From: Piotr Kosko Date: Thu, 19 Mar 2015 09:31:51 +0000 (+0100) Subject: [Calendar] Added privilege checks. X-Git-Tag: submit/tizen_tv/20150603.064601~1^2~221 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=44419a03a44162520cdf07e1e55c8ce7909b449b;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git [Calendar] Added privilege checks. Change-Id: I00ce694ba9cb74731e5069cee8e5ef1b49d272ca Signed-off-by: Piotr Kosko --- diff --git a/src/calendar/calendar_instance.cc b/src/calendar/calendar_instance.cc index fba24463..86aec2ea 100644 --- a/src/calendar/calendar_instance.cc +++ b/src/calendar/calendar_instance.cc @@ -18,6 +18,11 @@ namespace extension { namespace calendar { +namespace { +const std::string kPrivilegeCalendarRead = "http://tizen.org/privilege/calendar.read"; +const std::string kPrivilegeCalendarWrite = "http://tizen.org/privilege/calendar.write"; +} + using namespace common; using namespace extension::calendar; @@ -62,6 +67,7 @@ CalendarInstance::CalendarInstance() { CalendarInstance::~CalendarInstance() {} void CalendarInstance::CalendarGet(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = Calendar::GetInstance().Get( @@ -74,6 +80,7 @@ void CalendarInstance::CalendarGet(const JsonValue& args, JsonObject& out) { } void CalendarInstance::CalendarAdd(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = Calendar::GetInstance().Add( @@ -87,6 +94,7 @@ void CalendarInstance::CalendarAdd(const JsonValue& args, JsonObject& out) { void CalendarInstance::CalendarAddBatch(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { JsonValue result = JsonValue(JsonArray()); @@ -113,6 +121,7 @@ void CalendarInstance::CalendarAddBatch(const JsonValue& args, } void CalendarInstance::CalendarUpdate(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = Calendar::GetInstance().Update( @@ -126,6 +135,7 @@ void CalendarInstance::CalendarUpdate(const JsonValue& args, JsonObject& out) { void CalendarInstance::CalendarUpdateBatch(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { JsonValue result = JsonValue(JsonArray()); @@ -152,6 +162,7 @@ void CalendarInstance::CalendarUpdateBatch(const JsonValue& args, } void CalendarInstance::CalendarRemove(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = Calendar::GetInstance().Remove( @@ -165,6 +176,7 @@ void CalendarInstance::CalendarRemove(const JsonValue& args, JsonObject& out) { void CalendarInstance::CalendarRemoveBatch(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { JsonValue result = JsonValue(JsonArray()); @@ -191,6 +203,7 @@ void CalendarInstance::CalendarRemoveBatch(const JsonValue& args, } void CalendarInstance::CalendarFind(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarRead, &out); const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { JsonValue result = JsonValue(JsonArray()); @@ -218,6 +231,7 @@ void CalendarInstance::CalendarFind(const JsonValue& args, JsonObject& out) { void CalendarInstance::CalendarAddChangeListener(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = Calendar::GetInstance().AddChangeListener( @@ -231,6 +245,7 @@ void CalendarInstance::CalendarAddChangeListener(const JsonValue& args, void CalendarInstance::CalendarRemoveChangeListener(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = Calendar::GetInstance().RemoveChangeListener( @@ -245,6 +260,7 @@ void CalendarInstance::CalendarRemoveChangeListener(const JsonValue& args, // CalendarManager void CalendarInstance::CalendarManagerAddCalendar(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = CalendarManager::GetInstance().AddCalendar( common::JsonCast(args), val.get()); @@ -257,6 +273,7 @@ void CalendarInstance::CalendarManagerAddCalendar(const JsonValue& args, void CalendarInstance::CalendarManagerGetCalendar(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = CalendarManager::GetInstance().GetCalendar(common::JsonCast(args), val.get()); @@ -269,6 +286,7 @@ void CalendarInstance::CalendarManagerGetCalendar(const JsonValue& args, void CalendarInstance::CalendarManagerGetCalendars(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarRead, &out); const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { JsonValue result = JsonValue(JsonArray()); @@ -297,6 +315,7 @@ void CalendarInstance::CalendarManagerGetCalendars(const JsonValue& args, void CalendarInstance::CalendarManagerRemoveCalendar(const JsonValue& args, JsonObject& out) { + CHECK_PRIVILEGE_ACCESS(kPrivilegeCalendarWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = CalendarManager::GetInstance().RemoveCalendar( common::JsonCast(args), val.get()); diff --git a/src/calendar/js/calendar_item.js b/src/calendar/js/calendar_item.js index a316e8b2..8fbf07f8 100644 --- a/src/calendar/js/calendar_item.js +++ b/src/calendar/js/calendar_item.js @@ -2,6 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +var _PRIVILEGE_CALENDAR_READ = "http://tizen.org/privilege/calendar.read"; + var CalendarTextFormat = { ICALENDAR_20: 'ICALENDAR_20', VCALENDAR_10: 'VCALENDAR_10' @@ -333,6 +335,7 @@ var CalendarItem = function(data) { }; CalendarItem.prototype.convertToString = function() { + xwalk.utils.checkPrivilegeAccess(_PRIVILEGE_CALENDAR_READ); var args = validator_.validateArgs(arguments, [ { name: 'format', @@ -417,6 +420,7 @@ CalendarItem.prototype.convertToString = function() { }; CalendarItem.prototype.clone = function() { + xwalk.utils.checkPrivilegeAccess(_PRIVILEGE_CALENDAR_READ); var tmp = _itemConverter.toTizenObject(_itemConverter.fromTizenObject(this)); tmp.id = null; @@ -668,6 +672,7 @@ CalendarEvent.prototype = new CalendarItem(); CalendarEvent.prototype.constructor = CalendarEvent; CalendarEvent.prototype.expandRecurrence = function(startDate, endDate, successCallback, errorCallback) { + xwalk.utils.checkPrivilegeAccess(_PRIVILEGE_CALENDAR_READ); if (arguments.length < 3) { throw new WebAPIException(WebAPIException.TYPE_MISMATCH_ERR); } diff --git a/src/calendar/js/calendar_manager.js b/src/calendar/js/calendar_manager.js index 144bb5be..0a46469b 100644 --- a/src/calendar/js/calendar_manager.js +++ b/src/calendar/js/calendar_manager.js @@ -5,6 +5,7 @@ // class CalendarManager var CalendarManager = function() {}; +var _PRIVILEGE_CALENDAR_READ = "http://tizen.org/privilege/calendar.read"; // IDs defined in C-API calendar_types2.h var DefaultCalendarId = { EVENT: 1, // DEFAULT_EVENT_CALENDAR_BOOK_ID @@ -56,6 +57,8 @@ CalendarManager.prototype.getUnifiedCalendar = function() { values: Object.keys(CalendarType) }]); + xwalk.utils.checkPrivilegeAccess(_PRIVILEGE_CALENDAR_READ); + return new Calendar(new InternalCalendar({ type: args.type, isUnified: true @@ -71,6 +74,8 @@ CalendarManager.prototype.getDefaultCalendar = function() { } ]); + xwalk.utils.checkPrivilegeAccess(_PRIVILEGE_CALENDAR_READ); + return this.getCalendar(args.type, DefaultCalendarId[args.type]); };