id,summary,reporter,owner,description,type,status,priority,milestone,component,resolution,keywords,cc 92,fine grained access rights for clients: globals + per session options,Antoine Martin,Antoine Martin,"At the moment, if a client can login then he can access everything. [[BR]] We must change the way we store authorization keys from the current ssh style (one line per file in .{{{winswitch/client/authorized_keys}}} - which should be in /server/ anyway) to a first class object: {{{ClientPermissions}}}, saved as UUID.conf [[BR]] OTOH at minimum, we should have: * can_start_session * can_start_desktop * can_control_as_owner * can_control_as_actor * can_shadow_[local_display|vnc|nx] * can_tunnel_[sound|print|file] * can_grant_permissions * can_see_others_permissions [[BR]] On login, we look it up and pass the permissions back to the user as part of the {{{add_user}}} command. The ssh-add and local logins will grant all permissions automatically. [[BR]] Some new session attributes (set on start and modifiable): * locked (only owner/actor can release it) etc. [[BR]] Some new commands: * set_session_attributes (and also overload start_session) to protect a session. ",enhancement,accepted,major,1.0,Client,,,