Talk:AccessControl plug-in: Difference between revisions
No edit summary |
|||
| Line 46: | Line 46: | ||
== IsUserTheAdministrator problem? == | == IsUserTheAdministrator problem? == | ||
I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine | I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine | ||
== IsThisPossible? == | |||
How can I delete existing ACL and replace with specified (SET ) ? | How can I delete existing ACL and replace with specified (SET ) ? | ||
| Line 52: | Line 54: | ||
Best regards | Best regards | ||
Swapnil Mahadik | Swapnil Mahadik | ||
swapnil.p.mahadik@gmail.com | |||
Revision as of 07:53, 8 May 2009
What about Vista support? Is it working on Vista?
--141.7.15.121 05:21, 26 June 2007 (PDT)
What about recursive rights?
--141.7.15.121 00:25, 30 July 2007 (PDT)
Vista support
I've tested AccessControl under Vista and it works great. Thx
Set the append/modify flag for ACLs
If you want to set the append/modify flag (in German: ändern) for files/directories, set the accesscontrol flag to:
"GenericRead + GenericExecute + GenericWrite + Delete"
Usage Example
AccessControl::GrantOnFile \ "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"
- You can't use it that way because your stack may be modified after that call. Because you don't know about causing an error (the error flag isn't set although an error occured) you have to check the stack:
Push $0 ; save Push "Marker" AccessControl::GrantOnFile \ "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete" Pop $0 ; get "Marker" or error msg StrCmp $0 "Marker" Continue MessageBox MB_OK|MB_ICONSTOP "Error setting access control for $INSTDIR\database: $0" Pop $0 ; pop "Marker" Continue: Pop $0 ; restore
- It would be much easier if the AccessControl-functions always push something on the stack, e.g. "success" if there wasn't an error. Otherwise the functions may set or clear the error flag. Thus you simply know if something should be on the stack or not. --212.51.7.22 22:52, 1 October 2007 (PDT)
IsUserTheAdministrator problem?
I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine
IsThisPossible?
How can I delete existing ACL and replace with specified (SET ) ? I want to do someting like : </INHERIT> </REPLACE> which will delete existing ACL and force propagation from upper level
Best regards Swapnil Mahadik swapnil.p.mahadik@gmail.com
