An experiment in requesting permissions and some related fixes.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3937 ed5197a5-7fde-0310-b194-c3ffbd925b24

core/app.js

@@ -141,6 +141,8 @@ function socket(request, response, client) {
 				if (process) {
 					core.enableStats(process, message.enabled);
 				}
+			} else if (message.action == 'permission') {
+				core.setPermission(process, message.id, message.granted);
 			} else {
 				if (process && process.eventHandlers['message']) {
 					await core.invoke(process.eventHandlers['message'], [message]);

core/client.js

@@ -24,6 +24,7 @@ const k_api = {
 	error: {args: ['error'], func: api_error},
 	localStorageSet: {args: ['key', 'value'], func: api_localStorageSet},
 	localStorageGet: {args: ['key'], func: api_localStorageGet},
+	requestPermission: {args: ['permission', 'id'], func: api_requestPermission},
 };
 
 window.addEventListener("keydown", function(event) {
@@ -440,6 +441,22 @@ function api_localStorageGet(key, value) {
 	send({message: 'localStorage', key: key, value: window.localStorage.getItem('app:' + key)});
 }
 
+function api_requestPermission(permission, id) {
+	let permissions = document.getElementById('permissions');
+	let div = document.createElement('div');
+	div.appendChild(document.createTextNode(permission));
+	for (let action of ['allow', 'allow once', 'deny once', 'deny']) {
+		let button = document.createElement('button');
+		button.innerText = action;
+		button.onclick = function() {
+			send({action: 'permission', id: id, granted: action});
+			permissions.removeChild(div);
+		}
+		div.appendChild(button);
+	}
+	permissions.appendChild(div);
+}
+
 function receive(message) {
 	if (message && message.action == "session") {
 		setStatusMessage("🟢 Executing...", kStatusColor);

core/core.js

@@ -149,6 +149,8 @@ async function getProcessBlob(blobId, key, options) {
 				process.task = null;
 				delete gProcesses[key];
 			};
+			process.promises = {};
+			process.nextPromise = 1;
 			var imports = {
 				'core': {
 					'broadcast': broadcast.bind(process),
@@ -172,6 +174,47 @@ async function getProcessBlob(blobId, key, options) {
 					'user': getUser(process, process),
 					'apps': user => getApps(user, process),
 					'getSockets': getSockets,
+					'permissionTest': function(permission) {
+						let id = process.nextPromise++;
+						let promise = new Promise(function(resolve, reject) {
+							process.promises[id] = {resolve: resolve, reject: reject};
+						});
+						let user = process?.credentials?.session?.name;
+						if (!user || !options?.packageOwner || !options?.packageName) {
+							process.promises[id].reject(false);
+						} else if (gGlobalSettings.userPermissions &&
+							gGlobalSettings.userPermissions[user] &&
+							gGlobalSettings.userPermissions[user][options.packageOwner] &&
+							gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName] &&
+							gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission] !== undefined) {
+							if (gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission]) {
+								process.promises[id].resolve(true);
+							} else {
+								process.promises[id].reject(false);
+							}
+
+						} else {
+							process.app.send({action: 'requestPermission', permission: permission, id: id});
+							promise.then(function(value) {
+								if (value == 'allow') {
+									storePermission(user, options.packageOwner, options.packageName, permission, true);
+									return true;
+								} else if (value == 'allow once') {
+									return true;
+								}
+								return false;
+							}).catch(function(value) {
+								if (value == 'deny') {
+									storePermission(user, options.packageOwner, options.packageName, permission, false);
+									return false;
+								} else if (value == 'deny once') {
+									return false;
+								}
+								return false;
+							});
+						}
+						return promise;
+					},
 				}
 			};
 			if (options.api) {
@@ -646,10 +689,42 @@ loadSettings().then(function() {
 	exit(1);
 });
 
+function setPermission(process, id, allow) {
+	if (process.promises[id]) {
+		if (allow == 'allow' || allow == 'allow once') {
+			process.promises[id].resolve(allow);
+		} else {
+			process.promises[id].reject(allow);
+		}
+		delete process.promises[id];
+	}
+}
+
+function storePermission(user, packageOwner, packageName, permission, allow) {
+	if (!gGlobalSettings.userPermissions) {
+		gGlobalSettings.userPermissions = {};
+	}
+	if (!gGlobalSettings.userPermissions[user]) {
+		gGlobalSettings.userPermissions[user] = {};
+	}
+	if (!gGlobalSettings.userPermissions[user][packageOwner]) {
+		gGlobalSettings.userPermissions[user][packageOwner] = {};
+	}
+	if (!gGlobalSettings.userPermissions[user][packageOwner][packageName]) {
+		gGlobalSettings.userPermissions[user][packageOwner][packageName] = {};
+	}
+	if (gGlobalSettings.userPermissions[user][packageOwner][packageName][permission] !== allow) {
+		gGlobalSettings.userPermissions[user][packageOwner][packageName][permission] = allow;
+		print('STORE', JSON.stringify(gGlobalSettings));
+		setGlobalSettings(gGlobalSettings);
+	}
+}
+
 export {
 	gGlobalSettings as globalSettings,
 	setGlobalSettings,
 	enableStats,
 	invoke,
-	getSessionProcessBlob
+	getSessionProcessBlob,
+	setPermission,
 };

core/index.html

@@ -16,6 +16,8 @@
 			<a accesskey="t" data-tip="Open performance trace." href="#" onclick="event.preventDefault(); trace()">trace</a>
 			<a accesskey="g" data-tip="Show graphs." href="#" onclick="event.preventDefault(); toggleStats()">stats</a>
 			<span id="status"></span>
+			<span id="requests"></span>
+			<span id="permissions"></span>
 			<span id="login"></span>
 		</div>
 		<div id="content" class="hbox" style="flex: 1 1; width: 100%">