From: Pawel Kaczmarczyk <p.kaczmarczy@samsung.com>
Date: Fri, 6 Apr 2018 13:17:11 +0000 (+0200)
Subject: [Contact] Synchronously checking access to file
X-Git-Tag: submit/tizen/20180427.125243~5^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F85%2F175085%2F4;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git

[Contact] Synchronously checking access to file

ACR: http://suprem.sec.samsung.net/jira/browse/TWDAPI-187

[Verification]
Tested in Chromium console
tct-contact-tizen-tests passrate: 100%

Change-Id: Ie0e1ee09737b37174511e1e30e5ba0e40cdcbc94
Signed-off-by: Pawel Kaczmarczyk <p.kaczmarczy@samsung.com>
---

diff --git a/src/contact/contact_instance.cc b/src/contact/contact_instance.cc
index 0b58bd8e..939aaf07 100644
--- a/src/contact/contact_instance.cc
+++ b/src/contact/contact_instance.cc
@@ -17,6 +17,7 @@
 #include "contact/contact_instance.h"
 
 #include "common/converter.h"
+#include "common/filesystem/filesystem_provider.h"
 #include "common/logger.h"
 #include "common/platform_exception.h"
 #include "common/task-queue.h"
@@ -32,7 +33,31 @@ namespace contact {
 namespace {
 const std::string kPrivilegeContactRead = "http://tizen.org/privilege/contact.read";
 const std::string kPrivilegeContactWrite = "http://tizen.org/privilege/contact.write";
-}
+const std::vector<const char*> kContactURIs = {"photoURI", "ringtoneURI", "vibrationURI",
+                                               "messageAlertURI"};
+const std::vector<const char*> kPersonGroupURIs = {"photoURI", "ringtoneURI"};
+const std::vector<const char*> kOrganizationURIs = {"logoURI"};
+}
+
+#define CHECK_CONTACT_ATTRIBUTES_STORAGE(in, to_check, out)                                    \
+  do {                                                                                         \
+    for (auto& attr : to_check) {                                                              \
+      if (!IsNull(in, attr)) {                                                                 \
+        const std::string& real_path =                                                         \
+            common::FilesystemProvider::Create().GetRealPath(FromJson<std::string>(in, attr)); \
+        CHECK_STORAGE_ACCESS(real_path, out);                                                  \
+      }                                                                                        \
+    }                                                                                          \
+  } while (0);
+
+#define CHECK_CONTACT_ATTRIBUTES_ARRAY(in, attribute, to_check, out) \
+  do {                                                               \
+    JsonArray array = FromJson<JsonArray>(in, attribute);            \
+    for (auto& el : array) {                                         \
+      JsonObject element = common::JsonCast<JsonObject>(el);         \
+      CHECK_CONTACT_ATTRIBUTES_STORAGE(element, to_check, out);      \
+    }                                                                \
+  } while (0);
 
 using namespace common;
 
@@ -110,6 +135,11 @@ void ContactInstance::AddressBookGet(const JsonValue& args, JsonObject& out) {
 void ContactInstance::AddressBookAdd(const JsonValue& args, JsonObject& out) {
   ScopeLogger();
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
+
+  const auto& contact = args.get("contact").get<JsonObject>();
+  CHECK_CONTACT_ATTRIBUTES_STORAGE(contact, kContactURIs, &out);
+  CHECK_CONTACT_ATTRIBUTES_ARRAY(contact, "organizations", kOrganizationURIs, &out);
+
   JsonValue val{JsonObject{}};
   PlatformResult status =
       AddressBook::AddressBookAdd(common::JsonCast<JsonObject>(args), val.get<JsonObject>());
@@ -123,6 +153,13 @@ void ContactInstance::AddressBookAddBatch(const JsonValue& args, JsonObject& out
   ScopeLogger();
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
 
+  const auto& batch_args = args.get("batchArgs").get<JsonArray>();
+  for (auto& item : batch_args) {
+    JsonObject contact = common::JsonCast<JsonObject>(item);
+    CHECK_CONTACT_ATTRIBUTES_STORAGE(contact, kContactURIs, &out);
+    CHECK_CONTACT_ATTRIBUTES_ARRAY(contact, "organizations", kOrganizationURIs, &out);
+  }
+
   const double callback_id = args.get("callbackId").get<double>();
 
   auto get = [=](const std::shared_ptr<JsonValue>& response) -> void {
@@ -180,6 +217,13 @@ void ContactInstance::AddressBookUpdateBatch(const JsonValue& args, JsonObject&
   ScopeLogger();
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
 
+  const auto& batch_args = args.get("batchArgs").get<JsonArray>();
+  for (auto& item : batch_args) {
+    JsonObject contact = common::JsonCast<JsonObject>(item);
+    CHECK_CONTACT_ATTRIBUTES_STORAGE(contact, kContactURIs, &out);
+    CHECK_CONTACT_ATTRIBUTES_ARRAY(contact, "organizations", kOrganizationURIs, &out);
+  }
+
   const double callback_id = args.get("callbackId").get<double>();
 
   auto get = [=](const std::shared_ptr<JsonValue>& response) -> void {
@@ -208,6 +252,11 @@ void ContactInstance::AddressBookUpdateBatch(const JsonValue& args, JsonObject&
 void ContactInstance::AddressBookUpdate(const JsonValue& args, JsonObject& out) {
   ScopeLogger();
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
+
+  const auto& contact = args.get("contact").get<JsonObject>();
+  CHECK_CONTACT_ATTRIBUTES_STORAGE(contact, kContactURIs, &out);
+  CHECK_CONTACT_ATTRIBUTES_ARRAY(contact, "organizations", kOrganizationURIs, &out);
+
   JsonValue val{JsonObject{}};
   PlatformResult status =
       AddressBook::AddressBookUpdate(common::JsonCast<JsonObject>(args), val.get<JsonObject>());
@@ -260,6 +309,10 @@ void ContactInstance::AddressBookFind(const JsonValue& args, JsonObject& out) {
 void ContactInstance::AddressBookAddGroup(const JsonValue& args, JsonObject& out) {
   ScopeLogger();
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
+
+  const auto& group = args.get("group").get<JsonObject>();
+  CHECK_CONTACT_ATTRIBUTES_STORAGE(group, kPersonGroupURIs, &out);
+
   JsonValue val{JsonObject{}};
   PlatformResult status =
       AddressBook::AddressBookAddGroup(common::JsonCast<JsonObject>(args), val.get<JsonObject>());
@@ -283,6 +336,10 @@ void ContactInstance::AddressBookGetGroup(const JsonValue& args, JsonObject& out
 
 void ContactInstance::AddressBookUpdateGroup(const JsonValue& args, JsonObject& out) {
   ScopeLogger();
+
+  const auto& group = args.get("group").get<JsonObject>();
+  CHECK_CONTACT_ATTRIBUTES_STORAGE(group, kPersonGroupURIs, &out);
+
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
   JsonValue val{JsonObject{}};
   PlatformResult status = AddressBook::AddressBookUpdateGroup(common::JsonCast<JsonObject>(args),
@@ -421,6 +478,10 @@ void ContactInstance::ContactManagerGet(const JsonValue& args, JsonObject& out)
 void ContactInstance::ContactManagerUpdate(const JsonValue& args, JsonObject& out) {
   ScopeLogger();
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
+
+  const auto& group = args.get("person").get<JsonObject>();
+  CHECK_CONTACT_ATTRIBUTES_STORAGE(group, kPersonGroupURIs, &out);
+
   JsonValue val{JsonObject{}};
   PlatformResult status = ContactManager::ContactManagerUpdate(common::JsonCast<JsonObject>(args),
                                                                val.get<JsonObject>());
@@ -434,6 +495,12 @@ void ContactInstance::ContactManagerUpdateBatch(const JsonValue& args, JsonObjec
   ScopeLogger();
   CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out);
 
+  const auto& batch_args = args.get("batchArgs").get<JsonArray>();
+  for (auto& item : batch_args) {
+    JsonObject contact = common::JsonCast<JsonObject>(item);
+    CHECK_CONTACT_ATTRIBUTES_STORAGE(contact, kPersonGroupURIs, &out);
+  }
+
   const double callback_id = args.get("callbackId").get<double>();
 
   auto get = [=](const std::shared_ptr<JsonValue>& response) -> void {
@@ -640,6 +707,8 @@ void ContactInstance::PersonResetUsageCount(const JsonValue& args, JsonObject& o
   } else {
     LogAndReportError(status, &out);
   }
+#undef CHECK_CONTACT_ATTRIBUTES_STORAGE
+#undef CHECK_CONTACT_ATTRIBUTES_ARRAY
 }
 
 }  // namespace contact