pub unsafe extern "C-unwind" fn AuthorizationCopyRights(
authorization: AuthorizationRef,
rights: NonNull<AuthorizationRights>,
environment: *const AuthorizationEnvironment,
flags: AuthorizationFlags,
authorized_rights: *mut *mut AuthorizationRights,
) -> i32Authorization only.Expand description
Given a set of rights, return the subset that is currently authorized by the AuthorizationRef given.
When the kAuthorizationFlagInteractionAllowed flag is set, user interaction will happen when required. Failing to set this flag will result in this call failing with a errAuthorizationInteractionNotAllowed status when interaction is required.
Setting the kAuthorizationFlagExtendRights flag will extend the currently available rights.
Setting the kAuthorizationFlagPartialRights flag will cause this call to succeed if only some of the requested rights are being granted by the returned AuthorizationRef. Unless this flag is set this API will fail if not all the requested rights could be obtained.
Setting the kAuthorizationFlagDestroyRights flag will prevent any additional rights obtained during this call from being preserved after returning from this API.
Setting the kAuthorizationFlagPreAuthorize flag will pre authorize the requested rights so that at a later time – by calling AuthorizationMakeExternalForm() follow by AuthorizationCreateFromExternalForm() – the obtained rights can be used in a different process. Rights that can’t be preauthorized will be treated as if they were authorized for the sake of returning an error (in other words if all rights are either authorized or could not be preauthorized this call will still succeed), and they will be returned in authorizedRights with their kAuthorizationFlagCanNotPreAuthorize bit in the flags field set to 1. The rights which could not be preauthorized are not currently authorized and may fail to authorize when a later call to AuthorizationCopyRights() is made, unless the kAuthorizationFlagExtendRights and kAuthorizationFlagInteractionAllowed flags are set. Even then they might still fail if the user does not supply the correct credentials. The reason for passing in this flag is to provide correct audit trail information and to avoid unnecessary user interaction.
Parameter authorization: (input) The authorization object on which this operation is performed.
Parameter rights: (input) A rights set (see AuthorizationCreate).
Parameter environment: (input/optional) An AuthorizationItemSet containing environment state used when making the autorization decision. See the AuthorizationEnvironment type for details.
Parameter flags: (input) options specified by the AuthorizationFlags enum. set all unused bits to zero to allow for future expansion.
Parameter authorizedRights: (output/optional) A pointer to a newly allocated AuthorizationInfoSet in which the authorized subset of rights are returned (authorizedRights should be deallocated by calling AuthorizationFreeItemSet() when it is no longer needed). If NULL the only information returned is the status. Note that if the kAuthorizationFlagPreAuthorize flag was specified rights that could not be preauthorized are returned in authorizedRights, but their flags contains the kAuthorizationFlagCanNotPreAuthorize bit.
Returns: errAuthorizationSuccess 0 No error.
errAuthorizationInvalidRef -60002 The authorization parameter is invalid.
errAuthorizationInvalidSet -60001 The rights parameter is invalid.
errAuthorizationInvalidPointer -60004 The authorizedRights parameter is invalid.
§Safety
authorizationmust be a valid pointer.rightsmust be a valid pointer.environmentmust be a valid pointer or null.authorized_rightsmust be a valid pointer or null.