From 5d7a7ee7edb9e6dfb29dd880bb437282280dc962 Mon Sep 17 00:00:00 2001
From: Pawel Andruszkiewicz <p.andruszkie@samsung.com>
Date: Thu, 30 Apr 2015 14:22:44 +0200
Subject: [PATCH] [CallHistory] Privilege checks moved to JS.

Privileges need to be checked before validation of arguments.

Change-Id: Idd7add88ebd1ff2a4e99d5d8500cc60d33c3d08a
Signed-off-by: Pawel Andruszkiewicz <p.andruszkie@samsung.com>
---
 src/callhistory/callhistory_api.js      | 12 ++++++++++++
 src/callhistory/callhistory_instance.cc | 12 ------------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/callhistory/callhistory_api.js b/src/callhistory/callhistory_api.js
index c8cc12dc..199c95b4 100644
--- a/src/callhistory/callhistory_api.js
+++ b/src/callhistory/callhistory_api.js
@@ -89,6 +89,8 @@ function CallHistory() {
 };
 
 CallHistory.prototype.find = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CALLHISTORY_READ);
+
     var args = validator_.validateArgs(arguments, [
         {
             name : 'successCallback',
@@ -149,6 +151,8 @@ CallHistory.prototype.find = function() {
 };
 
 CallHistory.prototype.remove = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CALLHISTORY_WRITE);
+
     var args = validator_.validateArgs(arguments, [
         {
             name : 'entry',
@@ -170,6 +174,8 @@ CallHistory.prototype.remove = function() {
 };
 
 CallHistory.prototype.removeBatch = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CALLHISTORY_WRITE);
+
     var args = validator_.validateArgs(arguments, [
         {
             name : 'entries',
@@ -206,6 +212,8 @@ CallHistory.prototype.removeBatch = function() {
 };
 
 CallHistory.prototype.removeAll = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CALLHISTORY_WRITE);
+
     var args = validator_.validateArgs(arguments, [
         {
             name : 'successCallback',
@@ -233,6 +241,8 @@ CallHistory.prototype.removeAll = function() {
 };
 
 CallHistory.prototype.addChangeListener = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CALLHISTORY_READ);
+
     var args = validator_.validateArgs(arguments, [
         {
             name : 'eventCallback',
@@ -249,6 +259,8 @@ CallHistory.prototype.addChangeListener = function() {
 };
 
 CallHistory.prototype.removeChangeListener = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CALLHISTORY_READ);
+
     var args = validator_.validateArgs(arguments, [
         {
             name : 'watchId',
diff --git a/src/callhistory/callhistory_instance.cc b/src/callhistory/callhistory_instance.cc
index d7f304d3..4956be7c 100644
--- a/src/callhistory/callhistory_instance.cc
+++ b/src/callhistory/callhistory_instance.cc
@@ -11,12 +11,6 @@
 namespace extension {
 namespace callhistory {
 
-namespace {
-// The privileges that required in CallHistory API
-const std::string kPrivilegeCallHistoryRead = "http://tizen.org/privilege/callhistory.read";
-const std::string kPrivilegeCallHistoryWrite = "http://tizen.org/privilege/callhistory.write";
-}
-
 using namespace common;
 
 CallHistoryInstance::CallHistoryInstance() : history_(*this) {
@@ -42,14 +36,12 @@ CallHistoryInstance::~CallHistoryInstance() {
 
 void CallHistoryInstance::Find(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeCallHistoryRead, &out);
   history_.find(args.get<picojson::object>());
   ReportSuccess(out);
 }
 
 void CallHistoryInstance::Remove(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeCallHistoryWrite, &out);
   PlatformResult result = history_.remove(args.get<picojson::object>());
   if (result.IsSuccess()) {
     ReportSuccess(out);
@@ -60,7 +52,6 @@ void CallHistoryInstance::Remove(const picojson::value& args, picojson::object&
 
 void CallHistoryInstance::RemoveBatch(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeCallHistoryWrite, &out);
   PlatformResult result = history_.removeBatch(args.get<picojson::object>());
   if (result.IsSuccess()) {
     ReportSuccess(out);
@@ -71,14 +62,12 @@ void CallHistoryInstance::RemoveBatch(const picojson::value& args, picojson::obj
 
 void CallHistoryInstance::RemoveAll(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeCallHistoryWrite, &out);
   history_.removeAll(args.get<picojson::object>());
   ReportSuccess(out);
 }
 
 void CallHistoryInstance::AddChangeListener(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeCallHistoryRead, &out);
   PlatformResult result = history_.startCallHistoryChangeListener();
   if (result.IsSuccess()) {
     ReportSuccess(out);
@@ -89,7 +78,6 @@ void CallHistoryInstance::AddChangeListener(const picojson::value& args, picojso
 
 void CallHistoryInstance::RemoveChangeListener(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeCallHistoryRead, &out);
   PlatformResult result = history_.stopCallHistoryChangeListener();
   if (result.IsSuccess()) {
     ReportSuccess(out);
-- 
2.34.1