Check User Privileges / Force Admin

[stoavio]

Good morning again -

Does LiveCode have any built-in functions for looking at the currently logged in user's permissions (ie: is the user a regular user or administrator?) My tool may need elevated privileges to perform certain tasks and I would like to perform an evaluation upfront to determine what scope of access the user running my tool actually has. If there is a built-in way to accomplish this without farming it out to another process (for example, parsing the output of net user <username>), that would be awesome.

In addition, can I make my tool require admin rights in order to run? I know in AutoIt you can toss a "#RequireAdmin" at the top of the script to make the application immediately prompt for administrator permission upon execution.

I am open to some creative solutions. I am always looking for the most efficient way of completing something using LC.

[Da_Elf]

in the main stack i set two custom properties, "cUserLevel" and "cUserID" which is altered when the user logs on or off. Then i just access that info wherever i need to

[stoavio]

in the main stack i set two custom properties, "cUserLevel" and "cUserID" which is altered when the user logs on or off. Then i just access that info wherever i need to

This sounds interesting. Can you elaborate? I see where you can create the custom properties but what are you supposed to put at their contents? Sorry, I haven't done any work with custom properties in LC yet but this sounds like it could be an elegant solution.

[SparkOut]

I think a clarification is needed... Are you talking about the user status relative to your application or the status of the user relative to the installation of the operating system (windows administrator, root/sudoer,etc)? A system for the former is straightforward, a comprehensive (and cross platform) solution may involve more specific shell commands, etc.

[FourthWorld]

See the notes on the "elevated" option for the "open process" command in the Dictionary:

Changes: Sometimes it is necessary to perform operations on the local machine as an administrator, and a typical pattern for a GUI application doing this is for it to prompt for authentication at certain points.

Modern operating systems do not permit a process to elevate itself, nor grant itself increased privilege. Instead, they only allow a running process to launch another process with increased privilege. Therefore, in order to support this, in version 4.5 a new form of the open process command was introduced that can launch a slave process with elevated permissions:

open elevated process process [ for [ text | binary ] ( read | write | update | neither ) ]

This form operates identically to the normal version, except that engine will ask the system to launch the given process with admin/root privileges.

The standard way for a GUI application that needs to perform privileged operations to be structured is to split the application into two parts: a GUI front-end that interacts with the user, and a command-line back-end that is run with elevated permissions. These two parts can then talk to each other using a standard master-slave approach, or some other form of IPC such as sockets

[stoavio]

Thanks all!

Richard, that was just what I needed!