Bug 769597 - IndexedDB should use nsIPermissionManager with principals. r=sicking
--- a/dom/indexedDB/CheckPermissionsHelper.cpp
+++ b/dom/indexedDB/CheckPermissionsHelper.cpp
@@ -40,18 +40,17 @@
using namespace mozilla;
USING_INDEXEDDB_NAMESPACE
using namespace mozilla::services;
namespace {
inline
PRUint32
-GetIndexedDBPermissions(const nsACString& aASCIIOrigin,
- nsIDOMWindow* aWindow)
+GetIndexedDBPermissions(nsIDOMWindow* aWindow)
{
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
if (!Preferences::GetBool(PREF_INDEXEDDB_ENABLED)) {
return PERMISSION_DENIED;
}
// No window here means chrome access.
@@ -69,27 +68,25 @@ GetIndexedDBPermissions(const nsACString
nsCOMPtr<nsIWebNavigation> webNav = do_GetInterface(aWindow);
nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(webNav);
if (loadContext && loadContext->UsePrivateBrowsing()) {
// TODO Support private browsing indexedDB?
NS_WARNING("IndexedDB may not be used while in private browsing mode!");
return PERMISSION_DENIED;
}
- nsCOMPtr<nsIURI> uri;
- nsresult rv = NS_NewURI(getter_AddRefs(uri), aASCIIOrigin);
- NS_ENSURE_SUCCESS(rv, PERMISSION_DENIED);
-
nsCOMPtr<nsIPermissionManager> permissionManager =
do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
NS_ENSURE_TRUE(permissionManager, PERMISSION_DENIED);
PRUint32 permission;
- rv = permissionManager->TestPermission(uri, PERMISSION_INDEXEDDB,
- &permission);
+ nsresult rv =
+ permissionManager->TestPermissionFromPrincipal(sop->GetPrincipal(),
+ PERMISSION_INDEXEDDB,
+ &permission);
NS_ENSURE_SUCCESS(rv, PERMISSION_DENIED);
return permission;
}
} // anonymous namespace
NS_IMPL_THREADSAFE_ISUPPORTS3(CheckPermissionsHelper, nsIRunnable,
@@ -98,36 +95,37 @@ NS_IMPL_THREADSAFE_ISUPPORTS3(CheckPermi
NS_IMETHODIMP
CheckPermissionsHelper::Run()
{
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
PRUint32 permission = mHasPrompted ?
mPromptResult :
- GetIndexedDBPermissions(mASCIIOrigin, mWindow);
+ GetIndexedDBPermissions(mWindow);
nsresult rv;
if (mHasPrompted) {
// Add permissions to the database, but only if we are in the parent
// process (if we are in the child process, we have already
// set the permission when the prompt was shown in the parent, as
// we cannot set the permission from the child).
if (permission != PERMISSION_PROMPT &&
IndexedDatabaseManager::IsMainProcess()) {
- nsCOMPtr<nsIURI> uri;
- rv = NS_NewURI(getter_AddRefs(uri), mASCIIOrigin);
- NS_ENSURE_SUCCESS(rv, rv);
-
nsCOMPtr<nsIPermissionManager> permissionManager =
do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
NS_ENSURE_STATE(permissionManager);
- rv = permissionManager->Add(uri, PERMISSION_INDEXEDDB, permission,
- nsIPermissionManager::EXPIRE_NEVER, 0);
+ nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(mWindow);
+ NS_ENSURE_TRUE(sop, NS_ERROR_FAILURE);
+
+ rv = permissionManager->AddFromPrincipal(sop->GetPrincipal(),
+ PERMISSION_INDEXEDDB, permission,
+ nsIPermissionManager::EXPIRE_NEVER,
+ 0);
NS_ENSURE_SUCCESS(rv, rv);
}
}
else if (permission == PERMISSION_PROMPT && mPromptAllowed) {
nsCOMPtr<nsIObserverService> obs = GetObserverService();
rv = obs->NotifyObservers(static_cast<nsIRunnable*>(this),
TOPIC_PERMISSIONS_PROMPT, nsnull);
NS_ENSURE_SUCCESS(rv, rv);
--- a/dom/indexedDB/CheckPermissionsHelper.h
+++ b/dom/indexedDB/CheckPermissionsHelper.h
@@ -26,35 +26,31 @@ class CheckPermissionsHelper MOZ_FINAL :
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIRUNNABLE
NS_DECL_NSIINTERFACEREQUESTOR
NS_DECL_NSIOBSERVER
CheckPermissionsHelper(OpenDatabaseHelper* aHelper,
nsIDOMWindow* aWindow,
- const nsACString& aASCIIOrigin,
bool aForDeletion)
: mHelper(aHelper),
mWindow(aWindow),
- mASCIIOrigin(aASCIIOrigin),
// If we're trying to delete the database, we should never prompt the user.
// Anything that would prompt is translated to denied.
mPromptAllowed(!aForDeletion),
mHasPrompted(false),
mPromptResult(0)
{
NS_ASSERTION(aHelper, "Null pointer!");
- NS_ASSERTION(!aASCIIOrigin.IsEmpty(), "Empty origin!");
}
private:
nsRefPtr<OpenDatabaseHelper> mHelper;
nsCOMPtr<nsIDOMWindow> mWindow;
- nsCString mASCIIOrigin;
bool mPromptAllowed;
bool mHasPrompted;
PRUint32 mPromptResult;
};
END_INDEXEDDB_NAMESPACE
#endif // mozilla_dom_indexeddb_checkpermissionshelper_h__
--- a/dom/indexedDB/CheckQuotaHelper.cpp
+++ b/dom/indexedDB/CheckQuotaHelper.cpp
@@ -30,39 +30,36 @@
USING_INDEXEDDB_NAMESPACE
using namespace mozilla::services;
using mozilla::MutexAutoLock;
namespace {
inline
PRUint32
-GetQuotaPermissions(const nsACString& aASCIIOrigin,
- nsIDOMWindow* aWindow)
+GetQuotaPermissions(nsIDOMWindow* aWindow)
{
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(aWindow));
NS_ENSURE_TRUE(sop, nsIPermissionManager::DENY_ACTION);
if (nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) {
return nsIPermissionManager::ALLOW_ACTION;
}
- nsCOMPtr<nsIURI> uri;
- nsresult rv = NS_NewURI(getter_AddRefs(uri), aASCIIOrigin);
- NS_ENSURE_SUCCESS(rv, nsIPermissionManager::DENY_ACTION);
-
nsCOMPtr<nsIPermissionManager> permissionManager =
do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
NS_ENSURE_TRUE(permissionManager, nsIPermissionManager::DENY_ACTION);
PRUint32 permission;
- rv = permissionManager->TestPermission(uri, PERMISSION_INDEXEDDB_UNLIMITED,
- &permission);
+ nsresult rv =
+ permissionManager->TestPermissionFromPrincipal(sop->GetPrincipal(),
+ PERMISSION_INDEXEDDB_UNLIMITED,
+ &permission);
NS_ENSURE_SUCCESS(rv, nsIPermissionManager::DENY_ACTION);
return permission;
}
} // anonymous namespace
CheckQuotaHelper::CheckQuotaHelper(nsPIDOMWindow* aWindow,
@@ -137,44 +134,39 @@ NS_IMPL_THREADSAFE_ISUPPORTS3(CheckQuota
NS_IMETHODIMP
CheckQuotaHelper::Run()
{
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
nsresult rv = NS_OK;
- if (mASCIIOrigin.IsEmpty()) {
- rv = IndexedDatabaseManager::GetASCIIOriginFromWindow(mWindow,
- mASCIIOrigin);
- }
-
if (NS_SUCCEEDED(rv)) {
if (!mHasPrompted) {
- mPromptResult = GetQuotaPermissions(mASCIIOrigin, mWindow);
+ mPromptResult = GetQuotaPermissions(mWindow);
}
if (mHasPrompted) {
// Add permissions to the database, but only if we are in the parent
// process (if we are in the child process, we have already
// set the permission when the prompt was shown in the parent, as
// we cannot set the permission from the child).
if (mPromptResult != nsIPermissionManager::UNKNOWN_ACTION &&
XRE_GetProcessType() == GeckoProcessType_Default) {
- nsCOMPtr<nsIURI> uri;
- rv = NS_NewURI(getter_AddRefs(uri), mASCIIOrigin);
- NS_ENSURE_SUCCESS(rv, rv);
-
+ nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(mWindow);
+ NS_ENSURE_TRUE(sop, NS_ERROR_FAILURE);
+
nsCOMPtr<nsIPermissionManager> permissionManager =
do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
NS_ENSURE_STATE(permissionManager);
-
- rv = permissionManager->Add(uri, PERMISSION_INDEXEDDB_UNLIMITED,
- mPromptResult,
- nsIPermissionManager::EXPIRE_NEVER, 0);
+
+ rv = permissionManager->AddFromPrincipal(sop->GetPrincipal(),
+ PERMISSION_INDEXEDDB_UNLIMITED,
+ mPromptResult,
+ nsIPermissionManager::EXPIRE_NEVER, 0);
NS_ENSURE_SUCCESS(rv, rv);
}
}
else if (mPromptResult == nsIPermissionManager::UNKNOWN_ACTION) {
PRUint32 quota = IndexedDatabaseManager::GetIndexedDBQuotaMB();
nsString quotaString;
quotaString.AppendInt(quota);
--- a/dom/indexedDB/CheckQuotaHelper.h
+++ b/dom/indexedDB/CheckQuotaHelper.h
@@ -37,17 +37,16 @@ public:
bool PromptAndReturnQuotaIsDisabled();
void Cancel();
private:
nsPIDOMWindow* mWindow;
- nsCString mASCIIOrigin;
mozilla::Mutex& mMutex;
mozilla::CondVar mCondVar;
PRUint32 mPromptResult;
bool mWaiting;
bool mHasPrompted;
};
END_INDEXEDDB_NAMESPACE
--- a/dom/indexedDB/IDBFactory.cpp
+++ b/dom/indexedDB/IDBFactory.cpp
@@ -504,17 +504,16 @@ IDBFactory::OpenCommon(const nsAString&
bool aDeleting,
JSContext* aCallingCx,
IDBOpenDBRequest** _retval)
{
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
NS_ASSERTION(mWindow || mOwningObject, "Must have one of these!");
nsCOMPtr<nsPIDOMWindow> window;
- nsCOMPtr<nsIScriptGlobalObject> sgo;
JSObject* scriptOwner = nsnull;
if (mWindow) {
window = mWindow;
scriptOwner =
static_cast<nsGlobalWindow*>(window.get())->FastGetGlobalJSObject();
}
else {
@@ -530,17 +529,17 @@ IDBFactory::OpenCommon(const nsAString&
if (IndexedDatabaseManager::IsMainProcess()) {
nsRefPtr<OpenDatabaseHelper> openHelper =
new OpenDatabaseHelper(request, aName, mASCIIOrigin, aVersion, aDeleting);
rv = openHelper->Init();
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR);
nsRefPtr<CheckPermissionsHelper> permissionHelper =
- new CheckPermissionsHelper(openHelper, window, mASCIIOrigin, aDeleting);
+ new CheckPermissionsHelper(openHelper, window, aDeleting);
IndexedDatabaseManager* mgr = IndexedDatabaseManager::Get();
NS_ASSERTION(mgr, "This should never be null!");
rv =
mgr->WaitForOpenAllowed(mASCIIOrigin, openHelper->Id(), permissionHelper);
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR);
}