From cd36d90091f34497d035b3f5abd17412bbc488c5 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Sun, 15 Nov 2020 17:31:21 +0000 Subject: [PATCH] =?UTF-8?q?malcontent-control:=20Drop=20=E2=80=98Restrict?= =?UTF-8?q?=20Application=20Installation=20for=20Others=E2=80=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This simplifies the UI, as nobody really understood the difference between ‘Restrict Application Installation’ and ‘Restrict Application Installation for Others’. Now there’s just a ‘Restrict Application Installation’ checkbox, which controls application installation in the home and system flatpak repos. The underlying app-filter representation in libmalcontent still supports restricting installation to them separately, but the UI will always set them to the same value. There is a suggestion that we may want to support user repos again in future iff the user has added a remote to their user repo. However, figuring that out for other users (which is what the admin would have to do when setting this all up) starts to get tricky with permissions for reading other users’ home directories. Skip that for the moment — we can reconsider adding that option in future if someone argues a case for it. Signed-off-by: Philip Withnall Fixes: #30 --- help/C/software-installation.page | 20 ++---- libmalcontent-ui/user-controls.c | 82 ++++++------------------ libmalcontent-ui/user-controls.ui | 102 +++--------------------------- malcontent-control/main.ui | 2 +- 4 files changed, 33 insertions(+), 173 deletions(-) diff --git a/help/C/software-installation.page b/help/C/software-installation.page index 47056ae..b264dee 100644 --- a/help/C/software-installation.page +++ b/help/C/software-installation.page @@ -8,10 +8,11 @@ Restricting Software Installation -

You can prevent a user from installing additional software, either for the - entire system, or just for themselves. They will still be able to search for - new software to install, but will need an administrator to authorize the - installation when they try to install an application.

+

You can prevent a user from installing additional software on the system. + They will still be able to search for new software to install, but will need + an administrator to authorize the installation when they try to install an + application. This applies whether they are trying to install the application + system-wide (for all users) or just for themselves.

Additionally, you can restrict which software a user can browse or search for in the Software catalog by age categories.

@@ -27,18 +28,7 @@

Open the Parental Controls application.

Select the user in the tabs at the top.

Enable the Restrict Application Installation checkbox.

 -

Or enable the Restrict Application Installation for Others checkbox.

 - -

The Restrict Application Installation for Others - checkbox allows the user to install additional software for themselves, but - prevents that software from being made available to other users. It could be - used, for example, if there were two child users, one of whom is mature - enough to be allowed to install additional software, but the other isn’t — - enabling Restrict Application Installation for Others - would prevent the more mature child from installing applications which are - inappropriate for the other child and making them available to the other - child.

diff --git a/libmalcontent-ui/user-controls.c b/libmalcontent-ui/user-controls.c index 11437dd..0c8b5b1 100644 --- a/libmalcontent-ui/user-controls.c +++ b/libmalcontent-ui/user-controls.c @@ -77,10 +77,8 @@ struct _MctUserControls GtkGrid parent_instance; GMenu *age_menu; - GtkSwitch *restrict_system_installation_switch; - GtkLabel *restrict_system_installation_description; - GtkSwitch *restrict_user_installation_switch; - GtkLabel *restrict_user_installation_description; + GtkSwitch *restrict_software_installation_switch; + GtkLabel *restrict_software_installation_description; GtkSwitch *restrict_web_browsers_switch; GtkLabel *restrict_web_browsers_description; GtkButton *oars_button; @@ -447,8 +445,7 @@ update_oars_level (MctUserControls *self) static void update_allow_app_installation (MctUserControls *self) { - gboolean restrict_system_installation; - gboolean restrict_user_installation; + gboolean restrict_software_installation; gboolean non_admin_user = TRUE; if (self->user_account_type == ACT_USER_ACCOUNT_TYPE_ADMINISTRATOR) @@ -456,8 +453,7 @@ update_allow_app_installation (MctUserControls *self) /* Admins are always allowed to install apps for all users. This behaviour is governed * by flatpak polkit rules. Hence, these hide these defunct switches for admins. */ - gtk_widget_set_visible (GTK_WIDGET (self->restrict_system_installation_switch), non_admin_user); - gtk_widget_set_visible (GTK_WIDGET (self->restrict_user_installation_switch), non_admin_user); + gtk_widget_set_visible (GTK_WIDGET (self->restrict_software_installation_switch), non_admin_user); /* If user is admin, we are done here, bail out. */ if (!non_admin_user) @@ -467,35 +463,22 @@ update_allow_app_installation (MctUserControls *self) return; } - restrict_system_installation = !mct_app_filter_is_system_installation_allowed (self->filter); - restrict_user_installation = !mct_app_filter_is_user_installation_allowed (self->filter); - /* While the underlying permissions storage allows the system and user settings * to be stored completely independently, force the system setting to OFF if * the user setting is OFF in the UI. This keeps the policy in use for most * people simpler. */ - if (restrict_user_installation) - restrict_system_installation = TRUE; + restrict_software_installation = !mct_app_filter_is_user_installation_allowed (self->filter); - g_signal_handlers_block_by_func (self->restrict_system_installation_switch, + g_signal_handlers_block_by_func (self->restrict_software_installation_switch, on_restrict_installation_switch_active_changed_cb, self); - g_signal_handlers_block_by_func (self->restrict_user_installation_switch, - on_restrict_installation_switch_active_changed_cb, - self); + gtk_switch_set_active (self->restrict_software_installation_switch, restrict_software_installation); - gtk_switch_set_active (self->restrict_system_installation_switch, restrict_system_installation); - gtk_switch_set_active (self->restrict_user_installation_switch, restrict_user_installation); + g_debug ("Restrict system installation: %s", restrict_software_installation ? "yes" : "no"); + g_debug ("Restrict user installation: %s", restrict_software_installation ? "yes" : "no"); - g_debug ("Restrict system installation: %s", restrict_system_installation ? "yes" : "no"); - g_debug ("Restrict user installation: %s", restrict_user_installation ? "yes" : "no"); - - g_signal_handlers_unblock_by_func (self->restrict_system_installation_switch, - on_restrict_installation_switch_active_changed_cb, - self); - - g_signal_handlers_unblock_by_func (self->restrict_user_installation_switch, + g_signal_handlers_unblock_by_func (self->restrict_software_installation_switch, on_restrict_installation_switch_active_changed_cb, self); } @@ -538,12 +521,7 @@ update_labels_from_name (MctUserControls *self) /* Translators: The placeholder is a user’s display name. */ l = g_strdup_printf (_("Prevents %s from installing applications."), self->user_display_name); - gtk_label_set_label (self->restrict_user_installation_description, l); - g_clear_pointer (&l, g_free); - - /* Translators: The placeholder is a user’s display name. */ - l = g_strdup_printf (_("Applications installed by %s will not appear for other users."), self->user_display_name); - gtk_label_set_label (self->restrict_system_installation_description, l); + gtk_label_set_label (self->restrict_software_installation_description, l); g_clear_pointer (&l, g_free); } @@ -630,20 +608,6 @@ on_restrict_installation_switch_active_changed_cb (GtkSwitch *s, GParamSpec *pspec, MctUserControls *self) { - /* See the comment about policy in update_allow_app_installation(). */ - if (s == self->restrict_user_installation_switch && - gtk_switch_get_active (s) && - !gtk_switch_get_active (self->restrict_system_installation_switch)) - { - g_signal_handlers_block_by_func (self->restrict_system_installation_switch, - on_restrict_installation_switch_active_changed_cb, - self); - gtk_switch_set_active (self->restrict_system_installation_switch, TRUE); - g_signal_handlers_unblock_by_func (self->restrict_system_installation_switch, - on_restrict_installation_switch_active_changed_cb, - self); - } - /* Save the changes. */ schedule_update_blocklisted_apps (self); } @@ -1084,10 +1048,8 @@ mct_user_controls_class_init (MctUserControlsClass *klass) gtk_widget_class_set_template_from_resource (widget_class, "/org/freedesktop/MalcontentUi/ui/user-controls.ui"); gtk_widget_class_bind_template_child (widget_class, MctUserControls, age_menu); - gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_system_installation_switch); - gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_system_installation_description); - gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_user_installation_switch); - gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_user_installation_description); + gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_software_installation_switch); + gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_software_installation_description); gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_web_browsers_switch); gtk_widget_class_bind_template_child (widget_class, MctUserControls, restrict_web_browsers_description); gtk_widget_class_bind_template_child (widget_class, MctUserControls, oars_button); @@ -1141,10 +1103,6 @@ mct_user_controls_init (MctUserControls *self) gtk_popover_bind_model (self->oars_popover, G_MENU_MODEL (self->age_menu), NULL); - g_object_bind_property (self->restrict_user_installation_switch, "active", - self->restrict_system_installation_switch, "sensitive", - G_BINDING_DEFAULT | G_BINDING_INVERT_BOOLEAN); - /* Automatically add separators between rows. */ gtk_list_box_set_header_func (self->application_usage_permissions_listbox, list_box_header_func, NULL, NULL); @@ -1576,16 +1534,14 @@ mct_user_controls_build_app_filter (MctUserControls *self, /* App installation */ if (self->user_account_type != ACT_USER_ACCOUNT_TYPE_ADMINISTRATOR) { - gboolean restrict_system_installation; - gboolean restrict_user_installation; + gboolean restrict_software_installation; - restrict_system_installation = gtk_switch_get_active (self->restrict_system_installation_switch); - restrict_user_installation = gtk_switch_get_active (self->restrict_user_installation_switch); + restrict_software_installation = gtk_switch_get_active (self->restrict_software_installation_switch); - g_debug ("\t → %s system installation", restrict_system_installation ? "Restricting" : "Allowing"); - g_debug ("\t → %s user installation", restrict_user_installation ? "Restricting" : "Allowing"); + g_debug ("\t → %s system installation", restrict_software_installation ? "Restricting" : "Allowing"); + g_debug ("\t → %s user installation", restrict_software_installation ? "Restricting" : "Allowing"); - mct_app_filter_builder_set_allow_user_installation (builder, !restrict_user_installation); - mct_app_filter_builder_set_allow_system_installation (builder, !restrict_system_installation); + mct_app_filter_builder_set_allow_user_installation (builder, !restrict_software_installation); + mct_app_filter_builder_set_allow_system_installation (builder, !restrict_software_installation); } } diff --git a/libmalcontent-ui/user-controls.ui b/libmalcontent-ui/user-controls.ui index 69b1974..cbd8c6a 100644 --- a/libmalcontent-ui/user-controls.ui +++ b/libmalcontent-ui/user-controls.ui @@ -255,7 +255,7 @@ False - + True False False @@ -271,7 +271,7 @@ 4 4 - + True False start @@ -280,9 +280,9 @@ 0 Restrict Application _Installation True - restrict_user_installation_switch + restrict_software_installation_switch - + @@ -291,7 +291,7 @@ - + True False start @@ -308,7 +308,7 @@ - + @@ -317,92 +317,7 @@ - - True - True - end - center - - - - - 1 - 0 - 2 - - - - - - - - - - - True - False - False - - - True - False - center - 12 - 12 - 8 - 8 - 4 - 4 - - - True - False - start - True - end - 0 - Restrict Application Installation for _Others - True - restrict_system_installation_switch - - - - - - 0 - 0 - - - - - True - False - start - True - none - True - 0 - - Applications installed by {username} will not appear for other users. - - - - - - - - - - 0 - 1 - - - - + True True end @@ -561,8 +476,7 @@ - - + diff --git a/malcontent-control/main.ui b/malcontent-control/main.ui index 12fab8b..6b5e842 100644 --- a/malcontent-control/main.ui +++ b/malcontent-control/main.ui @@ -4,7 +4,7 @@ 500 - 600 + 520 True