From: Piotr Kosko Date: Thu, 19 Mar 2015 10:19:18 +0000 (+0100) Subject: [Contact] Added privilege checks. X-Git-Tag: submit/tizen_tv/20150603.064601~1^2~222 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=102392ac10566a3ea62e270f81e0a8d66de7e089;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git [Contact] Added privilege checks. Change-Id: Ifa68b9a5f53f108055cbe0170b6f7aa0112c667a Signed-off-by: Piotr Kosko --- diff --git a/src/contact/contact_instance.cc b/src/contact/contact_instance.cc index 21049ffe..6bf974be 100644 --- a/src/contact/contact_instance.cc +++ b/src/contact/contact_instance.cc @@ -16,6 +16,11 @@ namespace extension { namespace contact { +namespace { +const std::string kPrivilegeContactRead = "http://tizen.org/privilege/contact.read"; +const std::string kPrivilegeContactWrite = "http://tizen.org/privilege/contact.write"; +} + using namespace common; ContactInstance& ContactInstance::GetInstance() { @@ -80,6 +85,7 @@ ContactInstance::ContactInstance() { ContactInstance::~ContactInstance() {} void ContactInstance::AddressBookGet(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookGet( common::JsonCast(args), val.get()); @@ -90,6 +96,7 @@ void ContactInstance::AddressBookGet(const JsonValue& args, JsonObject& out) { } void ContactInstance::AddressBookAdd(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookAdd( common::JsonCast(args), val.get()); @@ -102,7 +109,7 @@ void ContactInstance::AddressBookAdd(const JsonValue& args, JsonObject& out) { void ContactInstance::AddressBookAddBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - // TODO check privileges + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -131,7 +138,7 @@ void ContactInstance::AddressBookAddBatch(const JsonValue& args, void ContactInstance::AddressBookRemoveBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - // TODO check privileges + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -164,7 +171,7 @@ void ContactInstance::AddressBookRemoveBatch(const JsonValue& args, void ContactInstance::AddressBookUpdateBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - // TODO check privileges + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -196,6 +203,7 @@ void ContactInstance::AddressBookUpdateBatch(const JsonValue& args, void ContactInstance::AddressBookUpdate(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookUpdate( common::JsonCast(args), val.get()); @@ -207,6 +215,7 @@ void ContactInstance::AddressBookUpdate(const JsonValue& args, void ContactInstance::AddressBookRemove(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookRemove( common::JsonCast(args), val.get()); @@ -218,6 +227,7 @@ void ContactInstance::AddressBookRemove(const JsonValue& args, void ContactInstance::AddressBookFind(const JsonValue& args, JsonObject& out) { LoggerD("entered"); + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { @@ -244,6 +254,7 @@ void ContactInstance::AddressBookFind(const JsonValue& args, JsonObject& out) { void ContactInstance::AddressBookAddGroup(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookAddGroup( common::JsonCast(args), val.get()); @@ -255,6 +266,7 @@ void ContactInstance::AddressBookAddGroup(const JsonValue& args, void ContactInstance::AddressBookGetGroup(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookGetGroup( common::JsonCast(args), val.get()); @@ -266,6 +278,7 @@ void ContactInstance::AddressBookGetGroup(const JsonValue& args, void ContactInstance::AddressBookUpdateGroup(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookUpdateGroup( common::JsonCast(args), val.get()); @@ -277,6 +290,7 @@ void ContactInstance::AddressBookUpdateGroup(const JsonValue& args, void ContactInstance::AddressBookRemoveGroup(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookRemoveGroup( common::JsonCast(args), val.get()); @@ -288,6 +302,7 @@ void ContactInstance::AddressBookRemoveGroup(const JsonValue& args, void ContactInstance::AddressBookGetGroups(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonArray{}}; PlatformResult status = AddressBook::AddressBookGetGroups( common::JsonCast(args), val.get()); @@ -299,7 +314,7 @@ void ContactInstance::AddressBookGetGroups(const JsonValue& args, void ContactInstance::ContactManagerGetAddressBooks(const JsonValue& args, JsonObject& out) { - // TODO check privileges + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); const double callback_id = args.get("callbackId").get(); @@ -328,6 +343,7 @@ void ContactInstance::ContactManagerGetAddressBooks(const JsonValue& args, void ContactInstance::ContactManagerGetAddressBook(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerGetAddressBook( common::JsonCast(args), val.get()); @@ -339,6 +355,7 @@ void ContactInstance::ContactManagerGetAddressBook(const JsonValue& args, void ContactInstance::ContactManagerAddAddressBook(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerAddAddressBook( common::JsonCast(args), val.get()); @@ -350,6 +367,7 @@ void ContactInstance::ContactManagerAddAddressBook(const JsonValue& args, void ContactInstance::ContactManagerRemoveAddressBook(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerRemoveAddressBook( common::JsonCast(args), val.get()); @@ -361,6 +379,7 @@ void ContactInstance::ContactManagerRemoveAddressBook(const JsonValue& args, void ContactInstance::AddressBookStartListening(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookStartListening( common::JsonCast(args), val.get()); @@ -372,6 +391,7 @@ void ContactInstance::AddressBookStartListening(const JsonValue& args, void ContactInstance::AddressBookStopListening(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookStopListening( common::JsonCast(args), val.get()); @@ -383,6 +403,7 @@ void ContactInstance::AddressBookStopListening(const JsonValue& args, void ContactInstance::ContactManagerGet(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerGet( common::JsonCast(args), val.get()); @@ -394,6 +415,7 @@ void ContactInstance::ContactManagerGet(const JsonValue& args, void ContactInstance::ContactManagerUpdate(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerUpdate( common::JsonCast(args), val.get()); @@ -406,7 +428,7 @@ void ContactInstance::ContactManagerUpdate(const JsonValue& args, void ContactInstance::ContactManagerUpdateBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - // TODO check privileges + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -438,6 +460,7 @@ void ContactInstance::ContactManagerUpdateBatch(const JsonValue& args, void ContactInstance::ContactManagerRemove(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerRemove( common::JsonCast(args), val.get()); @@ -450,7 +473,7 @@ void ContactInstance::ContactManagerRemove(const JsonValue& args, void ContactInstance::ContactManagerRemoveBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - // TODO check privileges + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -482,6 +505,7 @@ void ContactInstance::ContactManagerRemoveBatch(const JsonValue& args, void ContactInstance::ContactManagerFind(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); const double callback_id = args.get("callbackId").get(); auto get = [this, args](const std::shared_ptr& response) -> void { @@ -521,6 +545,7 @@ void ContactInstance::ContactManagerImportFromVCard(const JsonValue& args, void ContactInstance::ContactManagerStartListening(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerStartListening( common::JsonCast(args), val.get()); @@ -532,6 +557,7 @@ void ContactInstance::ContactManagerStartListening(const JsonValue& args, void ContactInstance::ContactManagerStopListening(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerStopListening( common::JsonCast(args), val.get()); @@ -542,6 +568,7 @@ void ContactInstance::ContactManagerStopListening(const JsonValue& args, } void ContactInstance::PersonLink(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = Person::PersonLink(common::JsonCast(args), val.get()); @@ -552,6 +579,7 @@ void ContactInstance::PersonLink(const JsonValue& args, JsonObject& out) { } void ContactInstance::PersonUnlink(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = Person::PersonUnlink( common::JsonCast(args), val.get()); diff --git a/src/contact/js/contact_manager.js b/src/contact/js/contact_manager.js index 44b7b583..5cedb027 100644 --- a/src/contact/js/contact_manager.js +++ b/src/contact/js/contact_manager.js @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +var _PRIVILEGE_CONTACT_READ = "http://tizen.org/privilege/contact.read"; var _personListenerRegistered = false; var _personCallbackMap = {}; @@ -70,12 +71,7 @@ ContactManager.prototype.getAddressBooks = function() { // Gets the aggregation of all address books. ContactManager.prototype.getUnifiedAddressBook = function() { - // TODO check privileges - //var result = native_.callSync('CheckReadPrivileges', {}); - //if (native_.isFailure(result)) { - // throw new WebAPIException(WebAPIException.SECURITY_ERR, - // 'You do not have privileges for this operation'); - //} + xwalk.utils.checkPrivilegeAccess(_PRIVILEGE_CONTACT_READ); return _editGuard.run(function() { var addressBook = new AddressBook(0, 'Unified address book');