1/**************************************************************
2 *
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements.  See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership.  The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License.  You may obtain a copy of the License at
10 *
11 *   http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied.  See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 *
20 *************************************************************/
21
22
23#ifndef __com_sun_star_security_XAccessController_idl__
24#define __com_sun_star_security_XAccessController_idl__
25
26#ifndef __com_sun_star_uno_XInterface_idl__
27#include <com/sun/star/uno/XInterface.idl>
28#endif
29#ifndef __com_sun_star_security_XAccessControlContext_idl__
30#include <com/sun/star/security/XAccessControlContext.idl>
31#endif
32
33#ifndef __com_sun_star_security_XAction_idl__
34#include <com/sun/star/security/XAction.idl>
35#endif
36
37#ifndef __com_sun_star_security_AccessControlException_idl__
38#include <com/sun/star/security/AccessControlException.idl>
39#endif
40
41
42//=============================================================================
43
44module com {  module sun {  module star {  module security {
45
46//=============================================================================
47
48/** Interface for checking permissions and invoking privileged or restricted
49    actions.
50
51    @since OpenOffice 1.1.2
52*/
53published interface XAccessController : com::sun::star::uno::XInterface
54{
55	/** Determines whether the access request indicated by the specified
56		permission should be allowed or denied, based on the security policy
57		currently in effect.
58        The semantics are equivalent to the security permission classes of
59        the Java platform.
60		<p>
61        You can also pass a sequence of permissions (sequence< any >) to check
62        a set of permissions, e.g. for performance reasons.
63		This method quietly returns if the access request is permitted,
64		or throws a suitable AccessControlException otherwise.
65		</p>
66
67		@param perm
68               permission to be checked
69
70		@throws AccessControlException
71				thrown if access is denied
72
73        @see ::com::sun::star::security::AccessControlException
74        @see ::com::sun::star::security::AllPermission
75        @see ::com::sun::star::security::RuntimePermission
76        @see ::com::sun::star::io::FilePermission
77        @see ::com::sun::star::connection::SocketPermission
78	*/
79	void checkPermission(
80        [in] any perm )
81		raises (AccessControlException);
82
83	/** Perform the specified action restricting permissions to the given
84        XAccessControlContext.
85		The action is performed with the intersection of the permissions of the currently installed
86        XAccessControlContext, the given XAccessControlContext and the security policy currently
87        in effect.  The latter includes static security, e.g. based on user credentials.
88		<p>
89		If the specified XAccessControlContext is null, then the action is performed
90		with unmodified permissions, i.e. the call makes no sense.
91		</p>
92
93		@param action
94			   action object to be executed
95		@param restriction
96			   access control context to restrict permission; null for no restriction
97		@return
98				result
99		@throws com::sun::star::uno::Exception
100				any UNO exception may be thrown
101	*/
102	any doRestricted(
103		[in] XAction action,
104		[in] XAccessControlContext restriction )
105		raises (com::sun::star::uno::Exception);
106
107	/** Perform the specified action adding a set of permissions defined by the given
108        XAccessControlContext.
109		The action is performed with the union of the permissions of the currently installed
110        XAccessControlContext, the given XAccessControlContext and the security policy currently
111        in effect.  The latter includes static security, e.g. based on user credentials.
112		<p>
113		If the given XAccessControlContext is null, then the action is performed
114		<b>only</b> with the permissions of the security policy currently in effect.
115		</p>
116
117        @attention
118        Do carefully use this method only for well known use-cases to avoid exploits!
119        Script engines executing sandboxed scripts should generally deny calling this
120        method.
121
122		@param action
123			   action object to be executed
124		@param restriction
125			   access control context to restrict permission; null for no restriction
126		@return
127				result
128		@throws com::sun::star::uno::Exception
129				any UNO exception may be thrown
130	*/
131	any doPrivileged(
132		[in] XAction action,
133		[in] XAccessControlContext restriction )
134		raises (com::sun::star::uno::Exception);
135
136	/** This method takes a "snapshot" of the current calling context
137		and returns it.
138		<p>
139		This context may then be checked at a later point, possibly in another thread.
140		</p>
141		@return
142				snapshot of context
143	*/
144	XAccessControlContext getContext();
145};
146
147//=============================================================================
148
149}; }; }; };
150
151#endif
152