On Dec 30, 2009, at 5:42 PM, Mr. Gecko wrote: > On Dec 30, 2009, at 5:33 PM, Ken Thomases wrote: > >> On Dec 30, 2009, at 5:15 PM, Mr. Gecko wrote: >>> >>> So are you saying I could use authorization service to store things with >>> the user's authorization and get them back without the user's >>> authentication? >> >> You can store a very limited, specific kind of thing: right entries in the >> authorization policy database. You can then use those to govern the >> behavior of your program for other (non-admin) users. > > Basically the only thing I need to store is strings for like if safe search > is enabled, or if the user can view things that has adult content.
This sounds like exactly what Authorization Services is for. You should really read the tech note and the sample code, but here's my explanation: You identify the areas of your app where you need to decide "is this allowed or not?" For each independent allowable action (or set of actions), you pick a name, using reverse-DNS-style names to keep yours unique. These names are for "rights". Some predefined rights you may already be familiar with because they represent system privileges. However, you may create any new rights you like just by inventing a name for them. In your app's code, at each place where the app has to either allow or disallow an action, you attempt to obtain the right using your made-up name. If it succeeds in obtaining the right, your app should allow the action; otherwise, disallow it. By default, since the system doesn't know about your rights, obtaining them will require administrator privileges. So, where's the part where a parent gets to enable actions for kids who don't have administrator privileges? Your app does that by adding new entries in the system's policy database for your made-up rights. To add those entries requires administrator privileges, which is why only a parent (or admin) can do it. But the parent can add a policy giving all users from a particular group the ability to obtain any of the rights you've made up. (The parent doesn't have to know anything about the policy database or rights or whatever. Your app does that, but uses the parent's administrator authorization to do so.) Regards, Ken _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
