Sometimes, when closing the application,
`flush_update_blacklisted_apps()` would be called after
`MctRestrictApplicationsSelector` had been destroyed, leading to a
critical.
This was because the `MctRestrictApplicationsDialog` was being disposed
early due to its `destroy-with-parent` property being set. The dispose
function of `MctUserControls` was run several times due to GTK calling
`g_object_run_dispose()`, and the critical would be emitted the second
time.
Make the dispose function’s call to `flush_update_blacklisted_apps()` be
safe for multiple dispose calls, and ensure the dialog isn’t destroyed
too early.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
`dest_x` is not set if `gtk_widget_translate_coordinates()` fails, which
it can do before the widget is realised.
This fixes a valgrind warning, but doesn’t change any user-visible
behaviour as far as I can tell.
This has been upstreamed to gnome-control-center as
https://gitlab.gnome.org/GNOME/gnome-control-center/merge_requests/691.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Children can’t be administrator accounts, otherwise applying parental
controls to them would be pointless and ineffective. So hide the
administrator accounts from the parental controls app.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We don’t want to show administrators in the parental controls app,
since child accounts are not administrators (if they are, they are too
powerful to be constrained by parental controls).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
After the user’s current set of permissions have changed, they may now
be able to query the app filter whereas previously they weren’t allowed
to. So try re-querying it.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Add an unlock screen to the application, which is shown on startup if
the current user doesn’t have permission to view the parental controls
of other users. It requests permission using a new polkit action which
implies the various accounts-service actions we need.
This adds a dependency on `polkit-gobject-1`.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
A fairly arbitrary decision which seems to match the new controls a bit
better, removing the large whitespace gap at the bottom of the window.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Following the redesign of the app filter controls, redesign the rest of
the controls on the window to match the list-box-like new style. This
doesn’t change their functionality.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Rather than having a scrollable listbox within a scrollable list of
widgets, move the listbox out to a separate dialogue.
This involves separating out all the code to query the apps, to get and
to set the app filter, from `MctUserControls` out into the new
`MctRestrictApplicationsSelector`. Most of it is unchanged, aside from
its interaction with the filter: the filter is now provided to the
widget by the calling code, rather than being queried by the widget
itself. The widget’s status can be queried into an
`MctAppFilterBuilder`, rather than being used to set the app filter
directly.
This commit redesigns the appearance of the relevant widgets in the main
window so that they follow the new list-box-like visual design. A
following commit will apply similar changes to the other widgest in the
main screen.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
The application doesn’t hold a ref to some of the widgets it holds a
pointer to, since their ownership is controlled by the main window. The
main window’s lifecycle is controlled by the application, but its
dispose cycle runs at a slightly different time.
Hence, we should disconnect from the widget signals when we can, but
without holding a strong ref.
The error domain was renamed in libmalcontent, so we should use the new
domain rather than the compatibility defines.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
If there are no suitable users to show in the user selector, then no
user can be selected, so the controls have to handle a NULL user.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
The values are the same so this doesn’t introduce any functional
changes, but it does fix the type.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
The `GSource` was being removed twice, once in `blacklist_apps_cb()` and
once in `flush_update_blacklisted_apps()`, leading to a critical warning
from GLib.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This replicates the old interface from Endless’ gnome-control-center,
with no attempt to improve or rework it. That will come later.
It might not work fully.
It allows a user to be selected, and their parental controls to be
changed. It currently doesn’t filter the users.
It supports a simple ‘Loading’ screen, before displaying the main
interface. If loading fails (due to a D-Bus error with accountsservice),
an error page is displayed instead.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This isn’t used yet, but will be soon. It encapsulates an
`ActUserManager` with an `MctCarousel` to provide an all-inclusive
widget for selecting a user account.
It’s based off code from the user accounts panel of
gnome-control-center, licenced as GPLv2+, and authored by many people
over time (see
https://gitlab.gnome.org/GNOME/gnome-control-center/commits/master/panels/user-accounts).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Make it fit in with the surrounding code style, and rename the classes
to `MctCarousel` and `MctUserControls`. List them in `meson.build` and
`POTFILES.in`. No other changes.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Add `CcCarousel` and `CcAppPermissions` from gnome-control-center and
rename the files. None of the contents of the files have been changed
yet. The files are from git master of gnome-control-center on
2020-01-08.
`carousel.{c,h,ui}` are licensed under GPLv2+, and are copyright 2016
Red Hat, Inc. The original author was Felipe Borges.
`user-controls.{c,h,ui}` are licensed under GPLv3+, and are copyright
2018, 2019 Endless, Inc.
`gs-content-rating.{c,h}` are originally from gnome-software, are
licensed under GPLv2+, and are copyright 2015, 2016 Richard Hughes. He
was also the original author. These files are needed by
`user-controls.{c,h}`.
`user-image.{c,h}` are licensed under GPLv2+ and are copyright 2015, Red
Hat, Inc. The original author was Ondrej Holy.
This code will not stay as copy-paste code for too long. The ultimate
plan is to rework most of the widgets:
• `CcCarousel`: Will be reworked to provide more information about the
screen time usage of each user. It will become a summary widget as
well as a selector.
• `GsContentRating`: Will be abstracted out into libappstream-glib, or
some other suitable library, where its implementation can be shared
between gnome-software and malcontent.
• `CcUserControls`: Will be reworked as the UI of malcontent evolves.
Will also be removed from gnome-control-center once malcontent-control
is released.
• `CcUserImage`: As per `CcCarousel`, this will evolve into a new
widget.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
The previous version only worked on Fedora-like distributions which have
`libdir = /usr/lib{,64}`. On multi-arch Debian systems, it would
calculate `pamlibdir = /usr/x86_64-linux-gnu/security` which is not
right.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
It might be stable one day, but while the functionality of libmalcontent
is growing, the command line tooling will continue to change.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
These tests check that the built `pam_malcontent.so` module can be
loaded using `dlopen()` and that it exports the right symbol. This
should mean that PAM can load it and use it.
Unfortunately, we can’t actually run the module, since PAM hard-codes
its configuration path as being in `/etc`, and there seems to be no way
to override that to load a dummy configuration from a test directory. So
the only way to test the PAM module is to use a file system bind mount
to fake `/etc` (which requires privileges); or to actually install it on
your system and integrate it into your real PAM configuration. Neither
of those are acceptable for a unit test.
It might be possible to re-execute a test under `bwrap` (if installed)
to achieve this, bind mounting a dummy `/etc/pam.d/dummy` service file
into the subprocess’ mount namespace, and otherwise bind mounting `/` to
`/`. It would need a mock malcontent D-Bus API to talk to. Something to
experiment with another time.
(See `_pam_init_handlers()` in
https://github.com/linux-pam/linux-pam/blob/master/libpam/pam_handlers.c
for details of how PAM modules are loaded.)
Signed-off-by: Philip Withnall <withnall@endlessm.com>
The default value for the `user` argument wasn’t looked up, since
parsing an empty command line doesn’t go through the
`parser_get_app_filter` subparser.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This adds tests for the getter and setter for session limits, giving us
65.9% branch coverage (but that includes `g_return_if_fail()` and
friends, which are impossible and pointless to test both sides of the
branch).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This is another extension interface on accountsservice which stores
information about time and usage limits on the user session. Currently,
only a ‘daily schedule’ limit (or no limit) is supported, but additional
types and combinations of limits can be supported in future.
The daily schedule limit allows using the computer between a certain
start time and end time each day (the same each day). The user will be
kicked out of their session when the end time is reached, if they
haven’t already logged out.
This includes the getters for the new data, polkit rules for accessing
it, and some documentation. Changes to `malcontent-client` to support
session limits, setters, and unit tests will all follow.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Add a couple of missing exit statuses (and document them) and convert
Malcontent errors to exit statuses more specifically.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This isn’t an API break, as compatibility defines are in place; and the
error code values are the same, so it shouldn’t be an ABI break. The
string value of the error quark has changed, but nobody should be
comparing that against a value which hasn’t come out of libmalcontent,
so changing it should be OK.
This is along the same lines as the previous commit: we don’t need one
error domain per property of an `MctManager`, so reduce the potential
for future duplication by renaming it now.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
If we have a flag type for getting and for setting every type of value
which can be stored on an `MctManager`, that will lead to a load of flag
types which all look identical.
Refactor the types so we only have one shared flags type for getters,
and one for setters.
Add compatibility defines so that this doesn’t break API. It’s not an
ABI break because the flag member values don’t change.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Previously these flags were using automatically assigned enum values,
which would have eventually resulted in having more than one bit set per
flag. Fix that before it happens by explicitly assigning flag-like
values. This was an oversight when they were first written.
This introduces no functional changes because both enums only had one
element so far.
Signed-off-by: Philip Withnall <withnall@endlessm.com>