kubernetes/test/images/agnhost/mounttest/filePermissions.ps1

# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

Param(
  [string]$FileName = $(throw "-FileName is required.")
 )


# read = read data | read attributes
$READ_PERMISSIONS = 0x0001 -bor 0x0080

# write = write data | append data | write attributes | write EA
$WRITE_PERMISSIONS = 0x0002 -bor 0x0004 -bor 0x0100 -bor  0x0010

# execute = read data | file execute
$EXECUTE_PERMISSIONS = 0x0001 -bor 0x0020


function GetFilePermissions($path) {
    $fileAcl = Get-Acl -Path $path
    $fileOwner = $fileAcl.Owner
    $fileGroup = $fileAcl.Group

    $userMask = 0
    $groupMask = 0
    $otherMask = 0

    foreach ($rule in $fileAcl.Access) {
        if ($rule.AccessControlType -ne [Security.AccessControl.AccessControlType]::Allow) {
            # not an allow rule, skipping.
            continue
        }

        $mask = 0
        $rights = $rule.FileSystemRights.value__
        # convert mask.
        if ( ($rights -band $READ_PERMISSIONS) -eq $READ_PERMISSIONS ) {
            $mask = $mask -bor 4
        }
        if ( ($rights -band $WRITE_PERMISSIONS) -eq $WRITE_PERMISSIONS ) {
            $mask = $mask -bor 2
        }
        if ( ($rights -band $EXECUTE_PERMISSIONS) -eq $EXECUTE_PERMISSIONS ) {
            $mask = $mask -bor 1
        }

        # detect mask type.
        if ($rule.IdentityReference.Value.Equals($fileOwner)) {
            $userMask = $mask
        }
        if ($rule.IdentityReference.Value.Equals($fileGroup)) {
            $groupMask = $mask
        }
        if ($rule.IdentityReference.Value.ToLower().Contains("users")) {
            $otherMask = $mask
        }
    }

    return "$userMask$groupMask$otherMask"
}

$mask = GetFilePermissions($FileName)
if (-not $?) {
    exit 1
}

# print the permission mask Linux-style.
echo "0$mask"