Skip to content
February 15, 2011 / edeustace

Ruby script for applying security constraints to Fiber data model.

On our current project we are using Adobe’s Fiber data modelling technology. I’m in the process of applying security constraints to the .fml file. In the current version the only way to apply these constraints is by doing:


 <annotation name='DMS'
            Table='db.tblMyTable'>
            <item name='read-security-constraint-ref'>authenticated-user</item>
            <item name='count-security-constraint-ref'>authenticated-user</item>
            <item name='update-security-constraint-ref'>authenticated-user</item>
            <item name='create-security-constraint-ref'>authenticated-user</item>
            <item name='delete-security-constraint-ref'>authenticated-user</item>
        </annotation>

In the next release you’ll be able to do the following:


 <annotation name='DMS'
            Table='db.tblMyTable'>
            <item name='security-constraint-ref'>authenticated-user</item>
 </annotation>

Which is much more succinct.

Anyways, we have a large FML file, with alot of entity nodes that need to be secured. Instead of trawling my way through the fml and manualling inserting them, I wrote a ruby script to do the job for me:

require "rexml/document"
puts "RUBY SCRIPT: adds security constraints to fml model file"
puts "args: path to fml file, constraint-name, comma-delimited list of exempt entities"
puts "eg: ../../.model/MyApp.fml authenticated-user Car,Roof"

path = ARGV[0]
constraint = ARGV[1]
exempt = ARGV[2]
exempt_names = exempt.split(",")

puts "ARGS: #{path}, #{constraint}, #{exempt}"

def add_constraint( el, name, constraint )
    node = el.add_element "item", {"name"=>"#{name}"}
    node.text = constraint
end

def add_constraints( element, constraint )
    add_constraint( element, "read-security-constraint-ref", constraint )
    add_constraint( element, "count-security-constraint-ref", constraint )
    add_constraint( element, "update-security-constraint-ref", constraint )
    add_constraint( element, "create-security-constraint-ref", constraint )
    add_constraint( element, "delete-security-constraint-ref", constraint )
end


file = File.open( path, "r")
doc = REXML::Document.new file
file.close

doc.elements.each("model/entity/annotation[@name='DMS']") { |element| 
    name = element.parent.attributes["name"]
    
    if element.has_elements?
        puts "skipping #{name}"
        element.elements.each{|sub|
            element.delete sub
        }
    end
    unless( exempt_names.include? name)
     add_constraints( element, constraint )
    else
        puts "skipping #{name}"
    end
    
 }
 
formatter = REXML::Formatters::Pretty.new
formatter.compact = true
File.open(path,"w"){|file| file.puts formatter.write(doc.root,"")}

What it does is apply the security constraint to all entity nodes with the exception of the entity nodes that you declare in the last argument. so:

#apply_constraints.rb {App fml file} {constraint name} {list of entities that don't have the security constraint}
ruby apply_constraints.rb CarChooser.fml authenticated-user Car,Wheel,Roof

Will apply the authenticated-user constraint to all entity nodes with the exception of Car, Wheel and Roof in CarChooser.fml.

Putting it up here, incase anyone else may find it useful.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: