sync: from linuxdeepin/dde-session-shell

[deepin-ci-robot]

Synchronize source files from linuxdeepin/dde-session-shell.

Source-pull-request: linuxdeepin/dde-session-shell#61

Summary by Sourcery

Bug Fixes:

• Prevent accepting shutdown inhibition when the current power action is not an explicit shutdown or restart request and the password check has not succeeded.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds an additional condition to the shutdown-inhibit acceptance logic in WarningContent so that shutdown/restart actions are only accepted when they specifically request shutdown/restart and the model’s password check passes, instead of being allowed for broader power actions.

File-Level Changes

Change	Details	Files
Tighten the condition under which shutdown/restart inhibit is accepted in WarningContent by requiring both specific power actions and a successful password check.	Replace two inequality checks against RequireShutdown and RequireRestart with a combined condition that allows only RequireShutdown or RequireRestart actions Add a requirement that the model’s gsCheckpwd() returns true before proceeding to show the lock content and update the current content type	src/widgets/warningcontent.cpp

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The new compound condition in doAcceptShutdownInhibit inverts the previous logic for RequireShutdown/RequireRestart (from != to == and adding gsCheckpwd()), which is a behavioral change rather than a straight sync; double-check whether the intent is to restrict this branch only to those two actions instead of excluding them as before.
• Consider extracting the m_powerAction checks in doAcceptShutdownInhibit into a small helper (e.g., isRequireShutdownOrRestart()) or at least adding parentheses for clarity, as the current nested boolean expression is harder to read and easy to misinterpret.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The new compound condition in `doAcceptShutdownInhibit` inverts the previous logic for `RequireShutdown`/`RequireRestart` (from `!=` to `==` and adding `gsCheckpwd()`), which is a behavioral change rather than a straight sync; double-check whether the intent is to restrict this branch only to those two actions instead of excluding them as before.
- Consider extracting the `m_powerAction` checks in `doAcceptShutdownInhibit` into a small helper (e.g., `isRequireShutdownOrRestart()`) or at least adding parentheses for clarity, as the current nested boolean expression is harder to read and easy to misinterpret.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

代码审查报告

1. 语法逻辑审查

问题：逻辑运算符优先级与括号使用不当

在修改后的代码中：

&& ((m_powerAction == SessionBaseModel::RequireShutdown || m_powerAction == SessionBaseModel::RequireRestart) && m_model->gsCheckpwd())

• 逻辑问题：原始代码使用的是 !=（不等于）逻辑，即"当操作不是关机也不是重启时"。修改后的代码使用了 ==（等于）逻辑，即"当操作是关机或重启时"。
• 逻辑反转：这实际上反转了原本的判断条件。原始代码的意图是"在非关机、非重启、非更新关机、非更新重启的情况下，且处于电源模式时，切换到锁屏内容"。修改后的逻辑变成了"在是关机或重启且密码检查通过时"。
• 副作用：这可能导致原本应该进入锁屏界面的场景（如休眠、注销等）不再进入，或者在不该进入锁屏界面的关机/重启场景下进入了锁屏界面。

建议：
请确认业务逻辑是否确实需要反转这个条件。如果目的是"只有在关机或重启且密码验证通过时才切换到锁屏"，那么逻辑是正确的；否则，应该保持原有的 != 判断，并仅添加 gsCheckpwd() 的检查。

2. 代码质量审查

问题：可读性

• 括号嵌套：修改后的代码嵌套了三层括号，虽然逻辑上正确，但可读性较差。
• 魔法值：SessionBaseModel::RequireShutdown 等枚举值重复出现，可以考虑提取为局部变量或辅助函数。

建议：

bool isPowerAction = (m_powerAction == SessionBaseModel::RequireShutdown || 
                      m_powerAction == SessionBaseModel::RequireRestart);
if (m_model->currentModeState() != SessionBaseModel::ModeStatus::PowerMode &&
    m_powerAction != SessionBaseModel::RequireUpdateShutdown &&
    m_powerAction != SessionBaseModel::RequireUpdateRestart &&
    (!isPowerAction || m_model->gsCheckpwd())) {
    // ...
}

3. 代码性能审查

问题：函数调用次数

• m_model->gsCheckpwd() 在每次条件判断时都会被调用。如果这个函数涉及文件 I/O 或网络请求，可能会影响性能。
• m_model->currentModeState() 和 m_powerAction 的访问是 O(1) 的，无需优化。

建议：
如果 gsCheckpwd() 是耗时操作，建议提前计算并缓存结果：

bool isPasswordChecked = m_model->gsCheckpwd();
if (/* ... */ && (!isPowerAction || isPasswordChecked)) {
    // ...
}

4. 代码安全审查

问题：潜在的安全漏洞

• 权限检查：gsCheckpwd() 的作用是检查密码是否已验证。如果这个函数的实现不安全（例如，仅检查标志位而不验证实际密码），可能会被绕过。
• 条件竞争：如果 m_powerAction 或 m_model 的状态在多线程环境中被修改，可能会导致条件竞争。

建议：

1. 确保 gsCheckpwd() 的实现是安全的，例如：
   • 检查密码是否在当前会话中被正确验证。
   • 避免依赖全局或静态变量存储密码验证状态。
2. 如果多线程访问是可能的，考虑加锁或使用原子操作。

5. 其他建议

• 版权年份更新：将版权年份从 2022 更新为 2026 是合理的，但建议使用动态年份（如 2015 - 2024），避免未来频繁修改。
• 注释：建议添加注释说明复杂的条件判断逻辑，例如：

  // 仅在非电源模式、非更新操作，且（非关机/重启 或 密码已验证）时切换到锁屏

总结

• 主要问题：逻辑反转可能导致功能异常。
• 次要问题：代码可读性和性能可优化。
• 安全建议：确保 gsCheckpwd() 的安全性，并避免条件竞争。

如果需要进一步的帮助，请提供更多上下文或业务逻辑说明！

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: deepin-ci-robot, yixinshark

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment