0

Within a NUnit test I need to check whether an existing file can be deleted or not. The UnitUnderTest source looks like:

public static Boolean IsWritePermissionGranted(String absoluteFilePath)
{
    Boolean isGranted = true;
    try
    {
        FileIOPermission writePermission = new FileIOPermission(
            FileIOPermissionAccess.Write, absoluteFilePath);
        writePermission.Demand();
    }
    catch (SystemException)
    {
        isGranted = false;
    }
    return isGranted;
}

Within the test case I want to revoke the write permission from the TestFile. So far I tried:

  1. https://stackoverflow.com/a/7590491/1817029
  2. AddFileSecurity(TEST_FILE_PATH, @"MyDomain\MyUser", FileSystemRights.Write, AccessControlType.Deny);

  3. DirectoryInfo dInfo = new DirectoryInfo(TEST_FILE_PATH);
    DirectorySecurity dSecurity = dInfo.GetAccessControl(); dSecurity.AddAccessRule(new FileSystemAccessRule( TEST_FILE_PATH, "MyDomain\MyUser", FileSystemRights.Write, AccessControlType.Deny)); dInfo.SetAccessControl(dSecurity);

In all cases the file can still be deleted. What I'm doing wrong?

Community
  • 1
  • 1
My-Name-Is
  • 4,814
  • 10
  • 44
  • 84

1 Answers1

1

The simplest and quickest way of preventing accidental deletion is just to make it read-only:

File.SetAttributes(path, FileAttributes.ReadOnly);

Any code that wishes to modify or delete this file will have to explicitly remove the read-only attribute first (i.e. with another call to SetAttributes).

You should also never catch SystemException (or Exception for that matter), and anyway your example code is dealing with CAS which has nothing to do with file security.

Aaronaught
  • 120,909
  • 25
  • 266
  • 342
  • Thank you! *[... and anyway your example code is dealing with CAS which has nothing to do with file security.]* Do you refer to `writePermission.Demand();` Further, I can still delete the file with: `File.Delete(TEST_FILE_PATH);` – My-Name-Is Nov 09 '13 at 13:32
  • 1
    Yes. If you look up the [documentation for the Demand method](http://msdn.microsoft.com/en-us/library/system.security.codeaccesspermission.demand(v=vs.110).aspx), you should see that it clearly doesn't apply to your scenario in any way. There is in fact no reliable way to test whether or not a file can be deleted other than to actually attempt to delete it and catch the `IOException` or `SecurityException` if it fails. Your test is checking for a totally unrelated kind of permission, and will always return true when running under full trust. See [here](http://stackoverflow.com/q/1444153/38360) – Aaronaught Nov 09 '13 at 13:34
  • I got this as a solution (just as an comment) to the question: http://stackoverflow.com/q/19860927/1817029 I asked this question since the `SecurityManager.IsGranted` method is marked as obsolete. Can you please answer that question? http://stackoverflow.com/q/19860927/1817029 THX! – My-Name-Is Nov 09 '13 at 13:46
  • 1
    That question is closed. There are many duplicates, but the best one is probably the one I linked to in my last comment. – Aaronaught Nov 09 '13 at 13:57