plasma-framework/plasma/remote/authorizationmanager.h

125 lines
4.2 KiB
C
Raw Normal View History

/*
* Copyright 2009 by Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor,
* Boston, MA 02110-1301 USA
*/
#ifndef PLASMA_AUTHORIZATIONMANAGER_H
#define PLASMA_AUTHORIZATIONMANAGER_H
#include "plasma_export.h"
#include <QtCore/QObject>
class QString;
namespace Plasma
{
class AuthorizationInterface;
class AuthorizationManagerPrivate;
class ServiceAccessJob;
class ServiceJob;
/**
* @class AuthorizationManager plasma/authorizationmanager.h <Plasma/AccessManager>
*
* @short Allows authorization of access to plasma services.
*
* This is the class where every message to or from another machine passes through.
* It's responsibilities are:
* - creating/keeping a credentials used for message signing.
* - verifying credentials of incoming messages.
* - testing whether or not the sender is allowed to access the requested resource by testing the
* request to a set of rules.
* - allowing the shell to respond to a remote request that doesn't match any of the rules that
* are in effect.
* Besides internal use in libplasma, the only moment you'll need to access this class is when you
* implement a plasma shell.
*
* @since 4.4
*/
class PLASMA_EXPORT AuthorizationManager : public QObject
{
Q_OBJECT
public:
enum AuthorizationPolicy {
DenyAll= 0, /** < Don't allow any incoming connections */
TrustedOnly= 1, /**< Standard PIN pairing for untrusted connections */
PinPairing= 2, /** < Only allow connections from trusted machines */
Custom= 256 /** < Specify a custom AuthorizationInterface */
};
/**
* Singleton pattern accessor.
*/
static AuthorizationManager *self();
/**
* Set a policy used for authorizing incoming connections. You can either use one of the
* included policies, Default is to deny all incoming connections. This can only be set
* once to avoid that malicious plugins can change this. This means that you should ALWAYS
* call this function in any plasma shell, even if you like to use the default DenyAll
* policy.
*/
void setAuthorizationPolicy(AuthorizationPolicy policy);
/**
* Register an implementation of AuthorizationInterface. Use this to make your shell
* handle authorization requests. This can only be set once to avoid that malicious plugins
* can change this.
*/
void setAuthorizationInterface(AuthorizationInterface *interface);
Q_SIGNALS:
/**
* fires when the AuthorizationManager is ready for accesssing remote plasmoids, meaning the
* private key has been unlocked by the user.
*/
void readyForRemoteAccess();
private:
AuthorizationManager();
~AuthorizationManager();
AuthorizationManagerPrivate *const d;
Q_PRIVATE_SLOT(d, void slotLoadRules())
Q_PRIVATE_SLOT(d, void slotWalletOpened())
friend class AccessManager;
friend class AuthorizationManagerPrivate;
friend class AuthorizationManagerSingleton;
friend class AuthorizationRule;
friend class AuthorizationRulePrivate;
friend class Applet;
friend class AppletPrivate;
friend class Credentials;
friend class DataEngine;
friend class GetSource;
friend class PackagePrivate;
friend class PlasmoidServiceJob;
friend class RemoteService;
friend class RemoteServiceJob;
friend class ServicePrivate;
friend class ServiceProvider;
};
} // Plasma namespace
#endif