nandilugio/permission_analyzer.rb

## permission_analyzer.rb
USAGES_DIR = "app/"
DECLARATIONS_FILE = "app/models/ability.rb"

puts `pwd`

def normalize_call_arguments(call_arguments)
  call_arguments.map do |raw_action, raw_resource|
    action = raw_action.tr(':', '').to_sym
    resource = raw_resource.demodulize.tr('@:', '').underscore.singularize.to_sym
    [action, resource]
  end.uniq
end

def actions_by_resource(normalized_call_arguments)
  actions_by_resource = {}
  normalized_call_arguments.each do |action, resource|
    actions_by_resource[resource] ||= []
    actions_by_resource[resource] << action
  end
  actions_by_resource
end

def sort_actions_and_resources(actions_by_resource)
  actions_by_resource.dup.each_value { |group| group.sort! }.sort.to_h
end


def extract_used_actions_by_resource
  lines = `grep -re '\\(can?\\|cannot?\\|authorize!\\)[ \\(]' #{USAGES_DIR}`.split("\n")
  call_arguments = lines.flat_map { |l| l.scan(/(can\?|cannot\?|authorize!)\(?\s*([:@\w]+)\s*,\s*([:@\w]+)\s*\)?/) }.map { |t| t[1..2] }

  used_actions_by_resource = actions_by_resource(normalize_call_arguments(call_arguments))

  lines = `grep -re 'authorize_resource' #{USAGES_DIR}`.split("\n")
  controller_files = lines.map { |l| /^([^:]+):/.match(l)[1] }
  controller_resources = controller_files.map { |file| File.basename(file, '_controller.rb').singularize.to_sym }.uniq

  controller_resources.each do |resource|
    used_actions_by_resource[resource] ||= []
    used_actions_by_resource[resource] << :controller_actions
  end

  sort_actions_and_resources(used_actions_by_resource)
end

def extract_declared_actions_by_resource
  lines = `grep -e '\\(can\\|cannot\\)[ \\(]' #{DECLARATIONS_FILE}`.split("\n")
  call_arguments = lines.flat_map { |l| l.scan(/(can|cannot)\(?\s*([:@\w]+)\s*,\s*([:@\w]+)\s*\)?/) }.map { |t| t[1..2] }

  sort_actions_and_resources(actions_by_resource(normalize_call_arguments(call_arguments)))
end

def delete_proposals
  declared = extract_declared_actions_by_resource
  used = extract_used_actions_by_resource
  proposals = {}

  declared.each_pair do |resource, declared_actions|
    next if resource == :all
    if used.has_key?(resource)
      used_actions = used[resource]
      unused_actions = declared_actions - used_actions - [:manage]
      proposals[resource] = unused_actions unless unused_actions.empty?
    else
      proposals[resource] = :all_actions
    end
  end
  proposals
end

puts "\n===============================================================================\n"
puts "\nDECLARED PERMISSIONS\n"
puts extract_declared_actions_by_resource.to_yaml

puts "\n===============================================================================\n"
puts "\nUSED PERMISSIONS\n"
puts extract_used_actions_by_resource.to_yaml

puts "\n===============================================================================\n"
puts "\nDELETE PROPOSALS\n"
puts delete_proposals.to_yaml
	USAGES_DIR = "app/"
	DECLARATIONS_FILE = "app/models/ability.rb"

	puts `pwd`

	def normalize_call_arguments(call_arguments)
	call_arguments.map do \|raw_action, raw_resource\|
	action = raw_action.tr(':', '').to_sym
	resource = raw_resource.demodulize.tr('@:', '').underscore.singularize.to_sym
	[action, resource]
	end.uniq
	end

	def actions_by_resource(normalized_call_arguments)
	actions_by_resource = {}
	normalized_call_arguments.each do \|action, resource\|
	actions_by_resource[resource] \|\|= []
	actions_by_resource[resource] << action
	end
	actions_by_resource
	end

	def sort_actions_and_resources(actions_by_resource)
	actions_by_resource.dup.each_value { \|group\| group.sort! }.sort.to_h
	end


	def extract_used_actions_by_resource
	lines = `grep -re '\\(can?\\\|cannot?\\\|authorize!\\)[ \\(]' #{USAGES_DIR}`.split("\n")
	call_arguments = lines.flat_map { \|l\| l.scan(/(can\?\|cannot\?\|authorize!)\(?\s([:@\w]+)\s,\s([:@\w]+)\s\)?/) }.map { \|t\| t[1..2] }

	used_actions_by_resource = actions_by_resource(normalize_call_arguments(call_arguments))

	lines = `grep -re 'authorize_resource' #{USAGES_DIR}`.split("\n")
	controller_files = lines.map { \|l\| /^([^:]+):/.match(l)[1] }
	controller_resources = controller_files.map { \|file\| File.basename(file, '_controller.rb').singularize.to_sym }.uniq

	controller_resources.each do \|resource\|
	used_actions_by_resource[resource] \|\|= []
	used_actions_by_resource[resource] << :controller_actions
	end

	sort_actions_and_resources(used_actions_by_resource)
	end

	def extract_declared_actions_by_resource
	lines = `grep -e '\\(can\\\|cannot\\)[ \\(]' #{DECLARATIONS_FILE}`.split("\n")
	call_arguments = lines.flat_map { \|l\| l.scan(/(can\|cannot)\(?\s([:@\w]+)\s,\s([:@\w]+)\s\)?/) }.map { \|t\| t[1..2] }

	sort_actions_and_resources(actions_by_resource(normalize_call_arguments(call_arguments)))
	end

	def delete_proposals
	declared = extract_declared_actions_by_resource
	used = extract_used_actions_by_resource
	proposals = {}

	declared.each_pair do \|resource, declared_actions\|
	next if resource == :all
	if used.has_key?(resource)
	used_actions = used[resource]
	unused_actions = declared_actions - used_actions - [:manage]
	proposals[resource] = unused_actions unless unused_actions.empty?
	else
	proposals[resource] = :all_actions
	end
	end
	proposals
	end

	puts "\n===============================================================================\n"
	puts "\nDECLARED PERMISSIONS\n"
	puts extract_declared_actions_by_resource.to_yaml

	puts "\n===============================================================================\n"
	puts "\nUSED PERMISSIONS\n"
	puts extract_used_actions_by_resource.to_yaml

	puts "\n===============================================================================\n"
	puts "\nDELETE PROPOSALS\n"
	puts delete_proposals.to_yaml