diff options
6 files changed, 53 insertions, 31 deletions
diff --git a/scripting/source/runtimemgr/ScriptNameResolverImpl.cxx b/scripting/source/runtimemgr/ScriptNameResolverImpl.cxx index 99c9241a641f..5f29a2205271 100644 --- a/scripting/source/runtimemgr/ScriptNameResolverImpl.cxx +++ b/scripting/source/runtimemgr/ScriptNameResolverImpl.cxx @@ -2,9 +2,9 @@ * * $RCSfile: ScriptNameResolverImpl.cxx,v $ * - * $Revision: 1.14 $ + * $Revision: 1.15 $ * - * last change: $Author: npower $ $Date: 2003-01-28 11:52:16 $ + * last change: $Author: dfoster $ $Date: 2003-01-28 17:09:24 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -210,7 +210,7 @@ throw ( lang::IllegalArgumentException, script::CannotConvertException, RuntimeE { OSL_TRACE( "** about to resolve from storage using id %d from vector of size %d", *iter, m_vSearchIDs.size() ); - if ( ( resolvedName = resolveURIFromStorageID( *iter, scriptURI ) ).is() ) + if ( ( resolvedName = resolveURIFromStorageID( *iter, docUri, scriptURI ) ).is() ) { OSL_TRACE( "found match in uri from storage %d", *iter ); xPropSetScriptingContext->setPropertyValue( @@ -303,7 +303,8 @@ throw( RuntimeException ) Reference< storage::XScriptInfo > ScriptNameResolverImpl::resolveURIFromStorageID -( sal_Int32 sid, const ::rtl::OUString& scriptURI ) +( sal_Int32 sid, const ::rtl::OUString & docURI, + const ::rtl::OUString& scriptURI ) SAL_THROW ( ( lang::IllegalArgumentException, RuntimeException ) ) { Reference< storage::XScriptInfo > resolvedScriptInfo; @@ -316,7 +317,7 @@ SAL_THROW ( ( lang::IllegalArgumentException, RuntimeException ) ) } try { - Reference< storage::XScriptInfoAccess > storage = getStorageInstance( sid ); + Reference< storage::XScriptInfoAccess > storage = getStorageInstance( sid, docURI ); validateXRef( storage, "ScriptNameResolverImpl::resolveURIFromStorageID: cannot get XScriptInfoAccess" ); Sequence< Reference< storage::XScriptInfo > > results = @@ -395,7 +396,8 @@ SAL_THROW ( ( lang::IllegalArgumentException, RuntimeException ) ) Reference< storage::XScriptInfoAccess > -ScriptNameResolverImpl::getStorageInstance( sal_Int32 sid ) SAL_THROW ( ( RuntimeException ) ) +ScriptNameResolverImpl::getStorageInstance( sal_Int32 sid, +const ::rtl::OUString & docURI ) SAL_THROW ( ( RuntimeException ) ) { Reference< storage::XScriptInfoAccess > xScriptInfoAccess; try @@ -422,8 +424,7 @@ ScriptNameResolverImpl::getStorageInstance( sal_Int32 sid ) SAL_THROW ( ( Runtim // we need to check the permission if( ( sid != scriptingConstantsPool.USER_STORAGE_ID ) && ( sid != scriptingConstantsPool.SHARED_STORAGE_ID ) && - ( xScriptSecurity->checkPermission( Reference< - storage::XScriptInfo> (), + ( xScriptSecurity->checkPermission( docURI, OUString::createFromAscii( "execute" ) ) == false ) ) { OSL_TRACE( "ScriptNameResolverImpl::getStorageInstance: no permission for ID=%d", sid ); diff --git a/scripting/source/runtimemgr/ScriptNameResolverImpl.hxx b/scripting/source/runtimemgr/ScriptNameResolverImpl.hxx index 2c0e65fea640..d99fc42285dc 100644 --- a/scripting/source/runtimemgr/ScriptNameResolverImpl.hxx +++ b/scripting/source/runtimemgr/ScriptNameResolverImpl.hxx @@ -2,9 +2,9 @@ * * $RCSfile: ScriptNameResolverImpl.hxx,v $ * -* $Revision: 1.9 $ +* $Revision: 1.10 $ * -* last change: $Author: npower $ $Date: 2003-01-28 11:52:17 $ +* last change: $Author: dfoster $ $Date: 2003-01-28 17:09:25 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -120,11 +120,11 @@ public: css::uno::RuntimeException ); private: css::uno::Reference < dcsssf::storage::XScriptInfo > - resolveURIFromStorageID( sal_Int32 sid, const ::rtl::OUString & - nameToResolve ) + resolveURIFromStorageID( sal_Int32 sid, const rtl::OUString & docURI, + const ::rtl::OUString & nameToResolve ) SAL_THROW ( ( css::lang::IllegalArgumentException, css::uno::RuntimeException ) ); css::uno::Reference< dcsssf::storage::XScriptInfoAccess > - getStorageInstance( sal_Int32 sid ) + getStorageInstance( sal_Int32 sid, const rtl::OUString & docURI) SAL_THROW ( ( css::uno::RuntimeException ) ); /********************************************** diff --git a/scripting/source/storage/ScriptSecurityManager.cxx b/scripting/source/storage/ScriptSecurityManager.cxx index 4541c3621f8f..2b618410b46d 100755 --- a/scripting/source/storage/ScriptSecurityManager.cxx +++ b/scripting/source/storage/ScriptSecurityManager.cxx @@ -2,9 +2,9 @@ * * $RCSfile: ScriptSecurityManager.cxx,v $ * - * $Revision: 1.2 $ + * $Revision: 1.3 $ * - * last change: $Author: dfoster $ $Date: 2003-01-27 17:18:21 $ + * last change: $Author: dfoster $ $Date: 2003-01-28 17:09:26 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -142,11 +142,32 @@ void ScriptSecurityManager::addScriptStorage( rtl::OUString url, * we can't see a good reason not to return a bool, rather than throw * an exception if the request is not granted (as is the case in Java). */ -bool ScriptSecurityManager::checkPermission( const Reference< -storage::XScriptInfo > & scriptInfo, const OUString & permissionRequest ) +sal_Bool ScriptSecurityManager::checkPermission( const OUString & scriptStorageURL, + const OUString & permissionRequest ) throw ( RuntimeException ) { - // warning dialog if necessary + if( permissionRequest.equals( OUString::createFromAscii( "execute" ) ) ) + { + OSL_TRACE( + "ScriptSecurityManager::checkPermission: execute permission request for %s", + ::rtl::OUStringToOString( scriptStorageURI, + RTL_TEXTENCODING_ASCII_US ).pData->buffer); + ::std::vector< StoragePerm >::const_iterator iter; + ::std::vector< StoragePerm >::const_iterator iterEnd = + m_permissionSettings.end(); + for ( iter = m_permissionSettings.begin() ; iter != iterEnd; ++iter ) + { + if ( iter->url.equals( scriptStorageURL ) ) + { + // warning dialog if necessary + return iter->execPermission; + } + } + // we should never get here!! + throw RuntimeException( OUString::createFromAscii( "ScriptSecurityManager::checkPermission: storageURL not found" ) ); + } + else + return sal_True; } void ScriptSecurityManager::readConfiguration() diff --git a/scripting/source/storage/ScriptSecurityManager.hxx b/scripting/source/storage/ScriptSecurityManager.hxx index cc4a82d112cc..9fd241d7ce64 100755 --- a/scripting/source/storage/ScriptSecurityManager.hxx +++ b/scripting/source/storage/ScriptSecurityManager.hxx @@ -2,9 +2,9 @@ * * $RCSfile: ScriptSecurityManager.hxx,v $ * -* $Revision: 1.2 $ +* $Revision: 1.3 $ * -* last change: $Author: dfoster $ $Date: 2003-01-27 17:18:21 $ +* last change: $Author: dfoster $ $Date: 2003-01-28 17:09:26 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -99,9 +99,9 @@ public: * we can't see a good reason not to return a bool, rather than throw * an exception if the request is not granted (as is the case in Java). */ - bool checkPermission( const css::uno::Reference< - dcsssf::storage::XScriptInfo > & scriptInfo, const rtl::OUString & - permissionRequest ) throw (css::uno::RuntimeException); + sal_Bool checkPermission( const rtl::OUString & scriptStorageURL, + const rtl::OUString & permissionRequest ) + throw (css::uno::RuntimeException); private: void readConfiguration() throw (css::uno::RuntimeException); css::uno::Reference< css::uno::XComponentContext > m_xContext; diff --git a/scripting/source/storage/ScriptStorageManager.cxx b/scripting/source/storage/ScriptStorageManager.cxx index fe9623b42a0f..831469c2b1ff 100644 --- a/scripting/source/storage/ScriptStorageManager.cxx +++ b/scripting/source/storage/ScriptStorageManager.cxx @@ -2,9 +2,9 @@ * * $RCSfile: ScriptStorageManager.cxx,v $ * -* $Revision: 1.16 $ +* $Revision: 1.17 $ * -* last change: $Author: dfoster $ $Date: 2003-01-27 17:18:22 $ +* last change: $Author: dfoster $ $Date: 2003-01-28 17:09:27 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -373,11 +373,11 @@ throw( RuntimeException ) } //************************************************************************* -sal_Bool ScriptStorageManager::checkPermission( const Reference< -storage::XScriptInfo > & scriptInfo, const OUString & permissionRequest ) +sal_Bool ScriptStorageManager::checkPermission( const OUString & +scriptStorageURI, const OUString & permissionRequest ) throw ( css::uno::RuntimeException ) { - return m_securityMgr.checkPermission( scriptInfo, permissionRequest ); + return m_securityMgr.checkPermission( scriptStorageURI, permissionRequest ); } //************************************************************************* diff --git a/scripting/source/storage/ScriptStorageManager.hxx b/scripting/source/storage/ScriptStorageManager.hxx index 23c5697578db..db405dec040d 100644 --- a/scripting/source/storage/ScriptStorageManager.hxx +++ b/scripting/source/storage/ScriptStorageManager.hxx @@ -2,9 +2,9 @@ * * $RCSfile: ScriptStorageManager.hxx,v $ * - * $Revision: 1.12 $ + * $Revision: 1.13 $ * - * last change: $Author: dfoster $ $Date: 2003-01-27 17:18:22 $ + * last change: $Author: dfoster $ $Date: 2003-01-28 17:09:27 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -191,7 +191,7 @@ public: */ virtual sal_Bool ScriptStorageManager::checkPermission( - const css::uno::Reference< dcsssf::storage::XScriptInfo > & scriptInfo, + const rtl::OUString & scriptStorageURI, const rtl::OUString & permissionRequest ) throw ( css::uno::RuntimeException ); //====================================================================== |