On 25/07/2017 11:10, Pavel Sanda wrote:
1. No "needauth" preferences (do not allow needauth from being disabled).
instead of this, why don't we put some more stress on the action of disabling the
"Use needauth option", e.g., the attached patch ?
Some nice text would have to be properly formulated of course...
Also, the "Use needauth option" checkbox label we have now could be reworded to
smth like
"needauth converters need user permission", or
"ask user permission before running needauth converters", or
"don't run needauth converters without user's consent"
...
The forbid vs enable needauth of the left checkbox sounds ambiguous/confusing
w.r.t. the use vs don't use needauth we have on the right checkbox.
T.
2. The dialog has a checkbox "I have read the above and I understand the
consequences", unchecked by default, which one has to check before
clicking "allow" or "always allow for the document". This checkbox is
remembered per-user (this replaces the "forbid use of needauth" option).
3. For command-line only (without GUI), have a command-line options
--needauth=[never(default)|always|ask].
I am not sure I understood this proposal, but if by 1&2 you mean
to replace "Forbid.." checkbox by unchecked "I have read...",
then I have no problem with it. (Though if we wanted to make it scary
it should contain words like "Warning" or "Dangerous".)
Ask Christian about the string, he seemed to be the main critic of UI...
Pavel
diff --git a/src/frontends/qt4/GuiPrefs.cpp b/src/frontends/qt4/GuiPrefs.cpp
index 5f2f4740..d33cc0f8 100644
--- a/src/frontends/qt4/GuiPrefs.cpp
+++ b/src/frontends/qt4/GuiPrefs.cpp
@@ -1874,6 +1874,21 @@ void PrefConverters::on_needauthForbiddenCB_toggled(bool checked)
}
+void PrefConverters::on_needauthCB_toggled(bool checked)
+{
+ if (checked)
+ return;
+
+ int ret = frontend::Alert::prompt(
+ _("SECURITY WARNING!"), _("Unchecking this option has the effect that potentially harmful converters would be run without asking your permission first. This is UNSAFE and NOT recommended, unless you know what you are doing. Are you sure you would like to proceed ? The recommended and safe answer is NO!"),
+ 0, 1, _("&No"), _("&Yes"));
+ if (ret == 0) {
+ needauthCB->setChecked(true);
+ return;
+ }
+}
+
+
/////////////////////////////////////////////////////////////////////
//
// FormatValidator
diff --git a/src/frontends/qt4/GuiPrefs.h b/src/frontends/qt4/GuiPrefs.h
index 3b6ff604..8f43a37e 100644
--- a/src/frontends/qt4/GuiPrefs.h
+++ b/src/frontends/qt4/GuiPrefs.h
@@ -338,6 +338,7 @@ private Q_SLOTS:
void changeConverter();
void on_cacheCB_stateChanged(int state);
void on_needauthForbiddenCB_toggled(bool);
+ void on_needauthCB_toggled(bool);
private:
void updateButtons();
