From 16ef77fd194f2f10ae81f273a5dea2a3c06904b6 Mon Sep 17 00:00:00 2001
From: Giovanni Campagna <gcampagna@src.gnome.org>
Date: Thu, 31 Mar 2011 15:56:13 +0200
Subject: [PATCH] NetworkMenu: create private connections if the user is not
 authorized

Check polkit setting at startup and add, if needed, the "permissions"
setting to the connections we create, so that polkit authentication is
never needed. The connection is thus only available to other users
if the system administrator decides so.

https://bugzilla.gnome.org/show_bug.cgi?id=646187
---
 js/ui/status/network.js | 39 +++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index b7e6bf9..9367a26 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -7,6 +7,7 @@ const Gtk = imports.gi.Gtk;
 const Lang = imports.lang;
 const NetworkManager = imports.gi.NetworkManager;
 const NMClient = imports.gi.NMClient;
+const Polkit = imports.gi.Polkit;
 const NMGtk = imports.gi.NMGtk;
 const Signals = imports.signals;
 const St = imports.gi.St;
@@ -477,6 +478,11 @@ const NMDeviceBluetooth = new Lang.Class({
     Extends: NMConnectionDevice,
     category: NMConnectionCategory.WWAN,
 
+    _init: function(client, device, settings, privateConnections) {
+        this._privateConnections = privateConnections;
+        this.parent(client, device);
+    },
+
     _autoConnect: function() {
         // FIXME: DUN devices are configured like modems, so
         // We need to spawn the mobile wizard
@@ -485,6 +491,11 @@ const NMDeviceBluetooth = new Lang.Class({
         // that this phone supports PAN
 
         let connection = new NetworkManager.Connection();
+        if (this._privateConnections) {
+            let connectionSetting = new NetworkManager.SettingConnection();
+            connectionSetting.add_permission('user', GLib.get_user_name(), null);
+            connection.add_setting(connectionSetting);
+        }
         this._client.add_and_activate_connection(connection, this._device, null, null);
         return true;
     },
@@ -571,11 +582,12 @@ const NMWirelessDialog = new Lang.Class({
     Name: 'NMWirelessDialog',
     Extends: ModalDialog.ModalDialog,
 
-    _init: function(client, device, settings) {
+    _init: function(client, device, settings, privateConnections) {
         this.parent({ styleClass: 'nm-dialog' });
 
         this._client = client;
         this._device = device;
+	this._privateConnections = privateConnections;
 
         this._networks = [];
         this._buildLayout();
@@ -713,6 +725,11 @@ const NMWirelessDialog = new Lang.Class({
                             this._device.get_path(), accessPoints[0].dbus_path]);
             } else {
                 let connection = new NetworkManager.Connection();
+                if (this._privateConnections) {
+                    let connectionSetting = new NetworkManager.SettingConnection();
+                    connectionSetting.add_permission('user', GLib.get_user_name(), null);
+                    connection.add_setting(connectionSetting);
+                }
                 this._client.add_and_activate_connection(connection, this._device, accessPoints[0].dbus_path, null)
             }
         }
@@ -938,10 +955,11 @@ const NMDeviceWireless = new Lang.Class({
     Name: 'NMDeviceWireless',
     category: NMConnectionCategory.WIRELESS,
 
-    _init: function(client, device, settings) {
+    _init: function(client, device, settings, privateConnections) {
         this._client = client;
         this._device = device;
         this._settings = settings;
+        this._privateConnections = privateConnections;
 
         this._description = '';
 
@@ -1000,7 +1018,7 @@ const NMDeviceWireless = new Lang.Class({
     },
 
     _showDialog: function() {
-        this._dialog = new NMWirelessDialog(this._client, this._device, this._settings);
+        this._dialog = new NMWirelessDialog(this._client, this._device, this._settings, this._privateConnections);
         this._dialog.connect('closed', Lang.bind(this, this._dialogClosed));
         this._dialog.open();
     },
@@ -1251,6 +1269,19 @@ const NMApplet = new Lang.Class({
         if (!this._client || !this._settings)
             return;
 
+        // Check if newly created connections should be private or not
+        this._privateConnections = true;
+        let authority = Polkit.Authority.get_sync(null);
+        let credential = new Gio.Credentials();
+        let subject = new Polkit.UnixProcess({ pid: credential.get_unix_pid(), uid: credential.get_unix_user() });
+        let authResult = authority.check_authorization_sync(subject,
+                                                            'org.freedesktop.NetworkManager.settings.modify.system',
+                                                            null /* details */,
+                                                            Polkit.CheckAuthorizationFlags.NONE,
+                                                            null /* cancellable */);
+        if (authResult)
+            this._privateConnections = !authResult.get_is_authorized();
+
         this._activeConnections = [ ];
         this._connections = [ ];
 
@@ -1366,7 +1397,7 @@ const NMApplet = new Lang.Class({
 
         let wrapperClass = this._dtypes[device.get_device_type()];
         if (wrapperClass) {
-            let wrapper = new wrapperClass(this._client, device, this._settings);
+            let wrapper = new wrapperClass(this._client, device, this._settings, this._privateConnections);
             device._delegate = wrapper;
             this._addDeviceWrapper(wrapper);
 
-- 
1.8.1.4