Class: Inspec::Resources::WindowsFilePermissions
- Inherits:
-
FilePermissions
- Object
- FilePermissions
- Inspec::Resources::WindowsFilePermissions
- Defined in:
- lib/resources/file.rb
Instance Attribute Summary
Attributes inherited from FilePermissions
Instance Method Summary collapse
- #check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user) ⇒ Object
- #check_file_permission_by_user(access_type, user, path) ⇒ Object
Methods inherited from FilePermissions
Constructor Details
This class inherits a constructor from Inspec::Resources::FilePermissions
Instance Method Details
#check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user) ⇒ Object
199 200 201 |
# File 'lib/resources/file.rb', line 199 def (_file, _access_type, _usergroup, _specific_user) raise '`check_file_permission_by_mask` is not supported on Windows' end |
#check_file_permission_by_user(access_type, user, path) ⇒ Object
203 204 205 206 207 208 209 210 211 212 213 214 215 216 |
# File 'lib/resources/file.rb', line 203 def (access_type, user, path) access_rule = case access_type when 'read' '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'Read\', \'ListDirectory\')' when 'write' '@(\'FullControl\', \'Modify\', \'Write\')' when 'execute' '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')' else raise 'Invalid access_type provided' end cmd = inspec.command("@(@((Get-Acl '#{path}').access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }") cmd.stdout.chomp == '0' ? false : true end |