You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tdebindings/kjsembed/jssecuritypolicy.h

154 lines
5.0 KiB

// -*- c++ -*-
/*
* Copyright (C) 2001-2003, Richard J. Moore <rich@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KJSEMBEDSECURITYPOLICY_H
#define KJSEMBEDSECURITYPOLICY_H
#include "global.h"
#include <kjsembed/jsobjectproxy.h>
namespace KJSEmbed {
class JSObjectProxy;
/**
* Implements the default security policy.
* This class defines the interface for security policies, and provides
* a default implementation that should be sufficient for most situations.
* <h3>Security Checks</h3>
* A SecurityPolicy must define tests for the following situations:
* <ul>
* <li>Does this request come from the correct @ref KJS::Interpreter ?
* <li>Is the script allowed to access the specified TQObject ?
* <li>Is the script allowed to access the specified property ?
* </ul>
* The various isAllowed() methods are called automatically by @ref JSObjectProxy
* when a script attempts to perform a controlled operation.
*
* <h3>Default Policy</h3>
* The security policy applied by default is as follows:
* <ul>
* <li>Only the interpreter specified when the initial binding was
* defined may access the proxy.
* <li>Scripts may only access TQObjects that are children of the root
* object. The root object is specified when the embedding application
* creates the initial binding, and is automatically inherited by any
* sub-proxies that may be created by the script.
* <li>Scripts may access any properties of the objects they can access.
* </ul>
* Applications tjat want a custom policy should define a SecurityPolicy
* that re-implement the various isAllowed() methods, then use
* @ref JSObjectProxy::setSecurityPolicy() to apply the policy to a proxy.
*
* @see KJSEmbed::JSObjectProxy
* @author Richard Moore, rich@kde.org
* $Id$
*/
class KJSEMBED_EXPORT JSSecurityPolicy
{
public:
JSSecurityPolicy( uint capabilities = 0 );
virtual ~JSSecurityPolicy();
/**
* Defines a set of flags that indicate if access to a given API
* should be allowed.
*/
enum Capabilities {
CapabilityTree = 0x0001,
CapabilityGetProperties = 0x0002,
CapabilitySetProperties = 0x0004,
CapabilitySlots = 0x0008,
CapabilityFactory = 0x0010,
CapabilityTopLevel = 0x0020,
CapabilityCustom = 0x4000,
CapabilityNone = 0x0000,
CapabilityReadOnly = CapabilityTree | CapabilityGetProperties,
CapabilityReadWrite = CapabilityReadOnly | CapabilitySetProperties | CapabilitySlots,
CapabilityAll = 0xffff
};
/**
* Returns true if any of the specified capabilities are allowed.
*/
bool hasCapability( uint cap ) const { return (cap & caps) ? true : false; }
/**
* Specifies that the passed capabilities are allowed.
*/
void setCapability( uint cap ) { caps = caps | cap; }
/**
* Specifies that the passed capabilities are disallowed.
*/
void clearCapability( uint cap ) { caps = caps | (CapabilityAll & cap); }
/**
* Returns true if the specified interpreter may access the proxy.
*/
virtual bool isInterpreterAllowed( const JSObjectProxy *prx, const KJS::Interpreter *interp ) const;
/**
* Returns true if scripts are allowed to see the specified TQObject.
*/
virtual bool isObjectAllowed( const JSObjectProxy *prx, const TQObject *obj ) const;
/**
* Returns true if scripts are allowed to see the specified property.
*/
virtual bool isPropertyAllowed( const JSObjectProxy *prx, const TQObject *obj, const char *prop ) const;
/**
* Returns true if scripts are allowed to create the specified child object.
*/
virtual bool isCreateAllowed( const JSObjectProxy *prx, const TQObject *parent,
const TQString &clazz, const TQString &name ) const;
/**
* Returns the default SecurityPolicy.
*/
static JSSecurityPolicy *defaultPolicy();
/**
* Sets the default SecurityPolicy.
*/
static void setDefaultPolicy( JSSecurityPolicy *pol );
/**
* Sets the default SecurityPolicy.
*/
static void setDefaultPolicy( uint capabilities );
/**
* Deletes the default SecurityPolicy.
*/
static void deleteDefaultPolicy();
private:
static JSSecurityPolicy *policy;
uint caps;
class JSSecurityPolicyPrivate *d;
};
} // namespace KJSEmbed
#endif // KJSEMBEDSECURITYPOLICY_H