The interface "IAcl" implements everything you need when dealing with ACLs
("Access-Control Lists"). An ACL determines which users/groups may and which
may not access a specific object. In win9x "madSecurity" simulates ACLs and
internally maps their meaning to win9x' APIs. A list of methods and
properties can be found in the IAcl Reference.
|
type IAcl = interface (ICustomBasicList) ['{28D27EC0-3A98-11D3-A52D-00005A180D69}'];
|
|
You can create an "IAcl" object by giving in a Windows standard ACL
structure. You can also simply create a new (empty) "IAcl" object.
|
function Acl (acl: PAcl) : IAcl;
function NewAcl : IAcl;
|
|
The property "IsStillValid" tests whether the ACL is still valid. Win9x
always returns true.
|
function IAcl.IsStillValid : boolean;
|
|
When a Windows standard ACL structure pointer is "nil", that ACL grants
access for everyone. An allocated, but empty ACL grants access to no one.
The method "IsAllocated" returns whether the ACL pointer, which is hold by
the current "IAcl" object, is allocated. If it is not, then the ACL grants
access for everyone. The method "Allocate" makes sure that the ACL is
allocated (so that it does not grant access for everyone). The method
"Deallocate" makes sure, that the ACL is freed, as a result everyone has
access. The method "Clear" makes sure that the ACL is allocated, but empty,
as a result the ACL grants access to no one.
|
function IAcl.IsAllocated : boolean;
procedure IAcl.Allocate;
procedure IAcl.Deallocate;
procedure IAcl.Clear;
|
|
The items of an ACL are ACEs. You can add new ACEs to the
current ACL (either at the end or at a specified index) or you can delete
specified ACEs.
|
property IAcl.Items [index: integer] : IAce;
function IAcl.NewItem (const account : IAccount;
access : cardinal;
type_ : TAceType = atAllowed;
flags : TAceFlags = [] ) : integer;
function IAcl.AddItem (const item : IBasic ) : integer;
function IAcl.InsertItem (const item : IBasic;
index : integer = 0 ) : integer;
function IAcl.DeleteItem (index : integer ) : boolean;
function IAcl.DeleteItems (const account : IAccount) : boolean;
with ExampleAcl do begin
NewItem(CurrentUser, $B7);
DeleteItems(Account('SomeUser'));
end;
|
|
The properties above like IAcl.NewItem and IAcl.DeleteItems
make it possible to form an ACL exactly like you want it to be. However,
it's a bit tedious work, because the access masks differ in win9x and winNT.
If you want to have it easier, you can use the following simplified methods.
They manipulate the ACL in a way, that the specified user has exactly read
or write access. The standard access masks for win9x and winNT are used. If
you want to have fancy access masks, please use the low level methods
mentioned above.
|
procedure IAcl.SetFileAccess (const account: IAccount; write: boolean);
procedure IAcl.SetPrintAccess (const account: IAccount; admin: boolean);
ExampleAcl.SetFileAccess(CurrentUser, true);
|
|
The method "FindItem" returns the first found IAce that is installed
for the specified IAccount. The search begins at specified index.
|
function IAcl.FindItem (const account : IAccount;
firstSearchIndex : integer = 0) : IAce;
|
|
The method "IsDirty" tells you whether there were changes in the current
ACL, that are not flushed yet. The method "Flush" realizes all changes.
|
function IAcl.IsDirty : boolean;
function IAcl.Flush : boolean;
|
|
The following properties apply to the standard Windows ACL structure, which
is hold by the current "IAcl" object. "PAcl" gives you the address of the
structure, "Size" returns the allocated size, while "UsedSize" tells you how
much of the allocated size is actually used in the moment. In win9x you will
get nil/0/0.
|
property IAcl.PAcl : PAcl;
property IAcl.Size : integer;
property IAcl.UsedSize : integer;
|
|
The property "OwnerSecurityObject" tells you to which security object the
current ACL belongs (if any).