Background

When maintaining a large model, you will find that eventually you need to review what access groups exist in the model, but also how Actions and ViewModels are assigned to these groups.

You need to answer questions like, "Do the access groups for actions match with the ViewModels they navigate to?", or, "Do I have ViewModels that have no access group assigned, and therefore are open for access?".

Here are some OCL queries and EAL code that both finds potential problems and corrects them if needed. Please adapt this code to your needs.

Code

Note: ViewModels are called "Span" in the internal model.

ViewModel that no action navigates to

Somewhat odd ViewModels that seem to be used for UI, but there's no way to reach them with an action.

Span.allinstances->select(s|s.ShowByActions->isEmpty and s.CriteriaForServerSideExecute->isEmpty and s.UsePlacingHints )->collect(span | span.Category.Name, span.Name, span.Class.Name, span.CodeComment)->orderBy(x|x.Name, x.Name1)

Find all ViewModels with no access group but have actions navigating to them that have access groups.

Probably these ViewModels need securing by adding access groups to them.

Span.allInstances->select(s|s.AccessGroups->isEmpty and s.CriteriaForServerSideExecute->isEmpty and s.UsePlacingHints and s.ShowByActions->notEmpty)->
  collect(s|s.Name, s.AccessGroups.Name->asCommaList, (s.ShowByActions->collect(a|a.Name + ' AG:' + a.AccessGroups.Name->asCommaList))->asCommaList)

Show actions that have "more" access groups than the ViewModel they navigate to.

AbstractAction.allInstances->select(aa|aa.BringUpViewModel.notNull and aa.BringUpViewModel.CriteriaForServerSideExecute->isEmpty and  aa.AccessGroups->difference(aa.BringUpViewModel.AccessGroups)->notEmpty)->
collect(aa|aa.oclType.asString, aa.Name, aa.AccessGroups.Name->asCommaList, aa.BringUpViewModel.Name, aa.BringUpViewModel.AccessGroups.Name->asCommaList)->orderBy(x|x.Part1, x.Name)