From: jiwon44.park <jiwon44.park@samsung.com>
Date: Thu, 17 Sep 2015 14:16:15 +0000 (+0900)
Subject: Added permission check for add/remove_changed_cb API
X-Git-Tag: accepted/tizen/mobile/20151119.033537~11^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=09d0d386c3b7536fe7f2f90661604555b20c0c24;p=platform%2Fcore%2Fpim%2Fcontacts-service.git

Added permission check for add/remove_changed_cb API

Change-Id: Idc212d2d9829bff1ca9b7a2c1cf3b0fbd239fbfc
Signed-off-by: jiwon44.park <jiwon44.park@samsung.com>
---

diff --git a/client/ctsvc_client_db_notification.c b/client/ctsvc_client_db_notification.c
index f62e406..91417b1 100644
--- a/client/ctsvc_client_db_notification.c
+++ b/client/ctsvc_client_db_notification.c
@@ -21,6 +21,48 @@
 #include "ctsvc_internal.h"
 #include "ctsvc_inotify.h"
 #include "ctsvc_client_handle.h"
+#include "ctsvc_client_ipc.h"
+
+static int _ctsvc_db_view_check_read_permission(const char* view_uri)
+{
+	int ret;
+	bool result = false;
+
+	if (STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_ADDRESSBOOK, strlen(CTSVC_VIEW_URI_ADDRESSBOOK))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_PERSON, strlen(CTSVC_VIEW_URI_PERSON))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_CONTACT, strlen(CTSVC_VIEW_URI_CONTACT))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_SIMPLE_CONTACT, strlen(CTSVC_VIEW_URI_SIMPLE_CONTACT))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_GROUP, strlen(CTSVC_VIEW_URI_GROUP))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_MY_PROFILE, strlen(CTSVC_VIEW_URI_MY_PROFILE))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_NAME, strlen(CTSVC_VIEW_URI_NAME))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_NUMBER, strlen(CTSVC_VIEW_URI_NUMBER))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_EMAIL, strlen(CTSVC_VIEW_URI_EMAIL))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_ADDRESS, strlen(CTSVC_VIEW_URI_ADDRESS))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_NOTE, strlen(CTSVC_VIEW_URI_NOTE))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_URL, strlen(CTSVC_VIEW_URI_URL))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_EVENT, strlen(CTSVC_VIEW_URI_EVENT))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_IMAGE, strlen(CTSVC_VIEW_URI_IMAGE))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_COMPANY, strlen(CTSVC_VIEW_URI_COMPANY))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_NICKNAME, strlen(CTSVC_VIEW_URI_NICKNAME))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_MESSENGER, strlen(CTSVC_VIEW_URI_MESSENGER))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_EXTENSION, strlen(CTSVC_VIEW_URI_EXTENSION))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_PROFILE, strlen(CTSVC_VIEW_URI_PROFILE))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_RELATIONSHIP, strlen(CTSVC_VIEW_URI_RELATIONSHIP))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_ACTIVITY, strlen(CTSVC_VIEW_URI_ACTIVITY))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_ACTIVITY_PHOTO, strlen(CTSVC_VIEW_URI_ACTIVITY_PHOTO))
+			|| STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_SPEEDDIAL, strlen(CTSVC_VIEW_URI_SPEEDDIAL))) {
+		ret = ctsvc_ipc_client_check_permission(CTSVC_PERMISSION_CONTACT_READ, &result);
+		RETVM_IF(ret != CONTACTS_ERROR_NONE, ret, "ctsvc_ipc_client_check_permission() Fail(%d)", ret);
+		RETVM_IF(result == false, CONTACTS_ERROR_PERMISSION_DENIED, "Permission denied (contact read)");
+	}
+	else if (STRING_EQUAL == strncmp(view_uri, CTSVC_VIEW_URI_PHONELOG, strlen(CTSVC_VIEW_URI_PHONELOG))) {
+		ret = ctsvc_ipc_client_check_permission(CTSVC_PERMISSION_PHONELOG_READ, &result);
+		RETVM_IF(ret != CONTACTS_ERROR_NONE, ret, "ctsvc_ipc_client_check_permission() Fail(%d)", ret);
+		RETVM_IF(result == false, CONTACTS_ERROR_PERMISSION_DENIED, "Permission denied (phonelog read)");
+	}
+
+	return CONTACTS_ERROR_NONE;
+}
 
 API int contacts_db_add_changed_cb(const char* view_uri, contacts_db_changed_cb cb,
 		void* user_data)
@@ -33,6 +75,9 @@ API int contacts_db_add_changed_cb(const char* view_uri, contacts_db_changed_cb
 	RETVM_IF(NULL == cb, CONTACTS_ERROR_INVALID_PARAMETER,
 			"Invalid parameter : callback is null");
 
+	ret = _ctsvc_db_view_check_read_permission(view_uri);
+	RETVM_IF(CONTACTS_ERROR_NONE != ret, ret, "_ctsvc_db_view_check_read_permission() Fail(%d)", ret);
+
 	ret = ctsvc_client_handle_get_p(&contact);
 	RETVM_IF(CONTACTS_ERROR_NONE != ret, ret, "ctsvc_client_handle_get_p() Fail(%d)", ret);