From 8ddab5bb72ca965f4312093344c6d6c014c65df2 Mon Sep 17 00:00:00 2001 From: Pawel Andruszkiewicz Date: Thu, 30 Apr 2015 14:41:27 +0200 Subject: [PATCH] [Contact] Privilege checks moved to JS. Privileges need to be checked before validation of arguments. Change-Id: I54e968c6cfe0a7fc463585c649dfc401b09ee6f9 Signed-off-by: Pawel Andruszkiewicz --- src/contact/contact_instance.cc | 36 +------------------------------ src/contact/js/address_book.js | 30 ++++++++++++++++++++++++++ src/contact/js/contact_manager.js | 28 +++++++++++++++++++----- src/contact/js/person.js | 4 ++++ 4 files changed, 58 insertions(+), 40 deletions(-) diff --git a/src/contact/contact_instance.cc b/src/contact/contact_instance.cc index 30d01217..b5a4fcab 100644 --- a/src/contact/contact_instance.cc +++ b/src/contact/contact_instance.cc @@ -16,11 +16,6 @@ namespace extension { namespace contact { -namespace { -const std::string kPrivilegeContactRead = "http://tizen.org/privilege/contact.read"; -const std::string kPrivilegeContactWrite = "http://tizen.org/privilege/contact.write"; -} - using namespace common; ContactInstance::ContactInstance() @@ -79,7 +74,6 @@ ContactInstance::ContactInstance() ContactInstance::~ContactInstance() {} void ContactInstance::AddressBookGet(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookGet( common::JsonCast(args), val.get()); @@ -90,7 +84,6 @@ void ContactInstance::AddressBookGet(const JsonValue& args, JsonObject& out) { } void ContactInstance::AddressBookAdd(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookAdd( common::JsonCast(args), val.get()); @@ -103,7 +96,6 @@ void ContactInstance::AddressBookAdd(const JsonValue& args, JsonObject& out) { void ContactInstance::AddressBookAddBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -132,7 +124,6 @@ void ContactInstance::AddressBookAddBatch(const JsonValue& args, void ContactInstance::AddressBookRemoveBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -165,7 +156,6 @@ void ContactInstance::AddressBookRemoveBatch(const JsonValue& args, void ContactInstance::AddressBookUpdateBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -197,7 +187,6 @@ void ContactInstance::AddressBookUpdateBatch(const JsonValue& args, void ContactInstance::AddressBookUpdate(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookUpdate( common::JsonCast(args), val.get()); @@ -209,7 +198,6 @@ void ContactInstance::AddressBookUpdate(const JsonValue& args, void ContactInstance::AddressBookRemove(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookRemove( common::JsonCast(args), val.get()); @@ -221,7 +209,7 @@ void ContactInstance::AddressBookRemove(const JsonValue& args, void ContactInstance::AddressBookFind(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); + const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { @@ -248,7 +236,6 @@ void ContactInstance::AddressBookFind(const JsonValue& args, JsonObject& out) { void ContactInstance::AddressBookAddGroup(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookAddGroup( common::JsonCast(args), val.get()); @@ -260,7 +247,6 @@ void ContactInstance::AddressBookAddGroup(const JsonValue& args, void ContactInstance::AddressBookGetGroup(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookGetGroup( common::JsonCast(args), val.get()); @@ -272,7 +258,6 @@ void ContactInstance::AddressBookGetGroup(const JsonValue& args, void ContactInstance::AddressBookUpdateGroup(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookUpdateGroup( common::JsonCast(args), val.get()); @@ -284,7 +269,6 @@ void ContactInstance::AddressBookUpdateGroup(const JsonValue& args, void ContactInstance::AddressBookRemoveGroup(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookRemoveGroup( common::JsonCast(args), val.get()); @@ -296,7 +280,6 @@ void ContactInstance::AddressBookRemoveGroup(const JsonValue& args, void ContactInstance::AddressBookGetGroups(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonArray{}}; PlatformResult status = AddressBook::AddressBookGetGroups( common::JsonCast(args), val.get()); @@ -308,8 +291,6 @@ void ContactInstance::AddressBookGetGroups(const JsonValue& args, void ContactInstance::ContactManagerGetAddressBooks(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); - const double callback_id = args.get("callbackId").get(); auto get = [=](const std::shared_ptr& response) -> void { @@ -337,7 +318,6 @@ void ContactInstance::ContactManagerGetAddressBooks(const JsonValue& args, void ContactInstance::ContactManagerGetAddressBook(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerGetAddressBook( common::JsonCast(args), val.get()); @@ -349,7 +329,6 @@ void ContactInstance::ContactManagerGetAddressBook(const JsonValue& args, void ContactInstance::ContactManagerAddAddressBook(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerAddAddressBook( common::JsonCast(args), val.get()); @@ -361,7 +340,6 @@ void ContactInstance::ContactManagerAddAddressBook(const JsonValue& args, void ContactInstance::ContactManagerRemoveAddressBook(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerRemoveAddressBook( common::JsonCast(args), val.get()); @@ -373,7 +351,6 @@ void ContactInstance::ContactManagerRemoveAddressBook(const JsonValue& args, void ContactInstance::AddressBookStartListening(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookStartListening( *this, common::JsonCast(args), val.get()); @@ -385,7 +362,6 @@ void ContactInstance::AddressBookStartListening(const JsonValue& args, void ContactInstance::AddressBookStopListening(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = AddressBook::AddressBookStopListening( *this, common::JsonCast(args), val.get()); @@ -397,7 +373,6 @@ void ContactInstance::AddressBookStopListening(const JsonValue& args, void ContactInstance::ContactManagerGet(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerGet( common::JsonCast(args), val.get()); @@ -409,7 +384,6 @@ void ContactInstance::ContactManagerGet(const JsonValue& args, void ContactInstance::ContactManagerUpdate(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerUpdate( common::JsonCast(args), val.get()); @@ -422,7 +396,6 @@ void ContactInstance::ContactManagerUpdate(const JsonValue& args, void ContactInstance::ContactManagerUpdateBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -454,7 +427,6 @@ void ContactInstance::ContactManagerUpdateBatch(const JsonValue& args, void ContactInstance::ContactManagerRemove(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerRemove( common::JsonCast(args), val.get()); @@ -467,7 +439,6 @@ void ContactInstance::ContactManagerRemove(const JsonValue& args, void ContactInstance::ContactManagerRemoveBatch(const JsonValue& args, JsonObject& out) { LoggerD("entered"); - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); const double callback_id = args.get("callbackId").get(); @@ -499,7 +470,6 @@ void ContactInstance::ContactManagerRemoveBatch(const JsonValue& args, void ContactInstance::ContactManagerFind(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); const double callback_id = args.get("callbackId").get(); auto get = [this, args](const std::shared_ptr& response) -> void { @@ -539,7 +509,6 @@ void ContactInstance::ContactManagerImportFromVCard(const JsonValue& args, void ContactInstance::ContactManagerStartListening(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerStartListening( *this, common::JsonCast(args), val.get()); @@ -551,7 +520,6 @@ void ContactInstance::ContactManagerStartListening(const JsonValue& args, void ContactInstance::ContactManagerStopListening(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactRead, &out); JsonValue val{JsonObject{}}; PlatformResult status = ContactManager::ContactManagerStopListening( *this, common::JsonCast(args), val.get()); @@ -562,7 +530,6 @@ void ContactInstance::ContactManagerStopListening(const JsonValue& args, } void ContactInstance::PersonLink(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = Person::PersonLink(common::JsonCast(args), val.get()); @@ -573,7 +540,6 @@ void ContactInstance::PersonLink(const JsonValue& args, JsonObject& out) { } void ContactInstance::PersonUnlink(const JsonValue& args, JsonObject& out) { - CHECK_PRIVILEGE_ACCESS(kPrivilegeContactWrite, &out); JsonValue val{JsonObject{}}; PlatformResult status = Person::PersonUnlink( common::JsonCast(args), val.get()); diff --git a/src/contact/js/address_book.js b/src/contact/js/address_book.js index 4d3d0d6e..7ca2ec41 100644 --- a/src/contact/js/address_book.js +++ b/src/contact/js/address_book.js @@ -150,6 +150,8 @@ var AddressBook = function(accountId, name) { }; AddressBook.prototype.get = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [{ name: 'id', type: types_.STRING, @@ -197,6 +199,8 @@ AddressBook.prototype.get = function() { }; AddressBook.prototype.add = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'contact', @@ -243,6 +247,8 @@ AddressBook.prototype.add = function() { }; AddressBook.prototype.addBatch = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'contacts', @@ -293,6 +299,8 @@ AddressBook.prototype.addBatch = function() { }; AddressBook.prototype.update = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'contact', @@ -323,6 +331,8 @@ AddressBook.prototype.update = function() { }; AddressBook.prototype.updateBatch = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'contacts', @@ -372,6 +382,8 @@ AddressBook.prototype.updateBatch = function() { }; AddressBook.prototype.remove = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [{ name: 'id', type: types_.STRING, @@ -395,6 +407,8 @@ AddressBook.prototype.remove = function() { }; AddressBook.prototype.removeBatch = function(ids, successCallback, errorCallback) { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'ids', @@ -433,6 +447,8 @@ AddressBook.prototype.removeBatch = function(ids, successCallback, errorCallback }; AddressBook.prototype.find = function(successCallback, errorCallback, filter, sortMode) { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [ { name: 'successCallback', @@ -502,6 +518,8 @@ AddressBook.prototype.find = function(successCallback, errorCallback, filter, so }; AddressBook.prototype.addChangeListener = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [{ name: 'successCallback', type: types_.LISTENER, @@ -543,6 +561,8 @@ AddressBook.prototype.addChangeListener = function() { }; AddressBook.prototype.removeChangeListener = function(watchId) { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [ { name: 'watchId', @@ -582,6 +602,8 @@ AddressBook.prototype.removeChangeListener = function(watchId) { }; AddressBook.prototype.getGroup = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [{ name: 'groupId', type: types_.STRING, @@ -608,6 +630,8 @@ AddressBook.prototype.getGroup = function() { }; AddressBook.prototype.addGroup = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'group', @@ -632,6 +656,8 @@ AddressBook.prototype.addGroup = function() { }; AddressBook.prototype.updateGroup = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'group', @@ -650,6 +676,8 @@ AddressBook.prototype.updateGroup = function() { }; AddressBook.prototype.removeGroup = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [{ name: 'groupId', type: types_.STRING, @@ -670,6 +698,8 @@ AddressBook.prototype.removeGroup = function() { }; AddressBook.prototype.getGroups = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var result = native_.callSync('AddressBook_getGroups', {addressBook: this}); if (native_.isFailure(result)) { throw native_.getErrorObject(result); diff --git a/src/contact/js/contact_manager.js b/src/contact/js/contact_manager.js index b1ba64d4..6c4626f9 100644 --- a/src/contact/js/contact_manager.js +++ b/src/contact/js/contact_manager.js @@ -2,8 +2,6 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -var _PRIVILEGE_CONTACT_READ = "http://tizen.org/privilege/contact.read"; - var _personListenerRegistered = false; var _personCallbackMap = {}; var _personChangeListener = function(result) { @@ -30,6 +28,8 @@ var ContactManager = function() {}; // Gets the available address books ContactManager.prototype.getAddressBooks = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [ { name: 'successCallback', @@ -73,7 +73,7 @@ ContactManager.prototype.getAddressBooks = function() { // Gets the aggregation of all address books. ContactManager.prototype.getUnifiedAddressBook = function() { - xwalk.utils.checkPrivilegeAccess(_PRIVILEGE_CONTACT_READ); + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); return _editGuard.run(function() { var addressBook = new AddressBook(0, 'Unified address book'); @@ -92,6 +92,8 @@ ContactManager.prototype.getDefaultAddressBook = function() { // Gets the address book with the specified identifier. ContactManager.prototype.getAddressBook = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [{ name: 'addressBookId', type: types_.STRING, @@ -124,6 +126,8 @@ ContactManager.prototype.getAddressBook = function() { }; ContactManager.prototype.addAddressBook = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [{ name: 'addressBook', type: types_.PLATFORM_OBJECT, @@ -151,6 +155,8 @@ ContactManager.prototype.addAddressBook = function() { }; ContactManager.prototype.removeAddressBook = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + // TCT: ContactManager_removeAddressBook_misarg if (type_.isNullOrUndefined(arguments[0])) { throw new WebAPIException(WebAPIException.INVALID_VALUES_ERR); @@ -184,6 +190,8 @@ ContactManager.prototype.removeAddressBook = function() { // Gets the person with the specified identifier. ContactManager.prototype.get = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + // validation var args = validator_.validateArgs(arguments, [ { @@ -211,7 +219,7 @@ ContactManager.prototype.get = function() { // Updates a person in the address book synchronously. ContactManager.prototype.update = function() { - xwalk.utils.checkPrivilegeAccess('http://tizen.org/privilege/contact.write'); + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); // validation var args = validator_.validateArgs(arguments, [{ @@ -234,6 +242,8 @@ ContactManager.prototype.update = function() { // Updates several existing persons in the contact DB asynchronously. ContactManager.prototype.updateBatch = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'persons', @@ -275,6 +285,8 @@ ContactManager.prototype.updateBatch = function() { // Removes a person from the contact DB synchronously. ContactManager.prototype.remove = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + // validation var args = validator_.validateArgs(arguments, [{ name: 'personId', @@ -294,6 +306,8 @@ ContactManager.prototype.remove = function() { // Removes persons from contact DB asynchronously. ContactManager.prototype.removeBatch = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [ { name: 'personIds', @@ -336,6 +350,8 @@ ContactManager.prototype.removeBatch = function() { // Gets an array of all Person objects from the contact DB or the ones that match the // optionally supplied filter. ContactManager.prototype.find = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [ { name: 'successCallback', @@ -397,6 +413,8 @@ ContactManager.prototype.find = function() { // Subscribes to receive notifications about persons' changes. ContactManager.prototype.addChangeListener = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); + var args = validator_.validateArgs(arguments, [ { name: 'successCallback', @@ -429,7 +447,7 @@ ContactManager.prototype.addChangeListener = function() { // Unsubscribes a persons' changes watch operation. ContactManager.prototype.removeChangeListener = function() { - xwalk.utils.checkPrivilegeAccess('http://tizen.org/privilege/contact.read'); + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_READ); var args = validator_.validateArgs(arguments, [ { diff --git a/src/contact/js/person.js b/src/contact/js/person.js index bc8e7c07..833ac089 100644 --- a/src/contact/js/person.js +++ b/src/contact/js/person.js @@ -126,6 +126,8 @@ var Person = function(data) { // Aggregates another person to this person. Person.prototype.link = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [{ name: 'personId', type: types_.STRING, @@ -154,6 +156,8 @@ Person.prototype.link = function() { // Separates a contact from this person. Person.prototype.unlink = function(contactId) { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.CONTACT_WRITE); + var args = validator_.validateArgs(arguments, [{ name: 'contactId', type: types_.STRING, -- 2.34.1