zoukankan      html  css  js  c++  java
  • C# 判断用户是否对路径拥有访问权限

    如何获取当前系统用户对文件/文件夹的操作权限?

     1.获取安全信息DirectorySecurity

    DirectorySecurity fileAcl = Directory.GetAccessControl(folder);

    通过Directory.GetAccessControl获取文件夹的权限/安全信息

    详细介绍,可参考MSDN官方文档

    对文件/文件夹权限的详细操作,可参考一篇博客C#文件夹权限操作

    2. 获取文件夹访问权限列表FileSystemAccessRule

    var rules = fileAcl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).OfType<FileSystemAccessRule>().ToList();

    GetAccessRules()方法返回的是AuthorizationRule集合,此处只需要获取文件权限。

    FileSystemAccessRule继承自AuthorizationRule,并新增俩个属性

    • AccessControlType -- 枚举 Allow/Deny
    • FileSystemRights -- 对文件的访问权限详细信息(读/写等),可见下面列表: 
     1   /// <summary>定义要创建访问和审核规则时使用的访问权限。</summary>
     2   [Flags]
     3   public enum FileSystemRights
     4   {
     5     ReadData = 1,
     6     ListDirectory = ReadData, // 0x00000001
     7     WriteData = 2,
     8     CreateFiles = WriteData, // 0x00000002
     9     AppendData = 4,
    10     CreateDirectories = AppendData, // 0x00000004
    11     ReadExtendedAttributes = 8,
    12     WriteExtendedAttributes = 16, // 0x00000010
    13     ExecuteFile = 32, // 0x00000020
    14     Traverse = ExecuteFile, // 0x00000020
    15     DeleteSubdirectoriesAndFiles = 64, // 0x00000040
    16     ReadAttributes = 128, // 0x00000080
    17     WriteAttributes = 256, // 0x00000100
    18     Delete = 65536, // 0x00010000
    19     ReadPermissions = 131072, // 0x00020000
    20     ChangePermissions = 262144, // 0x00040000
    21     TakeOwnership = 524288, // 0x00080000
    22     Synchronize = 1048576, // 0x00100000
    23     FullControl = Synchronize | TakeOwnership | ChangePermissions | ReadPermissions | Delete | WriteAttributes | ReadAttributes | DeleteSubdirectoriesAndFiles | Traverse | WriteExtendedAttributes | ReadExtendedAttributes | CreateDirectories | CreateFiles | ListDirectory, // 0x001F01FF
    24     Read = ReadPermissions | ReadAttributes | ReadExtendedAttributes | ListDirectory, // 0x00020089
    25     ReadAndExecute = Read | Traverse, // 0x000200A9
    26     Write = WriteAttributes | WriteExtendedAttributes | CreateDirectories | CreateFiles, // 0x00000116
    27     Modify = Write | ReadAndExecute | Delete, // 0x000301BF
    28   }
    View Code

     因为AuthorizationRule中,IdentityReference对应权限的用户/用户组标识,格式为:"MYDOMAINMyAccount"

    所以,如通过当前系统用户名与IdentityReference匹配,即可获取FileSystemAccessRule权限。如何获取用户名,见下一段落

    3. 获取当前系统用户名/用户组

    通过 System.Environment.UserDomainName 和 System.Environment.UserName 取得当前用户名

    对当前系统用户名/用户组的其它操作,可参考

    因此,将Path.Combine(Environment.UserDomainName, Environment.UserName)与IdentityReference.Value比较,获取当前用户对文件夹的权限信息

    详细实现如下:

     1     /// <summary>
     2     /// 检查当前用户是否拥有此文件夹的操作权限
     3     /// </summary>
     4     /// <param name="folder"></param>
     5     /// <returns></returns>
     6     public static bool HasOperationPermission(string folder)
     7     {
     8         var currentUserIdentity = Path.Combine(Environment.UserDomainName, Environment.UserName);
     9 
    10         DirectorySecurity fileAcl = Directory.GetAccessControl(folder);
    11         var userAccessRules = fileAcl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).OfType<FileSystemAccessRule>().Where(i=>i.IdentityReference.Value==currentUserIdentity).ToList();
    12 
    13         return userAccessRules.Any(i => i.AccessControlType == AccessControlType.Deny);
    14     }

     获取文件夹是否有删除权限(仅删除空文件夹):

     1     /// <summary>
     2     /// 检查当前用户是否拥有此文件夹的删除操作权限
     3     /// </summary>
     4     /// <param name="folder"></param>
     5     /// <returns></returns>
     6     public static bool HasDeleteOperationPermission(string folder)
     7     {
     8         var currentUserIdentity = Path.Combine(Environment.UserDomainName, Environment.UserName);
     9 
    10         DirectorySecurity fileAcl = Directory.GetAccessControl(folder);
    11         var userAccessRules = fileAcl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).OfType<FileSystemAccessRule>().Where(i => i.IdentityReference.Value == currentUserIdentity).ToList();
    12 
    13         if (userAccessRules.Count > 0 &&
    14             userAccessRules.Any(i => (i.FileSystemRights & FileSystemRights.Delete) != 0 && i.AccessControlType == AccessControlType.Allow))
    15         {
    16 
    17             return true;
    18         }
    19         return false;
    20     }
  • 相关阅读:
    collections模块整理
    jQuery 事件
    前端开发问题点
    无线wifi
    MySQL 数据库--SQL语句优化
    MySQL 数据库--索引原理与慢查询优化
    MySQL 数据库--内置功能
    MySQL 数据库--权限管理
    MySQL -Naivacat工具与pymysql模块
    MySQL 数据库 -- 数据操作
  • 原文地址:https://www.cnblogs.com/kybs0/p/9338685.html
Copyright © 2011-2022 走看看