polkit_authority_check_authorization oddity
Richard Hughes
hughsient at gmail.com
Thu Jul 16 01:53:39 PDT 2009
2009/7/16 David Zeuthen <david at fubar.dk>:
> Anyway, the intention for returning some details along with the
> PolkitAuthorizationResult object is simply to have some wiggle-room for
> future features. It is currently unused so right now it will always be
> empty...
Ahh, okay. Might be a good idea to add a note to this effect in the docs.
> FWIW, I'm not sure it's helpful to include the action_id in user-visible
> error messages, though. I mean, such a reverse-DNS-style string is
> pretty close to techno-babble.
Yes, I guess you're right.
> It of course make a lot of sense to return a message to the user about
> _what_ failed and _why_. But polkit should already tell you this - e.g.
> there are basically only three possible answers from polkit when you use
> the ALLOW_USER_INTERACTION flag
>
> o No, the user is not authorized
>
> o Yes, the user is authorized
>
> o The authorization check was cancelled
> (either by your own mechanism cancelling the check or by the user
> dismissing the authentication dialog)
This is what I don't understand. I understand that the output of
polkit_authorization_result_get_is_authorized is boolean, which
corresponds to the No and Yes actions. I also understand I can check
the GCancellable to find out if the mechanism cancelled the
authentication, but I don't know how to find out if the user dismissed
the authentication dialog, or if the session authentication agent
simply doesn't exist.
I'm getting a few bugs where the polkit-gnome-authentication-agent-1
process isn't running, and we can't show anything helpful to the user
in this case. Maybe polkit-gnome-authentication-agent-1 should
register a well known name on the session bus, and gnome-packagekit
client tools should check for this service. I'm not sure. Ideas
welcome.
Richard.
More information about the polkit-devel
mailing list