check if the rule exists or not before allow/deny rules are added/removed, and fixes where result changed would be true on all executions.
This commit is contained in:
parent
25a3793a49
commit
6abfcffc70
2 changed files with 32 additions and 13 deletions
|
@ -1,7 +1,7 @@
|
||||||
#!powershell
|
#!powershell
|
||||||
# This file is part of Ansible
|
# This file is part of Ansible
|
||||||
#
|
#
|
||||||
# Copyright 2014, Phil Schwartz <schwartzmx@gmail.com>
|
# Copyright 2015, Phil Schwartz <schwartzmx@gmail.com>
|
||||||
#
|
#
|
||||||
# Ansible is free software: you can redistribute it and/or modify
|
# Ansible is free software: you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU General Public License as published by
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
@ -118,26 +118,45 @@ Try {
|
||||||
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
|
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
|
||||||
$objACL = Get-ACL $src
|
$objACL = Get-ACL $src
|
||||||
|
|
||||||
If ($state -eq "add") {
|
# Check if the ACE exists already in the objects ACL list
|
||||||
|
$match = $false
|
||||||
|
ForEach($rule in $objACL.Access){
|
||||||
|
If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($rule.IdentityReference -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
|
||||||
|
$match = $true
|
||||||
|
Break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
If ($state -eq "add" -And $match -eq $false) {
|
||||||
Try {
|
Try {
|
||||||
$objACL.AddAccessRule($objACE)
|
$objACL.AddAccessRule($objACE)
|
||||||
|
Set-ACL $src $objACL
|
||||||
|
$result.changed = $true
|
||||||
}
|
}
|
||||||
Catch {
|
Catch {
|
||||||
Fail-Json $result "an exception occured when adding the specified rule. it may already exist."
|
Fail-Json $result "an exception occured when adding the specified rule"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ElseIf ($state -eq "remove" -And $match -eq $true) {
|
||||||
|
Try {
|
||||||
|
$objACL.RemoveAccessRule($objACE)
|
||||||
|
Set-ACL $src $objACL
|
||||||
|
$result.changed = $true
|
||||||
|
}
|
||||||
|
Catch {
|
||||||
|
Fail-Json $result "an exception occured when removing the specified rule"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Else {
|
Else {
|
||||||
Try {
|
# A rule was attempting to be added but already exists
|
||||||
$objACL.RemoveAccessRule($objACE)
|
If ($match -eq $true) {
|
||||||
}
|
Exit-Json $result "the specified rule already exists"
|
||||||
Catch {
|
|
||||||
Fail-Json $result "an exception occured when removing the specified rule. it may not exist."
|
|
||||||
}
|
}
|
||||||
|
# A rule didn't exist that was trying to be removed
|
||||||
|
Else {
|
||||||
|
Exit-Json $result "the specified rule does not exist"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Set-ACL $src $objACL
|
|
||||||
|
|
||||||
$result.changed = $true
|
|
||||||
}
|
}
|
||||||
Catch {
|
Catch {
|
||||||
Fail-Json $result "an error occured when attempting to $state $rights permission(s) on $src for $user"
|
Fail-Json $result "an error occured when attempting to $state $rights permission(s) on $src for $user"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# (c) 2014, Phil Schwartz <schwartzmx@gmail.com>
|
# (c) 2015, Phil Schwartz <schwartzmx@gmail.com>
|
||||||
#
|
#
|
||||||
# This file is part of Ansible
|
# This file is part of Ansible
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in a new issue