Background

When maintaining a large model, you will find that eventually you need to review what access groups there are in the model, but also how Actions and ViewModels are assigned to these groups.

You need to answer questions like, "Does the access groups for actions match with the viewmodels they navigate to", or, "Do I have ViewModels that has no access group assigned, and therefore are open for access".

Here are some OCL queries and EAL code that both finds potential problems and corrects them if needed. Please adapt this code to your needs.

Code

Note: ViewModels are called "Span" in the internal model.

ViewModel that no action navigate to

Somewhat odd ViewModels that seems to be used for UI, but there's no way to reach them with an action.

Span.allinstances->select(s|s.ShowByActions->isEmpty and s.CriteriaForServerSideExecute->isEmpty and s.UsePlacingHints )->collect(span | span.Category.Name, span.Name, span.Class.Name, span.CodeComment)->orderBy(x|x.Name, x.Name1)

Find all ViewModel with no access group but has actions navigating to it that has access groups.

Probably these viewmodels needs securing by adding access groups to them.

Span.allInstances->select(s|s.AccessGroups->isEmpty and s.CriteriaForServerSideExecute->isEmpty and s.UsePlacingHints and s.ShowByActions->notEmpty)->
  collect(s|s.Name, s.AccessGroups.Name->asCommaList, (s.ShowByActions->collect(a|a.Name + ' AG:' + a.AccessGroups.Name->asCommaList))->asCommaList)

Show actions that have "more" access groups than the ViewModel they navigate to

AbstractAction.allInstances->select(aa|aa.BringUpViewModel.notNull and aa.BringUpViewModel.CriteriaForServerSideExecute->isEmpty and  aa.AccessGroups->difference(aa.BringUpViewModel.AccessGroups)->notEmpty)->
collect(aa|aa.oclType.asString, aa.Name, aa.AccessGroups.Name->asCommaList, aa.BringUpViewModel.Name, aa.BringUpViewModel.AccessGroups.Name->asCommaList)->orderBy(x|x.Part1, x.Name)