Class: Nexpose::Role

Inherits:

RoleSummary

• Object
• RoleSummary
• Nexpose::Role

Defined in:

lib/nexpose/role.rb

Constant Summary

GLOBAL_ADMINISTRATOR =

Constants, mapping UI terms to role names expected by API.

'global-admin'

ASSET_OWNER =

'system-admin'

SECURITY_MANAGER =

'security-manager'

SITE_OWNER =

'site-admin'

USER =

'user'

Instance Attribute Summary

• #existing ⇒ Object

  Flag to track whether this role exists already on the Nexpose console.

• #privileges ⇒ Object

  Array of all privileges which are enabled for this role.

Attributes inherited from RoleSummary

#description, #enabled, #full_name, #id, #name, #scope

Class Method Summary

• .copy(nsc, name, scope = Scope::SILO) ⇒ Role

  Copy an existing Role to build a new role off of it.

• .load(nsc, name, scope = Scope::SILO) ⇒ Role

  Retrieve a detailed description of a single role.

• .parse(xml) ⇒ Object

Instance Method Summary

• #delete(nsc) ⇒ Object

  Remove this role from the Nexpose console.

• #initialize(name, full_name, id, enabled = true, scope = Scope::SILO) ⇒ Role constructor

  A new instance of Role.

• #save(nsc) ⇒ Object

  Create or save a Role to the Nexpose console.

• #to_xml ⇒ Object

Constructor Details

#initialize(name, full_name, id, enabled = true, scope = Scope::SILO) ⇒ Role

Returns a new instance of Role.

# File 'lib/nexpose/role.rb', line 133

def initialize(name, full_name, id, enabled = true, scope = Scope::SILO)
  @name, @full_name, @id, @enabled, @scope = name, full_name, id, enabled, scope
  @privileges = []
end

Instance Attribute Details

#existing ⇒ Object

Flag to track whether this role exists already on the Nexpose console. Flag determines behavior of #save method.

# File 'lib/nexpose/role.rb', line 131

def existing
  @existing
end

#privileges ⇒ Object

Array of all privileges which are enabled for this role. Note: Although the underlying XML has different requirements, this only checks for presence.

See Also:

• Privilege

# File 'lib/nexpose/role.rb', line 127

def privileges
  @privileges
end

Class Method Details

.copy(nsc, name, scope = Scope::SILO) ⇒ Role

Copy an existing Role to build a new role off of it. Role will not have a valid name or full_name, so they will need to be provided before saving.

Parameters:

• nsc (Connection) —

  Nexpose connection.

• name (String) —

  The short name of the role which you wish to copy.

• scope (String) (defaults to: Scope::SILO) —

  Whether the role has global or silo scope. @see Nexpose::Scope

Returns:

• (Role) —

  requested role.

# File 'lib/nexpose/role.rb', line 190

def self.copy(nsc, name, scope = Scope::SILO)
  role = load(nsc, name, scope)
  role.name = role.full_name = nil
  role.id = -1
  role.existing = false
  role
end

.load(nsc, name, scope = Scope::SILO) ⇒ Role

Retrieve a detailed description of a single role.

Parameters:

• nsc (Connection) —

  Nexpose connection.

• name (String) —

  The short name of the role.

• scope (String) (defaults to: Scope::SILO) —

  Whether the role has global or silo scope. @see Nexpose::Scope Scope doesn’t appear to be required when requesting installed roles.

Returns:

• (Role) —

  requested role.

# File 'lib/nexpose/role.rb', line 146

def self.load(nsc, name, scope = Scope::SILO)
  xml = %Q(<RoleDetailsRequest session-id="#{nsc.session_id}">)
  xml << %Q(<Role name="#{name}" scope="#{scope}"/>)
  xml << '</RoleDetailsRequest>'

  response = APIRequest.execute(nsc.url, xml, '1.2')
  if response.success
    elem = REXML::XPath.first(response.res, 'RoleDetailsResponse/Role/')
    parse(elem)
  end
end

.parse(xml) ⇒ Object

# File 'lib/nexpose/role.rb', line 210

def self.parse(xml)
  role = new(xml.attributes['name'],
             xml.attributes['full-name'],
             xml.attributes['id'].to_i,
             xml.attributes['enabled'] == 'true',
             xml.attributes['scope'])

  role.description = REXML::XPath.first(xml, 'Description').text
  role.existing = true

  # Only grab enabled privileges.
  xml.elements.each("GlobalPrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  xml.elements.each("SitePrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  xml.elements.each("AssetGroupPrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  role
end

Instance Method Details

#delete(nsc) ⇒ Object

Remove this role from the Nexpose console.

Parameters:

• nsc (Connection) —

  Nexpose connection.

# File 'lib/nexpose/role.rb', line 202

def delete(nsc)
  xml = %Q(<RoleDeleteRequest session-id="#{nsc.session_id}">)
  xml << %Q(<Role name="#{@name}" scope="#{@scope}"/>)
  xml << '</RoleDeleteRequest>' 
  response = APIRequest.execute(nsc.url, xml, '1.2')
  response.success
end

#save(nsc) ⇒ Object

Create or save a Role to the Nexpose console.

Parameters:

• nsc (Connection) —

  Nexpose connection.

# File 'lib/nexpose/role.rb', line 164

def save(nsc)
  if @existing
    xml = %Q(<RoleUpdateRequest session-id="#{nsc.session_id}">)
    xml << to_xml
    xml << '</RoleUpdateRequest>'
  else
    xml = %Q(<RoleCreateRequest session-id="#{nsc.session_id}">)
    xml << to_xml
    xml << '</RoleCreateRequest>'
  end

  response = APIRequest.execute(nsc.url, xml, '1.2')
  xml = REXML::XPath.first(response.res, 'RoleCreateResponse')
  @id = xml.attributes['id'].to_i
  @existing = true
  response.success
end

#to_xml ⇒ Object

# File 'lib/nexpose/role.rb', line 233

def to_xml
  xml = %Q(<Role name="#{@name}" full-name="#{@full_name}")
  xml << %Q( enabled="#{(enabled ? 'true' : 'false')}")
  xml << %Q( scope="#{@scope}">)
  xml << %Q(<Description>#{@description}</Description>)

  xml << '<SitePrivileges>'
  Privilege::Site::constants.each do |field|
    as_s = Privilege::Site.const_get(field)
    enabled = (privileges.member? as_s) ? 'true' : 'false'
    xml << %Q(<#{as_s} enabled="#{enabled}"/>)
  end
  xml << '</SitePrivileges>'

  xml << '<AssetGroupPrivileges>'
  Privilege::AssetGroup::constants.each do |field|
    as_s = Privilege::AssetGroup.const_get(field)
    enabled = (privileges.member? as_s) ? 'true' : 'false'
    xml << %Q(<#{as_s} enabled="#{enabled}"/>)
  end
  xml << '</AssetGroupPrivileges>'

  xml << '<GlobalPrivileges>'
  Privilege::Global::constants.each do |field|
    as_s = Privilege::Global.const_get(field)
    enabled = (privileges.member? as_s) ? 'true' : 'false'
    xml << %Q(<#{as_s} enabled="#{enabled}"/>)
  end
  xml << '</GlobalPrivileges>'

  xml << '</Role>'
  xml
end