Class: Inspec::Resources::WindowsFilePermissions

Inherits:
FilePermissions show all
Defined in:
lib/resources/file.rb

Instance Attribute Summary

Attributes inherited from FilePermissions

#inspec

Instance Method Summary collapse

Methods inherited from FilePermissions

#initialize

Constructor Details

This class inherits a constructor from Inspec::Resources::FilePermissions

Instance Method Details

#check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user) ⇒ Object 



199
200
201
 
# File 'lib/resources/file.rb', line 199

def check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user)
  raise '`check_file_permission_by_mask` is not supported on Windows'
end

#check_file_permission_by_user(access_type, user, path) ⇒ Object 



203
204
205
206
207
208
209
210
211
212
213
214
215
216
 
# File 'lib/resources/file.rb', line 203

def check_file_permission_by_user(access_type, user, path)
  access_rule = case access_type
                when 'read'
                  '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'Read\', \'ListDirectory\')'
                when 'write'
                  '@(\'FullControl\', \'Modify\', \'Write\')'
                when 'execute'
                  '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')'
                else
                  raise 'Invalid access_type provided'
                end
  cmd = inspec.command("@(@((Get-Acl '#{path}').access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
  cmd.stdout.chomp == '0' ? false : true
end