-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sudo: Rework it for the local machine #13482
Merged
martinpitt
merged 13 commits into
cockpit-project:master
from
mvollmer:sudo-rework-local
May 6, 2020
Merged
Changes from all commits
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
5278323
shell: Remove "Privileged" indicator and deauthorization button
mvollmer 8735a09
bridge: Add cockpit_peer_ensure_with_done function
mvollmer 3343b73
bridge: Don't start superuser bridges implicitly
mvollmer f95b25b
bridge: Explicit superuser bridge starting
mvollmer 0e3ce2f
ws, bridge: Superuser bridges immediately after login
mvollmer a1a0551
shell, overview: Add Superuser buttons and an alert
mvollmer 2f1d826
base1: Force page reload when permissions change
mvollmer 32afc9a
storage: Update for new superuser style
mvollmer 96b3b0f
networking: Update for new superuser style
mvollmer 564e948
systemd: Update overview for new superuser style
mvollmer ec82885
shell: Disable pkexec superuser bridge
mvollmer 14041f0
test: Adapt to new superuser behavior
mvollmer 2dc0738
test: New check-superuser tests
mvollmer File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
/* | ||
* This file is part of Cockpit. | ||
* | ||
* Copyright (C) 2020 Red Hat, Inc. | ||
* | ||
* Cockpit is free software; you can redistribute it and/or modify it | ||
* under the terms of the GNU Lesser General Public License as published by | ||
* the Free Software Foundation; either version 2.1 of the License, or | ||
* (at your option) any later version. | ||
* | ||
* Cockpit is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public License | ||
* along with Cockpit; If not, see <http://www.gnu.org/licenses/>. | ||
*/ | ||
|
||
import cockpit from "cockpit"; | ||
|
||
/* import { superuser } from "superuser.jsx"; | ||
* | ||
* The "superuser" object indicates whether or not the current page | ||
* can open superuser channels. | ||
* | ||
* - superuser.allowed | ||
* | ||
* This is true when the page can open superuser channels, and false | ||
* otherwise. Right after page load, this field might be "null" until | ||
* the real value has been received, but you should treat this as | ||
* false. | ||
* | ||
* - superuser.addEventListener("changed", () => ...) | ||
* | ||
* The event handler is called whenever superuser.allowed has changed. | ||
* A page should update its appearance according to superuser.allowed, | ||
* and it should also re-initialize itself by opening all "superuser" | ||
* channels again that are currently open. | ||
* | ||
* - superuser.reload_on_change() | ||
* | ||
* Calling this function instructs the "superuser" object to reload | ||
* the page whenever "superuser.allowed" changes. This is a (bad) | ||
* alternative to re-initializing the page and intended to be used | ||
* only to help with the transition. | ||
* | ||
* Even if you are using "superuser.reload_on_change" to avoid having | ||
* to re-initialize your page dynamically, you should still use the | ||
* "changed" event to update the page appearance since | ||
* "superuser.allowed" might still change a couple of times right | ||
* after page. | ||
*/ | ||
|
||
function Superuser() { | ||
const proxy = cockpit.dbus(null, { bus: "internal" }).proxy("cockpit.Superuser", "/superuser"); | ||
let reload_on_change = false; | ||
|
||
const compute_allowed = () => { | ||
if (!proxy.valid || proxy.Current == "init") | ||
return null; | ||
return proxy.Current != "none"; | ||
}; | ||
|
||
const self = { | ||
allowed: compute_allowed(), | ||
reload_page_on_change: reload_page_on_change | ||
}; | ||
|
||
cockpit.event_target(self); | ||
|
||
proxy.wait(() => { | ||
if (!proxy.valid) { | ||
// Fall back to cockpit.permissions | ||
const permission = cockpit.permission({ admin: true }); | ||
const changed = () => { | ||
self.allowed = permission.allowed; | ||
self.dispatchEvent("changed"); | ||
}; | ||
permission.addEventListener("changed", changed); | ||
changed(); | ||
} | ||
}); | ||
|
||
proxy.addEventListener("changed", () => { | ||
const allowed = compute_allowed(); | ||
if (self.allowed != allowed) { | ||
if (self.allowed != null && reload_on_change) { | ||
window.location.reload(true); | ||
} else { | ||
self.allowed = allowed; | ||
self.dispatchEvent("changed"); | ||
} | ||
} | ||
}); | ||
|
||
function reload_page_on_change() { | ||
reload_on_change = true; | ||
} | ||
|
||
return self; | ||
} | ||
|
||
export const superuser = Superuser(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
flock doesn't need superuser -- is this just a debugging leftover?