Bug 66160

Summary: Manpages don't describe how to access action "detail" values in polkit JS authority
Product: PolicyKit Reporter: Daniel P. Berrange <dan-freedesktop>
Component: daemonAssignee: David Zeuthen (not reading bugmail) <zeuthen>
Status: RESOLVED MOVED QA Contact: David Zeuthen (not reading bugmail) <zeuthen>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Daniel P. Berrange 2013-06-25 13:35:57 UTC 
PolicyKit and/or pkcheck allow the app to supply multiple key,value detail pairs when checking an action eg

       pkcheck  --process 12345 --actionid org.libvirt.connection.open --detail virt kvm

The intent is to allow the administrator to configure policy for actions that varies according to the virtualization type (kvm, lxc, xen, etc).

The man page 'polkit' gives info about how to check action id values and subjects in the  javascript authority. It provides no information about how to access the 'detail' key,value pairs passed in along with the value.
Comment 1 Daniel P. Berrange 2013-06-25 14:03:16 UTC 
After looking at the source code I found the following syntax works

    action._detail_<key>

eg

    if (action.id == "org.libvirt.connection.open" &&
        action._detail_virt == "kvm") {
            return polkit.Result.YES;
    }

Could some examples of this be added to the man pages. Also given this syntax, I'm guessing there are some restrictions on the format of valid detail key names. eg using a hyphen in the detail key name would appear lead to invalid token names in the javascript  action._detail_key-name, as would a period and other kinds of punctuation
Comment 2 Miloslav Trmac 2013-06-25 14:38:41 UTC 
>   The Action type
>       The action parameter passed to user functions is an object with
>       information about the action being checked. It is of type Action and
>       has the following attribute:
...
>       string lookup(string key);
>
>       The lookup() method is used to lookup the polkit variables passed from
>       the mechanism. For example, the pkexec(1) mechanism sets the variable
>       program which can be obtained in Javascript using the expression
>       action.lookup("program"). If there is no value for the given key, then
>       undefined is returned.

Could probably be clarified a bit.
Comment 3 GitLab Migration User 2018-08-20 21:38:45 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/polkit/polkit/issues/60.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.