Bug 814226 - Permission checks for "webapps-manage" could probably be friendlier r=sicking

2024-10-08 19:04:45 +00:00 · 2013-01-18 16:29:12 -08:00 · 2013-01-18 16:29:12 -08:00 · 72faee30f7
commit 72faee30f7
parent d94d7309be
2 changed files with 18 additions and 25 deletions
--- a/dom/apps/src/Webapps.js
+++ b/dom/apps/src/Webapps.js
@ -184,6 +184,10 @@ WebappsRegistry.prototype = {
  },

  get mgmt() {
+    if (!this.hasMgmtPrivilege) {
+      return null;
+    }
+
    if (!this._mgmt)
      this._mgmt = new WebappsApplicationMgmt(this._window);
    return this._mgmt;
@ -241,10 +245,19 @@ WebappsRegistry.prototype = {
                              "Webapps:GetSelf:Return:OK",
                              "Webapps:CheckInstalled:Return:OK" ]);

-    let util = this._window.QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDOMWindowUtils);
+    let util = this._window.QueryInterface(Ci.nsIInterfaceRequestor)
+                           .getInterface(Ci.nsIDOMWindowUtils);
    this._id = util.outerWindowID;
    cpmm.sendAsyncMessage("Webapps:RegisterForMessages",
                          ["Webapps:Install:Return:OK"]);
+
+    let principal = aWindow.document.nodePrincipal;
+    let perm = Services.perms
+               .testExactPermissionFromPrincipal(principal, "webapps-manage");
+
+    // Only pages with the webapps-manage permission set can get access to
+    // the mgmt object.
+    this.hasMgmtPrivilege = perm == Ci.nsIPermissionManager.ALLOW_ACTION;
  },

  classID: Components.ID("{fff440b3-fae2-45c1-bf03-3b5a2e432270}"),
@ -590,16 +603,6 @@ WebappsApplication.prototype = {
  * mozIDOMApplicationMgmt object
  */
 function WebappsApplicationMgmt(aWindow) {
-  let principal = aWindow.document.nodePrincipal;
-  let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager);
-
-  let perm = principal == secMan.getSystemPrincipal()
-               ? Ci.nsIPermissionManager.ALLOW_ACTION
-               : Services.perms.testExactPermissionFromPrincipal(principal, "webapps-manage");
-
-  //only pages with perm set can use some functions
-  this.hasPrivileges = perm == Ci.nsIPermissionManager.ALLOW_ACTION;
-
  this.initHelper(aWindow, ["Webapps:GetAll:Return:OK",
                            "Webapps:GetAll:Return:KO",
                            "Webapps:Uninstall:Return:OK",
@ -656,8 +659,7 @@ WebappsApplicationMgmt.prototype = {
  getAll: function() {
    let request = this.createRequest();
    cpmm.sendAsyncMessage("Webapps:GetAll", { oid: this._id,
-                                              requestID: this.getRequestId(request),
-                                              hasPrivileges: this.hasPrivileges });
+                                              requestID: this.getRequestId(request) });
    return request;
  },

@ -677,17 +679,11 @@ WebappsApplicationMgmt.prototype = {
  },

  set oninstall(aCallback) {
-    if (this.hasPrivileges)
-      this._oninstall = aCallback;
-    else
-      throw new Components.Exception("Denied", Cr.NS_ERROR_FAILURE);
+    this._oninstall = aCallback;
  },

  set onuninstall(aCallback) {
-    if (this.hasPrivileges)
-      this._onuninstall = aCallback;
-    else
-      throw new Components.Exception("Denied", Cr.NS_ERROR_FAILURE);
+    this._onuninstall = aCallback;
  },

  receiveMessage: function(aMessage) {
--- a/dom/apps/src/Webapps.jsm
+++ b/dom/apps/src/Webapps.jsm
@ -787,10 +787,7 @@ this.DOMApplicationRegistry = {
        this.getNotInstalled(msg, mm);
        break;
      case "Webapps:GetAll":
-        if (msg.hasPrivileges)
-          this.getAll(msg, mm);
-        else
-          mm.sendAsyncMessage("Webapps:GetAll:Return:KO", msg);
+        this.getAll(msg, mm);
        break;
      case "Webapps:InstallPackage":
        this.doInstallPackage(msg, mm);