omsec
asked on
Bit-Masks
Hi there,
I have defined DWord-Values for 32bit Flag-Options as followed:
GRP_GUESTS = $1
GRP_NORMAL_USERS = $2
GRP_POWER_USERS = $4
GRP_BACKUP_OPERATORS = $8
GRP_ADMINISTRATORS = $10
These constant symbols are used to store permission information on specific users.
Now, I want to write a method that checks these permissions and looks like this:
function hasPermission(NeedsGroups,
but I am not sure, how it's supposed to look like. I got this so far:
if NeedsGroup = hasGroups then
Result := True;
now, can I avoid using many, many IFs with something like this to check if the current rights are less than the ones needed ?
if NeedsGroups > hasGroups then
Result := False ??
The second question is:
Before I call this method, i need to specify the rights required to complete it. Instead of setting the bits "manually" like
DummyVar := (DummyVar or GRP_ADMINISTRATOR)
can i define it in a CONST-Symbol ? Something like
CONST
GROUPS = (GRP_ADMINISTRATOR SHL ????????????) ????
.. and then pass this Const to the method's NeedGroups-Parameter ?
Thanks, Roger
I have defined DWord-Values for 32bit Flag-Options as followed:
GRP_GUESTS = $1
GRP_NORMAL_USERS = $2
GRP_POWER_USERS = $4
GRP_BACKUP_OPERATORS = $8
GRP_ADMINISTRATORS = $10
These constant symbols are used to store permission information on specific users.
Now, I want to write a method that checks these permissions and looks like this:
function hasPermission(NeedsGroups,
but I am not sure, how it's supposed to look like. I got this so far:
if NeedsGroup = hasGroups then
Result := True;
now, can I avoid using many, many IFs with something like this to check if the current rights are less than the ones needed ?
if NeedsGroups > hasGroups then
Result := False ??
The second question is:
Before I call this method, i need to specify the rights required to complete it. Instead of setting the bits "manually" like
DummyVar := (DummyVar or GRP_ADMINISTRATOR)
can i define it in a CONST-Symbol ? Something like
CONST
GROUPS = (GRP_ADMINISTRATOR SHL ????????????) ????
.. and then pass this Const to the method's NeedGroups-Parameter ?
Thanks, Roger
Mike is right.
About the second question:
const CGroups = GRP_xxx or GRP_yyy or GRP_ZZZ;
Regards, Madshi.
About the second question:
const CGroups = GRP_xxx or GRP_yyy or GRP_ZZZ;
Regards, Madshi.
ASKER
OK, but what's the best way to check if the given Group Permissions are below the ones required ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
but wouldnt that return true, only if the exact groups (bits) are set in the DWord ?
i mean:
required: NORMAL_USER, BACK_UP
given: NORMAL_USER, ADMINISTRATOR, BACK_UP
would that still equal to true ?
i mean:
required: NORMAL_USER, BACK_UP
given: NORMAL_USER, ADMINISTRATOR, BACK_UP
would that still equal to true ?
>> would that still equal to true
Yep. You should learn how the logical bitwise "and" operator works... :-)
If you do "dword1 and dword2", then the result contains only those bits, that occur in BOTH dwords. So if you do "NeedsGroup and hasGroups", the result can maximal contain the "NeedsGroup" bits and it can also maximal contain the "hasGroups" bits. If the result of the "and" operation is exactly "NeedsGroup", then "hasGroups" must have at least the same bits that "NeedsGroup" has. "hasGroups" may have some more additional bits, which are killed by the "and" operator, because "NeedsGroup" doesn't have them...
In bits:
0 and 0 = 0
0 and 1 = 0
1 and 0 = 0
1 and 1 = 1
Yep. You should learn how the logical bitwise "and" operator works... :-)
If you do "dword1 and dword2", then the result contains only those bits, that occur in BOTH dwords. So if you do "NeedsGroup and hasGroups", the result can maximal contain the "NeedsGroup" bits and it can also maximal contain the "hasGroups" bits. If the result of the "and" operation is exactly "NeedsGroup", then "hasGroups" must have at least the same bits that "NeedsGroup" has. "hasGroups" may have some more additional bits, which are killed by the "and" operator, because "NeedsGroup" doesn't have them...
In bits:
0 and 0 = 0
0 and 1 = 0
1 and 0 = 0
1 and 1 = 1
ASKER
I don't know what to do now ;-)
edey had the right answer, but Madshi showed me the sence of it and confirmed it...who deserved the points ? :P
edey had the right answer, but Madshi showed me the sence of it and confirmed it...who deserved the points ? :P
You could ask the Customer Service to split the points. Or alternatively (also okay for me) give 'em to Mike...
if NeedsGroup and hasGroups = NeedsGroup then
Result := True;
GL
Mike