I've attempted to do this using GetEffectiveRightsFromAcl, but it's not returning the correct access mask for files that are denied to me due to a group I'm part of.

我试图使用GetEffectiveRightsFromAcl来做到这一点，但是由于我所属的组，它没有为我拒绝的文件返回正确的访问掩码。

For example, I have a file, unreadable.txt. If I deny write access to unreadable.txt for my current user, the access mask correctly shows that I don't have write access. However, if I instead deny write access for the 'Authenticated Users' group, the access mask implies that I have full access (which I don't).

例如，我有一个文件unreadable.txt。如果我拒绝对当前用户的unreadable.txt进行写访问，则访问掩码正确显示我没有写访问权限。但是，如果我拒绝拒绝“Authenticated Users”组的写访问权限，则访问掩码意味着我具有完全访问权限（我没有）。

My alternative was to manually iterate the Ace list and compare my SID with each entry, but I'm unable to find a clean or easy way to check if the Ace is for a group, and if the current user is part of that group.

我的另一种方法是手动迭代Ace列表并将我的SID与每个条目进行比较，但我无法找到一种干净或简单的方法来检查Ace是否适用于某个组，以及当前用户是否属于该组。

As an extension, the file may not exist (i.e. it's a new file, about to be written), in which case the access to the directory needs to be checked.

作为扩展，文件可能不存在（即，它是一个即将被写入的新文件），在这种情况下，需要检查对目录的访问。

Is there any good solution to this? It seems like there should exist an easier way to do this, without actually trying to read/write to the file in question.

这有什么好的解决方案吗？似乎应该存在一种更简单的方法来实现这一点，而不是实际尝试读取/写入有问题的文件。

2 个解决方案

#1

---

#2

---