From ff94ccde59dd2c247c80aa1f3f2232a30af3968c Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario_limonciello@dell.com>
Date: Wed, 18 May 2016 00:35:02 -0500
Subject: [PATCH] Enforce allowing providers to take away flash abilities

The flags for ALLOW_OFFLINE and ALLOW_ONLINE aren't currently used to
block a provider from flashing a file by hand.
---
 src/fu-main.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/fu-main.c b/src/fu-main.c
index 86706a2d3..c0a80c758 100644
--- a/src/fu-main.c
+++ b/src/fu-main.c
@@ -561,6 +561,17 @@ fu_main_provider_update_authenticated (FuMainAuthHelper *helper, GError **error)
 		return FALSE;
 	}
 
+	/* The provider might have taken away update abilities */
+	if (!fu_device_has_flag (item->device, FU_DEVICE_FLAG_ALLOW_OFFLINE) &&
+	    !fu_device_has_flag (item->device, FU_DEVICE_FLAG_ALLOW_ONLINE)) {
+		g_set_error(error,
+			    FWUPD_ERROR,
+			    FWUPD_ERROR_INTERNAL,
+			    "Device %s does not currently allow updates",
+			    fu_device_get_id (helper->device));
+		return FALSE;
+	}
+
 	/* can we only do this on AC power */
 	if (fu_device_has_flag (item->device, FU_DEVICE_FLAG_REQUIRE_AC)) {
 		if (fu_main_on_battery (helper->priv)) {