Bug 1023266 - Make the Mobile ID API privileged. Part 2: Fix permission check. r=jedp

2024-09-13 09:24:08 -07:00 · 2014-06-27 01:18:20 +02:00 · 2014-06-27 01:18:20 +02:00 · 7e63b06253
commit 7e63b06253
parent 2de95d4a6e
2 changed files with 9 additions and 8 deletions
--- a/services/mobileid/MobileIdentityCommon.jsm
+++ b/services/mobileid/MobileIdentityCommon.jsm
@ -91,6 +91,7 @@ this.ERROR_INVALID_VERIFICATION_CODE              = "INVALID_VERIFICATION_CODE";
 this.ERROR_MISSING_CONTENT_LENGTH_HEADER          = "MISSING_CONTENT_LENGTH_HEADER";
 this.ERROR_NO_RETRIES_LEFT                        = "NO_RETRIES_LEFT";
 this.ERROR_OFFLINE                                = "OFFLINE";
+this.ERROR_PERMISSION_DENIED                      = "PERMISSION_DENIED";
 this.ERROR_REQUEST_BODY_TOO_LARGE                 = "REQUEST_BODY_TOO_LARGE";
 this.ERROR_SERVICE_TEMPORARILY_UNAVAILABLE        = "SERVICE_TEMPORARILY_UNAVAILABLE";
 this.ERROR_TOO_MANY_REQUESTS_MSISDN               = "TOO_MANY_REQUESTS_MSISDN";
--- a/services/mobileid/MobileIdentityManager.jsm
+++ b/services/mobileid/MobileIdentityManager.jsm
@ -320,15 +320,9 @@ let MobileIdentityManager = {
  },

  /*********************************************************
-   * Permissions helpers
+   * Permissions helper
   ********************************************************/

-  hasPermission: function(aPrincipal) {
-    let permission = permissionManager.testPermissionFromPrincipal(aPrincipal,
-                                                                   MOBILEID_PERM);
-    return permission == Ci.nsIPermissionManager.ALLOW_ACTION;
-  },
-
  addPermission: function(aPrincipal) {
    permissionManager.addFromPrincipal(aPrincipal, MOBILEID_PERM,
                                       Ci.nsIPermissionManager.ALLOW_ACTION);
@ -757,8 +751,14 @@ let MobileIdentityManager = {
        // If we've just prompted the user in the previous step, the permission
        // is already granted and stored so we just progress the credentials.
        if (creds) {
-          if (this.hasPermission(principal)) {
+          let permission = permissionManager.testPermissionFromPrincipal(
+            principal,
+            MOBILEID_PERM
+          );
+          if (permission == Ci.nsIPermissionManager.ALLOW_ACTION) {
            return creds;
+          } else if (permission == Ci.nsIPermissionManager.DENY_ACTION) {
+            return Promise.reject(ERROR_PERMISSION_DENIED);
          }
          return this.promptAndVerify(principal, manifestURL, creds);
        }