We help IT Professionals succeed at work.

Bit-Masks

omsec
omsec asked
on
Hi there,

I have defined DWord-Values for 32bit Flag-Options as followed:

GRP_GUESTS           = $1
GRP_NORMAL_USERS     = $2
GRP_POWER_USERS      = $4
GRP_BACKUP_OPERATORS = $8
GRP_ADMINISTRATORS   = $10

These constant symbols are used to store permission information on specific users.

Now, I want to write a method that checks these permissions and looks like this:

function hasPermission(NeedsGroups, hasGroups: DWord): Boolean;

but I am not sure, how it's supposed to look like. I got this so far:

if NeedsGroup = hasGroups then
  Result := True;

now, can I avoid using many, many IFs with something like this to check if the current rights are less than the ones needed ?

if NeedsGroups > hasGroups then
  Result := False ??


The second question is:

Before I call this method, i need to specify the rights required to complete it. Instead of setting the bits "manually" like

DummyVar := (DummyVar or GRP_ADMINISTRATOR)

can i define it in a CONST-Symbol ? Something like

CONST
  GROUPS = (GRP_ADMINISTRATOR SHL ????????????) ????

.. and then pass this Const to the method's NeedGroups-Parameter ?

Thanks, Roger
Comment
Watch Question

Commented:
try:

if NeedsGroup and hasGroups = NeedsGroup then
 Result := True;


GL
Mike

Commented:
Mike is right.

About the second question:

const CGroups = GRP_xxx or GRP_yyy or GRP_ZZZ;

Regards, Madshi.

Author

Commented:
OK, but what's the best way to check if the given Group Permissions are below the ones required ?
Commented:
Hmmm? I think Mike has already answered that one:

function hasPermission(NeedsGroups, hasGroups: DWord): Boolean;
begin
  result := NeedsGroup and hasGroups = NeedsGroup;
end;

Or do you mean something else? Then please explain it a bit more detailed.

Author

Commented:
but wouldnt that return true, only if the exact groups (bits) are set in the DWord ?

i mean:

required: NORMAL_USER, BACK_UP

given: NORMAL_USER, ADMINISTRATOR, BACK_UP

would that still equal to true ?

Commented:
>> would that still equal to true

Yep. You should learn how the logical bitwise "and" operator works...   :-)

If you do "dword1 and dword2", then the result contains only those bits, that occur in BOTH dwords. So if you do "NeedsGroup and hasGroups", the result can maximal contain the "NeedsGroup" bits and it can also maximal contain the "hasGroups" bits. If the result of the "and" operation is exactly "NeedsGroup", then "hasGroups" must have at least the same bits that "NeedsGroup" has. "hasGroups" may have some more additional bits, which are killed by the "and" operator, because "NeedsGroup" doesn't have them...

In bits:

0 and 0 = 0
0 and 1 = 0
1 and 0 = 0
1 and 1 = 1

Author

Commented:
I don't know what to do now ;-)

edey had the right answer, but Madshi showed me the sence of it and confirmed it...who deserved the points ? :P

Commented:
You could ask the Customer Service to split the points. Or alternatively (also okay for me) give 'em to Mike...

Explore More ContentExplore courses, solutions, and other research materials related to this topic.