Skip to content
February 15, 2011 / edeustace

Ruby script for applying security constraints to Fiber data model.

On our current project we are using Adobe’s Fiber data modelling technology. I’m in the process of applying security constraints to the .fml file. In the current version the only way to apply these constraints is by doing:

 <annotation name='DMS'
            <item name='read-security-constraint-ref'>authenticated-user</item>
            <item name='count-security-constraint-ref'>authenticated-user</item>
            <item name='update-security-constraint-ref'>authenticated-user</item>
            <item name='create-security-constraint-ref'>authenticated-user</item>
            <item name='delete-security-constraint-ref'>authenticated-user</item>

In the next release you’ll be able to do the following:

 <annotation name='DMS'
            <item name='security-constraint-ref'>authenticated-user</item>

Which is much more succinct.

Anyways, we have a large FML file, with alot of entity nodes that need to be secured. Instead of trawling my way through the fml and manualling inserting them, I wrote a ruby script to do the job for me:

require "rexml/document"
puts "RUBY SCRIPT: adds security constraints to fml model file"
puts "args: path to fml file, constraint-name, comma-delimited list of exempt entities"
puts "eg: ../../.model/MyApp.fml authenticated-user Car,Roof"

path = ARGV[0]
constraint = ARGV[1]
exempt = ARGV[2]
exempt_names = exempt.split(",")

puts "ARGS: #{path}, #{constraint}, #{exempt}"

def add_constraint( el, name, constraint )
    node = el.add_element "item", {"name"=>"#{name}"}
    node.text = constraint

def add_constraints( element, constraint )
    add_constraint( element, "read-security-constraint-ref", constraint )
    add_constraint( element, "count-security-constraint-ref", constraint )
    add_constraint( element, "update-security-constraint-ref", constraint )
    add_constraint( element, "create-security-constraint-ref", constraint )
    add_constraint( element, "delete-security-constraint-ref", constraint )

file = path, "r")
doc = file

doc.elements.each("model/entity/annotation[@name='DMS']") { |element| 
    name = element.parent.attributes["name"]
    if element.has_elements?
        puts "skipping #{name}"
            element.delete sub
    unless( exempt_names.include? name)
     add_constraints( element, constraint )
        puts "skipping #{name}"
formatter =
formatter.compact = true,"w"){|file| file.puts formatter.write(doc.root,"")}

What it does is apply the security constraint to all entity nodes with the exception of the entity nodes that you declare in the last argument. so:

#apply_constraints.rb {App fml file} {constraint name} {list of entities that don't have the security constraint}
ruby apply_constraints.rb CarChooser.fml authenticated-user Car,Wheel,Roof

Will apply the authenticated-user constraint to all entity nodes with the exception of Car, Wheel and Roof in CarChooser.fml.

Putting it up here, incase anyone else may find it useful.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: