
• #visualization ⇒ Object

Instance Method Details

#authorize ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 271

def authorize
  user_id = params[:user_id]
  resource_id = params[:resource_id]

  if user_id.blank? || resource_id.blank?
    render json: { error: 'user_id and resource_id are required' }, status: :bad_request
    return
  end

  paths = find_authorization_paths(user_id.to_i, resource_id.to_i)

  render json: {
    authorized: paths.any?,
    paths: paths,
    count: paths.length
  }
end

#compile_authorizations ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 184

def compile_authorizations
  begin
    count = authorization_class.compile!

    render json: {
      success: true,
      message: "Compiled #{count} authorization paths",
      count: count
    }
  rescue => e
    render json: { success: false, error: e.message }, status: 422
  end
end

#create_edge ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 160

def create_edge
  edge = edge_class.create!(edge_params)
  render json: {
    success: true,
    edge: {
      id: edge.id,
      user_id: edge.user_id,
      group_id: edge.group_id,
      role_id: edge.role_id,
      permission_id: edge.permission_id,
      resource_id: edge.resource_id
    }
  }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#create_group ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 104

def create_group
  group = group_class.create!(group_params)
  render json: { success: true, group: { id: group.id, name: group.name, parent_id: group.parent_id, type: 'group' } }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#create_permission ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 132

def create_permission
  permission = permission_class.create!(permission_params)
  render json: { success: true, permission: { id: permission.id, name: permission.name, type: 'permission' } }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#create_resource ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 146

def create_resource
  resource = resource_class.create!(resource_params)
  render json: { success: true, resource: { id: resource.id, name: resource.name, type: 'resource' } }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#create_role ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 118

def create_role
  role = role_class.create!(role_params)
  render json: { success: true, role: { id: role.id, name: role.name, parent_id: role.parent_id, type: 'role' } }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#create_user ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 90

def create_user
  user = user_class.create!(user_params)
  render json: { success: true, user: { id: user.id, name: user.name, type: 'user' } }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#data ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 11

def data
  # Check if filters are applied
  has_filters = params[:user_id].present? || params[:resource_id].present?

  if has_filters
    # Apply filters
    edges = edge_class.all
    edges = edges.where(user_id: params[:user_id]) if params[:user_id].present?
    edges = edges.where(resource_id: params[:resource_id]) if params[:resource_id].present?

    # Get IDs of entities connected by filtered edges
    user_ids = edges.map(&:user_id).compact.uniq
    group_ids = edges.map(&:group_id).compact.uniq
    role_ids = edges.map(&:role_id).compact.uniq
    permission_ids = edges.map(&:permission_id).compact.uniq
    resource_ids = edges.map(&:resource_id).compact.uniq

    # Include parent groups and roles for hierarchy visualization
    groups = group_class.where(id: group_ids)
    groups.each do |group|
      current = group
      while current.parent_id
        parent = group_class.find_by(id: current.parent_id)
        break unless parent
        group_ids << parent.id unless group_ids.include?(parent.id)
        current = parent
      end
    end

    roles = role_class.where(id: role_ids)
    roles.each do |role|
      current = role
      while current.parent_id
        parent = role_class.find_by(id: current.parent_id)
        break unless parent
        role_ids << parent.id unless role_ids.include?(role.id)
        current = parent
      end
    end

    render json: {
      all_users: user_class.all.map { |u| { id: u.id, name: u.name } },
      all_resources: resource_class.all.map { |r| { id: r.id, name: r.name } },
      users: user_class.where(id: user_ids).map { |u| { id: u.id, name: u.name, type: 'user' } },
      groups: group_class.where(id: group_ids).map { |g| { id: g.id, name: g.name, parent_id: g.parent_id, type: 'group' } },
      roles: role_class.where(id: role_ids).map { |r| { id: r.id, name: r.name, parent_id: r.parent_id, type: 'role' } },
      permissions: permission_class.where(id: permission_ids).map { |p| { id: p.id, name: p.name, type: 'permission' } },
      resources: resource_class.where(id: resource_ids).map { |r| { id: r.id, name: r.name, type: 'resource' } },
      edges: edges.map { |e| {
        id: e.id,
        user_id: e.user_id,
        group_id: e.group_id,
        role_id: e.role_id,
        permission_id: e.permission_id,
        resource_id: e.resource_id
      }}
    }
  else
    # No filters - return all entities
    render json: {
      all_users: user_class.all.map { |u| { id: u.id, name: u.name } },
      all_resources: resource_class.all.map { |r| { id: r.id, name: r.name } },
      users: user_class.all.map { |u| { id: u.id, name: u.name, type: 'user' } },
      groups: group_class.all.map { |g| { id: g.id, name: g.name, parent_id: g.parent_id, type: 'group' } },
      roles: role_class.all.map { |r| { id: r.id, name: r.name, parent_id: r.parent_id, type: 'role' } },
      permissions: permission_class.all.map { |p| { id: p.id, name: p.name, type: 'permission' } },
      resources: resource_class.all.map { |r| { id: r.id, name: r.name, type: 'resource' } },
      edges: edge_class.all.map { |e| {
        id: e.id,
        user_id: e.user_id,
        group_id: e.group_id,
        role_id: e.role_id,
        permission_id: e.permission_id,
        resource_id: e.resource_id
      }}
    }
  end
end

#delete_edge ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 177

def delete_edge
  edge_class.find(params[:id]).destroy!
  render json: { success: true }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#delete_group ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 111

def delete_group
  group_class.find(params[:id]).destroy!
  render json: { success: true }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#delete_permission ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 139

def delete_permission
  permission_class.find(params[:id]).destroy!
  render json: { success: true }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#delete_resource ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 153

def delete_resource
  resource_class.find(params[:id]).destroy!
  render json: { success: true }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#delete_role ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 125

def delete_role
  role_class.find(params[:id]).destroy!
  render json: { success: true }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#delete_user ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 97

def delete_user
  user_class.find(params[:id]).destroy!
  render json: { success: true }
rescue => e
  render json: { success: false, error: e.message }, status: 422
end

#index ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 7

def index
  # Render the interactive graph visualization view
end

#orphaned ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 198

def orphaned
  # Find orphaned records that aren't part of any complete authorization path
  orphans = {
    users: [],
    groups: [],
    roles: [],
    permissions: [],
    resources: []
  }

  # Get all edges
  edges = edge_class.all

  # Check each user - can they reach any resource?
  user_class.find_each do |user|
    can_reach_resource = can_reach_any_resource?(user.id, edges)
    orphans[:users] << { id: user.id, name: user.name, reason: 'Cannot reach any resource' } unless can_reach_resource
  end

  # Check each resource - can any user reach it?
  resource_class.find_each do |resource|
    can_be_reached = can_resource_be_reached?(resource.id, edges)
    orphans[:resources] << { id: resource.id, name: resource.name, reason: 'Cannot be reached by any user' } unless can_be_reached
  end

  # Check groups - are they part of any user-to-resource path?
  group_class.find_each do |group|
    has_user_connection = edges.any? { |e| e.user_id && e.group_id == group.id }
    has_downstream = edges.any? { |e| e.group_id == group.id && (e.role_id || e.permission_id || e.resource_id) }

    unless has_user_connection && has_downstream
      reason = if !has_user_connection
        'Not connected to any user'
      elsif !has_downstream
        'Not connected downstream'
      end
      orphans[:groups] << { id: group.id, name: group.name, reason: reason }
    end
  end

  # Check roles
  role_class.find_each do |role|
    has_upstream = edges.any? { |e| (e.user_id || e.group_id) && e.role_id == role.id }
    has_downstream = edges.any? { |e| e.role_id == role.id && (e.permission_id || e.resource_id) }

    unless has_upstream && has_downstream
      reason = if !has_upstream
        'Not connected to any user or group'
      elsif !has_downstream
        'Not connected downstream'
      end
      orphans[:roles] << { id: role.id, name: role.name, reason: reason }
    end
  end

  # Check permissions
  permission_class.find_each do |permission|
    has_upstream = edges.any? { |e| (e.user_id || e.group_id || e.role_id) && e.permission_id == permission.id }
    has_downstream = edges.any? { |e| e.permission_id == permission.id && e.resource_id }

    unless has_upstream && has_downstream
      reason = if !has_upstream
        'Not connected to any user/group/role'
      elsif !has_downstream
        'Not connected to any resource'
      end
      orphans[:permissions] << { id: permission.id, name: permission.name, reason: reason }
    end
  end

  render json: { orphans: orphans }
end

#visualization ⇒ Object

# File 'app/controllers/super_auth/graph_controller.rb', line 289

def visualization
  html_path = File.join(SuperAuth::Engine.root, 'visualization.html')
  send_file html_path, type: 'text/html', disposition: 'inline'
end