The interface "IAcl" implements everything you need when dealing with ACLs ("Access-Control Lists"). An ACL determines which users/groups may and which may not access a specific object. In win9x "madSecurity" simulates ACLs and internally maps their meaning to win9x' APIs. A list of methods and properties can be found in the IAcl Reference.

type IAcl = interface (ICustomBasicList) ['{28D27EC0-3A98-11D3-A52D-00005A180D69}'];

You can create an "IAcl" object by giving in a Windows standard ACL structure. You can also simply create a new (empty) "IAcl" object.

function    Acl (acl: PAcl) : IAcl;
function NewAcl             : IAcl;

The property "IsStillValid" tests whether the ACL is still valid. Win9x always returns true.

function IAcl.IsStillValid : boolean;

When a Windows standard ACL structure pointer is "nil", that ACL grants access for everyone. An allocated, but empty ACL grants access to no one. The method "IsAllocated" returns whether the ACL pointer, which is hold by the current "IAcl" object, is allocated. If it is not, then the ACL grants access for everyone. The method "Allocate" makes sure that the ACL is allocated (so that it does not grant access for everyone). The method "Deallocate" makes sure, that the ACL is freed, as a result everyone has access. The method "Clear" makes sure that the ACL is allocated, but empty, as a result the ACL grants access to no one.

function  IAcl.IsAllocated : boolean;

procedure IAcl.Allocate;     // access for the current ACE items (eventually no one)
procedure IAcl.Deallocate;   // access for everyone
procedure IAcl.Clear;        // access for no one

The items of an ACL are ACEs. You can add new ACEs to the current ACL (either at the end or at a specified index) or you can delete specified ACEs.

property IAcl.Items [index: integer] : IAce;

function IAcl.NewItem     (const account : IAccount;
                           access        : cardinal;
                           type_         : TAceType  = atAllowed;
                           flags         : TAceFlags = []       ) : integer;
function IAcl.AddItem     (const item    : IBasic               ) : integer;
function IAcl.InsertItem  (const item    : IBasic;
                           index         : integer   = 0        ) : integer;

function IAcl.DeleteItem  (index         : integer ) : boolean;
function IAcl.DeleteItems (const account : IAccount) : boolean;

// Examples:
with ExampleAcl do begin
  NewItem(CurrentUser, $B7);         // add access for the current user ($B7 = all access in win9x)
  DeleteItems(Account('SomeUser'));  // delete all ACEs of SomeUser from this ACL

The properties above like IAcl.NewItem and IAcl.DeleteItems make it possible to form an ACL exactly like you want it to be. However, it's a bit tedious work, because the access masks differ in win9x and winNT. If you want to have it easier, you can use the following simplified methods. They manipulate the ACL in a way, that the specified user has exactly read or write access. The standard access masks for win9x and winNT are used. If you want to have fancy access masks, please use the low level methods mentioned above.

procedure IAcl.SetFileAccess  (const account: IAccount; write: boolean);
procedure IAcl.SetPrintAccess (const account: IAccount; admin: boolean);

// Example:
ExampleAcl.SetFileAccess(CurrentUser, true);

The method "FindItem" returns the first found IAce that is installed for the specified IAccount. The search begins at specified index.

function IAcl.FindItem (const account    : IAccount;
                        firstSearchIndex : integer = 0) : IAce;

The method "IsDirty" tells you whether there were changes in the current ACL, that are not flushed yet. The method "Flush" realizes all changes.

function IAcl.IsDirty : boolean;
function IAcl.Flush   : boolean;

The following properties apply to the standard Windows ACL structure, which is hold by the current "IAcl" object. "PAcl" gives you the address of the structure, "Size" returns the allocated size, while "UsedSize" tells you how much of the allocated size is actually used in the moment. In win9x you will get nil/0/0.

property IAcl.PAcl     : PAcl;
property IAcl.Size     : integer;
property IAcl.UsedSize : integer;

The property "OwnerSecurityObject" tells you to which security object the current ACL belongs (if any).

property IAcl.OwnerSecurityObject : ISecurityObject;