Method: Inspec::Resources::WindowsFilePermissions#check_file_permission_by_user

Defined in:

lib/resources/file.rb

#check_file_permission_by_user(access_type, user, path) ⇒ Object

# File 'lib/resources/file.rb', line 202

def check_file_permission_by_user(access_type, user, path)
  access_rule = case access_type
                when 'read'
                  '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'Read\', \'ListDirectory\')'
                when 'write'
                  '@(\'FullControl\', \'Modify\', \'Write\')'
                when 'execute'
                  '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')'
                else
                  raise 'Invalid access_type provided'
                end
  cmd = inspec.command("@(@((Get-Acl '#{path}').access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
  cmd.stdout.chomp == '0' ? false : true
end