Class: Nexpose::Role
- Inherits:
-
RoleSummary
- Object
- RoleSummary
- Nexpose::Role
- Includes:
- Sanitize
- Defined in:
- lib/nexpose/role.rb
Constant Summary collapse
- GLOBAL_ADMINISTRATOR =
Constants, mapping UI terms to role names expected by API.
'global-admin'
- ASSET_OWNER =
'system-admin'
- CONTROLS_INSIGHT_ONLY =
'controls-insight-only'
- SECURITY_MANAGER =
'security-manager'
- SITE_OWNER =
'site-admin'
- USER =
'user'
Instance Attribute Summary collapse
-
#existing ⇒ Object
Flag to track whether this role exists already on the Nexpose console.
-
#privileges ⇒ Object
Array of all privileges which are enabled for this role.
Attributes inherited from RoleSummary
#description, #enabled, #full_name, #id, #name, #scope
Class Method Summary collapse
-
.copy(nsc, name, scope = Scope::SILO) ⇒ Role
Copy an existing Role to build a new role off of it.
-
.load(nsc, name, scope = Scope::SILO) ⇒ Role
Retrieve a detailed description of a single role.
- .parse(xml) ⇒ Object
Instance Method Summary collapse
- #as_xml ⇒ Object
-
#delete(nsc) ⇒ Object
Remove this role from the Nexpose console.
-
#initialize(name, full_name, id = -1,, enabled = true, scope = Scope::SILO) ⇒ Role
constructor
A new instance of Role.
-
#save(nsc) ⇒ Object
Create or save a Role to the Nexpose console.
- #to_xml ⇒ Object
Methods included from Sanitize
Constructor Details
#initialize(name, full_name, id = -1,, enabled = true, scope = Scope::SILO) ⇒ Role
Returns a new instance of Role.
135 136 137 138 |
# File 'lib/nexpose/role.rb', line 135 def initialize(name, full_name, id = -1, enabled = true, scope = Scope::SILO) @name, @full_name, @id, @enabled, @scope = name, full_name, id.to_i, enabled, scope @privileges = [] end |
Instance Attribute Details
#existing ⇒ Object
Flag to track whether this role exists already on the Nexpose console. Flag determines behavior of #save method.
133 134 135 |
# File 'lib/nexpose/role.rb', line 133 def existing @existing end |
#privileges ⇒ Object
Array of all privileges which are enabled for this role. Note: Although the underlying XML has different requirements, this only checks for presence.
129 130 131 |
# File 'lib/nexpose/role.rb', line 129 def privileges @privileges end |
Class Method Details
.copy(nsc, name, scope = Scope::SILO) ⇒ Role
Copy an existing Role to build a new role off of it. Role will not have a valid name or full_name, so they will need to be provided before saving.
188 189 190 191 192 193 194 |
# File 'lib/nexpose/role.rb', line 188 def self.copy(nsc, name, scope = Scope::SILO) role = load(nsc, name, scope) role.name = role.full_name = nil role.id = -1 role.existing = false role end |
.load(nsc, name, scope = Scope::SILO) ⇒ Role
Retrieve a detailed description of a single role.
148 149 150 151 152 153 154 155 156 157 |
# File 'lib/nexpose/role.rb', line 148 def self.load(nsc, name, scope = Scope::SILO) xml = nsc.make_xml('RoleDetailsRequest') xml.add_element('Role', {'name' => name, 'scope' => scope}) response = APIRequest.execute(nsc.url, xml, '1.2') if response.success elem = REXML::XPath.first(response.res, 'RoleDetailsResponse/Role/') parse(elem) end end |
.parse(xml) ⇒ Object
204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 |
# File 'lib/nexpose/role.rb', line 204 def self.parse(xml) role = new(xml.attributes['name'], xml.attributes['full-name'], xml.attributes['id'].to_i, xml.attributes['enabled'] == 'true', xml.attributes['scope']) role.description = REXML::XPath.first(xml, 'Description').text role.existing = true # Only grab enabled privileges. xml.elements.each("GlobalPrivileges/child::*[@enabled='true']") do |privilege| role.privileges << privilege.name end xml.elements.each("SitePrivileges/child::*[@enabled='true']") do |privilege| role.privileges << privilege.name end xml.elements.each("AssetGroupPrivileges/child::*[@enabled='true']") do |privilege| role.privileges << privilege.name end role end |
Instance Method Details
#as_xml ⇒ Object
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 |
# File 'lib/nexpose/role.rb', line 231 def as_xml xml = REXML::Element.new('Role') xml.add_attributes({'name' => @name, 'full-name' => @full_name, 'enabled' => enabled , 'scope' => @scope}) xml.add_attribute('id', @id) if @id > 0 xml.add_element('Description').text = @description site_privileges = xml.add_element('SitePrivileges') Privilege::Site::constants.each do |field| as_s = Privilege::Site.const_get(field) enabled = privileges.member? as_s site_privileges.add_element( as_s, {'enabled' => enabled}) end asset_group_privileges = xml.add_element('AssetGroupPrivileges') Privilege::AssetGroup::constants.each do |field| as_s = Privilege::AssetGroup.const_get(field) enabled = privileges.member? as_s asset_group_privileges.add_element( as_s, {'enabled' => enabled}) end global_privileges = xml.add_element('GlobalPrivileges') Privilege::Global::constants.each do |field| as_s = Privilege::Global.const_get(field) enabled = privileges.member? as_s global_privileges.add_element( as_s, {'enabled' => enabled}) end xml end |
#delete(nsc) ⇒ Object
Remove this role from the Nexpose console.
200 201 202 |
# File 'lib/nexpose/role.rb', line 200 def delete(nsc) nsc.role_delete(name, scope) end |
#save(nsc) ⇒ Object
Create or save a Role to the Nexpose console.
165 166 167 168 169 170 171 172 173 174 175 176 177 178 |
# File 'lib/nexpose/role.rb', line 165 def save(nsc) if @existing xml = nsc.make_xml('RoleUpdateRequest') else xml = nsc.make_xml('RoleCreateRequest') end xml.add_element(as_xml) response = APIRequest.execute(nsc.url, xml, '1.2') xml = REXML::XPath.first(response.res, 'RoleCreateResponse') @id = xml.attributes['id'].to_i unless @existing @existing = true response.success end |
#to_xml ⇒ Object
227 228 229 |
# File 'lib/nexpose/role.rb', line 227 def to_xml as_xml.to_s end |