class Nexpose::Role

Constants

ASSET_OWNER
CONTROLS_INSIGHT_ONLY
GLOBAL_ADMINISTRATOR

Constants, mapping UI terms to role names expected by API.

SECURITY_MANAGER
SITE_OWNER
USER

Attributes

existing[RW]

Flag to track whether this role exists already on the Nexpose console. Flag determines behavior of save method.

privileges[RW]

Array of all privileges which are enabled for this role. Note: Although the underlying XML has different requirements, this only checks for presence. @see Nexpose::Privilege

Public Class Methods

copy(nsc, name, scope = Scope::SILO) click to toggle source

Copy an existing Role to build a new role off of it. Role will not have a valid name or full_name, so they will need to be provided before saving.

@param [Connection] nsc Nexpose connection. @param [String] name The short name of the role which you wish to copy. @param [String] scope Whether the role has global or silo scope. @see Nexpose::Scope @return [Role] requested role.

# File lib/nexpose/role.rb, line 198
def self.copy(nsc, name, scope = Scope::SILO)
  role          = load(nsc, name, scope)
  role.name     = role.full_name = nil
  role.id       = -1
  role.existing = false
  role
end
load(nsc, name, scope = Scope::SILO) click to toggle source

Retrieve a detailed description of a single role.

@param [Connection] nsc Nexpose connection. @param [String] name The short name of the role. @param [String] scope Whether the role has global or silo scope. @see Nexpose::Scope

Scope doesn't appear to be required when requesting installed roles.

@return [Role] requested role.

# File lib/nexpose/role.rb, line 158
def self.load(nsc, name, scope = Scope::SILO)
  xml = nsc.make_xml('RoleDetailsRequest')
  xml.add_element('Role', { 'name' => name, 'scope' => scope })
  response = APIRequest.execute(nsc.url, xml, '1.2', { timeout: nsc.timeout, open_timeout: nsc.open_timeout })

  if response.success
    elem = REXML::XPath.first(response.res, 'RoleDetailsResponse/Role/')
    parse(elem)
  end
end
new(name, full_name, id = -1, enabled = true, scope = Scope::SILO) click to toggle source
# File lib/nexpose/role.rb, line 141
def initialize(name, full_name, id = -1, enabled = true, scope = Scope::SILO)
  @name       = name
  @full_name  = full_name
  @id         = id.to_i
  @enabled    = enabled
  @scope      = scope
  @privileges = []
end
parse(xml) click to toggle source
# File lib/nexpose/role.rb, line 214
def self.parse(xml)
  role = new(xml.attributes['name'],
             xml.attributes['full-name'],
             xml.attributes['id'].to_i,
             xml.attributes['enabled'] == 'true',
             xml.attributes['scope'])

  role.description = REXML::XPath.first(xml, 'Description').text
  role.existing = true

  # Only grab enabled privileges.
  xml.elements.each("GlobalPrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  xml.elements.each("SitePrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  xml.elements.each("AssetGroupPrivileges/child::*[@enabled='true']") do |privilege|
    role.privileges << privilege.name
  end
  role
end

Public Instance Methods

as_xml() click to toggle source
# File lib/nexpose/role.rb, line 241
def as_xml
  xml = REXML::Element.new('Role')
  xml.add_attributes({ 'name' => @name, 'full-name' => @full_name, 'enabled' => enabled, 'scope' => @scope })
  xml.add_attribute('id', @id) if @id > 0
  xml.add_element('Description').text = @description

  site_privileges = xml.add_element('SitePrivileges')
  Privilege::Site.constants.each do |field|
    as_s = Privilege::Site.const_get(field)
    enabled = privileges.member? as_s
    site_privileges.add_element(as_s, { 'enabled' => enabled })
  end

  asset_group_privileges = xml.add_element('AssetGroupPrivileges')
  Privilege::AssetGroup.constants.each do |field|
    as_s = Privilege::AssetGroup.const_get(field)
    enabled = privileges.member? as_s
    asset_group_privileges.add_element(as_s, { 'enabled' => enabled })
  end

  global_privileges = xml.add_element('GlobalPrivileges')
  Privilege::Global.constants.each do |field|
    as_s = Privilege::Global.const_get(field)
    enabled = privileges.member? as_s
    global_privileges.add_element(as_s, { 'enabled' => enabled })
  end

  xml
end
delete(nsc) click to toggle source

Remove this role from the Nexpose console.

@param [Connection] nsc Nexpose connection.

# File lib/nexpose/role.rb, line 210
def delete(nsc)
  nsc.role_delete(name, scope)
end
save(nsc) click to toggle source

Create or save a Role to the Nexpose console.

@param [Connection] nsc Nexpose connection.

# File lib/nexpose/role.rb, line 175
def save(nsc)
  if @existing
    xml = nsc.make_xml('RoleUpdateRequest')
  else
    xml = nsc.make_xml('RoleCreateRequest')
  end
  xml.add_element(as_xml)

  response  = APIRequest.execute(nsc.url, xml, '1.2', { timeout: nsc.timeout, open_timeout: nsc.open_timeout })
  xml       = REXML::XPath.first(response.res, 'RoleCreateResponse')
  @id       = xml.attributes['id'].to_i unless @existing
  @existing = true
  response.success
end
to_xml() click to toggle source
# File lib/nexpose/role.rb, line 237
def to_xml
  as_xml.to_s
end