search

elementary / switchboard-plug-applications

Switchboard Applications Plug
https://elementary.io
GNU General Public License v3.0
14 stars 12 forks source link

Set permissions for flatpaks #60

Closed meisenzahl closed 4 years ago

meisenzahl commented 4 years ago

Description

As described in the AppCenter for Everyone campaign, you want to use Flatpak as a format for apps in the future. So I thought it would be a good idea to be able to set the permissions of the apps. By the way: Congratulations on the success of the campaign 🎉

For the implementation I have oriented myself on Flatseal. Great foundation!

The extension of the plug now offers the same functionality as Flatseal, except for the setting of customized paths. But I am already working on that ;)

I created the pull request to get feedback from you.

Current state

Screenshot von 2020-02-21 09 40 28

Screenshot von 2020-02-21 09 42 21

The permissions are immediately overwritten when toggling a switch. For example, Games can't start anymore if I revoke the permission to access X11:

Gtk-Message: 09:42:00.497: Failed to load module "pantheon-filechooser-module"
Unable to init server: Could not connect: Connection refused

(org.gnome.Games:2): Gtk-WARNING **: 09:42:00.506: cannot open display:

Screenshot von 2020-02-21 09 42 28

Clicking the Reset button restores the default permissions.

Tasks

Questions

I am looking forward to your feedback!

davidmhewitt commented 4 years ago

Wow, this is a really interesting starting point! Thank you for this.

It would be fine to add Gee as a dependency, we use this nearly everywhere so one more place won't hurt :smile:

One of the things that we're going to have to think about at the sprint is a way to write the description of all of these permissions so that they're clear to the average user. For example, I shouldn't have to know what "inter-process communications" means. I should just be told it means that apps may be able to talk to, control and read information from other apps or system components.

Another thing worth considering for us is that we're going to need to at least display these permissions in at least 3 applications (Sideload, AppCenter and here in the applications plug), so we may consider building a small library for reading, translating/describing, and setting these permissions rather than having this code duplicated in 3+ places.

I think it's unlikely we'll get around to reviewing this properly or merging it until during/after the sprint. The first priority is building the flatpak authenticator, the backend infrastructure for building flatpaks into the new elementary repo and maybe some flatpak portals. But, thank you for all your hard work! It'll certainly save us some research :heart:

meisenzahl commented 4 years ago

Many thanks for the detailed feedback!

To make the effects of permissions clearer to users, they may need to be grouped by topic. However, this adds a whole new level of complexity because, for example, graphical output is allowed for an app using X11, but not using Wayland. Mapping this to the flatpak permissions is a challenge.

I think developing a library for handling the Flatpak permissions is a good idea. The logic for handling the permissions is already implemented. Developing a reusable GUI for it is still pending. I trust in the capabilities of the elementary project 😉️

If I can help in any way, please let me know.

meisenzahl commented 4 years ago

It would be fine to add Gee as a dependency, we use this nearly everywhere so one more place won't hurt

Apparently there is no Map in Gee that keeps the order of the keys. So I leave my implementation with 2 internal lists like this.

vjr commented 4 years ago

It would be fine to add Gee as a dependency, we use this nearly everywhere so one more place won't hurt

Apparently there is no Map in Gee that keeps the order of the keys. So I leave my implementation with 2 internal lists like this.

Won't the TreeMap work here? See https://valadoc.org/gee-0.8/Gee.TreeMap.html

vjr commented 4 years ago

It would be fine to add Gee as a dependency, we use this nearly everywhere so one more place won't hurt

Apparently there is no Map in Gee that keeps the order of the keys. So I leave my implementation with 2 internal lists like this.

Won't the TreeMap work here? See https://valadoc.org/gee-0.8/Gee.TreeMap.html

My bad, probably not.

meisenzahl commented 4 years ago

@danrabbit many thanks for your detailed feedback and constructive suggestions!

As suggested, I have removed the options for X11 fallback and Wayland, as they are not needed.

I implemented your UI suggestions and added icons and descriptions to the permissions view. In my opinion the UI is now more appealing. But I think you probably have more good ideas to make it even more user friendly 😉️

Screenshot von 2020-02-22 09 19 06

Screenshot von 2020-02-22 09 20 02

Screenshot von 2020-02-22 09 20 06

Instead of listing the app ID as description text, I now list the permissions that are allowed.

Screenshot von 2020-02-22 09 19 43

I look forward to your feedback!