ruby-jss 0.10.2a5 → 0.10.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-jss might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGES.md +5 -0
- data/lib/jss/api_connection.rb +19 -38
- data/lib/jss/api_object/advanced_search.rb +1 -5
- data/lib/jss/api_object/computer.rb +292 -316
- data/lib/jss/api_object/computer_invitation.rb +3 -5
- data/lib/jss/api_object/ebook.rb +0 -5
- data/lib/jss/api_object/group/computer_group.rb +0 -4
- data/lib/jss/api_object/group/mobile_device_group.rb +1 -4
- data/lib/jss/api_object/group.rb +1 -6
- data/lib/jss/api_object/mac_application.rb +0 -5
- data/lib/jss/api_object/mobile_device.rb +336 -57
- data/lib/jss/api_object/mobile_device_application.rb +0 -6
- data/lib/jss/api_object/mobile_device_configuration_profile.rb +0 -36
- data/lib/jss/api_object/osx_configuration_profile.rb +151 -115
- data/lib/jss/api_object/peripheral.rb +7 -5
- data/lib/jss/api_object/policy.rb +0 -5
- data/lib/jss/api_object/restricted_software.rb +0 -5
- data/lib/jss/api_object/scopable/scope.rb +411 -367
- data/lib/jss/api_object/self_servable.rb +4 -15
- data/lib/jss/api_object/site.rb +76 -45
- data/lib/jss/api_object/user.rb +3 -7
- data/lib/jss/api_object.rb +4 -74
- data/lib/jss/utility.rb +0 -21
- data/lib/jss/version.rb +1 -1
- data/lib/jss.rb +0 -4
- metadata +6 -10
- data/lib/jss/api_object/mdm.rb +0 -1268
- data/lib/jss/api_object/patch.rb +0 -38
- data/lib/jss/api_object/patch_policy.rb +0 -38
- data/lib/jss/api_object/sitable.rb +0 -197
@@ -1,188 +1,206 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
1
|
+
### Copyright 2017 Pixar
|
2
|
+
|
3
|
+
###
|
4
|
+
### Licensed under the Apache License, Version 2.0 (the "Apache License")
|
5
|
+
### with the following modification; you may not use this file except in
|
6
|
+
### compliance with the Apache License and the following modification to it:
|
7
|
+
### Section 6. Trademarks. is deleted and replaced with:
|
8
|
+
###
|
9
|
+
### 6. Trademarks. This License does not grant permission to use the trade
|
10
|
+
### names, trademarks, service marks, or product names of the Licensor
|
11
|
+
### and its affiliates, except as required to comply with Section 4(c) of
|
12
|
+
### the License and to reproduce the content of the NOTICE file.
|
13
|
+
###
|
14
|
+
### You may obtain a copy of the Apache License at
|
15
|
+
###
|
16
|
+
### http://www.apache.org/licenses/LICENSE-2.0
|
17
|
+
###
|
18
|
+
### Unless required by applicable law or agreed to in writing, software
|
19
|
+
### distributed under the Apache License with the above modification is
|
20
|
+
### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
21
|
+
### KIND, either express or implied. See the Apache License for the specific
|
22
|
+
### language governing permissions and limitations under the Apache License.
|
23
|
+
###
|
24
|
+
###
|
25
|
+
|
26
|
+
###
|
27
27
|
module JSS
|
28
28
|
|
29
29
|
module Scopable
|
30
30
|
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
31
|
+
#####################################
|
32
|
+
### Classes
|
33
|
+
#####################################
|
34
|
+
|
35
|
+
###
|
36
|
+
### This class represents a Scope in the JSS, as can be applied to Scopable objects like
|
37
|
+
### Policies, Profiles, etc. Instances of this class are generally used as the value of the @scope attribute
|
38
|
+
### of those objects.
|
39
|
+
###
|
40
|
+
### Scope data comes from the API as a hash within the overall object data. The main keys of the hash
|
41
|
+
### define the included targets of the scope. A sub-hash defines limitations on those inclusions,
|
42
|
+
### and another sub-hash defines explicit exclusions.
|
43
|
+
###
|
44
|
+
### This class provides methods for adding, removing, or fully replacing the
|
45
|
+
### various parts of the scope's inclusions, limitations, and exclusions.
|
46
|
+
###
|
47
|
+
### @todo Implement simple LDAP queries using the defined {LDAPServer}s to confirm the
|
48
|
+
### existance of users or groups used in limitations and exclusions. As things are now
|
49
|
+
### if you add invalid user or group names, you'll get a 409 conflict error when you try
|
50
|
+
### to save your changes to the JSS.
|
51
|
+
###
|
52
|
+
### @see JSS::Scopable
|
53
|
+
###
|
53
54
|
class Scope
|
54
55
|
|
55
|
-
|
56
|
+
#####################################
|
57
|
+
### Mix-Ins
|
56
58
|
#####################################
|
57
59
|
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
60
|
+
#####################################
|
61
|
+
### Class Methods
|
62
|
+
#####################################
|
63
|
+
|
64
|
+
#####################################
|
65
|
+
### Class Constants
|
66
|
+
#####################################
|
67
|
+
|
68
|
+
### These are the classes that Scopes can use for defining a scope,
|
69
|
+
### keyed by appropriate symbols.
|
70
|
+
SCOPING_CLASSES ={
|
71
|
+
:computers => JSS::Computer,
|
72
|
+
:computer => JSS::Computer,
|
73
|
+
:computer_groups => JSS::ComputerGroup,
|
74
|
+
:computer_group => JSS::ComputerGroup,
|
75
|
+
:mobile_devices => JSS::MobileDevice,
|
76
|
+
:mobile_device => JSS::MobileDevice,
|
77
|
+
:mobile_device_groups => JSS::MobileDeviceGroup,
|
78
|
+
:mobile_device_group => JSS::MobileDeviceGroup,
|
79
|
+
:buildings => JSS::Building,
|
80
|
+
:building => JSS::Building,
|
81
|
+
:departments => JSS::Department,
|
82
|
+
:department => JSS::Department,
|
83
|
+
:network_segments => JSS::NetworkSegment,
|
84
|
+
:network_segment => JSS::NetworkSegment,
|
85
|
+
:users => JSS::User,
|
86
|
+
:user => JSS::User,
|
87
|
+
:user_groups => JSS::UserGroup,
|
88
|
+
:user_group => JSS::UserGroup
|
89
|
+
}
|
90
|
+
|
91
|
+
### Some things get checked in LDAP as well as the JSS
|
92
|
+
LDAP_USER_KEYS = [:user, :users]
|
93
|
+
LDAP_GROUP_KEYS = [:user_groups, :user_group]
|
84
94
|
CHECK_LDAP_KEYS = LDAP_USER_KEYS + LDAP_GROUP_KEYS
|
85
95
|
|
86
|
-
|
87
|
-
|
88
|
-
TARGETS_AND_GROUPS = {
|
96
|
+
### This hash maps the availble Scope Target keys from SCOPING_CLASSES to
|
97
|
+
### their corresponding target group keys from SCOPING_CLASSES.
|
98
|
+
TARGETS_AND_GROUPS = {:computers => :computer_groups, :mobile_devices => :mobile_device_groups }
|
89
99
|
|
90
|
-
|
91
|
-
|
92
|
-
INCLUSIONS =
|
100
|
+
### These can be part of the base inclusion list of the scope,
|
101
|
+
### along with the appropriate target and target group keys
|
102
|
+
INCLUSIONS = [:buildings, :departments]
|
93
103
|
|
94
|
-
|
95
|
-
LIMITATIONS =
|
104
|
+
### These can limit the inclusion list
|
105
|
+
LIMITATIONS = [:network_segments, :users, :user_groups]
|
96
106
|
|
97
|
-
|
107
|
+
### any of them can be excluded
|
98
108
|
EXCLUSIONS = INCLUSIONS + LIMITATIONS
|
99
109
|
|
100
|
-
|
110
|
+
### Here's a default scope as it might come from the API.
|
101
111
|
DEFAULT_SCOPE = {
|
102
|
-
all_computers
|
103
|
-
all_mobile_devices
|
104
|
-
limitations
|
105
|
-
exclusions
|
106
|
-
}
|
112
|
+
:all_computers => true,
|
113
|
+
:all_mobile_devices => true,
|
114
|
+
:limitations => {},
|
115
|
+
:exclusions => {}
|
116
|
+
}
|
117
|
+
|
118
|
+
|
107
119
|
|
108
|
-
|
120
|
+
######################
|
121
|
+
### Attributes
|
109
122
|
######################
|
110
123
|
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
124
|
+
### @return [JSS::APIObject subclass]
|
125
|
+
###
|
126
|
+
### A reference to the object that contains this Scope
|
127
|
+
###
|
128
|
+
### For telling it when a change is made and an update needed
|
116
129
|
attr_accessor :container
|
117
130
|
|
118
|
-
|
119
|
-
|
131
|
+
### @return [Boolean] should we expect a potential 409 Conflict
|
132
|
+
### if we can't connect to LDAP servers for verification?
|
120
133
|
attr_accessor :unable_to_verify_ldap_entries
|
121
134
|
|
122
|
-
|
135
|
+
### what type of target is this scope for? Computers or Mobiledevices?
|
123
136
|
attr_reader :target_class
|
124
137
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
138
|
+
### @return [Hash<Array>]
|
139
|
+
###
|
140
|
+
### The items which form the base scope of included targets
|
141
|
+
###
|
142
|
+
### This is the group of targets to which the limitations and exclusions apply.
|
143
|
+
### they keys are:
|
144
|
+
### - :targets
|
145
|
+
### - :target_groups
|
146
|
+
### - :departments
|
147
|
+
### - :buildings
|
148
|
+
### and the values are Arrays of names of those things.
|
149
|
+
###
|
137
150
|
attr_reader :inclusions
|
138
151
|
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
152
|
+
### @return [Boolean]
|
153
|
+
###
|
154
|
+
### Does this scope cover all targets?
|
155
|
+
###
|
156
|
+
### If this is true, the @inclusions Hash is ignored, and all
|
157
|
+
### targets in the JSS form the base scope.
|
158
|
+
###
|
146
159
|
attr_reader :all_targets
|
147
160
|
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
161
|
+
|
162
|
+
|
163
|
+
### @return [Hash<Array>]
|
164
|
+
###
|
165
|
+
### The items in these arrays are the limitations applied to targets in the @inclusions .
|
166
|
+
###
|
167
|
+
### The arrays of names are:
|
168
|
+
### - :network_segments
|
169
|
+
### - :users
|
170
|
+
### - :user_groups
|
171
|
+
###
|
157
172
|
attr_reader :limitations
|
158
173
|
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
174
|
+
### @return [Hash<Array>]
|
175
|
+
###
|
176
|
+
### The items in these arrays are the exclusions applied to targets in the @inclusions .
|
177
|
+
###
|
178
|
+
### The arrays of names are:
|
179
|
+
### - :targets
|
180
|
+
### - :target_groups
|
181
|
+
### - :departments
|
182
|
+
### - :buildings
|
183
|
+
### - :network_segments
|
184
|
+
### - :users
|
185
|
+
### - :user_groups
|
186
|
+
###
|
172
187
|
attr_reader :exclusions
|
173
188
|
|
174
|
-
|
189
|
+
|
190
|
+
#####################################
|
191
|
+
### Public Instance Methods
|
175
192
|
#####################################
|
176
193
|
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
194
|
+
###
|
195
|
+
### If api_scope is empty, a default scope, scoped to all targets, is created, and can be modified
|
196
|
+
### as needed.
|
197
|
+
###
|
198
|
+
### @param target_key[Symbol] the kind of thing we're scopeing, one of {TARGETS_AND_GROUPS}
|
199
|
+
###
|
200
|
+
### @param api_scope[Hash] the JSON :scope data from an API query that is scopable, e.g. a Policy.
|
201
|
+
###
|
202
|
+
def initialize(target_key, api_scope = nil)
|
203
|
+
api_scope ||= DEFAULT_SCOPE
|
186
204
|
raise JSS::InvalidDataError, "The target class of a Scope must be one of the symbols :#{TARGETS_AND_GROUPS.keys.join(', :')}" unless TARGETS_AND_GROUPS.keys.include? target_key
|
187
205
|
|
188
206
|
@target_key = target_key
|
@@ -194,66 +212,70 @@ module JSS
|
|
194
212
|
@exclusion_keys = [@target_key, @group_key] + EXCLUSIONS
|
195
213
|
|
196
214
|
@all_key = "all_#{target_key}".to_sym
|
197
|
-
@all_targets =
|
215
|
+
@all_targets = api_scope[@all_key]
|
198
216
|
|
199
|
-
|
200
|
-
|
217
|
+
### Everything gets mapped from an Array of Hashes to an Array of names (or an empty array)
|
218
|
+
### since names are all that really matter when submitting the scope.
|
201
219
|
@inclusions = {}
|
202
|
-
@inclusion_keys.each
|
220
|
+
@inclusion_keys.each{|k| @inclusions[k] = api_scope[k] ? api_scope[k].map{|n| n[:name]} : [] }
|
203
221
|
|
204
222
|
@limitations = {}
|
205
|
-
if
|
206
|
-
LIMITATIONS.each
|
223
|
+
if api_scope[:limitations]
|
224
|
+
LIMITATIONS.each{|k| @limitations[k] = api_scope[:limitations][k] ? api_scope[:limitations][k].map{|n| n[:name]} : [] }
|
207
225
|
end
|
208
226
|
|
209
227
|
@exclusions = {}
|
210
|
-
if
|
211
|
-
@exclusion_keys.each
|
228
|
+
if api_scope[:exclusions]
|
229
|
+
@exclusion_keys.each{|k| @exclusions[k] = api_scope[:exclusions][k] ? api_scope[:exclusions][k].map{|n| n[:name]} : [] }
|
212
230
|
end
|
213
231
|
|
214
232
|
@container = nil
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
233
|
+
|
234
|
+
end # init
|
235
|
+
|
236
|
+
###
|
237
|
+
### Set the scope's inclusions to all targets.
|
238
|
+
###
|
239
|
+
### By default, the limitations and exclusions remain.
|
240
|
+
### If a non-false parameter is provided, they will be removed also.
|
241
|
+
###
|
242
|
+
### @param clear[Boolean] Should the limitations and exclusions be removed also?
|
243
|
+
###
|
244
|
+
### @return [void]
|
245
|
+
###
|
226
246
|
def include_all(clear = false)
|
227
247
|
@inclusions = {}
|
228
|
-
@inclusion_keys.each
|
248
|
+
@inclusion_keys.each{|k| @inclusions[k] = []}
|
229
249
|
@all_targets = true
|
230
250
|
if clear
|
231
251
|
@limitations = {}
|
232
|
-
LIMITATIONS.each
|
252
|
+
LIMITATIONS.each{|k| @limitations[k] = []}
|
233
253
|
|
234
254
|
@exclusions = {}
|
235
|
-
@exclusion_keys.each
|
255
|
+
@exclusion_keys.each{|k| @exclusions[k] = []}
|
236
256
|
end
|
237
257
|
@container.should_update if @container
|
238
258
|
end
|
239
259
|
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
260
|
+
|
261
|
+
###
|
262
|
+
### Replace a list of item names for inclusion in this scope.
|
263
|
+
###
|
264
|
+
### The list must be an Array of names of items of the Class represented by the key.
|
265
|
+
### Each will be checked for existence in the JSS, and an exception raised if the item doesn't exist.
|
266
|
+
###
|
267
|
+
### @param key[Symbol] the key from #{SCOPING_CLASSES} for the kind of items being included, :computer, :building, etc...
|
268
|
+
###
|
269
|
+
### @param list[Array] the names of the items being added
|
270
|
+
###
|
271
|
+
### @example
|
272
|
+
### set_inclusion(:computers, ['kimchi','mantis'])
|
273
|
+
###
|
274
|
+
### @return [void]
|
275
|
+
###
|
254
276
|
def set_inclusion(key, list)
|
255
277
|
raise JSS::InvalidDataError, "Inclusion key must be one of :#{@inclusion_keys.join(', :')}" unless @inclusion_keys.include? key
|
256
|
-
raise JSS::InvalidDataError, "List must be an Array of #{key} names, it may be empty." unless list.
|
278
|
+
raise JSS::InvalidDataError, "List must be an Array of #{key} names, it may be empty." unless list.kind_of? Array
|
257
279
|
|
258
280
|
return nil if list.sort == @inclusions[key].sort
|
259
281
|
|
@@ -261,15 +283,15 @@ module JSS
|
|
261
283
|
if list.empty?
|
262
284
|
@inclusion[key] = list
|
263
285
|
# if ALL the @inclusion keys are empty, then set all targets to true.
|
264
|
-
@all_targets = @inclusions.values.reject
|
286
|
+
@all_targets = @inclusions.values.reject{|a| a.nil? or a.empty?}.empty?
|
265
287
|
@container.should_update if @container
|
266
288
|
return list
|
267
289
|
end
|
268
290
|
|
269
|
-
|
291
|
+
### check the names
|
270
292
|
list.each do |name|
|
271
293
|
raise JSS::NoSuchItemError, "No existing #{key} with name '#{name}'" unless check_name key, name
|
272
|
-
raise JSS::AlreadyExistsError, "Can't set #{key} scope to '#{name}' because it's already an explicit exclusion." if @exclusions[key]
|
294
|
+
raise JSS::AlreadyExistsError, "Can't set #{key} scope to '#{name}' because it's already an explicit exclusion." if @exclusions[key] and @exclusions[key].include? name
|
273
295
|
end # each
|
274
296
|
|
275
297
|
@inclusions[key] = list
|
@@ -277,78 +299,84 @@ module JSS
|
|
277
299
|
@container.should_update if @container
|
278
300
|
end # sinclude_in_scope
|
279
301
|
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
302
|
+
|
303
|
+
###
|
304
|
+
### Add a single item for this inclusion in this scope.
|
305
|
+
###
|
306
|
+
### The item name will be checked for existence in the JSS, and an exception raised if the item doesn't exist.
|
307
|
+
###
|
308
|
+
### @param key[Symbol] the key from #{SCOPING_CLASSES} for the kind of item being added, :computer, :building, etc...
|
309
|
+
###
|
310
|
+
### @param item[String] the name of the item being added
|
311
|
+
###
|
312
|
+
### @example
|
313
|
+
### add_inclusion(:computer, "mantis")
|
314
|
+
###
|
315
|
+
### @return [void]
|
316
|
+
###
|
317
|
+
def add_inclusion (key, item)
|
294
318
|
raise JSS::InvalidDataError, "Inclusion key must be one of :#{@inclusion_keys.join(', :')}" unless @inclusion_keys.include? key
|
295
|
-
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.
|
319
|
+
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.kind_of? String
|
296
320
|
|
297
|
-
return nil if @inclusions[key]
|
321
|
+
return nil if @inclusions[key] and @inclusions[key].include? item
|
298
322
|
|
299
|
-
|
323
|
+
### check the name
|
300
324
|
raise JSS::NoSuchItemError, "No existing #{key} with name '#{item}'" unless check_name key, item
|
301
|
-
raise JSS::AlreadyExistsError, "Can't set #{key} scope to '#{item}' because it's already an explicit exclusion." if @exclusions[key]
|
325
|
+
raise JSS::AlreadyExistsError, "Can't set #{key} scope to '#{item}' because it's already an explicit exclusion." if @exclusions[key] and @exclusions[key].include? item
|
326
|
+
|
302
327
|
|
303
328
|
@inclusions[key] << item
|
304
329
|
@all_targets = false
|
305
330
|
@container.should_update if @container
|
306
331
|
end
|
307
332
|
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
#
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
333
|
+
###
|
334
|
+
### Remove a single item for this scope.
|
335
|
+
###
|
336
|
+
### @param key[Symbol] the key from #{SCOPING_CLASSES} for the kind of item being removed, :computer, :building, etc...
|
337
|
+
###
|
338
|
+
### @param item[String] the name of the item being removed
|
339
|
+
###
|
340
|
+
### @example
|
341
|
+
### remove_inclusion(:computer, "mantis")
|
342
|
+
###
|
343
|
+
### @return [void]
|
344
|
+
###
|
345
|
+
def remove_inclusion (key, item)
|
320
346
|
raise JSS::InvalidDataError, "Inclusion key must be one of :#{@inclusion_keys.join(', :')}" unless @inclusion_keys.include? key
|
321
|
-
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.
|
347
|
+
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.kind_of? String
|
322
348
|
|
323
|
-
return nil unless @inclusions[key]
|
349
|
+
return nil unless @inclusions[key] and @inclusions[key].include? item
|
324
350
|
|
325
351
|
@inclusions[key] -= [item]
|
326
352
|
|
327
353
|
# if ALL the @inclusion keys are empty, then set all targets to true.
|
328
|
-
@all_targets =
|
354
|
+
@all_targets = @inclusions.values.reject{|a| a.nil? or a.empty?}.empty?
|
329
355
|
|
330
356
|
@container.should_update if @container
|
331
357
|
end
|
332
358
|
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
359
|
+
|
360
|
+
###
|
361
|
+
### Replace a limitation list for this scope.
|
362
|
+
###
|
363
|
+
### The list must be an Array of names of items of the Class represented by the key.
|
364
|
+
### Each will be checked for existence in the JSS, and an exception raised if the item doesn't exist.
|
365
|
+
###
|
366
|
+
### @param key[Symbol] the type of items being set as limitations, :network_segments, :users, etc...
|
367
|
+
###
|
368
|
+
### @param list[Array] the names of the items being set as limitations
|
369
|
+
###
|
370
|
+
### @example
|
371
|
+
### set_limitation(:network_segments, ['foo','bar'])
|
372
|
+
###
|
373
|
+
### @return [void]
|
374
|
+
###
|
375
|
+
### @todo handle ldap user group lookups
|
376
|
+
###
|
377
|
+
def set_limitation (key, list)
|
350
378
|
raise JSS::InvalidDataError, "Limitation key must be one of :#{LIMITATIONS.join(', :')}" unless LIMITATIONS.include? key
|
351
|
-
raise JSS::InvalidDataError, "List must be an Array of #{key} names, it may be empty." unless list.
|
379
|
+
raise JSS::InvalidDataError, "List must be an Array of #{key} names, it may be empty." unless list.kind_of? Array
|
352
380
|
return nil if list.sort == @limitations[key].sort
|
353
381
|
|
354
382
|
if list.empty?
|
@@ -357,85 +385,92 @@ module JSS
|
|
357
385
|
return list
|
358
386
|
end
|
359
387
|
|
360
|
-
|
388
|
+
### check the names
|
361
389
|
list.each do |name|
|
362
|
-
raise JSS::NoSuchItemError, "No existing #{key} with name '#{name}'" unless check_name key,
|
363
|
-
raise JSS::AlreadyExistsError, "Can't set #{key} limitation for '#{name}' because it's already an explicit exclusion." if @exclusions[key]
|
390
|
+
raise JSS::NoSuchItemError, "No existing #{key} with name '#{name}'" unless check_name key, name
|
391
|
+
raise JSS::AlreadyExistsError, "Can't set #{key} limitation for '#{name}' because it's already an explicit exclusion." if @exclusions[key] and @exclusions[key].include? name
|
364
392
|
end # each
|
365
393
|
|
366
394
|
@limitations[key] = list
|
367
395
|
@container.should_update if @container
|
368
396
|
end # limit scope
|
369
397
|
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
374
|
-
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
-
|
380
|
-
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
|
398
|
+
|
399
|
+
###
|
400
|
+
### Add a single item for limiting this scope.
|
401
|
+
###
|
402
|
+
### The item name will be checked for existence in the JSS, and an exception raised if the item doesn't exist.
|
403
|
+
###
|
404
|
+
### @param key[Symbol] the type of item being added, :computer, :building, etc...
|
405
|
+
###
|
406
|
+
### @param item[String] the name of the item being added
|
407
|
+
###
|
408
|
+
### @example
|
409
|
+
### add_limitation(:network_segments, "foo")
|
410
|
+
###
|
411
|
+
### @return [void]
|
412
|
+
###
|
413
|
+
### @todo handle ldap user/group lookups
|
414
|
+
###
|
415
|
+
def add_limitation (key, item)
|
386
416
|
raise JSS::InvalidDataError, "Limitation key must be one of :#{LIMITATIONS.join(', :')}" unless LIMITATIONS.include? key
|
387
|
-
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.
|
417
|
+
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.kind_of? String
|
388
418
|
|
389
|
-
return nil if @limitations[key]
|
419
|
+
return nil if @limitations[key] and @limitations[key].include? item
|
390
420
|
|
391
|
-
|
421
|
+
### check the name
|
392
422
|
raise JSS::NoSuchItemError, "No existing #{key} with name '#{item}'" unless check_name key, item
|
393
|
-
raise JSS::AlreadyExistsError, "Can't set #{key} limitation for '#{name}' because it's already an explicit exclusion." if @exclusions[key]
|
423
|
+
raise JSS::AlreadyExistsError, "Can't set #{key} limitation for '#{name}' because it's already an explicit exclusion." if @exclusions[key] and @exclusions[key].include? item
|
424
|
+
|
394
425
|
|
395
426
|
@limitations[key] << item
|
396
427
|
@container.should_update if @container
|
397
428
|
end
|
398
429
|
|
399
|
-
|
400
|
-
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
|
409
|
-
|
410
|
-
|
411
|
-
|
412
|
-
|
430
|
+
###
|
431
|
+
### Remove a single item for limiting this scope.
|
432
|
+
###
|
433
|
+
### @param key[Symbol] the type of item being removed, :computer, :building, etc...
|
434
|
+
###
|
435
|
+
### @param item[String] the name of the item being removed
|
436
|
+
###
|
437
|
+
### @example
|
438
|
+
### remove_limitation(:network_segments, "foo")
|
439
|
+
###
|
440
|
+
### @return [void]
|
441
|
+
###
|
442
|
+
### @todo handle ldap user/group lookups
|
443
|
+
###
|
444
|
+
def remove_limitation( key, item)
|
413
445
|
raise JSS::InvalidDataError, "Limitation key must be one of :#{LIMITATIONS.join(', :')}" unless LIMITATIONS.include? key
|
414
|
-
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.
|
446
|
+
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.kind_of? String
|
415
447
|
|
416
|
-
return nil unless @limitations[key]
|
448
|
+
return nil unless @limitations[key] and @limitations[key].include? item
|
417
449
|
|
418
450
|
@limitations[key] -= [item]
|
419
451
|
@container.should_update if @container
|
420
|
-
end
|
421
|
-
|
422
|
-
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
|
435
|
-
|
436
|
-
|
452
|
+
end
|
453
|
+
|
454
|
+
|
455
|
+
|
456
|
+
###
|
457
|
+
### Replace an exclusion list for this scope
|
458
|
+
###
|
459
|
+
### The list must be an Array of names of items of the Class being excluded from the scope
|
460
|
+
### Each will be checked for existence in the JSS, and an exception raised if the item doesn't exist.
|
461
|
+
###
|
462
|
+
### @param key[Symbol] the type of item being excluded, :computer, :building, etc...
|
463
|
+
###
|
464
|
+
### @param list[Array] the names of the items being added
|
465
|
+
###
|
466
|
+
### @example
|
467
|
+
### set_exclusion(:network_segments, ['foo','bar'])
|
468
|
+
###
|
469
|
+
### @return [void]
|
470
|
+
###
|
471
|
+
def set_exclusion (key, list)
|
437
472
|
raise JSS::InvalidDataError, "Exclusion key must be one of :#{@exclusion_keys.join(', :')}" unless @exclusion_keys.include? key
|
438
|
-
raise JSS::InvalidDataError, "List must be an Array of #{key} names, it may be empty." unless list.
|
473
|
+
raise JSS::InvalidDataError, "List must be an Array of #{key} names, it may be empty." unless list.kind_of? Array
|
439
474
|
return nil if list.sort == @exclusions[key].sort
|
440
475
|
|
441
476
|
if list.empty?
|
@@ -444,122 +479,131 @@ module JSS
|
|
444
479
|
return list
|
445
480
|
end
|
446
481
|
|
447
|
-
|
482
|
+
### check the names
|
448
483
|
list.each do |name|
|
449
484
|
raise JSS::NoSuchItemError, "No existing #{key} with name '#{name}'" unless check_name key, name
|
450
485
|
case key
|
451
|
-
|
452
|
-
|
453
|
-
|
454
|
-
|
486
|
+
when *@inclusion_keys
|
487
|
+
raise JSS::AlreadyExistsError, "Can't exclude #{key} '#{name}' because it's already explicitly included." if @inclusions[key] and @inclusions[key].include? name
|
488
|
+
when *LIMITATIONS
|
489
|
+
raise JSS::AlreadyExistsError, "Can't exclude #{key} '#{name}' because it's already an explicit limitation." if @limitations[key] and @limitations[key].include? name
|
455
490
|
end
|
491
|
+
|
456
492
|
end # each
|
457
493
|
|
458
494
|
@exclusions[key] = list
|
459
495
|
@container.should_update if @container
|
460
496
|
end # limit scope
|
461
497
|
|
462
|
-
|
463
|
-
|
464
|
-
|
465
|
-
|
466
|
-
|
467
|
-
|
468
|
-
|
469
|
-
|
470
|
-
|
471
|
-
|
472
|
-
|
473
|
-
|
474
|
-
|
475
|
-
|
498
|
+
###
|
499
|
+
### Add a single item for exclusions of this scope.
|
500
|
+
###
|
501
|
+
### The item name will be checked for existence in the JSS, and an exception raised if the item doesn't exist.
|
502
|
+
###
|
503
|
+
### @param key[Symbol] the type of item being added to the exclusions, :computer, :building, etc...
|
504
|
+
###
|
505
|
+
### @param item[String] the name of the item being added
|
506
|
+
###
|
507
|
+
### @example
|
508
|
+
### add_exclusion(:network_segments, "foo")
|
509
|
+
###
|
510
|
+
### @return [void]
|
511
|
+
###
|
512
|
+
def add_exclusion (key, item)
|
476
513
|
raise JSS::InvalidDataError, "Exclusion key must be one of :#{@exclusion_keys.join(', :')}" unless @exclusion_keys.include? key
|
477
|
-
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.
|
514
|
+
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.kind_of? String
|
478
515
|
|
479
|
-
return nil if @exclusions[key]
|
516
|
+
return nil if @exclusions[key] and @exclusions[key].include? item
|
480
517
|
|
481
|
-
|
518
|
+
### check the name
|
482
519
|
raise JSS::NoSuchItemError, "No existing #{key} with name '#{item}'" unless check_name key, item
|
483
|
-
raise JSS::AlreadyExistsError, "Can't exclude #{key} scope to '#{item}' because it's already explicitly included." if @inclusions[key]
|
484
|
-
raise JSS::AlreadyExistsError, "Can't exclude #{key} '#{item}' because it's already an explicit limitation." if @limitations[key]
|
520
|
+
raise JSS::AlreadyExistsError, "Can't exclude #{key} scope to '#{item}' because it's already explicitly included." if @inclusions[key] and @inclusions[key].include? item
|
521
|
+
raise JSS::AlreadyExistsError, "Can't exclude #{key} '#{item}' because it's already an explicit limitation." if @limitations[key] and @limitations[key].include? item
|
485
522
|
|
486
523
|
@exclusions[key] << item
|
487
524
|
@container.should_update if @container
|
488
525
|
end
|
489
526
|
|
490
|
-
|
491
|
-
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
527
|
+
###
|
528
|
+
### Remove a single item for exclusions of this scope
|
529
|
+
###
|
530
|
+
### @param key[Symbol] the type of item being removed from the excludions, :computer, :building, etc...
|
531
|
+
###
|
532
|
+
### @param item[String] the name of the item being removed
|
533
|
+
###
|
534
|
+
### @example
|
535
|
+
### remove_exclusion(:network_segments, "foo")
|
536
|
+
###
|
537
|
+
### @return [void]
|
538
|
+
###
|
539
|
+
def remove_exclusion (key, item)
|
502
540
|
raise JSS::InvalidDataError, "Exclusion key must be one of :#{@exclusion_keys.join(', :')}" unless @exclusion_keys.include? key
|
503
|
-
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.
|
541
|
+
raise JSS::InvalidDataError, "Item must be a #{key} name." unless item.kind_of? String
|
504
542
|
|
505
|
-
return nil unless @exclusions[key]
|
543
|
+
return nil unless @exclusions[key] and @exclusions[key].include? item
|
506
544
|
|
507
545
|
@exclusions[key] -= [item]
|
508
546
|
@container.should_update if @container
|
509
547
|
end
|
510
548
|
|
511
|
-
|
512
|
-
|
513
|
-
|
514
|
-
|
515
|
-
|
516
|
-
|
549
|
+
###
|
550
|
+
### @api private
|
551
|
+
### Return a REXML Element containing the current state of the Scope
|
552
|
+
### for adding into the XML of the container.
|
553
|
+
###
|
554
|
+
### @return [REXML::Element]
|
555
|
+
###
|
517
556
|
def scope_xml
|
518
|
-
scope = REXML::Element.new
|
557
|
+
scope = REXML::Element.new "scope"
|
519
558
|
scope.add_element(@all_key.to_s).text = @all_targets
|
520
559
|
|
521
|
-
@inclusions.each do |klass,
|
522
|
-
list_as_hash = list.map
|
523
|
-
scope << SCOPING_CLASSES[klass].xml_list(list_as_hash, :name)
|
560
|
+
@inclusions.each do |klass,list|
|
561
|
+
list_as_hash = list.map{|i| {:name => i} }
|
562
|
+
scope << SCOPING_CLASSES[klass].xml_list( list_as_hash, :name)
|
524
563
|
end
|
525
564
|
|
526
565
|
limitations = scope.add_element('limitations')
|
527
|
-
@limitations.each do |klass,
|
528
|
-
list_as_hash = list.map
|
529
|
-
limitations << SCOPING_CLASSES[klass].xml_list(list_as_hash, :name)
|
566
|
+
@limitations.each do |klass,list|
|
567
|
+
list_as_hash = list.map{|i| {:name => i} }
|
568
|
+
limitations << SCOPING_CLASSES[klass].xml_list( list_as_hash, :name)
|
530
569
|
end
|
531
570
|
|
532
571
|
exclusions = scope.add_element('exclusions')
|
533
|
-
@exclusions.each do |klass,
|
534
|
-
list_as_hash = list.map
|
535
|
-
exclusions << SCOPING_CLASSES[klass].xml_list(list_as_hash, :name)
|
572
|
+
@exclusions.each do |klass,list|
|
573
|
+
list_as_hash = list.map{|i| {:name => i} }
|
574
|
+
exclusions << SCOPING_CLASSES[klass].xml_list( list_as_hash, :name)
|
536
575
|
end
|
537
|
-
scope
|
538
|
-
end #
|
576
|
+
return scope
|
577
|
+
end #scope_xml
|
539
578
|
|
540
|
-
|
579
|
+
|
580
|
+
### Aliases
|
541
581
|
|
542
582
|
alias all_targets? all_targets
|
543
583
|
|
544
|
-
|
584
|
+
|
585
|
+
#####################################
|
586
|
+
### Private Instance Methods
|
545
587
|
#####################################
|
546
588
|
private
|
547
589
|
|
548
|
-
|
549
|
-
|
550
|
-
|
551
|
-
|
552
|
-
|
590
|
+
###
|
591
|
+
### Given a name of some class of item to be used in the scope, check that it
|
592
|
+
### exists in the JSS.
|
593
|
+
###
|
594
|
+
### @return [Boolean] does the name exist for the key in JSS or LDAP?
|
595
|
+
###
|
553
596
|
def check_name(key, name)
|
554
|
-
|
597
|
+
|
598
|
+
found_in_jss = SCOPING_CLASSES[key].all_names(api: @api).include?(name)
|
555
599
|
|
556
600
|
return true if found_in_jss
|
557
601
|
|
558
602
|
return false unless CHECK_LDAP_KEYS.include?(key)
|
559
603
|
|
560
604
|
begin
|
561
|
-
return JSS::LDAPServer.user_in_ldap?(name, api:
|
562
|
-
return JSS::LDAPServer.group_in_ldap?(name, api:
|
605
|
+
return JSS::LDAPServer.user_in_ldap?(name, api: @api) if LDAP_USER_KEYS.include?(key)
|
606
|
+
return JSS::LDAPServer.group_in_ldap?(name, api: @api) if LDAP_GROUP_KEYS.include?(key)
|
563
607
|
|
564
608
|
# if an ldap server isn't connected, make a note of it and return true
|
565
609
|
rescue JSS::InvalidConnectionError
|
@@ -567,11 +611,11 @@ module JSS
|
|
567
611
|
return true
|
568
612
|
end # begin
|
569
613
|
|
570
|
-
false
|
614
|
+
return false
|
571
615
|
end
|
572
616
|
|
573
|
-
end # class Scope
|
574
617
|
|
575
|
-
end # module Scopable
|
576
618
|
|
619
|
+
end # class Scope
|
620
|
+
end #module Scopable
|
577
621
|
end # module
|