The function checks for different levels of file/folder access rights for the current user.
1 2 3 4 5 6 7 8 9 |
var path: string; level: cardinal; begin path:= 'C:\Program Files'; level:= FILE_GENERIC_READ; if getNTFSRules(path, level) = level then ShowMessage('Чтение разрешено') else ShowMessage('Чтение запрещено') ; end; |
Options
path - path to file or folder
level - checked level of access rights:
- FILE_GENERIC_READ - read
- FILE_GENERIC_WRITE - write
- FILE_GENERIC_EXECUTE - executing
- FILE_ALL_ACCESS - full rights
Result
If the result is equal to the constant corresponding to the query (FILE_GENERIC_READ, etc.), the rights are present.
0 - no rights or file/folder does not exist.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
const FILE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $1FF; FILE_GENERIC_READ = (STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE); FILE_GENERIC_WRITE = (STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE); FILE_GENERIC_EXECUTE = (STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE); function getNTFSRules(const FileName: string; const CheckedAccess: Cardinal): Cardinal; var Token: SIZE_T; Status: LongBool; Access: Cardinal; SecDescSize: Cardinal; PrivSetSize: Cardinal; PrivSet: PRIVILEGE_SET; Mapping: GENERIC_MAPPING; SecDesc: PSECURITY_DESCRIPTOR; begin Result := 0; GetFileSecurity(PChar(Filename), OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION, nil, 0, SecDescSize); SecDesc := GetMemory(SecDescSize); if GetFileSecurity(PChar(Filename), OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION, SecDesc, SecDescSize, SecDescSize) then begin ImpersonateSelf(SecurityImpersonation); OpenThreadToken(GetCurrentThread, TOKEN_QUERY, False, Token); if Token <> 0 then begin Mapping.GenericRead := FILE_GENERIC_READ; Mapping.GenericWrite := FILE_GENERIC_WRITE; Mapping.GenericExecute := FILE_GENERIC_EXECUTE; Mapping.GenericAll := FILE_ALL_ACCESS; MapGenericMask(Access, Mapping); PrivSetSize := SizeOf(PrivSet); AccessCheck(SecDesc, Token, CheckedAccess, Mapping, PrivSet, PrivSetSize, Access, Status); CloseHandle(Token); if Status then Result := Access; end; end; FreeMem(SecDesc, SecDescSize); end; |