|
|
Comments and Discussions
|
|
 |
|
Just Perfect.
Worked as a charm.
Thanks for the contribution.
|
|
|
|
|
code only ...need explanation
modified 17 Aug '12 - 9:35.
|
|
|
|
|
It really solves problem.
|
|
|
|
|
I have a win 7 64 bit machine. I am logged in as the a user who is a member of the administrators group. I instantiate the class like so
UserFileAccessRights ar = new UserFileAccessRights(@"c:\")
then
ar.canWrite() == false is true.
I checked the permissions on c:\ and i have permission to write as a member of the administrators group. I even tried to actually add the user and grant the permissions to the user, but still no luck.
It works for everything but the root directories (c:\,d:\).
Anyone have any ideas???
Thanks
Developing FL
|
|
|
|
|
Hey aramka, you found something I didn't test. That's great. I usually code in Java but enjoy c#. This was developed for a part of a website deployment tool very similar to what you'd find with Drupal or Wordpress but I never deployed anything to a root directory. The majority of the code was built with excel, copying from the help page and gluing strings together. That being said my main platform is a Mac although I do have Parallels with an Windows XP image so I'll see what I can do to update the code to work on as many filesystem objects as possible, make it look less like java, optimize it and see if I can write a few tests cases. My guess is that the code is .net version dependant and not os dependant but I will need help testing on anything but XP.
|
|
|
|
|
Thank you for this code! Why do they make something simple like permissions so complicated!
System.IO.FileInfo appears to require that trailing backslashes be removed for root folders, (e.g. "C:\" doesn't return the correct permissions, "C:" does). Removing the trailing backslashes appears to work fine for all directories as well.
Just change the code to remove trailing backslash and you are good to go...
public UserFileAccessRights(string path,
System.Security.Principal.WindowsIdentity principal) {
this._path = path.TrimEnd('\\');
this._principal = principal;
try {
System.IO.FileInfo fi = new System.IO.FileInfo(_path);
modified 27 Jun '12 - 1:47.
|
|
|
|
|
Looking at your class, I've written a (according to me) more elegant code using Linq To Objects. But my code (as well as your class) does not work for shared folder because it doesn't manage Shared Permissions.
private bool CheckAccess(WindowsIdentity user, string path, FileSystemRights expectedRights)
{
FileInfo fi = new FileInfo(path);
AuthorizationRuleCollection acl = fi.GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
// gets rules that concern the user and his groups
IEnumerable<AuthorizationRule> userRules = from AuthorizationRule rule in acl
where user.User.Equals(rule.IdentityReference)
|| user.Groups.Contains(rule.IdentityReference)
select rule;
FileSystemRights denyRights = 0;
FileSystemRights allowRights = 0;
// iterates on rules to compute denyRights and allowRights
foreach (FileSystemAccessRule rule in userRules)
{
if (rule.AccessControlType.Equals(AccessControlType.Deny))
{
denyRights = denyRights | rule.FileSystemRights;
}
else if (rule.AccessControlType.Equals(AccessControlType.Allow))
{
allowRights = allowRights | rule.FileSystemRights;
}
}
// allowRights = allowRights - denyRights
allowRights = allowRights & ~denyRights;
// are rights sufficient?
return (allowRights & expectedRights) == expectedRights;
}
Tetranos...
|
|
|
|
|
|
This is exactly what I need if it wasn't for that I need to be able to do it in C++/MFC instead of .net Anyone have any suggestion on how to do it? GetFileAttributes() only reports the flags, not the actual rights.
|
|
|
|
|
Many years ago, I developed a web based client reporting app - a favour to our private client unit. Not having the time to spend on post-development tasks, I added a requirement for a web based installer and maintenance tool for non-technical administrative staff.
The app requires ongoing tasks like maintenance and an occasional install to a new server. Additional ongoing tasks are unwelcome to employees who are already overworked and not interested in learning a new app. To get buy-in it was important to save them time and make it easy. It its intuitive and saves time, it adds value to the firm and therefore the upfront effort is well worth it!
My inspiration for the installer came from tools like Drupal and Wordpress from the php world where there are lots of examples of how-to test "File Access Rights".
Determining the file access rights for files and directories was an essential part of the solution. I looked for a .NET solution with no luck so I researched it in .NEW and generated the code from this article.
I posted my code to save to time for anyone with a similar problem to mine- the code is not complicated but there was a few hours of research so writing itself would take time.
This is utility code and is not going to be part of any1 business logic. It is solves a minor problem but one you would not want to have to code yourself like a Base64 encoder or stream to string conversion. It's general enough that it can be useful for anyone accessing a file
Including this sort of functionality in the standard .NET distribution seems worthwhile and maybe they eventually will.
I appreciate the feedback and hope the code helps folks.../Bruce Hatt
1 Unless your building a file security app!
|
|
|
|
|
|
10xs alot, just what i needed.
However what im missing is how to get the WindowsIdentity from the SID i.e. User\domain????
|
|
|
|
|
Thanks for the great feedback and thanks for posting the refinements! I'll have to checkout FxCop.
I suppose it’s pretty obvious by my coding style that I’m a java guy but I have to admit I really like c#.
I wanted to make it easy to simply grab the code as a snippit without having to login or download a zip.
I hope folks will copy/paste the updated version posted in this forum.
|
|
|
|
|
Don't worry, even if code is written "poorly", the idea behind the code is there. But that doesn't mean one should actively pursue the 'art' of writing poor code. 
Anyway, one always have Format Document in the Integrated Development Environment (IDE) if all else fail.
|
|
|
|
|
Hey
Thanks allot for this code Bruce. It really helped.
I revised a tiny bit of the code and ran it through FxCop.
Here is the result.
Changes: Property style Methods have been made Properties.
Some validations according to FxCop
Regards
Bernd
using System;
using System.Security;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Text;
namespace GenUtils
{
///
/// This code was written by Bruce Hatt
/// Code obtained from : http://www.codeproject.com/useritems/UserFileAccessRights.asp
///
/// This class Contains a simple answer to a
/// potentially complicated question "Can I read this file or can I write to this file?"
///
/// Using the "rule of least privilege", one must check not only is access granted but
/// is it denied at any point including a possibly recursive check of groups.
///
/// For this simple check, a look at the user and immediate groups are only checked.
///
/// This class could be expanded to identify if the applicable allow/deny rule
/// was explicit or inherited
///
///
public class UserFileAccessRights
{
private string _path;
private WindowsIdentity _principal;
private bool _denyAppendData = false;
private bool _denyChangePermissions = false;
private bool _denyCreateDirectories = false;
private bool _denyCreateFiles = false;
private bool _denyDelete = false;
private bool _denyDeleteSubdirectoriesAndFiles = false;
private bool _denyExecuteFile = false;
private bool _denyFullControl = false;
private bool _denyListDirectory = false;
private bool _denyModify = false;
private bool _denyRead = false;
private bool _denyReadAndExecute = false;
private bool _denyReadAttributes = false;
private bool _denyReadData = false;
private bool _denyReadExtendedAttributes = false;
private bool _denyReadPermissions = false;
private bool _denySynchronize = false;
private bool _denyTakeOwnership = false;
private bool _denyTraverse = false;
private bool _denyWrite = false;
private bool _denyWriteAttributes = false;
private bool _denyWriteData = false;
private bool _denyWriteExtendedAttributes = false;
private bool _allowAppendData = false;
private bool _allowChangePermissions = false;
private bool _allowCreateDirectories = false;
private bool _allowCreateFiles = false;
private bool _allowDelete = false;
private bool _allowDeleteSubdirectoriesAndFiles = false;
private bool _allowExecuteFile = false;
private bool _allowFullControl = false;
private bool _allowListDirectory = false;
private bool _allowModify = false;
private bool _allowRead = false;
private bool _allowReadAndExecute = false;
private bool _allowReadAttributes = false;
private bool _allowReadData = false;
private bool _allowReadExtendedAttributes = false;
private bool _allowReadPermissions = false;
private bool _allowSynchronize = false;
private bool _allowTakeOwnership = false;
private bool _allowTraverse = false;
private bool _allowWrite = false;
private bool _allowWriteAttributes = false;
private bool _allowWriteData = false;
private bool _allowWriteExtendedAttributes = false;
public bool CanAppendData { get { return !_denyAppendData && _allowAppendData; } }
public bool CanChangePermissions { get { return !_denyChangePermissions && _allowChangePermissions; } }
public bool CanCreateDirectories { get { return !_denyCreateDirectories && _allowCreateDirectories; } }
public bool CanCreateFiles { get { return !_denyCreateFiles && _allowCreateFiles; } }
public bool CanDelete { get { return !_denyDelete && _allowDelete; } }
public bool CanDeleteSubdirectoriesAndFiles { get { return !_denyDeleteSubdirectoriesAndFiles && _allowDeleteSubdirectoriesAndFiles; } }
public bool CanExecuteFile { get { return !_denyExecuteFile && _allowExecuteFile; } }
public bool CanFullControl { get { return !_denyFullControl && _allowFullControl; } }
public bool CanListDirectory { get { return !_denyListDirectory && _allowListDirectory; } }
public bool CanModify { get { return !_denyModify && _allowModify; } }
public bool CanRead { get { return !_denyRead && _allowRead; } }
public bool CanReadAndExecute { get { return !_denyReadAndExecute && _allowReadAndExecute; } }
public bool CanReadAttributes { get { return !_denyReadAttributes && _allowReadAttributes; } }
public bool CanReadData { get { return !_denyReadData && _allowReadData; } }
public bool CanReadExtendedAttributes { get { return !_denyReadExtendedAttributes && _allowReadExtendedAttributes; } }
public bool CanReadPermissions { get { return !_denyReadPermissions && _allowReadPermissions; } }
public bool CanSynchronize { get { return !_denySynchronize && _allowSynchronize; } }
public bool CanTakeOwnership { get { return !_denyTakeOwnership && _allowTakeOwnership; } }
public bool CanTraverse { get { return !_denyTraverse && _allowTraverse; } }
public bool CanWrite { get { return !_denyWrite && _allowWrite; } }
public bool CanWriteAttributes { get { return !_denyWriteAttributes && _allowWriteAttributes; } }
public bool CanWriteData { get { return !_denyWriteData && _allowWriteData; } }
public bool CanWriteExtendedAttributes { get { return !_denyWriteExtendedAttributes && _allowWriteExtendedAttributes; } }
///
/// Simple accessor
///
///
public WindowsIdentity GetWindowsIdentity
{ get { return _principal; } }
///
/// Simple accessor
///
///
public String GetPath
{
get { return _path; }
}
///
/// Convenience constructor assumes the current user
///
///
public UserFileAccessRights(string path)
:
this(path, WindowsIdentity.GetCurrent()) { }
///
/// Supply the path to the file or directory and a user or group. Access checks are done
/// during instanciation to ensure we always have a valid object
///
///
///
public UserFileAccessRights(string path, WindowsIdentity principal)
{
if ((principal != null) || !String.IsNullOrEmpty(path))
{
this._path = path;
this._principal = principal;
try
{
System.IO.FileInfo fi = new System.IO.FileInfo(_path);
AuthorizationRuleCollection acl = fi.GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
for (int i = 0; i < acl.Count; i++)
{
System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i];
if (_principal.User.Equals(rule.IdentityReference))
{
if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType))
{
if (Contains(FileSystemRights.AppendData, rule)) _denyAppendData = true;
if (Contains(FileSystemRights.ChangePermissions, rule)) _denyChangePermissions = true;
if (Contains(FileSystemRights.CreateDirectories, rule)) _denyCreateDirectories = true;
if (Contains(FileSystemRights.CreateFiles, rule)) _denyCreateFiles = true;
if (Contains(FileSystemRights.Delete, rule)) _denyDelete = true;
if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _denyDeleteSubdirectoriesAndFiles = true;
if (Contains(FileSystemRights.ExecuteFile, rule)) _denyExecuteFile = true;
if (Contains(FileSystemRights.FullControl, rule)) _denyFullControl = true;
if (Contains(FileSystemRights.ListDirectory, rule)) _denyListDirectory = true;
if (Contains(FileSystemRights.Modify, rule)) _denyModify = true;
if (Contains(FileSystemRights.Read, rule)) _denyRead = true;
if (Contains(FileSystemRights.ReadAndExecute, rule)) _denyReadAndExecute = true;
if (Contains(FileSystemRights.ReadAttributes, rule)) _denyReadAttributes = true;
if (Contains(FileSystemRights.ReadData, rule)) _denyReadData = true;
if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _denyReadExtendedAttributes = true;
if (Contains(FileSystemRights.ReadPermissions, rule)) _denyReadPermissions = true;
if (Contains(FileSystemRights.Synchronize, rule)) _denySynchronize = true;
if (Contains(FileSystemRights.TakeOwnership, rule)) _denyTakeOwnership = true;
if (Contains(FileSystemRights.Traverse, rule)) _denyTraverse = true;
if (Contains(FileSystemRights.Write, rule)) _denyWrite = true;
if (Contains(FileSystemRights.WriteAttributes, rule)) _denyWriteAttributes = true;
if (Contains(FileSystemRights.WriteData, rule)) _denyWriteData = true;
if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _denyWriteExtendedAttributes = true;
}
else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType))
{
if (Contains(FileSystemRights.AppendData, rule)) _allowAppendData = true;
if (Contains(FileSystemRights.ChangePermissions, rule)) _allowChangePermissions = true;
if (Contains(FileSystemRights.CreateDirectories, rule)) _allowCreateDirectories = true;
if (Contains(FileSystemRights.CreateFiles, rule)) _allowCreateFiles = true;
if (Contains(FileSystemRights.Delete, rule)) _allowDelete = true;
if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _allowDeleteSubdirectoriesAndFiles = true;
if (Contains(FileSystemRights.ExecuteFile, rule)) _allowExecuteFile = true;
if (Contains(FileSystemRights.FullControl, rule)) _allowFullControl = true;
if (Contains(FileSystemRights.ListDirectory, rule)) _allowListDirectory = true;
if (Contains(FileSystemRights.Modify, rule)) _allowModify = true;
if (Contains(FileSystemRights.Read, rule)) _allowRead = true;
if (Contains(FileSystemRights.ReadAndExecute, rule)) _allowReadAndExecute = true;
if (Contains(FileSystemRights.ReadAttributes, rule)) _allowReadAttributes = true;
if (Contains(FileSystemRights.ReadData, rule)) _allowReadData = true;
if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _allowReadExtendedAttributes = true;
if (Contains(FileSystemRights.ReadPermissions, rule)) _allowReadPermissions = true;
if (Contains(FileSystemRights.Synchronize, rule)) _allowSynchronize = true;
if (Contains(FileSystemRights.TakeOwnership, rule)) _allowTakeOwnership = true;
if (Contains(FileSystemRights.Traverse, rule)) _allowTraverse = true;
if (Contains(FileSystemRights.Write, rule)) _allowWrite = true;
if (Contains(FileSystemRights.WriteAttributes, rule)) _allowWriteAttributes = true;
if (Contains(FileSystemRights.WriteData, rule)) _allowWriteData = true;
if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _allowWriteExtendedAttributes = true;
}
}
}
IdentityReferenceCollection groups = _principal.Groups;
for (int j = 0; j < groups.Count; j++)
{
for (int i = 0; i < acl.Count; i++)
{
System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i];
if (groups[j].Equals(rule.IdentityReference))
{
if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType))
{
if (Contains(FileSystemRights.AppendData, rule)) _denyAppendData = true;
if (Contains(FileSystemRights.ChangePermissions, rule)) _denyChangePermissions = true;
if (Contains(FileSystemRights.CreateDirectories, rule)) _denyCreateDirectories = true;
if (Contains(FileSystemRights.CreateFiles, rule)) _denyCreateFiles = true;
if (Contains(FileSystemRights.Delete, rule)) _denyDelete = true;
if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _denyDeleteSubdirectoriesAndFiles = true;
if (Contains(FileSystemRights.ExecuteFile, rule)) _denyExecuteFile = true;
if (Contains(FileSystemRights.FullControl, rule)) _denyFullControl = true;
if (Contains(FileSystemRights.ListDirectory, rule)) _denyListDirectory = true;
if (Contains(FileSystemRights.Modify, rule)) _denyModify = true;
if (Contains(FileSystemRights.Read, rule)) _denyRead = true;
if (Contains(FileSystemRights.ReadAndExecute, rule)) _denyReadAndExecute = true;
if (Contains(FileSystemRights.ReadAttributes, rule)) _denyReadAttributes = true;
if (Contains(FileSystemRights.ReadData, rule)) _denyReadData = true;
if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _denyReadExtendedAttributes = true;
if (Contains(FileSystemRights.ReadPermissions, rule)) _denyReadPermissions = true;
if (Contains(FileSystemRights.Synchronize, rule)) _denySynchronize = true;
if (Contains(FileSystemRights.TakeOwnership, rule)) _denyTakeOwnership = true;
if (Contains(FileSystemRights.Traverse, rule)) _denyTraverse = true;
if (Contains(FileSystemRights.Write, rule)) _denyWrite = true;
if (Contains(FileSystemRights.WriteAttributes, rule)) _denyWriteAttributes = true;
if (Contains(FileSystemRights.WriteData, rule)) _denyWriteData = true;
if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _denyWriteExtendedAttributes = true;
}
else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType))
{
if (Contains(FileSystemRights.AppendData, rule)) _allowAppendData = true;
if (Contains(FileSystemRights.ChangePermissions, rule)) _allowChangePermissions = true;
if (Contains(FileSystemRights.CreateDirectories, rule)) _allowCreateDirectories = true;
if (Contains(FileSystemRights.CreateFiles, rule)) _allowCreateFiles = true;
if (Contains(FileSystemRights.Delete, rule)) _allowDelete = true;
if (Contains(FileSystemRights.DeleteSubdirectoriesAndFiles, rule)) _allowDeleteSubdirectoriesAndFiles = true;
if (Contains(FileSystemRights.ExecuteFile, rule)) _allowExecuteFile = true;
if (Contains(FileSystemRights.FullControl, rule)) _allowFullControl = true;
if (Contains(FileSystemRights.ListDirectory, rule)) _allowListDirectory = true;
if (Contains(FileSystemRights.Modify, rule)) _allowModify = true;
if (Contains(FileSystemRights.Read, rule)) _allowRead = true;
if (Contains(FileSystemRights.ReadAndExecute, rule)) _allowReadAndExecute = true;
if (Contains(FileSystemRights.ReadAttributes, rule)) _allowReadAttributes = true;
if (Contains(FileSystemRights.ReadData, rule)) _allowReadData = true;
if (Contains(FileSystemRights.ReadExtendedAttributes, rule)) _allowReadExtendedAttributes = true;
if (Contains(FileSystemRights.ReadPermissions, rule)) _allowReadPermissions = true;
if (Contains(FileSystemRights.Synchronize, rule)) _allowSynchronize = true;
if (Contains(FileSystemRights.TakeOwnership, rule)) _allowTakeOwnership = true;
if (Contains(FileSystemRights.Traverse, rule)) _allowTraverse = true;
if (Contains(FileSystemRights.Write, rule)) _allowWrite = true;
if (Contains(FileSystemRights.WriteAttributes, rule)) _allowWriteAttributes = true;
if (Contains(FileSystemRights.WriteData, rule)) _allowWriteData = true;
if (Contains(FileSystemRights.WriteExtendedAttributes, rule)) _allowWriteExtendedAttributes = true;
}
}
}
}
}
catch
{
//Deal with io exceptions if you want
throw;
}
}
}
///
/// Simply displays all allowed rights
///
/// Useful if say you want to test for write access and find
/// it is false;
/// <xmp>
/// UserFileAccessRights rights = new UserFileAccessRights(txtLogPath.Text);
/// System.IO.FileInfo fi = new System.IO.FileInfo(txtLogPath.Text);
/// if (rights.canWrite() && rights.canRead()) {
/// lblLogMsg.Text = "R/W access";
/// } else {
/// if (rights.canWrite()) {
/// lblLogMsg.Text = "Only Write access";
/// } else if (rights.canRead()) {
/// lblLogMsg.Text = "Only Read access";
/// } else {
/// lblLogMsg.CssClass = "error";
/// lblLogMsg.Text = rights.ToString()
/// }
/// }
///
/// </xmp>
///
///
///
public override String ToString()
{
StringBuilder sb = new StringBuilder();
if (CanAppendData) { if (sb.Length != 0) sb.Append(","); sb.Append("AppendData"); }
if (CanChangePermissions) { if (sb.Length != 0) sb.Append(","); sb.Append("ChangePermissions"); }
if (CanCreateDirectories) { if (sb.Length != 0) sb.Append(","); sb.Append("CreateDirectories"); }
if (CanCreateFiles) { if (sb.Length != 0) sb.Append(","); sb.Append("CreateFiles"); }
if (CanDelete) { if (sb.Length != 0) sb.Append(","); sb.Append("Delete"); }
if (CanDeleteSubdirectoriesAndFiles) { if (sb.Length != 0) sb.Append(","); sb.Append("DeleteSubdirectoriesAndFiles"); }
if (CanExecuteFile) { if (sb.Length != 0) sb.Append(","); sb.Append("ExecuteFile"); }
if (CanFullControl) { if (sb.Length != 0) sb.Append(","); sb.Append("FullControl"); }
if (CanListDirectory) { if (sb.Length != 0) sb.Append(","); sb.Append("ListDirectory"); }
if (CanModify) { if (sb.Length != 0) sb.Append(","); sb.Append("Modify"); }
if (CanRead) { if (sb.Length != 0) sb.Append(","); sb.Append("Read"); }
if (CanReadAndExecute) { if (sb.Length != 0) sb.Append(","); sb.Append("ReadAndExecute"); }
if (CanReadAttributes) { if (sb.Length != 0) sb.Append(","); sb.Append("ReadAttributes"); }
if (CanReadData) { if (sb.Length != 0) sb.Append(","); sb.Append("ReadData"); }
if (CanReadExtendedAttributes) { if (sb.Length != 0) sb.Append(","); sb.Append("ReadExtendedAttributes"); }
if (CanReadPermissions) { if (sb.Length != 0) sb.Append(","); sb.Append("ReadPermissions"); }
if (CanSynchronize) { if (sb.Length != 0) sb.Append(","); sb.Append("Synchronize"); }
if (CanTakeOwnership) { if (sb.Length != 0) sb.Append(","); sb.Append("TakeOwnership"); }
if (CanTraverse) { if (sb.Length != 0) sb.Append(","); sb.Append("Traverse"); }
if (CanWrite) { if (sb.Length != 0) sb.Append(","); sb.Append("Write"); }
if (CanWriteAttributes) { if (sb.Length != 0) sb.Append(","); sb.Append("WriteAttributes"); }
if (CanWriteData) { if (sb.Length != 0) sb.Append(","); sb.Append("WriteData"); }
if (CanWriteExtendedAttributes) { if (sb.Length != 0) sb.Append(","); sb.Append("WriteExtendedAttributes"); }
if (sb.Length == 0)
sb.Append("None");
return sb.ToString();
}
///
/// Convenience method to test if the right exists within the given rights
///
///
///
///
public static bool Contains(FileSystemRights right, FileSystemAccessRule rule)
{
bool returnValue = false;
if (rule != null)
{
returnValue = (((int)right & (int)rule.FileSystemRights) == (int)right);
}
return returnValue;
}
}
}
|
|
|
|
|
Very useful stuff, but the code should be cleaned up:
1. ToString() method can potentially create about 50 redundant string objects in memory: you should use StringBuilderclass you want to do string appending, since the String object is immutable and the += operator creates a new object.
2. Convert all getter methods to properties.
I suggest a regular usage of FxCop tool, since it can point out mentioned problems and various other ones.
Cheers,
Igor
|
|
|
|
|
Thank you for sharing this easy-to-use implementation.
Works great 
Chris Adamson
Software Developer
IDENTEC SOLUTIONS Inc.
www.identecsolutions.com
Beyond the limits of RFID!
|
|
|
|
|
I second this. This made what I needed to do very simple.
Just remember: You're unique, just like everybody else.
|
|
|
|
|
The API returns true for all canXXX(), but when trying to Create a directory after testning true for canCreateDirectories() I get an exception
|
|
|
|
|
OBS ! I'm interested in an API also comsidering NFS if this API doesn't do this.
regards,
Jens
|
|
|
|
|
Currently the contains method maps the FileSystemRights to an int. Which is fine as long as there are less than 32-bits in use.
A more convenient way of implementing contains is using the type directly:
protected bool contains(System.Security.AccessControl.FileSystemRights right,System.Security.AccessControl.FileSystemAccessRule rule ) {
return ((rule.FileSystemRights & right) == right);
}
(without the casting)
Cheers,
Stefan de Bruijn,
Senior search engineer,
Teezir B.V.
|
|
|
|
|
This worked great, obviously you put in a lot of effort. However, when using it on a remote machine, and if you are an admin on your local box, it will always give you read/right access. Any ideas on this problem?
Thanks
|
|
|
|
|
Thanks for the code. I thought I could use this code for my current project so I modify it to make it more efficient and cleaner as follow:
public class UserFileAccess
{
///
/// Convenience constructor assumes the current user
///
///
public UserFileAccess(string path)
: this(path, System.Security.Principal.WindowsIdentity.GetCurrent()) { }
///
/// Supply the path to the file or directory and a user or group. Access checks are done
/// during instanciation to ensure we always have a valid object
///
///
///
public UserFileAccess(string path, System.Security.Principal.WindowsIdentity principal)
{
this._path = path;
this._principal = principal;
this.GetAccessRights(_path, _principal);
}
private string _path;
private System.Security.Principal.WindowsIdentity _principal;
private int _accessCode = 0;
public System.Security.Principal.WindowsIdentity WindowsIdentity
{
get { return _principal; }
set { _principal = value; this.GetAccessRights(_path, _principal); }
}
public String Path
{
get { return _path; }
set { _path = value; this.GetAccessRights(_path, _principal); }
}
public bool HasRight(System.Security.AccessControl.FileSystemRights right)
{
return (_accessCode & ((int)right)) != 0;
}
public bool CanAppendData { get { return HasRight(FileSystemRights.AppendData); } }
public bool CanChangePermissions { get { return HasRight(FileSystemRights.ChangePermissions); } }
public bool CanCreateDirectories { get { return HasRight(FileSystemRights.CreateDirectories); } }
public bool CanCreateFiles { get { return HasRight(FileSystemRights.CreateFiles); } }
public bool CanDelete { get { return HasRight(FileSystemRights.Delete); } }
public bool CanDeleteSubdirectoriesAndFiles { get { return HasRight(FileSystemRights.DeleteSubdirectoriesAndFiles); } }
public bool CanExecuteFile { get { return HasRight(FileSystemRights.ExecuteFile); } }
public bool CanFullControl { get { return HasRight(FileSystemRights.FullControl); } }
public bool CanListDirectory { get { return HasRight(FileSystemRights.ListDirectory); } }
public bool CanModify { get { return HasRight(FileSystemRights.Modify); } }
public bool CanRead { get { return HasRight(FileSystemRights.Read); } }
public bool CanReadAndExecute { get { return HasRight(FileSystemRights.ReadAndExecute); } }
public bool CanReadAttributes { get { return HasRight(FileSystemRights.ReadAttributes); } }
public bool CanReadData { get { return HasRight(FileSystemRights.ReadData); } }
public bool CanReadExtendedAttributes { get { return HasRight(FileSystemRights.ReadExtendedAttributes); } }
public bool CanReadPermissions { get { return HasRight(FileSystemRights.ReadPermissions); } }
public bool CanSynchronize { get { return HasRight(FileSystemRights.Synchronize); } }
public bool CanTakeOwnership { get { return HasRight(FileSystemRights.TakeOwnership); } }
public bool CanTraverse { get { return HasRight(FileSystemRights.Traverse); } }
public bool CanWrite { get { return HasRight(FileSystemRights.Write); } }
public bool CanWriteAttributes { get { return HasRight(FileSystemRights.WriteAttributes); } }
public bool CanWriteData { get { return HasRight(FileSystemRights.WriteData); } }
public bool CanWriteExtendedAttributes { get { return HasRight(FileSystemRights.WriteExtendedAttributes); } }
private void AssignAccessRight(System.Security.AccessControl.FileSystemAccessRule rule)
{
if (System.Security.AccessControl.AccessControlType.Deny.Equals(rule.AccessControlType))
_accessCode &= (~((int)rule.FileSystemRights));
else if (System.Security.AccessControl.AccessControlType.Allow.Equals(rule.AccessControlType))
_accessCode |= (int)rule.FileSystemRights;
}
private void GetAccessRights(string path, System.Security.Principal.WindowsIdentity principal)
{
//Reset access code. No rights to anything.
_accessCode = 0;
try
{
AuthorizationRuleCollection authorizationRules = (new System.IO.FileInfo(path)).GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach (System.Security.AccessControl.FileSystemAccessRule rule in authorizationRules)
{
if (principal.User.Equals(rule.IdentityReference))
this.AssignAccessRight(rule);
}
//A user can belong to multiple groups.
IdentityReferenceCollection groups = _principal.Groups;
for (int i = 0; i < groups.Count; i++)
{
foreach (System.Security.AccessControl.FileSystemAccessRule rule in authorizationRules)
{
if (groups[i].Equals(rule.IdentityReference))
AssignAccessRight(rule);
}
}
}
catch
{
//Do nothing here...
}
}
public override String ToString()
{
System.Text.StringBuilder b = new System.Text.StringBuilder();
foreach(string s in System.Enum.GetNames(typeof(System.Security.AccessControl.FileSystemRights)))
{
if (HasRight((System.Security.AccessControl.FileSystemRights)System.Enum.Parse(typeof(System.Security.AccessControl.FileSystemRights), s)))
b.AppendFormat("{0}{1}", b.Length == 0 ? string.Empty : ", ", s);
}
if (b.Length == 0)
return "None";
return b.ToString();
}
}
|
|
|
|
|
Cleaner .. but doesn't enforce the "rule of least privilege"... if a right is denyed ANYWHERE is should be denied, however in yours, if it's denyed in an earlier group, then allowed in a later one, it's allowed ... whereas it shouldn't be.
|
|
|
|
|
Thank you very much, enormously useful!
If you have no objections I would like to use your class in my dual pane file manager to control drag and drop.
|
|
|
|
|
|
|
 General  News  Suggestion  Question  Bug  Answer  Joke  Rant  Admin
Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.
|
A simple way to test individual access rights for a given file and user
| Type | Article |
| Licence | CPOL |
| First Posted | 9 Jun 2006 |
| Views | 79,033 |
| Bookmarked | 79 times |
|
|
Submit an article or tip
Post your Blog
