diff --git a/malcontent-control/application.c b/malcontent-control/application.c index 7a0ca34..5e30b11 100644 --- a/malcontent-control/application.c +++ b/malcontent-control/application.c @@ -178,6 +178,46 @@ mct_application_class_init (MctApplicationClass *klass) application_class->activate = mct_application_activate; } +static void +update_main_stack (MctApplication *self) +{ + gboolean is_user_manager_loaded; + const gchar *new_page_name, *old_page_name; + GtkWidget *new_focus_widget; + + /* The implementation of #ActUserManager guarantees that once is-loaded is + * true, it is never reset to false. */ + g_object_get (self->user_manager, "is-loaded", &is_user_manager_loaded, NULL); + + /* Handle any loading errors. */ + if (is_user_manager_loaded && act_user_manager_no_service (self->user_manager)) + { + gtk_label_set_label (self->error_title, + _("Failed to load user data from the system")); + gtk_label_set_label (self->error_message, + _("Please make sure that the AccountsService is installed and enabled.")); + + new_page_name = "error"; + new_focus_widget = NULL; + } + else if (is_user_manager_loaded) + { + new_page_name = "controls"; + new_focus_widget = GTK_WIDGET (self->user_selector); + } + else + { + new_page_name = "loading"; + new_focus_widget = NULL; + } + + old_page_name = gtk_stack_get_visible_child_name (self->main_stack); + gtk_stack_set_visible_child_name (self->main_stack, new_page_name); + + if (new_focus_widget != NULL && !g_str_equal (old_page_name, new_page_name)) + gtk_widget_grab_focus (new_focus_widget); +} + static void user_selector_notify_user_cb (GObject *obj, GParamSpec *pspec, @@ -198,34 +238,8 @@ user_manager_notify_is_loaded_cb (GObject *obj, gpointer user_data) { MctApplication *self = MCT_APPLICATION (user_data); - ActUserManager *user_manager = ACT_USER_MANAGER (obj); - gboolean is_loaded; - const gchar *new_page_name; - /* The implementation of #ActUserManager guarantees that once is-loaded is - * true, it is never reset to false. */ - g_object_get (user_manager, "is-loaded", &is_loaded, NULL); - - /* Handle any loading errors. */ - if (is_loaded && act_user_manager_no_service (user_manager)) - { - gtk_label_set_label (self->error_title, - _("Failed to load user data from the system")); - gtk_label_set_label (self->error_message, - _("Please make sure that the AccountsService is installed and enabled.")); - - new_page_name = "error"; - } - else if (is_loaded) - { - new_page_name = "controls"; - } - else - { - new_page_name = "loading"; - } - - gtk_stack_set_visible_child_name (self->main_stack, new_page_name); + update_main_stack (self); } /** diff --git a/malcontent-control/malcontent-control.gresource.xml b/malcontent-control/malcontent-control.gresource.xml index 516a033..8f4d8e9 100644 --- a/malcontent-control/malcontent-control.gresource.xml +++ b/malcontent-control/malcontent-control.gresource.xml @@ -1,10 +1,12 @@ - + carousel.css carousel.ui main.ui + restrict-applications-dialog.ui + restrict-applications-selector.ui user-controls.ui user-selector.ui diff --git a/malcontent-control/meson.build b/malcontent-control/meson.build index 4e66a6e..82a73b4 100644 --- a/malcontent-control/meson.build +++ b/malcontent-control/meson.build @@ -19,6 +19,10 @@ malcontent_control = executable('malcontent-control', 'gs-content-rating.c', 'gs-content-rating.h', 'main.c', + 'restrict-applications-dialog.c', + 'restrict-applications-dialog.h', + 'restrict-applications-selector.c', + 'restrict-applications-selector.h', 'user-controls.c', 'user-controls.h', 'user-image.c', @@ -90,6 +94,8 @@ if xmllint.found() files( 'carousel.ui', 'main.ui', + 'restrict-applications-dialog.ui', + 'restrict-applications-selector.ui', 'user-controls.ui', 'user-selector.ui', ), diff --git a/malcontent-control/restrict-applications-dialog.c b/malcontent-control/restrict-applications-dialog.c new file mode 100644 index 0000000..7d20ff1 --- /dev/null +++ b/malcontent-control/restrict-applications-dialog.c @@ -0,0 +1,382 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- + * + * Copyright © 2020 Endless Mobile, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + * + * Authors: + * - Philip Withnall + */ + +#include +#include +#include +#include +#include +#include + +#include "restrict-applications-dialog.h" +#include "restrict-applications-selector.h" + + +static void update_description (MctRestrictApplicationsDialog *self); + +/** + * MctRestrictApplicationsDialog: + * + * The ‘Restrict Applications’ dialog is a dialog which shows the available + * applications on the system alongside a column of toggle switches, which + * allows the given user to be prevented from running each application. + * + * The dialog contains a single #MctRestrictApplicationsSelector. It takes a + * #MctRestrictApplicationsDialog:user and + * #MctRestrictApplicationsDialog:app-filter as input to set up the UI, and + * returns its output as set of modifications to a given #MctAppFilterBuilder + * using mct_restrict_applications_dialog_build_app_filter(). + * + * Since: 0.5.0 + */ +struct _MctRestrictApplicationsDialog +{ + GtkDialog parent_instance; + + MctRestrictApplicationsSelector *selector; + GtkLabel *description; + + MctAppFilter *app_filter; /* (owned) (not nullable) */ + ActUser *user; /* (owned) (nullable) */ +}; + +G_DEFINE_TYPE (MctRestrictApplicationsDialog, mct_restrict_applications_dialog, GTK_TYPE_DIALOG) + +typedef enum +{ + PROP_APP_FILTER = 1, + PROP_USER, +} MctRestrictApplicationsDialogProperty; + +static GParamSpec *properties[PROP_USER + 1]; + +static void +mct_restrict_applications_dialog_constructed (GObject *obj) +{ + MctRestrictApplicationsDialog *self = MCT_RESTRICT_APPLICATIONS_DIALOG (obj); + + g_assert (self->app_filter != NULL); + g_assert (self->user == NULL || ACT_IS_USER (self->user)); + + G_OBJECT_CLASS (mct_restrict_applications_dialog_parent_class)->constructed (obj); +} + +static void +mct_restrict_applications_dialog_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + MctRestrictApplicationsDialog *self = MCT_RESTRICT_APPLICATIONS_DIALOG (object); + + switch ((MctRestrictApplicationsDialogProperty) prop_id) + { + case PROP_APP_FILTER: + g_value_set_boxed (value, self->app_filter); + break; + + case PROP_USER: + g_value_set_object (value, self->user); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +mct_restrict_applications_dialog_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + MctRestrictApplicationsDialog *self = MCT_RESTRICT_APPLICATIONS_DIALOG (object); + + switch ((MctRestrictApplicationsDialogProperty) prop_id) + { + case PROP_APP_FILTER: + mct_restrict_applications_dialog_set_app_filter (self, g_value_get_boxed (value)); + break; + + case PROP_USER: + mct_restrict_applications_dialog_set_user (self, g_value_get_object (value)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +mct_restrict_applications_dialog_dispose (GObject *object) +{ + MctRestrictApplicationsDialog *self = (MctRestrictApplicationsDialog *)object; + + g_clear_pointer (&self->app_filter, mct_app_filter_unref); + g_clear_object (&self->user); + + G_OBJECT_CLASS (mct_restrict_applications_dialog_parent_class)->dispose (object); +} + +static void +mct_restrict_applications_dialog_class_init (MctRestrictApplicationsDialogClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass); + + object_class->constructed = mct_restrict_applications_dialog_constructed; + object_class->get_property = mct_restrict_applications_dialog_get_property; + object_class->set_property = mct_restrict_applications_dialog_set_property; + object_class->dispose = mct_restrict_applications_dialog_dispose; + + /** + * MctRestrictApplicationsDialog:app-filter: (not nullable) + * + * The user’s current app filter, used to set up the dialog. As app filters + * are immutable, it is not updated as the dialog is changed. Use + * mct_restrict_applications_dialog_build_app_filter() to build the new app + * filter. + * + * Since: 0.5.0 + */ + properties[PROP_APP_FILTER] = + g_param_spec_boxed ("app-filter", + "App Filter", + "The user’s current app filter, used to set up the dialog.", + MCT_TYPE_APP_FILTER, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS | + G_PARAM_EXPLICIT_NOTIFY); + + /** + * MctRestrictApplicationsDialog:user: (nullable) + * + * The currently selected user account, or %NULL if no user is selected. + * + * Since: 0.5.0 + */ + properties[PROP_USER] = + g_param_spec_object ("user", + "User", + "The currently selected user account, or %NULL if no user is selected.", + ACT_TYPE_USER, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS | + G_PARAM_EXPLICIT_NOTIFY); + + g_object_class_install_properties (object_class, G_N_ELEMENTS (properties), properties); + + gtk_widget_class_set_template_from_resource (widget_class, "/org/freedesktop/MalcontentControl/ui/restrict-applications-dialog.ui"); + + gtk_widget_class_bind_template_child (widget_class, MctRestrictApplicationsDialog, selector); + gtk_widget_class_bind_template_child (widget_class, MctRestrictApplicationsDialog, description); +} + +static void +mct_restrict_applications_dialog_init (MctRestrictApplicationsDialog *self) +{ + /* Ensure the types used in the UI are registered. */ + g_type_ensure (MCT_TYPE_RESTRICT_APPLICATIONS_SELECTOR); + + gtk_widget_init_template (GTK_WIDGET (self)); +} + +static const gchar * +get_user_display_name (ActUser *user) +{ + const gchar *display_name; + + g_return_val_if_fail (ACT_IS_USER (user), _("unknown")); + + display_name = act_user_get_real_name (user); + if (display_name != NULL) + return display_name; + + display_name = act_user_get_user_name (user); + if (display_name != NULL) + return display_name; + + /* Translators: this is the full name for an unknown user account. */ + return _("unknown"); +} + +static void +update_description (MctRestrictApplicationsDialog *self) +{ + g_autofree gchar *description = NULL; + + if (self->user == NULL) + { + gtk_widget_hide (GTK_WIDGET (self->description)); + return; + } + + /* Translators: the placeholder is a user’s full name */ + description = g_strdup_printf (_("Allow %s to use the following installed applications."), + get_user_display_name (self->user)); + gtk_label_set_text (self->description, description); + gtk_widget_show (GTK_WIDGET (self->description)); +} + +/** + * mct_restrict_applications_dialog_new: + * @app_filter: (transfer none): the initial app filter configuration to show + * @user: (transfer none) (nullable): the user to show the app filter for + * + * Create a new #MctRestrictApplicationsDialog widget. + * + * Returns: (transfer full): a new restricted applications editing dialog + * Since: 0.5.0 + */ +MctRestrictApplicationsDialog * +mct_restrict_applications_dialog_new (MctAppFilter *app_filter, + ActUser *user) +{ + g_return_val_if_fail (app_filter != NULL, NULL); + g_return_val_if_fail (user == NULL || ACT_IS_USER (user), NULL); + + return g_object_new (MCT_TYPE_RESTRICT_APPLICATIONS_DIALOG, + "app-filter", app_filter, + "user", user, + NULL); +} + +/** + * mct_restrict_applications_dialog_get_app_filter: + * @self: an #MctRestrictApplicationsDialog + * + * Get the value of #MctRestrictApplicationsDialog:app-filter. If the property + * was originally set to %NULL, this will be the empty app filter. + * + * Returns: (transfer none) (not nullable): the initial app filter used to + * populate the dialog + * Since: 0.5.0 + */ +MctAppFilter * +mct_restrict_applications_dialog_get_app_filter (MctRestrictApplicationsDialog *self) +{ + g_return_val_if_fail (MCT_IS_RESTRICT_APPLICATIONS_DIALOG (self), NULL); + + return self->app_filter; +} + +/** + * mct_restrict_applications_dialog_set_app_filter: + * @self: an #MctRestrictApplicationsDialog + * @app_filter: (nullable) (transfer none): the app filter to configure the dialog + * from, or %NULL to use an empty app filter + * + * Set the value of #MctRestrictApplicationsDialog:app-filter. + * + * Since: 0.5.0 + */ +void +mct_restrict_applications_dialog_set_app_filter (MctRestrictApplicationsDialog *self, + MctAppFilter *app_filter) +{ + g_autoptr(MctAppFilter) owned_app_filter = NULL; + + g_return_if_fail (MCT_IS_RESTRICT_APPLICATIONS_DIALOG (self)); + + /* Default app filter, typically for when we’re instantiated by #GtkBuilder. */ + if (app_filter == NULL) + { + g_auto(MctAppFilterBuilder) builder = MCT_APP_FILTER_BUILDER_INIT (); + owned_app_filter = mct_app_filter_builder_end (&builder); + app_filter = owned_app_filter; + } + + if (app_filter == self->app_filter) + return; + + g_clear_pointer (&self->app_filter, mct_app_filter_unref); + self->app_filter = mct_app_filter_ref (app_filter); + + mct_restrict_applications_selector_set_app_filter (self->selector, self->app_filter); + + g_object_notify_by_pspec (G_OBJECT (self), properties[PROP_APP_FILTER]); +} + +/** + * mct_restrict_applications_dialog_get_user: + * @self: an #MctRestrictApplicationsDialog + * + * Get the value of #MctRestrictApplicationsDialog:user. + * + * Returns: (transfer none) (nullable): the user the dialog is configured for, + * or %NULL if unknown + * Since: 0.5.0 + */ +ActUser * +mct_restrict_applications_dialog_get_user (MctRestrictApplicationsDialog *self) +{ + g_return_val_if_fail (MCT_IS_RESTRICT_APPLICATIONS_DIALOG (self), NULL); + + return self->user; +} + +/** + * mct_restrict_applications_dialog_set_user: + * @self: an #MctRestrictApplicationsDialog + * @user: (nullable) (transfer none): the user to configure the dialog for, + * or %NULL if unknown + * + * Set the value of #MctRestrictApplicationsDialog:user. + * + * Since: 0.5.0 + */ +void +mct_restrict_applications_dialog_set_user (MctRestrictApplicationsDialog *self, + ActUser *user) +{ + g_return_if_fail (MCT_IS_RESTRICT_APPLICATIONS_DIALOG (self)); + g_return_if_fail (user == NULL || ACT_IS_USER (user)); + + if (g_set_object (&self->user, user)) + { + update_description (self); + g_object_notify_by_pspec (G_OBJECT (self), properties[PROP_USER]); + } +} + +/** + * mct_restrict_applications_dialog_build_app_filter: + * @self: an #MctRestrictApplicationsDialog + * @builder: an existing #MctAppFilterBuilder to modify + * + * Get the app filter settings currently configured in the dialog, by modifying + * the given @builder. + * + * Typically this will be called in the handler for #GtkDialog::response. + * + * Since: 0.5.0 + */ +void +mct_restrict_applications_dialog_build_app_filter (MctRestrictApplicationsDialog *self, + MctAppFilterBuilder *builder) +{ + g_return_if_fail (MCT_IS_RESTRICT_APPLICATIONS_DIALOG (self)); + g_return_if_fail (builder != NULL); + + mct_restrict_applications_selector_build_app_filter (self->selector, builder); +} diff --git a/malcontent-control/restrict-applications-dialog.h b/malcontent-control/restrict-applications-dialog.h new file mode 100644 index 0000000..b4a5ed3 --- /dev/null +++ b/malcontent-control/restrict-applications-dialog.h @@ -0,0 +1,50 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- + * + * Copyright © 2020 Endless Mobile, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + * + * Authors: + * - Philip Withnall + */ + +#pragma once + +#include +#include +#include +#include +#include + + +G_BEGIN_DECLS + +#define MCT_TYPE_RESTRICT_APPLICATIONS_DIALOG (mct_restrict_applications_dialog_get_type ()) +G_DECLARE_FINAL_TYPE (MctRestrictApplicationsDialog, mct_restrict_applications_dialog, MCT, RESTRICT_APPLICATIONS_DIALOG, GtkDialog) + +MctRestrictApplicationsDialog *mct_restrict_applications_dialog_new (MctAppFilter *app_filter, + ActUser *user); + +MctAppFilter *mct_restrict_applications_dialog_get_app_filter (MctRestrictApplicationsDialog *self); +void mct_restrict_applications_dialog_set_app_filter (MctRestrictApplicationsDialog *self, + MctAppFilter *app_filter); + +ActUser *mct_restrict_applications_dialog_get_user (MctRestrictApplicationsDialog *self); +void mct_restrict_applications_dialog_set_user (MctRestrictApplicationsDialog *self, + ActUser *user); + +void mct_restrict_applications_dialog_build_app_filter (MctRestrictApplicationsDialog *self, + MctAppFilterBuilder *builder); + +G_END_DECLS diff --git a/malcontent-control/restrict-applications-dialog.ui b/malcontent-control/restrict-applications-dialog.ui new file mode 100644 index 0000000..e95ff36 --- /dev/null +++ b/malcontent-control/restrict-applications-dialog.ui @@ -0,0 +1,56 @@ + + + + + + diff --git a/malcontent-control/restrict-applications-selector.c b/malcontent-control/restrict-applications-selector.c new file mode 100644 index 0000000..b6ddb83 --- /dev/null +++ b/malcontent-control/restrict-applications-selector.c @@ -0,0 +1,665 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- + * + * Copyright © 2020 Endless Mobile, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + * + * Authors: + * - Philip Withnall + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "restrict-applications-selector.h" + + +#define WEB_BROWSERS_CONTENT_TYPE "x-scheme-handler/http" + +static void app_info_changed_cb (GAppInfoMonitor *monitor, + gpointer user_data); +static void reload_apps (MctRestrictApplicationsSelector *self); +static GtkWidget *create_row_for_app_cb (gpointer item, + gpointer user_data); + +/** + * MctRestrictApplicationsSelector: + * + * The ‘Restrict Applications’ selector is a list box which shows the available + * applications on the system alongside a column of toggle switches, which + * allows the given user to be prevented from running each application. + * + * The selector takes an #MctRestrictApplicationsSelector:app-filter as input + * to set up the UI, and returns its output as set of modifications to a given + * #MctAppFilterBuilder using + * mct_restrict_applications_selector_build_app_filter(). + * + * Since: 0.5.0 + */ +struct _MctRestrictApplicationsSelector +{ + GtkBox parent_instance; + + GtkListBox *listbox; + + GListStore *apps; /* (owned) */ + GAppInfoMonitor *app_info_monitor; /* (owned) */ + gulong app_info_monitor_changed_id; + GHashTable *blacklisted_apps; /* (owned) (element-type GAppInfo) */ + + MctAppFilter *app_filter; /* (owned) */ + + FlatpakInstallation *system_installation; /* (owned) */ + FlatpakInstallation *user_installation; /* (owned) */ +}; + +G_DEFINE_TYPE (MctRestrictApplicationsSelector, mct_restrict_applications_selector, GTK_TYPE_BOX) + +typedef enum +{ + PROP_APP_FILTER = 1, +} MctRestrictApplicationsSelectorProperty; + +static GParamSpec *properties[PROP_APP_FILTER + 1]; + +enum { + SIGNAL_CHANGED, +}; + +static guint signals[SIGNAL_CHANGED + 1]; + +static void +mct_restrict_applications_selector_constructed (GObject *obj) +{ + MctRestrictApplicationsSelector *self = MCT_RESTRICT_APPLICATIONS_SELECTOR (obj); + + /* Default app filter, typically for when we’re instantiated by #GtkBuilder. */ + if (self->app_filter == NULL) + { + g_auto(MctAppFilterBuilder) builder = MCT_APP_FILTER_BUILDER_INIT (); + self->app_filter = mct_app_filter_builder_end (&builder); + } + + g_assert (self->app_filter != NULL); + + G_OBJECT_CLASS (mct_restrict_applications_selector_parent_class)->constructed (obj); +} + +static void +mct_restrict_applications_selector_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + MctRestrictApplicationsSelector *self = MCT_RESTRICT_APPLICATIONS_SELECTOR (object); + + switch ((MctRestrictApplicationsSelectorProperty) prop_id) + { + case PROP_APP_FILTER: + g_value_set_boxed (value, self->app_filter); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +mct_restrict_applications_selector_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + MctRestrictApplicationsSelector *self = MCT_RESTRICT_APPLICATIONS_SELECTOR (object); + + switch ((MctRestrictApplicationsSelectorProperty) prop_id) + { + case PROP_APP_FILTER: + mct_restrict_applications_selector_set_app_filter (self, g_value_get_boxed (value)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +mct_restrict_applications_selector_dispose (GObject *object) +{ + MctRestrictApplicationsSelector *self = (MctRestrictApplicationsSelector *)object; + + g_clear_pointer (&self->blacklisted_apps, g_hash_table_unref); + g_clear_object (&self->apps); + + if (self->app_info_monitor != NULL && self->app_info_monitor_changed_id != 0) + { + g_signal_handler_disconnect (self->app_info_monitor, self->app_info_monitor_changed_id); + self->app_info_monitor_changed_id = 0; + } + g_clear_object (&self->app_info_monitor); + g_clear_pointer (&self->app_filter, mct_app_filter_unref); + g_clear_object (&self->system_installation); + g_clear_object (&self->user_installation); + + G_OBJECT_CLASS (mct_restrict_applications_selector_parent_class)->dispose (object); +} + +static void +mct_restrict_applications_selector_class_init (MctRestrictApplicationsSelectorClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass); + + object_class->constructed = mct_restrict_applications_selector_constructed; + object_class->get_property = mct_restrict_applications_selector_get_property; + object_class->set_property = mct_restrict_applications_selector_set_property; + object_class->dispose = mct_restrict_applications_selector_dispose; + + /** + * MctRestrictApplicationsSelector:app-filter: (not nullable) + * + * The user’s current app filter, used to set up the selector. As app filters + * are immutable, it is not updated as the selector is changed. Use + * mct_restrict_applications_selector_build_app_filter() to build the new app + * filter. + * + * Since: 0.5.0 + */ + properties[PROP_APP_FILTER] = + g_param_spec_boxed ("app-filter", + "App Filter", + "The user’s current app filter, used to set up the selector.", + MCT_TYPE_APP_FILTER, + G_PARAM_READWRITE | + G_PARAM_STATIC_STRINGS | + G_PARAM_EXPLICIT_NOTIFY); + + g_object_class_install_properties (object_class, G_N_ELEMENTS (properties), properties); + + /** + * MctRestrictApplicationsSelector::changed: + * + * Emitted whenever an application in the list is blocked or unblocked. + * + * Since: 0.5.0 + */ + signals[SIGNAL_CHANGED] = + g_signal_new ("changed", + MCT_TYPE_RESTRICT_APPLICATIONS_SELECTOR, + G_SIGNAL_RUN_LAST, + 0, + NULL, NULL, + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, 0); + + gtk_widget_class_set_template_from_resource (widget_class, "/org/freedesktop/MalcontentControl/ui/restrict-applications-selector.ui"); + + gtk_widget_class_bind_template_child (widget_class, MctRestrictApplicationsSelector, listbox); +} + +static void +mct_restrict_applications_selector_init (MctRestrictApplicationsSelector *self) +{ + gtk_widget_init_template (GTK_WIDGET (self)); + + self->apps = g_list_store_new (G_TYPE_APP_INFO); + + self->app_info_monitor = g_app_info_monitor_get (); + self->app_info_monitor_changed_id = + g_signal_connect (self->app_info_monitor, "changed", + (GCallback) app_info_changed_cb, self); + + gtk_list_box_bind_model (self->listbox, + G_LIST_MODEL (self->apps), + create_row_for_app_cb, + self, + NULL); + + self->blacklisted_apps = g_hash_table_new_full (g_direct_hash, + g_direct_equal, + g_object_unref, + NULL); + + self->system_installation = flatpak_installation_new_system (NULL, NULL); + self->user_installation = flatpak_installation_new_user (NULL, NULL); +} + +static void +on_switch_active_changed_cb (GtkSwitch *s, + GParamSpec *pspec, + gpointer user_data) +{ + MctRestrictApplicationsSelector *self = MCT_RESTRICT_APPLICATIONS_SELECTOR (user_data); + GAppInfo *app; + gboolean allowed; + + app = g_object_get_data (G_OBJECT (s), "GAppInfo"); + allowed = gtk_switch_get_active (s); + + if (allowed) + { + gboolean removed; + + g_debug ("Removing ‘%s’ from blacklisted apps", g_app_info_get_id (app)); + + removed = g_hash_table_remove (self->blacklisted_apps, app); + g_assert (removed); + } + else + { + gboolean added; + + g_debug ("Blacklisting ‘%s’", g_app_info_get_id (app)); + + added = g_hash_table_add (self->blacklisted_apps, g_object_ref (app)); + g_assert (added); + } + + g_signal_emit (self, signals[SIGNAL_CHANGED], 0); +} + +static GtkWidget * +create_row_for_app_cb (gpointer item, + gpointer user_data) +{ + MctRestrictApplicationsSelector *self = MCT_RESTRICT_APPLICATIONS_SELECTOR (user_data); + GAppInfo *app = G_APP_INFO (item); + g_autoptr(GIcon) icon = NULL; + GtkWidget *box, *w; + gboolean allowed; + const gchar *app_name; + gint size; + + app_name = g_app_info_get_name (app); + + g_assert (G_IS_DESKTOP_APP_INFO (app)); + + icon = g_app_info_get_icon (app); + if (icon == NULL) + icon = g_themed_icon_new ("application-x-executable"); + else + g_object_ref (icon); + + box = gtk_box_new (GTK_ORIENTATION_HORIZONTAL, 12); + gtk_container_set_border_width (GTK_CONTAINER (box), 12); + gtk_widget_set_margin_end (box, 12); + + /* Icon */ + w = gtk_image_new_from_gicon (icon, GTK_ICON_SIZE_DIALOG); + gtk_icon_size_lookup (GTK_ICON_SIZE_DND, &size, NULL); + gtk_image_set_pixel_size (GTK_IMAGE (w), size); + gtk_container_add (GTK_CONTAINER (box), w); + + /* App name label */ + w = g_object_new (GTK_TYPE_LABEL, + "label", app_name, + "hexpand", TRUE, + "xalign", 0.0, + NULL); + gtk_container_add (GTK_CONTAINER (box), w); + + /* Switch */ + w = g_object_new (GTK_TYPE_SWITCH, + "valign", GTK_ALIGN_CENTER, + NULL); + gtk_container_add (GTK_CONTAINER (box), w); + + gtk_widget_show_all (box); + + /* Fetch status from AccountService */ + allowed = mct_app_filter_is_appinfo_allowed (self->app_filter, app); + + gtk_switch_set_active (GTK_SWITCH (w), allowed); + g_object_set_data_full (G_OBJECT (w), "GAppInfo", g_object_ref (app), g_object_unref); + + if (allowed) + g_hash_table_remove (self->blacklisted_apps, app); + else + g_hash_table_add (self->blacklisted_apps, g_object_ref (app)); + + g_signal_connect (w, "notify::active", G_CALLBACK (on_switch_active_changed_cb), self); + + return box; +} + +static gint +compare_app_info_cb (gconstpointer a, + gconstpointer b, + gpointer user_data) +{ + GAppInfo *app_a = (GAppInfo*) a; + GAppInfo *app_b = (GAppInfo*) b; + + return g_utf8_collate (g_app_info_get_display_name (app_a), + g_app_info_get_display_name (app_b)); +} + +static gint +app_compare_id_length_cb (gconstpointer a, + gconstpointer b) +{ + GAppInfo *info_a = (GAppInfo *) a, *info_b = (GAppInfo *) b; + const gchar *id_a, *id_b; + + id_a = g_app_info_get_id (info_a); + id_b = g_app_info_get_id (info_b); + + if (id_a == NULL && id_b == NULL) + return 0; + else if (id_a == NULL) + return -1; + else if (id_b == NULL) + return 1; + + return strlen (id_a) - strlen (id_b); +} + +static void +reload_apps (MctRestrictApplicationsSelector *self) +{ + GList *iter, *apps; + g_autoptr(GHashTable) seen_flatpak_ids = NULL; + g_autoptr(GHashTable) seen_executables = NULL; + + apps = g_app_info_get_all (); + + /* Sort the apps by increasing length of #GAppInfo ID. When coupled with the + * deduplication of flatpak IDs and executable paths, below, this should ensure that we + * pick the ‘base’ app out of any set with matching prefixes and identical app IDs (in + * case of flatpak apps) or executables (for non-flatpak apps), and show only that. + * + * This is designed to avoid listing all the components of LibreOffice for example, + * which all share an app ID and hence have the same entry in the parental controls + * app filter. */ + apps = g_list_sort (apps, app_compare_id_length_cb); + seen_flatpak_ids = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); + seen_executables = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); + + g_list_store_remove_all (self->apps); + + for (iter = apps; iter; iter = iter->next) + { + GAppInfo *app; + const gchar *app_name; + const gchar * const *supported_types; + + app = iter->data; + app_name = g_app_info_get_name (app); + + supported_types = g_app_info_get_supported_types (app); + + if (!G_IS_DESKTOP_APP_INFO (app) || + !g_app_info_should_show (app) || + app_name[0] == '\0' || + /* Endless' link apps have the "eos-link" prefix, and should be ignored too */ + g_str_has_prefix (g_app_info_get_id (app), "eos-link") || + /* FIXME: Only list flatpak apps and apps with X-Parental-Controls + * key set for now; we really need a system-wide MAC to be able to + * reliably support blacklisting system programs. */ + (!g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Flatpak") && + !g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Parental-Controls")) || + /* Web browsers are special cased */ + (supported_types && g_strv_contains (supported_types, WEB_BROWSERS_CONTENT_TYPE))) + { + continue; + } + + if (g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Flatpak")) + { + g_autofree gchar *flatpak_id = NULL; + + flatpak_id = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app), "X-Flatpak"); + g_debug ("Processing app ‘%s’ (Exec=%s, X-Flatpak=%s)", + g_app_info_get_id (app), + g_app_info_get_executable (app), + flatpak_id); + + /* Have we seen this flatpak ID before? */ + if (!g_hash_table_add (seen_flatpak_ids, g_steal_pointer (&flatpak_id))) + { + g_debug (" → Skipping ‘%s’ due to seeing its flatpak ID already", + g_app_info_get_id (app)); + continue; + } + } + else if (g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Parental-Controls")) + { + g_autofree gchar *parental_controls_type = NULL; + g_autofree gchar *executable = NULL; + + parental_controls_type = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app), + "X-Parental-Controls"); + /* Ignore X-Parental-Controls=none */ + if (g_strcmp0 (parental_controls_type, "none") == 0) + continue; + + executable = g_strdup (g_app_info_get_executable (app)); + g_debug ("Processing app ‘%s’ (Exec=%s, X-Parental-Controls=%s)", + g_app_info_get_id (app), + executable, + parental_controls_type); + + /* Have we seen this executable before? */ + if (!g_hash_table_add (seen_executables, g_steal_pointer (&executable))) + { + g_debug (" → Skipping ‘%s’ due to seeing its executable already", + g_app_info_get_id (app)); + continue; + } + } + + g_list_store_insert_sorted (self->apps, + app, + compare_app_info_cb, + self); + } + + g_list_free_full (apps, g_object_unref); +} + +static void +app_info_changed_cb (GAppInfoMonitor *monitor, + gpointer user_data) +{ + MctRestrictApplicationsSelector *self = MCT_RESTRICT_APPLICATIONS_SELECTOR (user_data); + + reload_apps (self); +} + +/* Will return %NULL if @flatpak_id is not installed. */ +static gchar * +get_flatpak_ref_for_app_id (MctRestrictApplicationsSelector *self, + const gchar *flatpak_id, + GCancellable *cancellable) +{ + g_autoptr(FlatpakInstalledRef) ref = NULL; + g_autoptr(GError) local_error = NULL; + + g_assert (self->system_installation != NULL); + g_assert (self->user_installation != NULL); + + /* FIXME technically this does local file I/O and should be async */ + ref = flatpak_installation_get_current_installed_app (self->user_installation, + flatpak_id, + cancellable, + &local_error); + + if (local_error != NULL && + !g_error_matches (local_error, FLATPAK_ERROR, FLATPAK_ERROR_NOT_INSTALLED)) + { + g_warning ("Error searching for Flatpak ref: %s", local_error->message); + return NULL; + } + + g_clear_error (&local_error); + + if (!ref || !flatpak_installed_ref_get_is_current (ref)) + { + /* FIXME technically this does local file I/O and should be async */ + ref = flatpak_installation_get_current_installed_app (self->system_installation, + flatpak_id, + cancellable, + &local_error); + if (local_error != NULL) + { + if (!g_error_matches (local_error, FLATPAK_ERROR, FLATPAK_ERROR_NOT_INSTALLED)) + g_warning ("Error searching for Flatpak ref: %s", local_error->message); + return NULL; + } + } + + return flatpak_ref_format_ref (FLATPAK_REF (ref)); +} + +/** + * mct_restrict_applications_selector_new: + * @app_filter: (transfer none): app filter to configure the selector from initially + * + * Create a new #MctRestrictApplicationsSelector widget. + * + * Returns: (transfer full): a new restricted applications selector + * Since: 0.5.0 + */ +MctRestrictApplicationsSelector * +mct_restrict_applications_selector_new (MctAppFilter *app_filter) +{ + g_return_val_if_fail (app_filter != NULL, NULL); + + return g_object_new (MCT_TYPE_RESTRICT_APPLICATIONS_SELECTOR, + "app-filter", app_filter, + NULL); +} + +/** + * mct_restrict_applications_selector_build_app_filter: + * @self: an #MctRestrictApplicationsSelector + * @builder: an existing #MctAppFilterBuilder to modify + * + * Get the app filter settings currently configured in the selector, by modifying + * the given @builder. + * + * Since: 0.5.0 + */ +void +mct_restrict_applications_selector_build_app_filter (MctRestrictApplicationsSelector *self, + MctAppFilterBuilder *builder) +{ + GDesktopAppInfo *app; + GHashTableIter iter; + + g_return_if_fail (MCT_IS_RESTRICT_APPLICATIONS_SELECTOR (self)); + g_return_if_fail (builder != NULL); + + g_hash_table_iter_init (&iter, self->blacklisted_apps); + while (g_hash_table_iter_next (&iter, (gpointer) &app, NULL)) + { + g_autofree gchar *flatpak_id = NULL; + + flatpak_id = g_desktop_app_info_get_string (app, "X-Flatpak"); + if (flatpak_id) + flatpak_id = g_strstrip (flatpak_id); + + if (flatpak_id) + { + g_autofree gchar *flatpak_ref = get_flatpak_ref_for_app_id (self, flatpak_id, NULL); + + if (!flatpak_ref) + { + g_warning ("Skipping blacklisting Flatpak ID ‘%s’ due to it not being installed", flatpak_id); + continue; + } + + g_debug ("\t\t → Blacklisting Flatpak ref: %s", flatpak_ref); + mct_app_filter_builder_blacklist_flatpak_ref (builder, flatpak_ref); + } + else + { + const gchar *executable = g_app_info_get_executable (G_APP_INFO (app)); + g_autofree gchar *path = g_find_program_in_path (executable); + + if (!path) + { + g_warning ("Skipping blacklisting executable ‘%s’ due to it not being found", executable); + continue; + } + + g_debug ("\t\t → Blacklisting path: %s", path); + mct_app_filter_builder_blacklist_path (builder, path); + } + } +} + +/** + * mct_restrict_applications_selector_get_app_filter: + * @self: an #MctRestrictApplicationsSelector + * + * Get the value of #MctRestrictApplicationsSelector:app-filter. If the property + * was originally set to %NULL, this will be the empty app filter. + * + * Returns: (transfer none) (not nullable): the initial app filter used to + * populate the selector + * Since: 0.5.0 + */ +MctAppFilter * +mct_restrict_applications_selector_get_app_filter (MctRestrictApplicationsSelector *self) +{ + g_return_val_if_fail (MCT_IS_RESTRICT_APPLICATIONS_SELECTOR (self), NULL); + + return self->app_filter; +} + +/** + * mct_restrict_applications_selector_set_app_filter: + * @self: an #MctRestrictApplicationsSelector + * @app_filter: (nullable) (transfer none): the app filter to configure the selector + * from, or %NULL to use an empty app filter + * + * Set the value of #MctRestrictApplicationsSelector:app-filter. + * + * This will overwrite any user changes to the selector, so they should be saved + * first using mct_restrict_applications_selector_build_app_filter() if desired. + * + * Since: 0.5.0 + */ +void +mct_restrict_applications_selector_set_app_filter (MctRestrictApplicationsSelector *self, + MctAppFilter *app_filter) +{ + g_autoptr(MctAppFilter) owned_app_filter = NULL; + + g_return_if_fail (MCT_IS_RESTRICT_APPLICATIONS_SELECTOR (self)); + + /* Default app filter, typically for when we’re instantiated by #GtkBuilder. */ + if (app_filter == NULL) + { + g_auto(MctAppFilterBuilder) builder = MCT_APP_FILTER_BUILDER_INIT (); + owned_app_filter = mct_app_filter_builder_end (&builder); + app_filter = owned_app_filter; + } + + if (app_filter == self->app_filter) + return; + + g_clear_pointer (&self->app_filter, mct_app_filter_unref); + self->app_filter = mct_app_filter_ref (app_filter); + + reload_apps (self); + g_object_notify_by_pspec (G_OBJECT (self), properties[PROP_APP_FILTER]); +} diff --git a/malcontent-control/restrict-applications-selector.h b/malcontent-control/restrict-applications-selector.h new file mode 100644 index 0000000..702a594 --- /dev/null +++ b/malcontent-control/restrict-applications-selector.h @@ -0,0 +1,45 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- + * + * Copyright © 2020 Endless Mobile, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + * + * Authors: + * - Philip Withnall + */ + +#pragma once + +#include +#include +#include +#include +#include + + +G_BEGIN_DECLS + +#define MCT_TYPE_RESTRICT_APPLICATIONS_SELECTOR (mct_restrict_applications_selector_get_type ()) +G_DECLARE_FINAL_TYPE (MctRestrictApplicationsSelector, mct_restrict_applications_selector, MCT, RESTRICT_APPLICATIONS_SELECTOR, GtkBox) + +MctRestrictApplicationsSelector *mct_restrict_applications_selector_new (MctAppFilter *app_filter); + +MctAppFilter *mct_restrict_applications_selector_get_app_filter (MctRestrictApplicationsSelector *self); +void mct_restrict_applications_selector_set_app_filter (MctRestrictApplicationsSelector *self, + MctAppFilter *app_filter); + +void mct_restrict_applications_selector_build_app_filter (MctRestrictApplicationsSelector *self, + MctAppFilterBuilder *builder); + +G_END_DECLS diff --git a/malcontent-control/restrict-applications-selector.ui b/malcontent-control/restrict-applications-selector.ui new file mode 100644 index 0000000..6b5bdd9 --- /dev/null +++ b/malcontent-control/restrict-applications-selector.ui @@ -0,0 +1,32 @@ + + + + + + diff --git a/malcontent-control/user-controls.c b/malcontent-control/user-controls.c index 5cf6cae..1cc07a9 100644 --- a/malcontent-control/user-controls.c +++ b/malcontent-control/user-controls.c @@ -28,6 +28,7 @@ #include #include "gs-content-rating.h" +#include "restrict-applications-dialog.h" #include "user-controls.h" @@ -44,12 +45,9 @@ struct _MctUserControls GtkSwitch *allow_system_installation_switch; GtkSwitch *allow_user_installation_switch; GtkSwitch *allow_web_browsers_switch; - GtkListBox *listbox; GtkButton *restriction_button; GtkPopover *restriction_popover; - - FlatpakInstallation *system_installation; /* (owned) */ - FlatpakInstallation *user_installation; /* (owned) */ + MctRestrictApplicationsDialog *restrict_applications_dialog; GSimpleActionGroup *action_group; /* (owned) */ @@ -58,11 +56,6 @@ struct _MctUserControls GPermission *permission; /* (owned) (nullable) */ gulong permission_allowed_id; - GAppInfoMonitor *app_info_monitor; /* (owned) */ - - GHashTable *blacklisted_apps; /* (owned) */ - GListStore *apps; /* (owned) */ - GCancellable *cancellable; /* (owned) */ MctManager *manager; /* (owned) */ MctAppFilter *filter; /* (owned) */ @@ -72,12 +65,6 @@ struct _MctUserControls }; static gboolean blacklist_apps_cb (gpointer data); -static void app_info_changed_cb (GAppInfoMonitor *monitor, - gpointer user_data); - -static gint compare_app_info_cb (gconstpointer a, - gconstpointer b, - gpointer user_data); static void on_allow_installation_switch_active_changed_cb (GtkSwitch *s, GParamSpec *pspec, @@ -87,6 +74,17 @@ static void on_allow_web_browsers_switch_active_changed_cb (GtkSwitch *s, GParamSpec *pspec, MctUserControls *self); +static void on_restrict_applications_button_clicked_cb (GtkButton *button, + gpointer user_data); + +static gboolean on_restrict_applications_dialog_delete_event_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data); + +static void on_restrict_applications_dialog_response_cb (GtkDialog *dialog, + gint response_id, + gpointer user_data); + static void on_set_age_action_activated (GSimpleAction *action, GVariant *param, gpointer user_data); @@ -146,139 +144,6 @@ static const gchar * const oars_categories[] = /* Auxiliary methods */ -static gint -app_compare_id_length_cb (gconstpointer a, - gconstpointer b) -{ - GAppInfo *info_a = (GAppInfo *) a, *info_b = (GAppInfo *) b; - const gchar *id_a, *id_b; - - id_a = g_app_info_get_id (info_a); - id_b = g_app_info_get_id (info_b); - - if (id_a == NULL && id_b == NULL) - return 0; - else if (id_a == NULL) - return -1; - else if (id_b == NULL) - return 1; - - return strlen (id_a) - strlen (id_b); -} - -static void -reload_apps (MctUserControls *self) -{ - GList *iter, *apps; - g_autoptr(GHashTable) seen_flatpak_ids = NULL; - g_autoptr(GHashTable) seen_executables = NULL; - - apps = g_app_info_get_all (); - - /* Sort the apps by increasing length of #GAppInfo ID. When coupled with the - * deduplication of flatpak IDs and executable paths, below, this should ensure that we - * pick the ‘base’ app out of any set with matching prefixes and identical app IDs (in - * case of flatpak apps) or executables (for non-flatpak apps), and show only that. - * - * This is designed to avoid listing all the components of LibreOffice for example, - * which all share an app ID and hence have the same entry in the parental controls - * app filter. */ - apps = g_list_sort (apps, app_compare_id_length_cb); - seen_flatpak_ids = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); - seen_executables = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); - - g_list_store_remove_all (self->apps); - - for (iter = apps; iter; iter = iter->next) - { - GAppInfo *app; - const gchar *app_name; - const gchar * const *supported_types; - - app = iter->data; - app_name = g_app_info_get_name (app); - - supported_types = g_app_info_get_supported_types (app); - - if (!G_IS_DESKTOP_APP_INFO (app) || - !g_app_info_should_show (app) || - app_name[0] == '\0' || - /* Endless' link apps have the "eos-link" prefix, and should be ignored too */ - g_str_has_prefix (g_app_info_get_id (app), "eos-link") || - /* FIXME: Only list flatpak apps and apps with X-Parental-Controls - * key set for now; we really need a system-wide MAC to be able to - * reliably support blacklisting system programs. See - * https://phabricator.endlessm.com/T25080. */ - (!g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Flatpak") && - !g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Parental-Controls")) || - /* Web browsers are special cased */ - (supported_types && g_strv_contains (supported_types, WEB_BROWSERS_CONTENT_TYPE))) - { - continue; - } - - if (g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Flatpak")) - { - g_autofree gchar *flatpak_id = NULL; - - flatpak_id = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app), "X-Flatpak"); - g_debug ("Processing app ‘%s’ (Exec=%s, X-Flatpak=%s)", - g_app_info_get_id (app), - g_app_info_get_executable (app), - flatpak_id); - - /* Have we seen this flatpak ID before? */ - if (!g_hash_table_add (seen_flatpak_ids, g_steal_pointer (&flatpak_id))) - { - g_debug (" → Skipping ‘%s’ due to seeing its flatpak ID already", - g_app_info_get_id (app)); - continue; - } - } - else if (g_desktop_app_info_has_key (G_DESKTOP_APP_INFO (app), "X-Parental-Controls")) - { - g_autofree gchar *parental_controls_type = NULL; - g_autofree gchar *executable = NULL; - - parental_controls_type = g_desktop_app_info_get_string (G_DESKTOP_APP_INFO (app), - "X-Parental-Controls"); - /* Ignore X-Parental-Controls=none */ - if (g_strcmp0 (parental_controls_type, "none") == 0) - continue; - - executable = g_strdup (g_app_info_get_executable (app)); - g_debug ("Processing app ‘%s’ (Exec=%s, X-Parental-Controls=%s)", - g_app_info_get_id (app), - executable, - parental_controls_type); - - /* Have we seen this executable before? */ - if (!g_hash_table_add (seen_executables, g_steal_pointer (&executable))) - { - g_debug (" → Skipping ‘%s’ due to seeing its executable already", - g_app_info_get_id (app)); - continue; - } - } - - g_list_store_insert_sorted (self->apps, - app, - compare_app_info_cb, - self); - } - - g_list_free_full (apps, g_object_unref); -} - -static void -app_info_changed_cb (GAppInfoMonitor *monitor, - gpointer user_data) -{ - MctUserControls *self = MCT_USER_CONTROLS (user_data); - - reload_apps (self); -} - static GsContentRatingSystem get_content_rating_system (ActUser *user) { @@ -320,6 +185,18 @@ update_app_filter (MctUserControls *self) g_clear_pointer (&self->filter, mct_app_filter_unref); + if (self->user == NULL) + return; + + /* FIXME: It’s expected that, unless authorised already, a user cannot read + * another user’s app filter. accounts-service currently (incorrectly) ignores + * the missing ‘interactive’ flag and prompts the user for permission if so, + * so don’t query at all in that case. */ + if (act_user_get_uid (self->user) != getuid () && + (self->permission == NULL || + !g_permission_get_allowed (self->permission))) + return; + /* FIXME: make it asynchronous */ self->filter = mct_manager_get_app_filter (self->manager, act_user_get_uid (self->user), @@ -329,26 +206,9 @@ update_app_filter (MctUserControls *self) if (error) { - /* It's expected that a non-admin user can't read another user's parental - * controls info unless the panel has been unlocked; ignore such an - * error. - */ - if (act_user_get_uid (self->user) != getuid () && - self->permission != NULL && - !g_permission_get_allowed (self->permission) && - g_error_matches (error, MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_PERMISSION_DENIED)) - { - g_clear_error (&error); - g_debug ("Not enough permissions to retrieve app filter for user '%s'", - act_user_get_user_name (self->user)); - } - else - { - g_warning ("Error retrieving app filter for user '%s': %s", - act_user_get_user_name (self->user), - error->message); - } - + g_warning ("Error retrieving app filter for user '%s': %s", + act_user_get_user_name (self->user), + error->message); return; } @@ -551,55 +411,10 @@ setup_parental_control_settings (MctUserControls *self) gtk_widget_set_sensitive (GTK_WIDGET (self), is_authorized); - g_hash_table_remove_all (self->blacklisted_apps); - update_oars_level (self); update_categories_from_language (self); update_allow_app_installation (self); update_allow_web_browsers (self); - reload_apps (self); -} - -/* Will return %NULL if @flatpak_id is not installed. */ -static gchar * -get_flatpak_ref_for_app_id (MctUserControls *self, - const gchar *flatpak_id) -{ - g_autoptr(FlatpakInstalledRef) ref = NULL; - g_autoptr(GError) error = NULL; - - g_assert (self->system_installation != NULL); - g_assert (self->user_installation != NULL); - - ref = flatpak_installation_get_current_installed_app (self->user_installation, - flatpak_id, - self->cancellable, - &error); - - if (error && - !g_error_matches (error, FLATPAK_ERROR, FLATPAK_ERROR_NOT_INSTALLED)) - { - g_warning ("Error searching for Flatpak ref: %s", error->message); - return NULL; - } - - g_clear_error (&error); - - if (!ref || !flatpak_installed_ref_get_is_current (ref)) - { - ref = flatpak_installation_get_current_installed_app (self->system_installation, - flatpak_id, - self->cancellable, - &error); - if (error) - { - if (!g_error_matches (error, FLATPAK_ERROR, FLATPAK_ERROR_NOT_INSTALLED)) - g_warning ("Error searching for Flatpak ref: %s", error->message); - return NULL; - } - } - - return flatpak_ref_format_ref (FLATPAK_REF (ref)); } /* Callbacks */ @@ -611,8 +426,6 @@ blacklist_apps_cb (gpointer data) g_autoptr(MctAppFilter) new_filter = NULL; g_autoptr(GError) error = NULL; MctUserControls *self = data; - GDesktopAppInfo *app; - GHashTableIter iter; gboolean allow_web_browsers; gsize i; @@ -624,43 +437,7 @@ blacklist_apps_cb (gpointer data) g_debug ("\t → Blacklisting apps"); - g_hash_table_iter_init (&iter, self->blacklisted_apps); - while (g_hash_table_iter_next (&iter, (gpointer) &app, NULL)) - { - g_autofree gchar *flatpak_id = NULL; - - flatpak_id = g_desktop_app_info_get_string (app, "X-Flatpak"); - if (flatpak_id) - flatpak_id = g_strstrip (flatpak_id); - - if (flatpak_id) - { - g_autofree gchar *flatpak_ref = get_flatpak_ref_for_app_id (self, flatpak_id); - - if (!flatpak_ref) - { - g_warning ("Skipping blacklisting Flatpak ID ‘%s’ due to it not being installed", flatpak_id); - continue; - } - - g_debug ("\t\t → Blacklisting Flatpak ref: %s", flatpak_ref); - mct_app_filter_builder_blacklist_flatpak_ref (&builder, flatpak_ref); - } - else - { - const gchar *executable = g_app_info_get_executable (G_APP_INFO (app)); - g_autofree gchar *path = g_find_program_in_path (executable); - - if (!path) - { - g_warning ("Skipping blacklisting executable ‘%s’ due to it not being found", executable); - continue; - } - - g_debug ("\t\t → Blacklisting path: %s", path); - mct_app_filter_builder_blacklist_path (&builder, path); - } - } + mct_restrict_applications_dialog_build_app_filter (self->restrict_applications_dialog, &builder); /* Maturity level */ @@ -758,114 +535,51 @@ on_allow_web_browsers_switch_active_changed_cb (GtkSwitch *s, } static void -on_switch_active_changed_cb (GtkSwitch *s, - GParamSpec *pspec, - MctUserControls *self) +on_restrict_applications_button_clicked_cb (GtkButton *button, + gpointer user_data) { - GAppInfo *app; - gboolean allowed; + MctUserControls *self = MCT_USER_CONTROLS (user_data); + GtkWidget *toplevel; - app = g_object_get_data (G_OBJECT (s), "GAppInfo"); - allowed = gtk_switch_get_active (s); + /* Show the restrict applications dialogue modally, making sure to update its + * state first. */ + toplevel = gtk_widget_get_toplevel (GTK_WIDGET (self)); + if (GTK_IS_WINDOW (toplevel)) + gtk_window_set_transient_for (GTK_WINDOW (self->restrict_applications_dialog), + GTK_WINDOW (toplevel)); - if (allowed) - { - gboolean removed; + mct_restrict_applications_dialog_set_user (self->restrict_applications_dialog, self->user); + mct_restrict_applications_dialog_set_app_filter (self->restrict_applications_dialog, self->filter); - g_debug ("Removing '%s' from blacklisted apps", g_app_info_get_id (app)); + gtk_widget_show (GTK_WIDGET (self->restrict_applications_dialog)); +} - removed = g_hash_table_remove (self->blacklisted_apps, app); - g_assert (removed); - } - else - { - gboolean added; +static gboolean +on_restrict_applications_dialog_delete_event_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data) +{ + MctUserControls *self = MCT_USER_CONTROLS (user_data); - g_debug ("Blacklisting '%s'", g_app_info_get_id (app)); - - added = g_hash_table_add (self->blacklisted_apps, g_object_ref (app)); - g_assert (added); - } + /* When the ‘Restrict Applications’ dialogue is closed, don’t destroy it, + * since it contains the app filter settings which we’ll want to reuse next + * time the dialogue is shown or the app filter is saved. */ + gtk_widget_hide (GTK_WIDGET (self->restrict_applications_dialog)); + /* Schedule an update to the saved state. */ schedule_update_blacklisted_apps (self); + + return TRUE; } -static GtkWidget * -create_row_for_app_cb (gpointer item, - gpointer user_data) +static void +on_restrict_applications_dialog_response_cb (GtkDialog *dialog, + gint response_id, + gpointer user_data) { - g_autoptr(GIcon) icon = NULL; - MctUserControls *self; - GtkWidget *box, *w; - GAppInfo *app; - gboolean allowed; - const gchar *app_name; - gint size; + MctUserControls *self = MCT_USER_CONTROLS (user_data); - self = MCT_USER_CONTROLS (user_data); - app = item; - app_name = g_app_info_get_name (app); - - g_assert (G_IS_DESKTOP_APP_INFO (app)); - - icon = g_app_info_get_icon (app); - if (icon == NULL) - icon = g_themed_icon_new ("application-x-executable"); - else - g_object_ref (icon); - - box = gtk_box_new (GTK_ORIENTATION_HORIZONTAL, 12); - gtk_container_set_border_width (GTK_CONTAINER (box), 12); - gtk_widget_set_margin_end (box, 12); - - /* Icon */ - w = gtk_image_new_from_gicon (icon, GTK_ICON_SIZE_DIALOG); - gtk_icon_size_lookup (GTK_ICON_SIZE_DND, &size, NULL); - gtk_image_set_pixel_size (GTK_IMAGE (w), size); - gtk_container_add (GTK_CONTAINER (box), w); - - /* App name label */ - w = g_object_new (GTK_TYPE_LABEL, - "label", app_name, - "hexpand", TRUE, - "xalign", 0.0, - NULL); - gtk_container_add (GTK_CONTAINER (box), w); - - /* Switch */ - w = g_object_new (GTK_TYPE_SWITCH, - "valign", GTK_ALIGN_CENTER, - NULL); - gtk_container_add (GTK_CONTAINER (box), w); - - gtk_widget_show_all (box); - - /* Fetch status from AccountService */ - allowed = mct_app_filter_is_appinfo_allowed (self->filter, app); - - gtk_switch_set_active (GTK_SWITCH (w), allowed); - g_object_set_data_full (G_OBJECT (w), "GAppInfo", g_object_ref (app), g_object_unref); - - if (allowed) - g_hash_table_remove (self->blacklisted_apps, app); - else if (!allowed) - g_hash_table_add (self->blacklisted_apps, g_object_ref (app)); - - g_signal_connect (w, "notify::active", G_CALLBACK (on_switch_active_changed_cb), self); - - return box; -} - -static gint -compare_app_info_cb (gconstpointer a, - gconstpointer b, - gpointer user_data) -{ - GAppInfo *app_a = (GAppInfo*) a; - GAppInfo *app_b = (GAppInfo*) b; - - return g_utf8_collate (g_app_info_get_display_name (app_a), - g_app_info_get_display_name (app_b)); + on_restrict_applications_dialog_delete_event_cb (GTK_WIDGET (dialog), NULL, self); } static void @@ -923,11 +637,8 @@ mct_user_controls_finalize (GObject *object) g_cancellable_cancel (self->cancellable); g_clear_object (&self->action_group); - g_clear_object (&self->apps); g_clear_object (&self->cancellable); - g_clear_object (&self->system_installation); g_clear_object (&self->user); - g_clear_object (&self->user_installation); if (self->permission != NULL && self->permission_allowed_id != 0) { @@ -936,10 +647,8 @@ mct_user_controls_finalize (GObject *object) } g_clear_object (&self->permission); - g_clear_pointer (&self->blacklisted_apps, g_hash_table_unref); g_clear_pointer (&self->filter, mct_app_filter_unref); g_clear_object (&self->manager); - g_clear_object (&self->app_info_monitor); G_OBJECT_CLASS (mct_user_controls_parent_class)->finalize (object); } @@ -1038,10 +747,13 @@ mct_user_controls_class_init (MctUserControlsClass *klass) gtk_widget_class_bind_template_child (widget_class, MctUserControls, allow_web_browsers_switch); gtk_widget_class_bind_template_child (widget_class, MctUserControls, restriction_button); gtk_widget_class_bind_template_child (widget_class, MctUserControls, restriction_popover); - gtk_widget_class_bind_template_child (widget_class, MctUserControls, listbox); + gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_applications_dialog); gtk_widget_class_bind_template_callback (widget_class, on_allow_installation_switch_active_changed_cb); gtk_widget_class_bind_template_callback (widget_class, on_allow_web_browsers_switch_active_changed_cb); + gtk_widget_class_bind_template_callback (widget_class, on_restrict_applications_button_clicked_cb); + gtk_widget_class_bind_template_callback (widget_class, on_restrict_applications_dialog_delete_event_cb); + gtk_widget_class_bind_template_callback (widget_class, on_restrict_applications_dialog_response_cb); } static void @@ -1050,11 +762,12 @@ mct_user_controls_init (MctUserControls *self) g_autoptr(GDBusConnection) system_bus = NULL; g_autoptr(GError) error = NULL; + /* Ensure the types used in the UI are registered. */ + g_type_ensure (MCT_TYPE_RESTRICT_APPLICATIONS_DIALOG); + gtk_widget_init_template (GTK_WIDGET (self)); self->selected_age = (guint) -1; - self->system_installation = flatpak_installation_new_system (NULL, NULL); - self->user_installation = flatpak_installation_new_user (NULL, NULL); self->cancellable = g_cancellable_new (); @@ -1079,19 +792,6 @@ mct_user_controls_init (MctUserControls *self) G_ACTION_GROUP (self->action_group)); gtk_popover_bind_model (self->restriction_popover, G_MENU_MODEL (self->age_menu), NULL); - self->blacklisted_apps = g_hash_table_new_full (g_direct_hash, g_direct_equal, g_object_unref, NULL); - - self->apps = g_list_store_new (G_TYPE_APP_INFO); - - self->app_info_monitor = g_app_info_monitor_get (); - g_signal_connect_object (self->app_info_monitor, "changed", - (GCallback) app_info_changed_cb, self, 0); - - gtk_list_box_bind_model (self->listbox, - G_LIST_MODEL (self->apps), - create_row_for_app_cb, - self, - NULL); g_object_bind_property (self->allow_user_installation_switch, "active", self->allow_system_installation_switch, "sensitive", diff --git a/malcontent-control/user-controls.ui b/malcontent-control/user-controls.ui index 880c207..4cc4dd0 100644 --- a/malcontent-control/user-controls.ui +++ b/malcontent-control/user-controls.ui @@ -18,9 +18,6 @@ - - - 0 @@ -29,22 +26,187 @@ - + True - 0.0 - Prevent this user from opening some apps by turning them off below. - True - True - listbox - - - - - - - + False + True + 0 + in + + + True + False + True + none + False + + + True + True + False + False + + + True + False + center + 12 + 12 + 8 + 8 + 4 + 4 + + + True + False + start + True + end + 0 + Block _Web Browsers + True + allow_web_browsers_switch + + + + + + 0 + 0 + + + + + True + False + start + True + end + 0 + Prevents the user from running web browsers, but limited web content may still be available in other applications + + + + + + + + + + 0 + 1 + + + + + True + True + end + center + + + + 1 + 0 + 2 + + + + + + + + + True + True + False + False + + + True + False + center + 12 + 12 + 8 + 8 + 4 + 4 + + + True + False + start + True + end + 0 + _Restrict Applications + True + restrict_applications_button + + + + + + 0 + 0 + + + + + True + False + start + True + end + 0 + Prevents particular applications from being used + + + + + + + + + + 0 + 1 + + + + + True + True + end + center + none + + + + True + pan-end-symbolic + 4 + + + + + 1 + 0 + 2 + + + + + + + + 1 @@ -52,115 +214,6 @@ - - - True - True - never - 100 - 400 - True - etched-in - - - - - True - none - - - - - - 2 - 0 - 2 - - - - - - - True - 0.0 - Restrict Web Browsers - - - - - - - - - 3 - 0 - - - - - - True - 0.0 - Prevent this user from running web browsers by turning them off below. Note that if the computer is connected to the internet, limited web content may still be available in other applications. - True - 55 - True - allow_web_browsers_switch - - - - - - - - - - 4 - 0 - - - - - - True - 12 - - - - True - 1.0 - Web _Browsers - True - True - allow_web_browsers_switch - - - - - - - - - - True - True - start - - - - - - - 5 - 0 - 2 - - - @@ -173,7 +226,7 @@ - 6 + 2 0 @@ -211,7 +264,7 @@ - 7 + 3 0 2 @@ -250,7 +303,7 @@ - 8 + 4 0 2 @@ -291,7 +344,7 @@ - 9 + 5 0 2 @@ -318,10 +371,22 @@ horizontal - + + + + + + + False + True + True + 1 + + + diff --git a/po/POTFILES.in b/po/POTFILES.in index f5380f0..aaa1ca0 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -7,6 +7,10 @@ malcontent-control/gs-content-rating.c malcontent-control/main.ui malcontent-control/org.freedesktop.MalcontentControl.appdata.xml.in malcontent-control/org.freedesktop.MalcontentControl.desktop.in +malcontent-control/restrict-applications-dialog.c +malcontent-control/restrict-applications-dialog.ui +malcontent-control/restrict-applications-selector.c +malcontent-control/restrict-applications-selector.ui malcontent-control/user-controls.c malcontent-control/user-controls.ui pam/pam_malcontent.c