Address suggestions.

dotnet · Feb 2, 2021 · df559c0 · df559c0
1 parent cb4bec4
commit df559c0
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 11 deletions.
diff --git a/src/libraries/System.IO.FileSystem.AccessControl/tests/FileSystemAclExtensionsTests.cs b/src/libraries/System.IO.FileSystem.AccessControl/tests/FileSystemAclExtensionsTests.cs
@@ -218,7 +218,6 @@ private void DirectoryInfo_Create_Framework(DirectoryInfo info, DirectorySecurit
         [InlineData(FileSystemRights.Read | FileSystemRights.Write)]
         [InlineData(FileSystemRights.Read | FileSystemRights.Write | FileSystemRights.ExecuteFile)]
         [InlineData(FileSystemRights.ReadAndExecute)]
-        [InlineData(FileSystemRights.ReadAttributes | FileSystemRights.ReadData | FileSystemRights.ReadPermissions)]
         public void DirectoryInfo_Create_DirectorySecurityWithSpecificAccessRule(FileSystemRights rights)
         {
             using var directory = new TempAclDirectory();
@@ -238,6 +237,36 @@ public void DirectoryInfo_Create_DirectorySecurityWithSpecificAccessRule(FileSys
             VerifyAccessSecurity(expectedSecurity, actualSecurity);
         }
 
+        [Theory]
+        [InlineData(FileSystemRights.TakeOwnership)]
+        [InlineData(FileSystemRights.Write)]
+        public void DirectoryInfo_Create_MultipleAddAccessRules(FileSystemRights rightsToDeny)
+        {
+            var expectedSecurity = new DirectorySecurity();
+
+            var identity = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
+
+            var allowAccessRule = new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Allow);
+            expectedSecurity.AddAccessRule(allowAccessRule);
+
+            var denyAccessRule = new FileSystemAccessRule(identity, rightsToDeny, AccessControlType.Deny);
+            expectedSecurity.AddAccessRule(denyAccessRule);
+
+            using var directory = new TempAclDirectory();
+            string path = Path.Combine(directory.Path, "directory");
+            DirectoryInfo info = new DirectoryInfo(path);
+
+            info.Create(expectedSecurity);
+
+            Assert.True(Directory.Exists(path));
+
+            DirectoryInfo actualInfo = new DirectoryInfo(info.FullName);
+
+            DirectorySecurity actualSecurity = actualInfo.GetAccessControl(AccessControlSections.Access);
+
+            VerifyAccessSecurity(expectedSecurity, actualSecurity);
+        }
+
         #endregion
 
         #region FileInfo Create
@@ -350,7 +379,7 @@ public void FileInfo_Create_FileSecurity_SpecificAccessRule()
 
             FileSecurity expectedSecurity = GetFileSecurity(FileSystemRights.FullControl);
 
-            info.Create(
+            using FileStream stream = info.Create(
                 FileMode.Create,
                 FileSystemRights.FullControl,
                 FileShare.ReadWrite | FileShare.Delete,
@@ -360,7 +389,45 @@ public void FileInfo_Create_FileSecurity_SpecificAccessRule()
 
             Assert.True(File.Exists(path));
 
-            FileInfo actualInfo = new FileInfo(info.FullName);
+            var actualInfo = new FileInfo(info.FullName);
+
+            FileSecurity actualSecurity = actualInfo.GetAccessControl(AccessControlSections.Access);
+
+            VerifyAccessSecurity(expectedSecurity, actualSecurity);
+        }
+
+
+        [Theory]
+        [InlineData(FileSystemRights.TakeOwnership)]
+        [InlineData(FileSystemRights.Write)]
+        public void FileInfo_Create_MultipleAddAccessRules(FileSystemRights rightsToDeny)
+        {
+            var expectedSecurity = new FileSecurity();
+
+            var identity = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
+
+            var allowAccessRule = new FileSystemAccessRule(identity, FileSystemRights.Read, AccessControlType.Allow);
+            expectedSecurity.AddAccessRule(allowAccessRule);
+
+            var denyAccessRule = new FileSystemAccessRule(identity, rightsToDeny, AccessControlType.Deny);
+            expectedSecurity.AddAccessRule(denyAccessRule);
+
+            using var directory = new TempAclDirectory();
+
+            string path = Path.Combine(directory.Path, "file.txt");
+            var info = new FileInfo(path);
+
+            using FileStream stream = info.Create(
+                FileMode.Create,
+                FileSystemRights.FullControl,
+                FileShare.ReadWrite | FileShare.Delete,
+                DefaultBufferSize,
+                FileOptions.None,
+                expectedSecurity);
+
+            Assert.True(File.Exists(path));
+
+            var actualInfo = new FileInfo(info.FullName);
 
             FileSecurity actualSecurity = actualInfo.GetAccessControl(AccessControlSections.Access);
 
@@ -392,7 +459,7 @@ public void DirectorySecurity_CreateDirectory_InvalidPath()
         }
 
         [Fact]
-        public void DirectorySecurity_CreateDirectory_DirectorySecurityWithSpecificAccessRule()
+        public void DirectorySecurity_CreateDirectory_DirectoryAlreadyExists()
         {
             using var directory = new TempAclDirectory();
             string path = Path.Combine(directory.Path, "createMe");
@@ -423,13 +490,9 @@ public void DirectorySecurity_CreateDirectory_DirectorySecurityWithSpecificAcces
         private DirectorySecurity GetDirectorySecurity(FileSystemRights rights)
         {
             DirectorySecurity security = new DirectorySecurity();
-
             SecurityIdentifier identity = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
-
             FileSystemAccessRule accessRule = new FileSystemAccessRule(identity, rights, AccessControlType.Allow);
-
             security.AddAccessRule(accessRule);
-
             return security;
         }
 

diff --git a/src/libraries/System.IO.FileSystem.AccessControl/tests/TempAclDirectory.cs b/src/libraries/System.IO.FileSystem.AccessControl/tests/TempAclDirectory.cs
@@ -24,17 +24,23 @@ protected override void DeleteDirectory()
                 foreach (string dirPath in Directory.EnumerateDirectories(Path, "*", SearchOption.AllDirectories))
                 {
                     var dirInfo = new DirectoryInfo(dirPath);
-                    dirInfo.SetAccessControl(new DirectorySecurity(dirPath, AccessControlSections.Access));
+                    var dirSecurity = new DirectorySecurity(dirPath, AccessControlSections.Access);
+                    dirSecurity.AddAccessRule(accessRule);
+                    dirInfo.SetAccessControl(dirSecurity);
                 }
 
                 foreach (string filePath in Directory.EnumerateFiles(Path, "*", SearchOption.AllDirectories))
                 {
                     var fileInfo = new FileInfo(filePath);
-                    fileInfo.SetAccessControl(new FileSecurity(filePath, AccessControlSections.Access));
+                    var fileSecurity = new FileSecurity(filePath, AccessControlSections.Access);
+                    fileSecurity.AddAccessRule(accessRule);
+                    fileInfo.SetAccessControl(fileSecurity);
                 }
 
                 var rootDirInfo = new DirectoryInfo(Path);
-                rootDirInfo.SetAccessControl(new DirectorySecurity(Path, AccessControlSections.Access));
+                var rootSecurity = new DirectorySecurity(Path, AccessControlSections.Access);
+                rootSecurity.AddAccessRule(accessRule);
+                rootDirInfo.SetAccessControl(rootSecurity);
                 rootDirInfo.Delete(recursive: true);
             }
             catch { /* Do not throw because we call this on finalize */ }