tdf#129311 don't allow temporary trusted certs

This simply skips the DocumentMacroConfirmationRequest, if the macro security level (MSL) is *High* and the list of trusted authors is read-only. For the MSL *Medium*, the check box of the dialog is hidden with read-only trusted authors. Change-Id: If6c08e4fdbf200e778d181370cc73fd947cecff5 Reviewed-on: https://gerrit.libreoffice.org/84887 Tested-by: Jenkins Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
author: Jan-Marek Glogowski <jan-marek.glogowski@extern.cib.de> 2019-12-10 18:42:40 +0100
committer: Jan-Marek Glogowski <glogow@fbihome.de> 2019-12-17 11:59:08 +0100
commit: 71c6f438cecc3ce5e8060efe1df840652885701c (patch)
tree: f0c1e7ee813f0ccc6ca94138eaa27649aa7a4ddb /sfx2
parent: b3348ce498b3d54b3e5e6518954ad9d5e917b8f2 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index ef5123a2c39d..94d0f076d733 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -226,11 +226,17 @@ namespace sfx2
             if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
             {
                 // the trusted macro check will also retrieve the signature state ( small optimization )
-                bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature( nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN );
+                const SvtSecurityOptions aSecOption;
+                const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
+                                                 && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
+                                                     || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+                const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
 
                 SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
                 if ( nSignatureState == SignatureState::BROKEN )
                 {
+                    if (!bAllowUIToAddAuthor)
+                        lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
                     return disallowMacroExecution();
                 }
                 else if ( bHasTrustedMacroSignature )
@@ -242,6 +248,8 @@ namespace sfx2
                        || nSignatureState == SignatureState::NOTVALIDATED )
                 {
                     // there is valid signature, but it is not from the trusted author
+                    if (!bAllowUIToAddAuthor)
+                        lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
                     return disallowMacroExecution();
                 }
             }
author	Jan-Marek Glogowski <jan-marek.glogowski@extern.cib.de>	2019-12-10 18:42:40 +0100
committer	Jan-Marek Glogowski <glogow@fbihome.de>	2019-12-17 11:59:08 +0100
commit	71c6f438cecc3ce5e8060efe1df840652885701c (patch)
tree	f0c1e7ee813f0ccc6ca94138eaa27649aa7a4ddb /sfx2
parent	b3348ce498b3d54b3e5e6518954ad9d5e917b8f2 (diff)