/// <summary>
/// Get registry rights for specific user.
/// </summary>
/// <param name="key">Registry key.</param>
/// <param name="sid">User Identifier.</param>
/// <returns>Registry rights.</returns>
public static RegistryRights GetRights(RegistryKey key, SecurityIdentifier sid, bool includeInherited = false, AccessControlType accessType = AccessControlType.Allow)
{
var rights = default(RegistryRights);
if (key == null)
{
return(rights);
}
if (sid == null)
{
return(rights);
}
var security = key.GetAccessControl();
var rules = security.GetAccessRules(true, true, sid.GetType());
foreach (RegistryAccessRule rule in rules)
{
if (rule.IdentityReference != sid)
{
continue;
}
if (rule.AccessControlType != accessType)
{
continue;
}
// Merge permissions.
rights |= rule.RegistryRights;
}
return(rights);
}
/// <summary>
/// Get file or directory rights for specific user.
/// </summary>
/// <param name="path">The path to a file or directory.</param>
/// <param name="sid">User Identifier.</param>
/// <returns>File or directory rights.</returns>
public static FileSystemRights GetRights(string path, SecurityIdentifier sid, bool includeInherited = false, AccessControlType accessType = AccessControlType.Allow)
{
var rights = default(FileSystemRights);
if (string.IsNullOrEmpty(path))
{
return(rights);
}
if (sid == null)
{
return(rights);
}
if (!File.Exists(path))
{
return(rights);
}
var security = File.GetAccessControl(path);
var rules = security.GetAccessRules(true, true, sid.GetType());
foreach (FileSystemAccessRule rule in rules)
{
if (rule.IdentityReference != sid)
{
continue;
}
if (rule.AccessControlType != accessType)
{
continue;
}
// Merge permissions.
rights |= rule.FileSystemRights;
}
return(rights);
}
public static bool HasAccessRule(EnumKnownDirectories enumKnownDirectories)
{
return(GetDirectoryInfo(enumKnownDirectories)
.GetAccessControl()
.GetAccessRules(true, false, User.GetType())
.Cast <FileSystemAccessRule>()
.Any(
item => item.FileSystemRights == AccessRule.FileSystemRights &&
item.AccessControlType == AccessRule.AccessControlType &&
item.IdentityReference == AccessRule.IdentityReference
));
}
public bool HasPermission(FileSystemRights permissionFlag)
{
//
// Windows
if (Environment.OSVersion.Platform == PlatformID.Win32NT)
{
var fileInfo = new FileInfo(FullPath);
var fileSecurity = fileInfo.GetAccessControl();
var usersSid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
var rules = fileSecurity.GetAccessRules(true, true, usersSid.GetType()).OfType <FileSystemAccessRule>();
return(rules.Where(r => r.FileSystemRights.HasFlag(permissionFlag)).Any());
}
//
// Linux
AccessModes accessMode = 0;
if (permissionFlag.HasFlag(FileSystemRights.Read))
{
accessMode |= AccessModes.R_OK;
}
if (permissionFlag.HasFlag(FileSystemRights.Write))
{
accessMode |= AccessModes.W_OK;
}
if (permissionFlag.HasFlag(FileSystemRights.ExecuteFile))
{
accessMode |= AccessModes.X_OK;
}
var unixFileInfo = new Mono.Unix.UnixFileInfo(FullPath);
return(unixFileInfo.CanAccess(accessMode));
}
/// <summary>
/// Set specified rights to the file or directory.
/// </summary>
/// <param name="path">The path to a file or directory.</param>
/// <param name="rights">Rights to check.</param>
/// <param name="sid">User to check.</param>
/// <param name="inheritance">Inheritance options.</param>
/// <param name="propagation">Propagation options.</param>
/// <returns>True if success, False if failed to set the rights.</returns>
public static bool SetRights(
string path,
FileSystemRights rights,
SecurityIdentifier sid,
// Applies to directories and sub directories by default.
InheritanceFlags?inheritance = null,
PropagationFlags?propagation = null)
{
if (string.IsNullOrEmpty(path))
{
return(false);
}
if (sid == null)
{
return(false);
}
if (!File.Exists(path) && !Directory.Exists(path))
{
return(false);
}
var attributes = File.GetAttributes(path);
var isDirectory = attributes.HasFlag(FileAttributes.Directory);
var security = isDirectory
? (FileSystemSecurity)Directory.GetAccessControl(path)
: (FileSystemSecurity)File.GetAccessControl(path);
FileSystemAccessRule sidRule = null;
// Do not include inherited permissions, because.
var rules = security.GetAccessRules(true, false, sid.GetType());
foreach (FileSystemAccessRule rule in rules)
{
if (rule.IdentityReference != sid)
{
continue;
}
if (rule.AccessControlType == AccessControlType.Allow)
{
sidRule = rule;
break;
}
}
if (sidRule == null)
{
sidRule = new FileSystemAccessRule(
sid,
// Set new permissions.
rights,
inheritance ?? (
isDirectory
? InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
: InheritanceFlags.None
),
propagation ?? PropagationFlags.None,
AccessControlType.Allow
);
security.AddAccessRule(sidRule);
}
else
{
var newRule = new FileSystemAccessRule(
sid,
// Append missing permissions.
sidRule.FileSystemRights | rights,
inheritance ?? sidRule.InheritanceFlags,
propagation ?? sidRule.PropagationFlags,
AccessControlType.Allow
);
security.SetAccessRule(newRule);
}
if (isDirectory)
{
Directory.SetAccessControl(path, (DirectorySecurity)security);
}
else
{
File.SetAccessControl(path, (FileSecurity)security);
}
return(true);
}
/// <summary>
/// Set specified rights to the file or directory.
/// </summary>
/// <param name="path">The path to a file or directory.</param>
/// <param name="rights">Rights to check.</param>
/// <param name="sid">User to check.</param>
/// <param name="inheritance">Inheritance options.</param>
/// <param name="propagation">Propagation options.</param>
/// <returns>True if success, False if failed to set the rights.</returns>
public static bool SetRights(
RegistryKey baseKey,
string registryName,
RegistryRights rights,
SecurityIdentifier sid,
// Applies to keys and sub keys by default.
InheritanceFlags?inheritance = null,
PropagationFlags?propagation = null
)
{
var key = baseKey.OpenSubKey(registryName, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions | RegistryRights.ReadKey);
if (key == null)
{
return(false);
}
if (sid == null)
{
return(false);
}
var security = key.GetAccessControl();
RegistryAccessRule sidRule = null;
// Do not include inherited permissions, because.
var rules = security.GetAccessRules(true, false, sid.GetType());
foreach (RegistryAccessRule rule in rules)
{
if (rule.IdentityReference != sid)
{
continue;
}
if (rule.AccessControlType == AccessControlType.Allow)
{
sidRule = rule;
break;
}
}
if (sidRule == null)
{
sidRule = new RegistryAccessRule(
sid,
// Set new permissions.
rights,
inheritance ?? InheritanceFlags.ContainerInherit,
propagation ?? PropagationFlags.None,
AccessControlType.Allow
);
security.AddAccessRule(sidRule);
}
else
{
var newRule = new RegistryAccessRule(
sid,
// Append missing permissions.
sidRule.RegistryRights | rights,
inheritance ?? sidRule.InheritanceFlags,
propagation ?? sidRule.PropagationFlags,
AccessControlType.Allow
);
security.SetAccessRule(newRule);
}
key.SetAccessControl(security);
key.Close();
return(true);
}
/// <summary>
/// Set specified rights to the file or directory.
/// </summary>
/// <param name="path">The path to a file or directory.</param>
/// <param name="rights">Rights to check.</param>
/// <param name="sid">User to check.</param>
/// <param name="inheritance">Inheritance options.</param>
/// <param name="propagation">Propagation options.</param>
/// <returns>True if success, False if failed to set the rights.</returns>
public static bool SetRights(
string path,
FileSystemRights rights,
SecurityIdentifier sid,
// Applies to directories and sub directories by default.
InheritanceFlags?inheritance = null,
PropagationFlags?propagation = null)
{
if (string.IsNullOrEmpty(path))
{
return(false);
}
if (sid == null)
{
return(false);
}
var fi = new FileInfo(path);
if (!fi.Exists)
{
return(false);
}
var security = fi.GetAccessControl();
FileSystemAccessRule sidRule = null;
// Do not include inherited permissions, because.
var rules = security.GetAccessRules(true, false, sid.GetType());
foreach (FileSystemAccessRule rule in rules)
{
if (rule.IdentityReference != sid)
{
continue;
}
if (rule.AccessControlType == AccessControlType.Allow)
{
sidRule = rule;
break;
}
}
if (sidRule == null)
{
sidRule = new FileSystemAccessRule(
sid,
// Set new permissions.
rights,
inheritance.HasValue
? inheritance.Value
// For directory default option is inherit permissions.
: fi.Attributes == FileAttributes.Directory
? InheritanceFlags.ContainerInherit
: InheritanceFlags.None,
propagation ?? PropagationFlags.None,
AccessControlType.Allow
);
security.AddAccessRule(sidRule);
}
else
{
var newRule = new FileSystemAccessRule(
sid,
// Append missing permissions.
sidRule.FileSystemRights | rights,
inheritance ?? sidRule.InheritanceFlags,
propagation ?? sidRule.PropagationFlags,
AccessControlType.Allow
);
security.SetAccessRule(newRule);
}
File.SetAccessControl(path, security);
return(true);
}