Also take into account printer-X-edit for set-default/printer-enable.

This is actually important if we don't want to ask for password too many different times. That's why we even prefer printer-X-edit over set-default/printer-enable when requesting authentication.
author: Vincent Untz <vuntz@novell.com> 2008-11-21 00:58:37 +0100
committer: Vincent Untz <vuntz@novell.com> 2008-11-21 00:58:37 +0100
commit: 20f6cda5f7884d6340c32f9d85a66fcc517cfde8 (patch)
tree: d42fbdf9b373753c60f9079d5724d8d814ffce24
parent: 37b8b42e048b1803685add376e286b53d95f058c (diff)
2 files changed, 33 insertions, 5 deletions
diff --git a/src/cups-pk-helper-mechanism.c b/src/cups-pk-helper-mechanism.c
index eff14be..7e791d6 100644
--- a/src/cups-pk-helper-mechanism.c
+++ b/src/cups-pk-helper-mechanism.c
@@ -370,9 +370,9 @@ _check_polkit_for_action_v (CphMechanism          *mechanism,
 
         /* We check if the user is authorized for any of the specificed action
          * methods. In case of failure, we'll fail for the last one. Therefore,
-         * we should go from generic authorization to very specific
-         * authorization, so that the user gets asked for the "easier"
-         * password in the end (eg, user password vs root password). */
+         * we should choose with care the order, especially if we don't want
+         * to prompt for a password too often and if we don't want to authorize
+         * too many things at once. */
         va_start (var_args, first_action_method);
         action_method = first_action_method;
 
@@ -838,12 +838,23 @@ cph_mechanism_printer_set_default (CphMechanism          *mechanism,
                                    const char            *name,
                                    DBusGMethodInvocation *context)
 {
+        gboolean is_local;
         gboolean ret;
 
         reset_killtimer (mechanism);
 
+        is_local = cph_cups_is_printer_local (mechanism->priv->cups, name);
         if (!_check_polkit_for_action_v (mechanism, context,
-                                         "printeraddremove", "printer-default",
+                                         "printeraddremove",
+                                         /* this is not the last check because
+                                          * it's likely most useful to the user
+                                          * to give "printer-X-edit" powers */
+                                         "printer-default",
+                                         /* quite important, since it's
+                                          * automatically called after adding a
+                                          * printer */
+                                         is_local ? "printer-local-edit"
+                                                  : "printer-remote-edit",
                                          NULL))
                 return FALSE;
 
@@ -859,12 +870,23 @@ cph_mechanism_printer_set_enabled (CphMechanism          *mechanism,
                                    gboolean               enabled,
                                    DBusGMethodInvocation *context)
 {
+        gboolean is_local;
         gboolean ret;
 
         reset_killtimer (mechanism);
 
+        is_local = cph_cups_is_printer_local (mechanism->priv->cups, name);
         if (!_check_polkit_for_action_v (mechanism, context,
-                                         "printeraddremove", "printer-enable",
+                                         "printeraddremove",
+                                         /* this is not the last check because
+                                          * it's likely most useful to the user
+                                          * to give "printer-X-edit" powers */
+                                         "printer-enable",
+                                         /* quite important, since it's
+                                          * automatically called after adding a
+                                          * printer */
+                                         is_local ? "printer-local-edit"
+                                                  : "printer-remote-edit",
                                          NULL))
                 return FALSE;
 
diff --git a/src/org.opensuse.cupspkhelper.mechanism.policy.in b/src/org.opensuse.cupspkhelper.mechanism.policy.in
index 173a8db..cbff03a 100644
--- a/src/org.opensuse.cupspkhelper.mechanism.policy.in
+++ b/src/org.opensuse.cupspkhelper.mechanism.policy.in
@@ -8,6 +8,9 @@
   <vendor_url>http://www.opensuse.org/</vendor_url>
   <icon_name>printer</icon_name>
 
+  <!-- Exists mainly so that it's possible to not require a password for this
+       operation: if some authorization is required, then the PolicyKit helper
+       will fallback on printer-X-edit. -->
   <action id="org.opensuse.cupspkhelper.mechanism.printer-set-default">
     <_description>Set a printer as default printer</_description>
     <_message>Privileges are required to set a printer, or a class, as default printer.</_message>
@@ -17,6 +20,9 @@
     </defaults>
   </action>
 
+  <!-- Exists mainly so that it's possible to not require a password for this
+       operation: if some authorization is required, then the PolicyKit helper
+       will fallback on printer-X-edit. -->
   <action id="org.opensuse.cupspkhelper.mechanism.printer-enable">
     <_description>Enable/Disable a printer</_description>
     <_message>Privileges are required to enable/disable a printer, or a class.</_message>
author	Vincent Untz <vuntz@novell.com>	2008-11-21 00:58:37 +0100
committer	Vincent Untz <vuntz@novell.com>	2008-11-21 00:58:37 +0100
commit	20f6cda5f7884d6340c32f9d85a66fcc517cfde8 (patch)
tree	d42fbdf9b373753c60f9079d5724d8d814ffce24
parent	37b8b42e048b1803685add376e286b53d95f058c (diff)