PURPOSE
If an application needs to perform an task for which its user does not have sufficient privileges and needs authorization, I call this task is called a "Authorized Task". (Bookmarksman uses this code for one task, which is to allow non-admin users to write their License Information to the "anyUser" /System/Preferences.) Apple's developer documentation has a lot to say about how applications should perform authorized tasks while maintaining system security. Prior to late 2007, the recommended example of how to implement these recommendations was provided in Apple's MoreAuthSample sample code.
MoreAuthSample was replaced by BetterAuthorizationSample [1] in late 2007. I was hoping that it would be easier to incorporate into a project than MoreAuthSample. But I still found a steep learning curve, partly due to the partitioning that must be done to maintain security up to Apple's high standards, but largely due to idioms in the top-layer demo app which are "un-Cocoa-like". I started keeping a list of things I didn't like, but after a dozen items, with still alot to learn, I decided to improve upon it instead of publishing a rant. This project is the result.
I only touched the Demo App and the Helper Tool, which you have touch anyhow. This project uses the three "Reuseable Library" files from Apple's BetterAuthorizationSample without any modifications, so that if Apple updates these files you can just plug in the new versions. There are a few things in the Reuseable Library that I'd like to change too, but so far I've resisted that temptation. The Helper Tool has been partitioned into files systematically so that you can build your own Helper Tool Target to do just the tasks you need by including required files, instead of hacking the demo. Also, the re-useable code in the demo app has been partitioned off into a framework that you simply add to your application. (As usual, to add a framework, you add to linked files, add dependency, add to Copy Files.)
AuthorizedTasksInCocoa does all the same things as the demo app in BetterAuthorizationSample, with one exception. It does not present an NSAlert panel before installing the "BAS" helper tool. I don't think there is any need for that, because there is no reason why the user would not want it installed, other than the fact that they don't know what "BAS" means and get mad at your app for asking the question. So I omitted this code from the framework. The installer gets installed silently when needed. Note also that MoreAuthSample installed its helper tool silently too.
In summary, if you've been head-scratching over BetterAuthorizationSample, you might like this better. Or you might not.
SYSTEM REQUIREMENT
Like BetterAuthorizationSample, projects incorporating AuthorizedTasksInCocoa must be run in Mac OS 10.4.6 or later.
DOWNLOAD
Download AuthorizedTasksInCocoa (336 KB).
MORE INTERESTING READING
[1] Apple's BetterAuthorizationSample. "The real source."
[2] Apple's QA1277, which explains some tricks you might see in dealing with security credentials.
[3] Apple's document on Authorization Concepts and Services.