Class: Nexpose::Role

Inherits:
RoleSummary show all
Includes:
Sanitize
Defined in:
lib/nexpose/role.rb

Constant Summary collapse

GLOBAL_ADMINISTRATOR =

Constants, mapping UI terms to role names expected by API.

'global-admin'
ASSET_OWNER =
'system-admin'
SECURITY_MANAGER =
'security-manager'
SITE_OWNER =
'site-admin'
USER =
'user'

Instance Attribute Summary collapse

Attributes inherited from RoleSummary

#description, #enabled, #full_name, #id, #name, #scope

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Sanitize

#replace_entities

Constructor Details

#initialize(name, full_name, id, enabled = true, scope = Scope::SILO) ⇒ Role

Returns a new instance of Role.



134
135
136
137
# File 'lib/nexpose/role.rb', line 134

def initialize(name, full_name, id, enabled = true, scope = Scope::SILO)
  @name, @full_name, @id, @enabled, @scope = name, full_name, id, enabled, scope
  @privileges = []
end

Instance Attribute Details

#existingObject

Flag to track whether this role exists already on the Nexpose console. Flag determines behavior of #save method.



132
133
134
# File 'lib/nexpose/role.rb', line 132

def existing
  @existing
end

#privilegesObject

Array of all privileges which are enabled for this role. Note: Although the underlying XML has different requirements, this only checks for presence.

See Also:



128
129
130
# File 'lib/nexpose/role.rb', line 128

def privileges
  @privileges
end

Class Method Details

.copy(nsc, name, scope = Scope::SILO) ⇒ Role

Copy an existing Role to build a new role off of it. Role will not have a valid name or full_name, so they will need to be provided before saving.

Parameters:

  • nsc (Connection)

    Nexpose connection.

  • name (String)

    The short name of the role which you wish to copy.

  • scope (String) (defaults to: Scope::SILO)

    Whether the role has global or silo scope. @see Nexpose::Scope

Returns:

  • (Role)

    requested role.



191
192
193
194
195
196
197
# File 'lib/nexpose/role.rb', line 191

def self.copy(nsc, name, scope = Scope::SILO)
  role = load(nsc, name, scope)
  role.name = role.full_name = nil
  role.id = -1
  role.existing = false
  role
end

.load(nsc, name, scope = Scope::SILO) ⇒ Role

Retrieve a detailed description of a single role.

Parameters:

  • nsc (Connection)

    Nexpose connection.

  • name (String)

    The short name of the role.

  • scope (String) (defaults to: Scope::SILO)

    Whether the role has global or silo scope. @see Nexpose::Scope Scope doesn’t appear to be required when requesting installed roles.

Returns:

  • (Role)

    requested role.



147
148
149
150
151
152
153
154
155
156
157
# File 'lib/nexpose/role.rb', line 147

def self.load(nsc, name, scope = Scope::SILO)
  xml = %Q(<RoleDetailsRequest session-id="#{nsc.session_id}">)
  xml << %Q(<Role name="#{name}" scope="#{scope}"/>)
  xml << '</RoleDetailsRequest>'

  response = APIRequest.execute(nsc.url, xml, '1.2')
  if response.success
    elem = REXML::XPath.first(response.res, 'RoleDetailsResponse/Role/')
    parse(elem)
  end
end

.parse(xml) ⇒ Object



211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
# File 'lib/nexpose/role.rb', line 211

def self.parse(xml)
  role = new(xml.attributes['name'],
             xml.attributes['full-name'],
             xml.attributes['id'].to_i,
             xml.attributes['enabled'] == 'true',
             xml.attributes['scope'])

  role.description = REXML::XPath.first(xml, 'Description').text
  role.existing = true

  # Only grab enabled privileges.
  xml.elements.each("GlobalPrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  xml.elements.each("SitePrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  xml.elements.each("AssetGroupPrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  role
end

Instance Method Details

#delete(nsc) ⇒ Object

Remove this role from the Nexpose console.

Parameters:



203
204
205
206
207
208
209
# File 'lib/nexpose/role.rb', line 203

def delete(nsc)
  xml = %Q(<RoleDeleteRequest session-id="#{nsc.session_id}">)
  xml << %Q(<Role name="#{@name}" scope="#{@scope}"/>)
  xml << '</RoleDeleteRequest>' 
  response = APIRequest.execute(nsc.url, xml, '1.2')
  response.success
end

#save(nsc) ⇒ Object

Create or save a Role to the Nexpose console.

Parameters:



165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# File 'lib/nexpose/role.rb', line 165

def save(nsc)
  if @existing
    xml = %Q(<RoleUpdateRequest session-id="#{nsc.session_id}">)
    xml << to_xml
    xml << '</RoleUpdateRequest>'
  else
    xml = %Q(<RoleCreateRequest session-id="#{nsc.session_id}">)
    xml << to_xml
    xml << '</RoleCreateRequest>'
  end

  response = APIRequest.execute(nsc.url, xml, '1.2')
  xml = REXML::XPath.first(response.res, 'RoleCreateResponse')
  @id = xml.attributes['id'].to_i
  @existing = true
  response.success
end

#to_xmlObject



234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
# File 'lib/nexpose/role.rb', line 234

def to_xml
  xml = %Q(<Role name="#{replace_entities(@name)}" full-name="#{replace_entities(@full_name)}")
  xml << %Q( enabled="#{(enabled ? 'true' : 'false')}")
  xml << %Q( scope="#{@scope}">)
  xml << %Q(<Description>#{replace_entities(@description)}</Description>)

  xml << '<SitePrivileges>'
  Privilege::Site::constants.each do |field|
    as_s = Privilege::Site.const_get(field)
    enabled = (privileges.member? as_s) ? 'true' : 'false'
    xml << %Q(<#{as_s} enabled="#{enabled}"/>)
  end
  xml << '</SitePrivileges>'

  xml << '<AssetGroupPrivileges>'
  Privilege::AssetGroup::constants.each do |field|
    as_s = Privilege::AssetGroup.const_get(field)
    enabled = (privileges.member? as_s) ? 'true' : 'false'
    xml << %Q(<#{as_s} enabled="#{enabled}"/>)
  end
  xml << '</AssetGroupPrivileges>'

  xml << '<GlobalPrivileges>'
  Privilege::Global::constants.each do |field|
    as_s = Privilege::Global.const_get(field)
    enabled = (privileges.member? as_s) ? 'true' : 'false'
    xml << %Q(<#{as_s} enabled="#{enabled}"/>)
  end
  xml << '</GlobalPrivileges>'

  xml << '</Role>'
  xml
end