accounts-service: Add AccountInfo interface

This will store information about the user which is related to parental
controls. Currently, that’s just a boolean indicating that the user is a
parent, and hence that their account should be presented differently in
UIs.

See: https://gitlab.gnome.org/GNOME/gnome-initial-setup/issues/94

Signed-off-by: Philip Withnall <withnall@endlessm.com>

accounts-service/com.endlessm.ParentalControls.AccountInfo.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
+<node>
+  <interface name="com.endlessm.ParentalControls.AccountInfo">
+
+    <annotation name="org.freedesktop.Accounts.VendorExtension" value="true"/>
+
+    <annotation name="org.freedesktop.Accounts.Authentication.ChangeOwn"
+      value="com.endlessm.ParentalControls.AccountInfo.ChangeOwn"/>
+    <annotation name="org.freedesktop.Accounts.Authentication.ReadOwn"
+      value="com.endlessm.ParentalControls.AccountInfo.ReadOwn"/>
+    <annotation name="org.freedesktop.Accounts.Authentication.ChangeAny"
+      value="com.endlessm.ParentalControls.AccountInfo.ChangeAny"/>
+    <annotation name="org.freedesktop.Accounts.Authentication.ReadAny"
+      value="com.endlessm.ParentalControls.AccountInfo.ReadAny"/>
+
+    <!--
+      IsParent:
+
+      Whether this user is a parent on the system. All parents must be
+      administrators, but not all administrators must be parents.
+
+      This is intended to allow parent accounts to be rendered differently in
+      the user interface. It must not be used to make authentication
+      decisions — use polkit for that.
+
+      The value of this property must be treated as `false` if the user is not
+      an administrator.
+    -->
+    <property name="IsParent" type="b" access="readwrite">
+      <annotation name="org.freedesktop.Accounts.DefaultValue" value="false"/>
+    </property>
+  </interface>
+</node>

accounts-service/com.endlessm.ParentalControls.policy.in

@@ -79,4 +79,44 @@
       <allow_active>auth_admin_keep</allow_active>
     </defaults>
   </action>
+
+  <action id="com.endlessm.ParentalControls.AccountInfo.ChangeOwn">
+    <description>Change your own account info</description>
+    <message>Authentication is required to change your account info.</message>
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_inactive>auth_admin_keep</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="com.endlessm.ParentalControls.AccountInfo.ReadOwn">
+    <description>Read your own account info</description>
+    <message>Authentication is required to read your account info.</message>
+    <defaults>
+      <allow_any>yes</allow_any>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="com.endlessm.ParentalControls.AccountInfo.ChangeAny">
+    <description>Change another user’s account info</description>
+    <message>Authentication is required to change another user’s account info.</message>
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_inactive>auth_admin_keep</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="com.endlessm.ParentalControls.AccountInfo.ReadAny">
+    <description>Read another user’s account info</description>
+    <message>Authentication is required to read another user’s account info.</message>
+    <defaults>
+      <allow_any>yes</allow_any>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
 </policyconfig>

accounts-service/meson.build

@@ -7,6 +7,7 @@ i18n.merge_file('com.endlessm.ParentalControls.policy',
 )
 
 dbus_interfaces = [
+  'com.endlessm.ParentalControls.AccountInfo',
   'com.endlessm.ParentalControls.AppFilter',
   'com.endlessm.ParentalControls.SessionLimits',
 ]