Bug 769597 - IndexedDB should use nsIPermissionManager with principals. r=sicking

2024-10-10 03:45:46 +00:00 · 2012-07-15 18:35:47 -07:00 · 2012-07-15 18:35:47 -07:00 · fe6907f48c
commit fe6907f48c
parent de3e7e0ba9
5 changed files with 28 additions and 44 deletions
--- a/dom/indexedDB/CheckPermissionsHelper.cpp
+++ b/dom/indexedDB/CheckPermissionsHelper.cpp
@ -45,8 +45,7 @@ namespace {

 inline
 PRUint32
-GetIndexedDBPermissions(const nsACString& aASCIIOrigin,
-                        nsIDOMWindow* aWindow)
+GetIndexedDBPermissions(nsIDOMWindow* aWindow)
 {
  NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");

@ -74,16 +73,14 @@ GetIndexedDBPermissions(const nsACString& aASCIIOrigin,
    return PERMISSION_DENIED;
  }

-  nsCOMPtr<nsIURI> uri;
-  nsresult rv = NS_NewURI(getter_AddRefs(uri), aASCIIOrigin);
-  NS_ENSURE_SUCCESS(rv, PERMISSION_DENIED);
-
  nsCOMPtr<nsIPermissionManager> permissionManager =
    do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
  NS_ENSURE_TRUE(permissionManager, PERMISSION_DENIED);

  PRUint32 permission;
-  rv = permissionManager->TestPermission(uri, PERMISSION_INDEXEDDB,
+  nsresult rv =
+    permissionManager->TestPermissionFromPrincipal(sop->GetPrincipal(),
+                                                   PERMISSION_INDEXEDDB,
                                                   &permission);
  NS_ENSURE_SUCCESS(rv, PERMISSION_DENIED);

@ -103,7 +100,7 @@ CheckPermissionsHelper::Run()

  PRUint32 permission = mHasPrompted ?
                        mPromptResult :
-                        GetIndexedDBPermissions(mASCIIOrigin, mWindow);
+                        GetIndexedDBPermissions(mWindow);

  nsresult rv;
  if (mHasPrompted) {
@ -113,16 +110,17 @@ CheckPermissionsHelper::Run()
    // we cannot set the permission from the child).
    if (permission != PERMISSION_PROMPT &&
        IndexedDatabaseManager::IsMainProcess()) {
-      nsCOMPtr<nsIURI> uri;
-      rv = NS_NewURI(getter_AddRefs(uri), mASCIIOrigin);
-      NS_ENSURE_SUCCESS(rv, rv);
-
      nsCOMPtr<nsIPermissionManager> permissionManager =
        do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
      NS_ENSURE_STATE(permissionManager);

-      rv = permissionManager->Add(uri, PERMISSION_INDEXEDDB, permission,
-                                  nsIPermissionManager::EXPIRE_NEVER, 0);
+      nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(mWindow);
+      NS_ENSURE_TRUE(sop, NS_ERROR_FAILURE);
+
+      rv = permissionManager->AddFromPrincipal(sop->GetPrincipal(),
+                                               PERMISSION_INDEXEDDB, permission,
+                                               nsIPermissionManager::EXPIRE_NEVER,
+                                               0);
      NS_ENSURE_SUCCESS(rv, rv);
    }
  }
--- a/dom/indexedDB/CheckPermissionsHelper.h
+++ b/dom/indexedDB/CheckPermissionsHelper.h
@ -31,11 +31,9 @@ public:

  CheckPermissionsHelper(OpenDatabaseHelper* aHelper,
                         nsIDOMWindow* aWindow,
-                         const nsACString& aASCIIOrigin,
                         bool aForDeletion)
  : mHelper(aHelper),
    mWindow(aWindow),
-    mASCIIOrigin(aASCIIOrigin),
    // If we're trying to delete the database, we should never prompt the user.
    // Anything that would prompt is translated to denied.
    mPromptAllowed(!aForDeletion),
@ -43,13 +41,11 @@ public:
    mPromptResult(0)
  {
    NS_ASSERTION(aHelper, "Null pointer!");
-    NS_ASSERTION(!aASCIIOrigin.IsEmpty(), "Empty origin!");
  }

 private:
  nsRefPtr<OpenDatabaseHelper> mHelper;
  nsCOMPtr<nsIDOMWindow> mWindow;
-  nsCString mASCIIOrigin;
  bool mPromptAllowed;
  bool mHasPrompted;
  PRUint32 mPromptResult;
--- a/dom/indexedDB/CheckQuotaHelper.cpp
+++ b/dom/indexedDB/CheckQuotaHelper.cpp
@ -35,8 +35,7 @@ namespace {

 inline
 PRUint32
-GetQuotaPermissions(const nsACString& aASCIIOrigin,
-                    nsIDOMWindow* aWindow)
+GetQuotaPermissions(nsIDOMWindow* aWindow)
 {
  NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");

@ -47,16 +46,14 @@ GetQuotaPermissions(const nsACString& aASCIIOrigin,
    return nsIPermissionManager::ALLOW_ACTION;
  }

-  nsCOMPtr<nsIURI> uri;
-  nsresult rv = NS_NewURI(getter_AddRefs(uri), aASCIIOrigin);
-  NS_ENSURE_SUCCESS(rv, nsIPermissionManager::DENY_ACTION);
-
  nsCOMPtr<nsIPermissionManager> permissionManager =
    do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
  NS_ENSURE_TRUE(permissionManager, nsIPermissionManager::DENY_ACTION);

  PRUint32 permission;
-  rv = permissionManager->TestPermission(uri, PERMISSION_INDEXEDDB_UNLIMITED,
+  nsresult rv =
+    permissionManager->TestPermissionFromPrincipal(sop->GetPrincipal(),
+                                                   PERMISSION_INDEXEDDB_UNLIMITED,
                                                   &permission);
  NS_ENSURE_SUCCESS(rv, nsIPermissionManager::DENY_ACTION);

@ -142,14 +139,9 @@ CheckQuotaHelper::Run()

  nsresult rv = NS_OK;

-  if (mASCIIOrigin.IsEmpty()) {
-    rv = IndexedDatabaseManager::GetASCIIOriginFromWindow(mWindow,
-                                                          mASCIIOrigin);
-  }
-
  if (NS_SUCCEEDED(rv)) {
    if (!mHasPrompted) {
-      mPromptResult = GetQuotaPermissions(mASCIIOrigin, mWindow);
+      mPromptResult = GetQuotaPermissions(mWindow);
    }

    if (mHasPrompted) {
@ -159,15 +151,15 @@ CheckQuotaHelper::Run()
      // we cannot set the permission from the child).
      if (mPromptResult != nsIPermissionManager::UNKNOWN_ACTION &&
          XRE_GetProcessType() == GeckoProcessType_Default) {
-        nsCOMPtr<nsIURI> uri;
-        rv = NS_NewURI(getter_AddRefs(uri), mASCIIOrigin);
-        NS_ENSURE_SUCCESS(rv, rv);
+        nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(mWindow);
+        NS_ENSURE_TRUE(sop, NS_ERROR_FAILURE);

        nsCOMPtr<nsIPermissionManager> permissionManager =
          do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
        NS_ENSURE_STATE(permissionManager);

-        rv = permissionManager->Add(uri, PERMISSION_INDEXEDDB_UNLIMITED,
+        rv = permissionManager->AddFromPrincipal(sop->GetPrincipal(),
+                                                 PERMISSION_INDEXEDDB_UNLIMITED,
                                                 mPromptResult,
                                                 nsIPermissionManager::EXPIRE_NEVER, 0);
        NS_ENSURE_SUCCESS(rv, rv);
--- a/dom/indexedDB/CheckQuotaHelper.h
+++ b/dom/indexedDB/CheckQuotaHelper.h
@ -42,7 +42,6 @@ public:
 private:
  nsPIDOMWindow* mWindow;

-  nsCString mASCIIOrigin;
  mozilla::Mutex& mMutex;
  mozilla::CondVar mCondVar;
  PRUint32 mPromptResult;
--- a/dom/indexedDB/IDBFactory.cpp
+++ b/dom/indexedDB/IDBFactory.cpp
@ -509,7 +509,6 @@ IDBFactory::OpenCommon(const nsAString& aName,
  NS_ASSERTION(mWindow || mOwningObject, "Must have one of these!");

  nsCOMPtr<nsPIDOMWindow> window;
-  nsCOMPtr<nsIScriptGlobalObject> sgo;
  JSObject* scriptOwner = nsnull;

  if (mWindow) {
@ -535,7 +534,7 @@ IDBFactory::OpenCommon(const nsAString& aName,
    NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR);

    nsRefPtr<CheckPermissionsHelper> permissionHelper =
-      new CheckPermissionsHelper(openHelper, window, mASCIIOrigin, aDeleting);
+      new CheckPermissionsHelper(openHelper, window, aDeleting);

    IndexedDatabaseManager* mgr = IndexedDatabaseManager::Get();
    NS_ASSERTION(mgr, "This should never be null!");