diff options
| author | Hans-Joachim Kliemeck <git@kliemeck.de> | 2015-10-18 00:00:47 +0200 |
|---|---|---|
| committer | Hans-Joachim Kliemeck <git@kliemeck.de> | 2015-10-18 16:58:13 +0200 |
| commit | 75163ac5fea4443f23d853b7967a2ab5ccd98521 (patch) | |
| tree | 5ffcd05a64367a7740158e71aa55cc09701d2d1d /windows/win_acl.ps1 | |
| parent | 21c564848dcc92a6575364531ab76b4e4c6678d5 (diff) | |
| download | ansible-modules-extras-75163ac5fea4443f23d853b7967a2ab5ccd98521.tar.gz | |
made win_acl strict compliant
Diffstat (limited to 'windows/win_acl.ps1')
| -rw-r--r-- | windows/win_acl.ps1 | 116 |
1 files changed, 34 insertions, 82 deletions
diff --git a/windows/win_acl.ps1 b/windows/win_acl.ps1 index 041e66b9..fa45f023 100644 --- a/windows/win_acl.ps1 +++ b/windows/win_acl.ps1 @@ -88,84 +88,36 @@ Function UserSearch } $params = Parse-Args $args; - -$result = New-Object psobject @{ - win_acl = New-Object psobject - changed = $false -} - -If ($params.path) { - $path = $params.path.toString() - - If (-Not (Test-Path -Path $path)) { - Fail-Json $result "$path file or directory does not exist on the host" - } -} -Else { - Fail-Json $result "missing required argument: path" -} - -If ($params.user) { - $sid = UserSearch -AccountName ($Params.User) - - # Test that the user/group is resolvable on the local machine - if (!$sid) - { - Fail-Json $result "$($Params.User) is not a valid user or group on the host machine or domain" - } -} -Else { - Fail-Json $result "missing required argument: user. specify the user or group to apply permission changes." -} - -If ($params.type -eq "allow") { - $type = $true -} -ElseIf ($params.type -eq "deny") { - $type = $false -} -Else { - Fail-Json $result "missing required argument: type. specify whether to allow or deny the specified rights." -} - -If ($params.inherit) { - # If it's a file then no flags can be set or an exception will be thrown - If (Test-Path -Path $path -PathType Leaf) { - $inherit = "None" - } - Else { - $inherit = $params.inherit.toString() - } -} -Else { - # If it's a file then no flags can be set or an exception will be thrown - If (Test-Path -Path $path -PathType Leaf) { - $inherit = "None" - } - Else { - $inherit = "ContainerInherit, ObjectInherit" - } -} - -If ($params.propagation) { - $propagation = $params.propagation.toString() -} -Else { - $propagation = "None" -} - -If ($params.rights) { - $rights = $params.rights.toString() + +$result = New-Object PSObject; +Set-Attr $result "changed" $false; + +$path = Get-Attr $params "path" -failifempty $true +$user = Get-Attr $params "user" -failifempty $true +$rights = Get-Attr $params "rights" -failifempty $true + +$type = Get-Attr $params "type" -validateSet "allow","deny" -resultobj $result +$state = Get-Attr $params "state" "present" -validateSet "present","absent" -resultobj $result + +$inherit = Get-Attr $params "inherit" "" +$propagation = Get-Attr $params "propagation" "None" -validateSet "None","NoPropagateInherit","InheritOnly" -resultobj $result + +If (-Not (Test-Path -Path $path)) { + Fail-Json $result "$path file or directory does not exist on the host" } -Else { - Fail-Json $result "missing required argument: rights" + +# Test that the user/group is resolvable on the local machine +$sid = UserSearch -AccountName ($user) +if (!$sid) +{ + Fail-Json $result "$user is not a valid user or group on the host machine or domain" } - -If ($params.state -eq "absent") { - $state = "remove" + +If (Test-Path -Path $path -PathType Leaf) { + $inherit = "None" } -Else { - $state = "add" +ElseIf ($inherit -eq "") { + $inherit = "ContainerInherit, ObjectInherit" } Try { @@ -173,7 +125,7 @@ Try { $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]$inherit $PropagationFlag = [System.Security.AccessControl.PropagationFlags]$propagation - If ($type) { + If ($type -eq "allow") { $objType =[System.Security.AccessControl.AccessControlType]::Allow } Else { @@ -193,22 +145,22 @@ Try { Break } } - - If ($state -eq "add" -And $match -eq $false) { + + If ($state -eq "present" -And $match -eq $false) { Try { $objACL.AddAccessRule($objACE) Set-ACL $path $objACL - $result.changed = $true + Set-Attr $result "changed" $true; } Catch { Fail-Json $result "an exception occured when adding the specified rule" } } - ElseIf ($state -eq "remove" -And $match -eq $true) { + ElseIf ($state -eq "absent" -And $match -eq $true) { Try { $objACL.RemoveAccessRule($objACE) Set-ACL $path $objACL - $result.changed = $true + Set-Attr $result "changed" $true; } Catch { Fail-Json $result "an exception occured when removing the specified rule" @@ -226,7 +178,7 @@ Try { } } Catch { - Fail-Json $result "an error occured when attempting to $state $rights permission(s) on $path for $($Params.User)" + Fail-Json $result "an error occured when attempting to $state $rights permission(s) on $path for $user" } Exit-Json $result |