class Inspec::Resources::UnixFilePermissions

def check_file_permission_by_mask(file, access_type, usergroup, specific_user)

def check_file_permission_by_mask(file, access_type, usergroup, specific_user)
  usergroup = usergroup_for(usergroup, specific_user)
  flag = permission_flag(access_type)
  mask = file.unix_mode_mask(usergroup, flag)
  fail 'Invalid usergroup/owner provided' if mask.nil?
  (file.mode & mask) != 0
end

def check_file_permission_by_user(access_type, user, path)

def check_file_permission_by_user(access_type, user, path)
  flag = permission_flag(access_type)
  if inspec.os.linux?
    perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
  elsif inspec.os.bsd? || inspec.os.solaris?
    perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
  elsif inspec.os.aix?
    perm_cmd = "su #{user} -c test -#{flag} #{path}"
  elsif inspec.os.hpux?
    perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""
  else
    return skip_resource 'The `file` resource does not support `by_user` on your OS.'
  end
  cmd = inspec.command(perm_cmd)
  cmd.exit_status == 0 ? true : false
end

def permission_flag(access_type)

def permission_flag(access_type)
  case access_type
  when 'read'
    'r'
  when 'write'
    'w'
  when 'execute'
    'x'
  else
    fail 'Invalid access_type provided'
  end
end

def usergroup_for(usergroup, specific_user)

def usergroup_for(usergroup, specific_user)
  if usergroup == 'others'
    'other'
  elsif (usergroup.nil? || usergroup.empty?) && specific_user.nil?
    'all'
  else
    usergroup
  end
end