ansaurus

Question

User properties/ privileges in AppleScript

Answer 1

A:

Via MacScripter.net this should be a start: Managing Permissions (page 2 of 2)

Philip Regan 2009-11-16 18:28:46

No, I know all about howto do it in unix. The question is how to check the USER'S permissions in applescript.

Brian Postow 2009-11-16 18:30:49

Fine, but I think you're going to have to use shell commands to get to that information. Applescript itself doesn't get much deeper than "with administrator privileges".

Philip Regan 2009-11-16 19:27:37

Answer 2

+1 A:

Just use the with administrator privileges. If a user doesn't have admin privileges, Applescript will prompt them for name and password. Use a try ... on error block in case the user cancels, enters the wrong password or just plain doesn't have admin rights.

If you really want to know if the current user is an administrator, check that the user is in the admin group:

on amIAdmin()
    set prevDelims to AppleScript's text item delimiters
    set AppleScript's text item delimiters to " "
    set groups to do shell script "id -G -n"
    set groupList to text items of groups
    set isAdmin to "admin" is in groupList
    set AppleScript's text item delimiters to prevDelims
    return isAdmin
end isAdmin

amIAdmin()

outis 2009-11-16 18:57:35

I don't think that "with administrator privileges" works with anything except do shell script.... other things just fail... I suppose I COULD just put the whole think in a try block... but another forum gave me: if ("80" is not in (do shell script "id -G"))Which is more Clever, but seems to work...

Brian Postow 2009-11-16 19:58:49

I thought you needed admin privileges for the `chmod`, which would be wrapped in a do shell script. As for `do shell script "id -G"`, the code above does the same thing (note the `id -G -n`), but uses group names rather than numbers and handles substrings properly (imagine there's a group numbered 180, 580 or 800, or named 'dbadmin').

outis 2009-11-16 21:11:13

Answer 3

+3 A:

A solution from the Apple forum:

if ("80" is not in (do shell script "id -G")) then
   Error....

seems to do the trick. It's hard to read, and as Philip Regan said, I'm doing it via the command line, but it seems to give me the protection that I need...

Brian Postow 2009-11-16 20:01:21

Answer 4

+1 A:

Here's another alternative solution which no one mentioned yet.

The dscl command allows you to perform a variety of Directory Service tasks
and one of them is the ability to look up a user's account type.

The command: dscl . read /Groups/admin GroupMembership will list all admin
accounts on OS X.

So if you wanted to incorporate that into an AppleScript you could do the following:

set userName to "whatever username you wanted to check"
set readAdminGroup to do shell script "dscl . read /Groups/admin GroupMembership"
set AppleScript's text item delimiters to " "
set adminNames to text items of readAdminGroup

--loop through Admin Group to check if username exists
repeat with i in adminNames
 if adminNames does not contain userName then
  set isAdmin to false
 else
  set isAdmin to true
 end if
end repeat

return isAdmin

Once you find out whether the variable isAdmin is true or false you can then
perform a variety of functions. Also, if the script was being deployed or sent through ARD you could set the userName variable (the first line in the above script) to check for the current user with a whoami command. So the first line would then look like this:

set userName to do shell script "whoami"

Mason Rove 2009-12-10 04:29:16

No need for the loop, both because you don't need a loop to check whether data is within a list and because the loop body is invariant over `i`. Remove the repeat/end repeat.

outis 2009-12-16 18:21:35

ansaurus

tags:

views:

answers:

User properties/ privileges in AppleScript

related questions