Q: Is it possible to use AuthorizationCreate to
create an AuthorizationRef, and at the same time, extend
the currently authorized rights, all in one step?
A: Yes, this is possible, but you must be careful. If the request
for authorization is denied, or the authorization fails for some other
reason, the AuthorizationRef doesn't actually get created,
so using it in subsequent calls will fail.
A better approach is to use AuthorizationCreate and pass
NULL as the initial AuthorizationRights set
so that the AuthorizationRef gets created successfully,
and then later call AuthorizationCopyRights to determine
or extend the allowable rights.
OSStatus status;
AuthorizationRef authorizationRef;
AuthorizationItem right = { "com.mycompany.myapplication.command1", 0, NULL, 0 };
AuthorizationRights rightSet = { 1, &right };
AuthorizationFlags flags = kAuthorizationFlagExtendRights |
kAuthorizationFlagInteractionAllowed;
/* Create a new AuthorizationRef object, but pass in NULL for the
AuthorizationRights set so the AuthorizationRef can be used in future calls. */
status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults, &authorizationRef);
if (status == errAuthorizationSuccess)
{
/* Now we can use the AuthorizationRef to deterimine if the user is
allowed to perform the rights contained in "rightSet". */
status = AuthorizationCopyRights(authorizationRef, &rightSet,
kAuthorizationEmptyEnvironment, flags, NULL);
} |
| Listing 1. Recommended way to use AuthorizationCreate. |
| |
[Sep 20 2002]
|