碼上快樂

相關內容    簡體    繁體

c# 給文件/文件夾 管理用戶權限

本文轉載自   查看原文   2019-07-17 08:58   711    Work

 

 public class PermissionManager
    {
        /// <summary>
        /// 為文件添加users,everyone用戶組的完全控制權限
        /// </summary>
        /// <param name="filePath"></param>
        public static void AddSecurityControll2File(string filePath)
        {

            //獲取文件信息
            FileInfo fileInfo = new FileInfo(filePath);
            //獲得該文件的訪問權限
            System.Security.AccessControl.FileSecurity fileSecurity = fileInfo.GetAccessControl();
            //添加ereryone用戶組的訪問權限規則 完全控制權限
            fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
            //添加Users用戶組的訪問權限規則 完全控制權限
            fileSecurity.AddAccessRule(new FileSystemAccessRule("Users", FileSystemRights.FullControl, AccessControlType.Allow));
            //設置訪問權限
            fileInfo.SetAccessControl(fileSecurity);
        }

        /// <summary>
        ///為文件夾添加users,everyone用戶組的完全控制權限
        /// </summary>
        /// <param name="dirPath"></param>
        public static void AddSecurityControll2Folder(string dirPath)
        {
            //獲取文件夾信息
            DirectoryInfo dir = new DirectoryInfo(dirPath);
            //獲得該文件夾的所有訪問權限
            System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
            //設定文件ACL繼承
            InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
            //添加ereryone用戶組的訪問權限規則 完全控制權限
            FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
            //添加Users用戶組的訪問權限規則 完全控制權限
            FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
            bool isModified = false;
            dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
            dirSecurity.ModifyAccessRule(AccessControlModification.Add, usersFileSystemAccessRule, out isModified);
            //設置訪問權限
            dir.SetAccessControl(dirSecurity);
        }


        /// <summary>
        /// 為文件夾移除某個用戶的權限
        /// </summary>
        /// <param name="dirName"></param>
        /// <param name="username"></param>
        static void removePermissions(string dirName, string username)
        {
            string user = System.Environment.UserDomainName + "\\" + username;
            DirectoryInfo dirinfo = new DirectoryInfo(dirName);
            DirectorySecurity dsec = dirinfo.GetAccessControl(AccessControlSections.All);

            AuthorizationRuleCollection rules = dsec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
            foreach (AccessRule rule in rules)
            {
                if (rule.IdentityReference.Value == user)
                {
                    bool value;
                    dsec.PurgeAccessRules(rule.IdentityReference);
                    dsec.ModifyAccessRule(AccessControlModification.RemoveAll, rule, out value);
                }
            }
        }

        /// <summary>
        /// 項目中用,文件夾只保留everyone權限,其中允許用戶讀,但不允許寫
        /// by the way,代碼結果是給文件夾一個特殊權限,點進去高級看,會發現這個特殊權限的子項和寫入權限的子項是一樣的
        /// </summary>
        /// <param name="dirName"></param>
        public static void OnlyKeepEveryonePermissionsWithWriteNotAllowed(string dirName)
        {
            DirectoryInfo dirinfo = new DirectoryInfo(dirName);
            DirectorySecurity objSecObj = dirinfo.GetAccessControl();
            AuthorizationRuleCollection acl = objSecObj.GetAccessRules(true, true,
                                                        typeof(System.Security.Principal.NTAccount));
            objSecObj.SetAccessRuleProtection(true, false); //to remove inherited permissions
            foreach (FileSystemAccessRule ace in acl) //to remove any other permission
            {
                objSecObj.PurgeAccessRules(ace.IdentityReference);  //same as use objSecObj.RemoveAccessRuleSpecific(ace);
            }
            InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
            FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.ReadAndExecute | FileSystemRights.ListDirectory | FileSystemRights.Read, inherits, PropagationFlags.None, AccessControlType.Allow);
            FileSystemAccessRule everyoneFileSystemAccessRule2 = new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Deny);
            bool isModified = false;
            objSecObj.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule2, out isModified);
            objSecObj.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
            dirinfo.SetAccessControl(objSecObj);
        }
    }

 寫入:

代碼生成的特殊權限

 

 其實權限是一樣的

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 C# Winform對文件夾的權限判斷及處理 C#文件夾權限操作整理 linux給用戶賦值某文件夾權限 windows c++ 修改用戶的文件夾操作權限 C# 刪除文件以及文件夾 C#刪除文件夾及文件 linux 給指定用戶分配文件夾權限 php apache用戶寫文件夾權限設置 Linux 修改文件夾的用戶組權限 C# 創建文件夾
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM