thunderbolt: only try to enroll if we are allowed
Check via Polkit if the current user is actually allowed to enroll devices before trying to do so. If not, show a notification that explains that a system administrator needs to authorize the device. Clicking on the notification will guide the user to the thunderbolt control center panel. Before this patch, when the current user was not allowed to enroll a device a polkit dialog would pop up which is confusing because it did not contain any information why it was shown. This patch implements the behavior as designed (see [1], section "Multi-user environments"). [1] https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess
This commit is contained in:
parent
df77fb6793
commit
1f864c905d
@ -5,6 +5,7 @@
|
||||
const Gio = imports.gi.Gio;
|
||||
const GLib = imports.gi.GLib;
|
||||
const Lang = imports.lang;
|
||||
const Polkit = imports.gi.Polkit;
|
||||
const Shell = imports.gi.Shell;
|
||||
const Signals = imports.signals;
|
||||
|
||||
@ -256,6 +257,15 @@ var Indicator = new Lang.Class({
|
||||
this._sync();
|
||||
|
||||
this._source = null;
|
||||
this._perm = null;
|
||||
|
||||
Polkit.Permission.new('org.freedesktop.bolt.enroll', null, null, (source, res) => {
|
||||
try {
|
||||
this._perm = Polkit.Permission.new_finish(res);
|
||||
} catch (e) {
|
||||
log('Failed to get PolKit permission: %s'.format(e.toString()));
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
_onDestroy() {
|
||||
@ -314,21 +324,33 @@ var Indicator = new Lang.Class({
|
||||
|
||||
/* AuthRobot callbacks */
|
||||
_onEnrollDevice(obj, device, policy) {
|
||||
let auth = !Main.sessionMode.isLocked && !Main.sessionMode.isGreeter;
|
||||
/* only authorize new devices when in an unlocked user session */
|
||||
let unlocked = !Main.sessionMode.isLocked && !Main.sessionMode.isGreeter;
|
||||
/* and if we have the permission to do so, otherwise we trigger a PolKit dialog */
|
||||
let allowed = this._perm && this._perm.allowed;
|
||||
|
||||
let auth = unlocked && allowed;
|
||||
policy[0] = auth;
|
||||
|
||||
log("thunderbolt: [%s] auto enrollment: %s".format(device.Name, auth ? 'yes' : 'no'));
|
||||
log(`thunderbolt: [${device.Name}] auto enrollment: ${auth ? 'yes' : 'no'} (allowed: ${allowed ? 'yes' : 'no'})`);
|
||||
|
||||
if (auth)
|
||||
return; /* we are done */
|
||||
|
||||
const title = _('Unknown Thunderbolt device');
|
||||
const body = _('New device has been detected while you were away. Please disconnect and reconnect the device to start using it.');
|
||||
if (!unlocked) {
|
||||
const title = _("Unknown Thunderbolt device");
|
||||
const body = _("New device has been detected while you were away. Please disconnect and reconnect the device to start using it.");
|
||||
this._notify(title, body);
|
||||
} else {
|
||||
const title = _("Unauthorized Thunderbolt device");
|
||||
const body = _("New device has been detected and needs to be authorized by an administrator.");
|
||||
this._notify(title, body);
|
||||
}
|
||||
},
|
||||
|
||||
_onEnrollFailed(obj, device, error) {
|
||||
const title = _('Thunderbolt authorization error');
|
||||
const body = _('Could not authorize the Thunderbolt device: %s'.format(error.message));
|
||||
const title = _("Thunderbolt authorization error");
|
||||
const body = _("Could not authorize the Thunderbolt device: %s".format(error.message));
|
||||
this._notify(title, body);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user