improvement: file resource check precondition and add file permission check

2024-11-23 13:13:22 +00:00 · 2015-10-25 21:35:35 +01:00 · 2015-10-25 21:35:35 +01:00 · d75e16546c
commit d75e16546c
parent 98d5a40686
1 changed files with 53 additions and 9 deletions
--- a/lib/resources/file.rb
+++ b/lib/resources/file.rb
@ -30,25 +30,69 @@ module Vulcano::Resources
    end

    def readable?(by_owner, by_user)
-      m = unix_mode_mask(by_owner, 'r') ||
-          fail("#{by_owner} is not a valid unix owner.")
-      (@file.mask & m) != 0
+      by_owner, by_user = check_preconditions(by_owner, by_user)
+
+      if by_user.nil?
+        m = @file.unix_mode_mask(by_owner, 'r') ||
+            fail("#{by_owner} is not a valid unix owner.")
+        (@file.mode & m) != 0
+      else
+        check_user_access(by_user, @path, 'r')
+      end
    end

    def writable?(by_owner, by_user)
-      m = unix_mode_mask(by_owner, 'w') ||
-          fail("#{by_owner} is not a valid unix owner.")
-      (@file.mask & m) != 0
+      by_owner, by_user = check_preconditions(by_owner, by_user)
+
+      if by_user.nil?
+        m = @file.unix_mode_mask(by_owner, 'w') ||
+            fail("#{by_owner} is not a valid unix owner.")
+        (@file.mode & m) != 0
+      else
+        check_user_access(by_user, @path, 'w')
+      end
    end

    def executable?(by_owner, by_user)
-      m = unix_mode_mask(by_owner, 'x') ||
-          fail("#{by_owner} is not a valid unix owner.")
-      (@file.mask & m) != 0
+      by_owner, by_user = check_preconditions(by_owner, by_user)
+
+      if by_user.nil?
+        m = @file.unix_mode_mask(by_owner, 'x') ||
+            fail("#{by_owner} is not a valid unix owner.")
+        (@file.mode & m) != 0
+      else
+        check_user_access(by_user, @path, 'x')
+      end
    end

    def to_s
      "File #{@path}"
    end
+
+    private
+
+    def check_preconditions(by_owner, by_user)
+      by_owner = 'other' if by_owner == 'others'
+      by_owner = 'all' if (by_owner.nil? || by_owner.empty?) && (by_user.nil?)
+      [by_owner, by_user]
+    end
+
+    # check permissions on linux
+    def check_user_access(user, file, flag)
+      if vulcano.os.linux? == true
+        # use sh on linux
+        perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{file}\" #{user}"
+      elsif vulcano.os[:family] == 'freebsd'
+        # use sudo on freebsd
+        perm_cmd = "sudo -u #{user} test -#{flag} #{file}"
+      end
+
+      if !perm_cmd.nil?
+        cmd = vulcano.command(perm_cmd)
+        cmd.exit_status == 0 ? true : false
+      else
+        return skip_resource 'The `file` resource does not support `by_user` on your OS.'
+      end
+    end
  end
 end