xref: /aoo4110/main/udkapi/com/sun/star/security/XAccessController.idl (revision b1cdbd2c)

/**************************************************************
 *
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 *
 *************************************************************/


#ifndef __com_sun_star_security_XAccessController_idl__
#define __com_sun_star_security_XAccessController_idl__

#ifndef __com_sun_star_uno_XInterface_idl__
#include <com/sun/star/uno/XInterface.idl>
#endif
#ifndef __com_sun_star_security_XAccessControlContext_idl__
#include <com/sun/star/security/XAccessControlContext.idl>
#endif

#ifndef __com_sun_star_security_XAction_idl__
#include <com/sun/star/security/XAction.idl>
#endif

#ifndef __com_sun_star_security_AccessControlException_idl__
#include <com/sun/star/security/AccessControlException.idl>
#endif


//=============================================================================

module com {  module sun {  module star {  module security {

//=============================================================================

/** Interface for checking permissions and invoking privileged or restricted
    actions.

    @since OpenOffice 1.1.2
*/
published interface XAccessController : com::sun::star::uno::XInterface
{
	/** Determines whether the access request indicated by the specified
		permission should be allowed or denied, based on the security policy
		currently in effect.
        The semantics are equivalent to the security permission classes of
        the Java platform.
		<p>
        You can also pass a sequence of permissions (sequence< any >) to check
        a set of permissions, e.g. for performance reasons.
		This method quietly returns if the access request is permitted,
		or throws a suitable AccessControlException otherwise.
		</p>

		@param perm
               permission to be checked

		@throws AccessControlException
				thrown if access is denied

        @see ::com::sun::star::security::AccessControlException
        @see ::com::sun::star::security::AllPermission
        @see ::com::sun::star::security::RuntimePermission
        @see ::com::sun::star::io::FilePermission
        @see ::com::sun::star::connection::SocketPermission
	*/
	void checkPermission(
        [in] any perm )
		raises (AccessControlException);

	/** Perform the specified action restricting permissions to the given
        XAccessControlContext.
		The action is performed with the intersection of the permissions of the currently installed
        XAccessControlContext, the given XAccessControlContext and the security policy currently
        in effect.  The latter includes static security, e.g. based on user credentials.
		<p>
		If the specified XAccessControlContext is null, then the action is performed
		with unmodified permissions, i.e. the call makes no sense.
		</p>

		@param action
			   action object to be executed
		@param restriction
			   access control context to restrict permission; null for no restriction
		@return
				result
		@throws com::sun::star::uno::Exception
				any UNO exception may be thrown
	*/
	any doRestricted(
		[in] XAction action,
		[in] XAccessControlContext restriction )
		raises (com::sun::star::uno::Exception);

	/** Perform the specified action adding a set of permissions defined by the given
        XAccessControlContext.
		The action is performed with the union of the permissions of the currently installed
        XAccessControlContext, the given XAccessControlContext and the security policy currently
        in effect.  The latter includes static security, e.g. based on user credentials.
		<p>
		If the given XAccessControlContext is null, then the action is performed
		<b>only</b> with the permissions of the security policy currently in effect.
		</p>

        @attention
        Do carefully use this method only for well known use-cases to avoid exploits!
        Script engines executing sandboxed scripts should generally deny calling this
        method.

		@param action
			   action object to be executed
		@param restriction
			   access control context to restrict permission; null for no restriction
		@return
				result
		@throws com::sun::star::uno::Exception
				any UNO exception may be thrown
	*/
	any doPrivileged(
		[in] XAction action,
		[in] XAccessControlContext restriction )
		raises (com::sun::star::uno::Exception);

	/** This method takes a "snapshot" of the current calling context
		and returns it.
		<p>
		This context may then be checked at a later point, possibly in another thread.
		</p>
		@return
				snapshot of context
	*/
	XAccessControlContext getContext();
};

//=============================================================================

}; }; }; };

#endif