mojo/services/view_manager/default_access_policy.cc - Issue 421693002: Adds an AccessPolicy that is queried to determine what a connection can do

Unified Diff: mojo/services/view_manager/default_access_policy.cc

Issue 421693002: Adds an AccessPolicy that is queried to determine what a connection can do (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: integrate review feedback Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « mojo/services/view_manager/default_access_policy.h ('k') | mojo/services/view_manager/view_manager_service_impl.h » ('j') | mojo/services/view_manager/view_manager_service_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: mojo/services/view_manager/default_access_policy.cc

diff --git a/mojo/services/view_manager/default_access_policy.cc b/mojo/services/view_manager/default_access_policy.cc

new file mode 100644

index 0000000000000000000000000000000000000000..19a4a31c85e0acd8f69e30308d93e84d03c3fef9

--- /dev/null

+++ b/mojo/services/view_manager/default_access_policy.cc

@@ -0,0 +1,127 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "mojo/services/view_manager/default_access_policy.h"

+#include "mojo/services/view_manager/access_policy_delegate.h"

+#include "mojo/services/view_manager/node.h"

+#include "mojo/services/view_manager/view.h"

+namespace mojo {

+namespace service {

+DefaultAccessPolicy::DefaultAccessPolicy(ConnectionSpecificId connection_id,

+ AccessPolicyDelegate* delegate)

+ : connection_id_(connection_id),

+ delegate_(delegate) {

+DefaultAccessPolicy::~DefaultAccessPolicy() {

+bool DefaultAccessPolicy::CanRemoveNodeFromParent(const Node* node) const {

+ if (!WasCreatedByThisConnection(node))

+ return false; // Can only unparent nodes we created.

+ const Node* parent = node->GetParent();

+ return IsNodeInRoots(parent) || WasCreatedByThisConnection(parent);

+bool DefaultAccessPolicy::CanAddNode(const Node* parent,

+ const Node* child) const {

+ return WasCreatedByThisConnection(child) &&

+ (IsNodeInRoots(parent) ||

+ (WasCreatedByThisConnection(parent) &&

+ !delegate_->IsNodeRootOfAnotherConnectionForAccessPolicy(parent)));

+bool DefaultAccessPolicy::CanReorderNode(const Node* node,

+ const Node* relative_node,

+ OrderDirection direction) const {

+ return WasCreatedByThisConnection(node) &&

+ WasCreatedByThisConnection(relative_node);

+bool DefaultAccessPolicy::CanDeleteNode(const Node* node) const {

+ return WasCreatedByThisConnection(node);

+bool DefaultAccessPolicy::CanDeleteView(const View* view) const {

+ return WasCreatedByThisConnection(view);

+bool DefaultAccessPolicy::CanSetView(const Node* node, const View* view) const {

+ if (view && !WasCreatedByThisConnection(view))

+ return false;

+ return WasCreatedByThisConnection(node) || IsNodeInRoots(node);

+bool DefaultAccessPolicy::CanSetFocus(const Node* node) const {

+ // TODO(beng): security.

+ return true;

+bool DefaultAccessPolicy::CanGetNodeTree(const Node* node) const {

+ return WasCreatedByThisConnection(node) || IsNodeInRoots(node);

+bool DefaultAccessPolicy::CanDescendIntoNodeForNodeTree(

+ const Node* node) const {

+ return WasCreatedByThisConnection(node) &&

+ !delegate_->IsNodeRootOfAnotherConnectionForAccessPolicy(node);

+bool DefaultAccessPolicy::CanEmbed(const Node* node) const {

+ return WasCreatedByThisConnection(node);

+bool DefaultAccessPolicy::CanChangeNodeVisibility(const Node* node) const {

+ return WasCreatedByThisConnection(node) || IsNodeInRoots(node);

+bool DefaultAccessPolicy::CanSetViewContents(const View* view) const {

+ return WasCreatedByThisConnection(view);

+bool DefaultAccessPolicy::CanSetNodeBounds(const Node* node) const {

+ return WasCreatedByThisConnection(node);

+bool DefaultAccessPolicy::ShouldNotifyOnHierarchyChange(

+ const Node* node,

+ const Node** new_parent,

+ const Node** old_parent) const {

+ if (!WasCreatedByThisConnection(node))

+ return false;

+ if (*new_parent && !WasCreatedByThisConnection(*new_parent) &&

+ !IsNodeInRoots(*new_parent)) {

+ *new_parent = NULL;

+ }

+ if (*old_parent && !WasCreatedByThisConnection(*old_parent) &&

+ !IsNodeInRoots(*old_parent)) {

+ *old_parent = NULL;

+ }

+ return true;

+Id DefaultAccessPolicy::GetViewIdToSend(const Node* node,

+ const View* view) const {

+ // TODO(sky): should we send null if view is not from this connection?

+ return ViewIdToTransportId(view->id());

+bool DefaultAccessPolicy::ShouldSendViewDeleted(const ViewId& view_id) const {

+ return view_id.connection_id == connection_id_;

+bool DefaultAccessPolicy::IsNodeInRoots(const Node* node) const {

+ return delegate_->GetRootsForAccessPolicy().count(

+ NodeIdToTransportId(node->id())) > 0;

+} // namespace service

+} // namespace mojo