|Step 4. The ACL editor form|
This step has a key role in this example. It will illustrate the usage of TsvACLCenter component.
Well, create a new form and place the following components and controls on it:
The resulting form will look like shown below:
This form will be main form of our application so you will need to make changes in the project options. Go to the Project|Options dialog, select the Forms tab and change the main form of application to the newly created form.
Well, now is a time to implement code of our form. Let's add the code to the 'Add' button:
I think that this code needs some comments. As you can see this handle creates an instance of TUsersListForm and shows it in the modal mode. As you remember TUsersListForm contains three important things: list of users (SIDs), access mask value and access mode value. If the form returns with ModalResult = mrOK then we iterate through all selected users and add the ExplicitAccessEntry for each user. To do it we use AddEntry of the ACLC component. This method adds new entry to the list of entries and returns a pointer to it. We use this pointer to initialize ExplicitAccessEntry fields. As you can see the following fields are necessary:
After initializing the ExplicitAccessEntry structure we need to add new item to the ListView. I've placed this code into separate function:
This function looks large enough but it it`s work is simple :-). At first it adds new item to the ListView. Then it gets the readable name from the ptstrName field (do not forget that it can contain SID or name as a string) and assigns the ListItem caption. The next part of this function simply adds the subitem to the ListItem. This subitem shows the access mode. And finally this function generates one more ListItem subitem that consists of 32 symbols ('0' or '1') to illustrate bits of the access mask.
Well, now we can add items to the ListView and you can test our example now. Let's continue with adding 'Delete' button OnClick handler:
There is nothing specific in this handler simply note how we use the DeleteEntry method of ACLC component. Finally let's add the OnClick handler for the 'Merge' button.
This small piece of code is of great importance for understanding of ACLC component work. This component manipulates two forms of Access Control List. The first form is ACL pointer itself and the other form is the set of ExplicitAccessEntries. We can read both ACL property and the Entries property and the only question is: what property is the primary source and what property is slave. The answer is simple: the last changed property is used as primary source of ACL. So the simple lines of code
do a lot of work in background:
The only thing we should do after this conversion is to clear ListView and fill it with items again. Only one additional action is necessary. The thing is that the AccessMode field equals to SET_ACCESS or REVOKE_ACCESS after our conversion. The role of access modes is described in MS documentation. In brief it could be described as follows: When the set of ExplicitAccessEntries is converted into ACL each new entry to be added can affect entries added before. If access mode of newly added entry is SET_ACCESS then all existing entries with the same SID/user should be deleted. In other words SET_ACCESS access mode works like assignment operator that is previous variable value disappears and new sets. The GRANT_ACCESS access mode changes the previously added entries too. Of course only entries with the same user/SID are changed. In contrast to SET_ACCESS this mode does not discards previously added entries, it simply merges with them. It means that access mask of denying entries will loose bits that are set in the newly added entry while access allowing entries will get these bits. The DENY_ACCESS and REVOKE_ACCESS are the same as GRANT_ACCESS and SET_ACCESS modes except they are used to deny access. Returning to our code we see that changing of access mode in it is necessary. Let's imagine that after merge we have two entries in ACL for the same SID, one entry allows some access and the other denies some other access. What occurs at the second merge? If we retain SET_ACCESS and REVOKE_ACCESS modes in the code above then only one access control entry will be left after the second merge! The second entry will be discarded and the resulting ACL will be corrupted. The only way to protect both entries from deletion is to change the access modes :-).
Well, after these changes and explanations we are ready to test our example. We shall do it on the next step. Let's continue.
|<< | Index | Step 1 | Step 2 | Step 3 | Step 4 | Step 5 | >>|
|Add your comment | Read comments|