Added run as administrator pull-down to the permissions tab of the GUI

Author: shannah

cli/src/main/java/ca/weblite/jdeploy/gui/tabs/PermissionsPanel.java

@@ -23,6 +23,9 @@ public class PermissionsPanel extends JPanel {
     private final Map<PermissionRequest, JCheckBox> permissionCheckboxes;
     private final Map<PermissionRequest, JTextField> descriptionFields;
     private ActionListener changeListener;
+
+    // Run as Administrator controls
+    private JComboBox<String> runAsAdministratorComboBox;
 
     public PermissionsPanel() {
         this.permissionService = new PermissionRequestService();
@@ -72,8 +75,49 @@ private void initializeUI() {
 
         add(scrollPane, BorderLayout.CENTER);
     }
-    
+
+    private void createRunAsAdministratorSection(JPanel parent) {
+        JPanel section = new JPanel();
+        section.setLayout(new BoxLayout(section, BoxLayout.Y_AXIS));
+        section.setBorder(new TitledBorder("Run as Administrator"));
+        section.setAlignmentX(Component.LEFT_ALIGNMENT);
+
+        JPanel settingPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));
+        settingPanel.setAlignmentX(Component.LEFT_ALIGNMENT);
+
+        JLabel label = new JLabel("Privilege Escalation:");
+        runAsAdministratorComboBox = new JComboBox<>(new String[]{
+            "disabled", "allowed", "required"
+        });
+        runAsAdministratorComboBox.setSelectedItem("disabled");
+        runAsAdministratorComboBox.addActionListener(e -> fireChangeEvent());
+
+        settingPanel.add(label);
+        settingPanel.add(Box.createHorizontalStrut(5));
+        settingPanel.add(runAsAdministratorComboBox);
+
+        JLabel descriptionLabel = new JLabel(
+            "<html><body style='width: 600px'>" +
+            "<b>disabled</b>: Application runs with normal user privileges (default)<br/>" +
+            "<b>allowed</b>: Creates both normal and \"Run as administrator\" launchers<br/>" +
+            "<b>required</b>: All launchers require administrator privileges" +
+            "</body></html>"
+        );
+        descriptionLabel.setFont(descriptionLabel.getFont().deriveFont(11f));
+        descriptionLabel.setForeground(Color.GRAY);
+        descriptionLabel.setBorder(new EmptyBorder(5, 10, 10, 10));
+
+        section.add(settingPanel);
+        section.add(descriptionLabel);
+
+        parent.add(section);
+        parent.add(Box.createVerticalStrut(15));
+    }
+
     private void createPermissionSections(JPanel parent) {
+        // Add Run as Administrator section at the top
+        createRunAsAdministratorSection(parent);
+
         // Group permissions by category
         createPermissionGroup(parent, "Media Access", new PermissionRequest[]{
             PermissionRequest.CAMERA,
@@ -248,34 +292,42 @@ private String generateGenericDescription(PermissionRequest permission) {
      */
     public void loadPermissions(JSONObject packageJson) {
         Map<PermissionRequest, String> permissions = permissionService.getPermissionRequests(packageJson);
-        
+
+        // Load run as administrator setting
+        if (packageJson.has("jdeploy") && packageJson.getJSONObject("jdeploy").has("runAsAdministrator")) {
+            String runAsAdmin = packageJson.getJSONObject("jdeploy").getString("runAsAdministrator");
+            runAsAdministratorComboBox.setSelectedItem(runAsAdmin);
+        } else {
+            runAsAdministratorComboBox.setSelectedItem("disabled");
+        }
+
         // Clear all checkboxes and descriptions, hide all description panels
         permissionCheckboxes.values().forEach(cb -> cb.setSelected(false));
         descriptionFields.values().forEach(field -> {
             field.setText("");
             field.getParent().setVisible(false); // Hide description panel
         });
-        
+
         // Set loaded permissions
         for (Map.Entry<PermissionRequest, String> entry : permissions.entrySet()) {
             PermissionRequest permission = entry.getKey();
             String description = entry.getValue();
-            
+
             JCheckBox checkbox = permissionCheckboxes.get(permission);
             JTextField descField = descriptionFields.get(permission);
-            
+
             if (checkbox != null && descField != null) {
                 checkbox.setSelected(true);
                 descField.getParent().setVisible(true); // Show description panel
-                
+
                 // Only set description if it's not the generic one
                 String genericDesc = generateGenericDescription(permission);
                 if (!genericDesc.equals(description)) {
                     descField.setText(description);
                 }
             }
         }
-        
+
         // Refresh the UI
         revalidate();
         repaint();
@@ -286,25 +338,41 @@ public void loadPermissions(JSONObject packageJson) {
      */
     public void savePermissions(JSONObject packageJson) {
         Map<PermissionRequest, String> permissions = new HashMap<>();
-        
+
         for (Map.Entry<PermissionRequest, JCheckBox> entry : permissionCheckboxes.entrySet()) {
             PermissionRequest permission = entry.getKey();
             JCheckBox checkbox = entry.getValue();
-            
+
             if (checkbox.isSelected()) {
                 JTextField descField = descriptionFields.get(permission);
                 String description = descField != null ? descField.getText().trim() : "";
-                
+
                 // If description is empty, use generic description
                 if (description.isEmpty()) {
                     description = generateGenericDescription(permission);
                 }
-                
+
                 permissions.put(permission, description);
             }
         }
-        
+
         permissionService.savePermissionRequests(packageJson, permissions);
+
+        // Save run as administrator setting
+        if (!packageJson.has("jdeploy")) {
+            packageJson.put("jdeploy", new JSONObject());
+        }
+        JSONObject jdeployObj = packageJson.getJSONObject("jdeploy");
+        String runAsAdmin = (String) runAsAdministratorComboBox.getSelectedItem();
+
+        // Only save if not default value
+        if ("disabled".equals(runAsAdmin)) {
+            if (jdeployObj.has("runAsAdministrator")) {
+                jdeployObj.remove("runAsAdministrator");
+            }
+        } else {
+            jdeployObj.put("runAsAdministrator", runAsAdmin);
+        }
     }
 
     /**

rfc/run-as-administrator-feature.md

@@ -0,0 +1,95 @@
+# Run as Administrator Feature
+
+## Overview
+
+The "Run as Administrator" feature allows jDeploy applications to be configured to run with elevated privileges on Windows, macOS, and Linux platforms. This feature provides developers with control over privilege escalation requirements for their applications.
+
+## Configuration
+
+The feature is configured via the `jdeploy.runAsAdministrator` property in the application's `package.json`:
+
+```json
+{
+  "jdeploy": {
+    "runAsAdministrator": "allowed"
+  }
+}
+```
+
+## Supported Values
+
+### `"disabled"` (Default)
+- Applications run with normal user privileges
+- No elevated launchers are generated
+- This is the default behavior when the property is not specified
+
+### `"allowed"`
+- Applications can optionally run with elevated privileges
+- The installer generates two launcher variants for each app:
+  - Standard launcher (normal privileges)
+  - "Run as administrator" launcher (elevated privileges)
+- Users can choose which launcher to use based on their needs
+
+### `"required"`
+- Applications always run with elevated privileges
+- All generated launchers require administrator access
+- Standard launchers are configured to automatically request elevation
+
+## Platform Implementation
+
+### Windows
+- Uses the native "Run as administrator" option
+- Elevated launchers are configured to trigger Windows UAC prompts
+- Leverages Windows built-in privilege escalation mechanisms
+
+### macOS
+- Creates a wrapper launcher app that launches the main application with elevated permissions
+- Utilizes macOS authorization services through the wrapper
+- May prompt for administrator password when elevated launchers are used
+
+### Linux
+- Creates desktop file entries that use `pkexec` to launch the application
+- `pkexec` provides PolicyKit-based privilege escalation
+- Follows Linux security guidelines for elevated application execution
+
+## Use Cases
+
+### Development Tools
+Applications that need to modify system files, install drivers, or access protected system resources.
+
+### System Utilities
+Administrative tools that require elevated access to perform system maintenance or configuration tasks.
+
+### Optional Elevated Features
+Applications with some features that benefit from elevated access but can function normally without it.
+
+## Security Considerations
+
+- Applications should follow the principle of least privilege
+- Only request elevation when absolutely necessary
+- Users should be clearly informed when elevated privileges are required
+- Applications should validate the need for elevation before requesting it
+
+## Installation Behavior
+
+When `runAsAdministrator` is set to `"allowed"`:
+- The installer creates both standard and elevated launcher shortcuts
+- Elevated launchers are clearly labeled (e.g., "MyApp (Run as Administrator)")
+- Users can access both variants from the start menu or applications folder
+
+When `runAsAdministrator` is set to `"required"`:
+- All launchers are configured for elevation
+- Users will see elevation prompts when launching the application
+- No standard (non-elevated) launchers are created
+
+## Backward Compatibility
+
+- Existing applications without the `runAsAdministrator` property maintain current behavior
+- Default value of `"disabled"` ensures no breaking changes
+- Applications can opt-in to elevated privileges as needed
+
+## Future Enhancements
+
+- Fine-grained permission control for specific application features
+- Integration with platform-specific permission systems
+- Runtime privilege escalation for specific operations