Talk:AccessControl plug-in: Difference between revisions

From NSIS Wiki
Jump to navigationJump to search
(→‎Usage Example: error codes on stack regarded)
No edit summary
Line 43: Line 43:


:It would be much easier if the AccessControl-functions always push something on the stack, e.g. "success" if there wasn't an error. Otherwise the functions may set or clear the error flag. Thus you simply know if something should be on the stack or not. --[[User:212.51.7.22|212.51.7.22]] 22:52, 1 October 2007 (PDT)
:It would be much easier if the AccessControl-functions always push something on the stack, e.g. "success" if there wasn't an error. Otherwise the functions may set or clear the error flag. Thus you simply know if something should be on the stack or not. --[[User:212.51.7.22|212.51.7.22]] 22:52, 1 October 2007 (PDT)
== IsUserTheAdministrator problem? ==
I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine

Revision as of 07:57, 29 February 2008

What about Vista support? Is it working on Vista?

--141.7.15.121 05:21, 26 June 2007 (PDT)

What about recursive rights?

--141.7.15.121 00:25, 30 July 2007 (PDT)

Vista support

I've tested AccessControl under Vista and it works great. Thx

Set the append/modify flag for ACLs

If you want to set the append/modify flag (in German: ändern) for files/directories, set the accesscontrol flag to:

 "GenericRead + GenericExecute + GenericWrite + Delete"

Usage Example

  AccessControl::GrantOnFile \
    "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"
You can't use it that way because your stack may be modified after that call. Because you don't know about causing an error (the error flag isn't set although an error occured) you have to check the stack:
  Push $0 ; save 
 
  Push "Marker" 
  AccessControl::GrantOnFile \
    "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"
  Pop $0 ; get "Marker" or error msg
  StrCmp $0 "Marker" Continue
  MessageBox MB_OK|MB_ICONSTOP "Error setting access control for $INSTDIR\database: $0"
  Pop $0 ; pop "Marker"
 
Continue:
  Pop $0 ; restore
It would be much easier if the AccessControl-functions always push something on the stack, e.g. "success" if there wasn't an error. Otherwise the functions may set or clear the error flag. Thus you simply know if something should be on the stack or not. --212.51.7.22 22:52, 1 October 2007 (PDT)

IsUserTheAdministrator problem?

I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine