Dear developers,
please don’t use a programming language for configuration files. Seriously. Don’t. Just don’t. You are only making live hard for people.
Here is what my polkit custom desktop policy looked like in Fedora <= 17:
Identity=unix-group:wheel Action=org.freedesktop.packagekit.package-install;org.freedesktop.packagekit.package-remove;org.freedesktop.packagekit.system-rollback;org.freedesktop.packagekit.system-sources*;org.opensuse.cupspkhelper.mechanism.*;org.libvirt.unix.*;dk.yumex.backend.pkexec.run ResultAny=no ResultInactive=no ResultActive=yes
I think this is pretty straight forward, but some people found it confusing and too complex. So David rewrote it.
Now let’s see how the same looks in Fedora >=18:
polkit.addRule(function(action, subject) {
if (subject.isInGroup("wheel") && subject.active) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
if (action.id.indexOf("org.freedesktop.packagekit.package-install") == 0) {
return polkit.Result.YES;
}
if (action.id.indexOf("org.freedesktop.packagekit.package-remove") == 0) {
return polkit.Result.YES;
}
if (action.id.indexOf("org.freedesktop.packagekit.system-rollback") == 0) {
return polkit.Result.YES;
}
if (action.id.indexOf("org.freedesktop.packagekit.system-sources.") == 0) {
return polkit.Result.YES;
}
if (action.id.indexOf("org.opensuse.cupspkhelper.mechanism.") == 0) {
return polkit.Result.YES;
}
if (action.id.indexOf("org.libvirt.unix.") == 0) {
return polkit.Result.YES;
}
if (action.id.indexOf("dk.yumex.backend.pkexec.run") == 0) {
return polkit.Result.YES;
}
}
});
What do we learn from this?
