2010-12-14 Anton D'Auria <adauria@apple.com>
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 Dec 2010 03:01:58 +0000 (03:01 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 Dec 2010 03:01:58 +0000 (03:01 +0000)
        Reviewed by Darin Adler.

        Do not allow access to existing HTML5 databases in private browsing
        mode https://bugs.webkit.org/show_bug.cgi?id=49332

        Test: storage/private-browsing-noread-nowrite.html

        Previously, read-only transactions and private browsing mode were
        represented by the same SQLStatement and DatabaseAuthorizer states.
        This patch removes the m_readOnly member variable from SQLStatement and
        DatabaseAuthorizer, and replaces it with m_permissions whose bit fields
        are initialized by a DatabaseAuthorizer enum Permissions (ReadWrite,
        ReadOnly, NoAccess). A read-only transaction sets permissions to
        ReadOnly, and if !m_database->scriptExecutionContext()->allowDatabaseAccess(),
        then permissions also set to NoAccess.

        * dom/Document.cpp:
        (WebCore::Document::allowDatabaseAccess): this method was previously
        called isDatabaseReadOnly. It checks if private browsing preference is
        set. This method is renamed because it is used to check if private
        browsing restricts access to databases.
        * dom/Document.h:
        * dom/ScriptExecutionContext.h:
        * storage/AbstractDatabase.cpp:
        (WebCore::AbstractDatabase::setAuthorizerPermissions):
        * storage/AbstractDatabase.h:
        * storage/DatabaseAuthorizer.cpp:
        (WebCore::DatabaseAuthorizer::reset):
        (WebCore::DatabaseAuthorizer::createTable):
        (WebCore::DatabaseAuthorizer::createTempTable):
        (WebCore::DatabaseAuthorizer::dropTable):
        (WebCore::DatabaseAuthorizer::dropTempTable):
        (WebCore::DatabaseAuthorizer::allowAlterTable):
        (WebCore::DatabaseAuthorizer::createIndex):
        (WebCore::DatabaseAuthorizer::createTempIndex):
        (WebCore::DatabaseAuthorizer::dropIndex):
        (WebCore::DatabaseAuthorizer::dropTempIndex):
        (WebCore::DatabaseAuthorizer::createTrigger):
        (WebCore::DatabaseAuthorizer::createTempTrigger):
        (WebCore::DatabaseAuthorizer::dropTrigger):
        (WebCore::DatabaseAuthorizer::dropTempTrigger):
        (WebCore::DatabaseAuthorizer::createView):
        (WebCore::DatabaseAuthorizer::createTempView):
        (WebCore::DatabaseAuthorizer::dropView):
        (WebCore::DatabaseAuthorizer::dropTempView):
        (WebCore::DatabaseAuthorizer::createVTable):
        (WebCore::DatabaseAuthorizer::dropVTable):
        (WebCore::DatabaseAuthorizer::allowDelete):
        (WebCore::DatabaseAuthorizer::allowInsert):
        (WebCore::DatabaseAuthorizer::allowUpdate):
        (WebCore::DatabaseAuthorizer::allowRead):
        (WebCore::DatabaseAuthorizer::allowReindex):
        (WebCore::DatabaseAuthorizer::allowWrite): a new private method that
        checks if DatabaseAuthorizer is enabled and if it is in ReadOnly or
        NoAccess mode.
        (WebCore::DatabaseAuthorizer::setReadOnly):
        (WebCore::DatabaseAuthorizer::setPermissions):
        * storage/DatabaseAuthorizer.h:
        * storage/SQLStatement.cpp:
        (WebCore::SQLStatement::create):
        (WebCore::SQLStatement::SQLStatement):
        (WebCore::SQLStatement::execute):
        * storage/SQLStatement.h:
        * storage/SQLStatementSync.cpp:
        (WebCore::SQLStatementSync::SQLStatementSync):
        (WebCore::SQLStatementSync::execute):
        * storage/SQLStatementSync.h:
        * storage/SQLTransaction.cpp:
        (WebCore::SQLTransaction::executeSQL):
        * storage/SQLTransactionSync.cpp:
        (WebCore::SQLTransactionSync::executeSQL):
        * workers/WorkerContext.h:
        (WebCore::WorkerContext::allowDatabaseAccess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@74093 268f45cc-cd09-0410-ab3c-d52691b4dbfc

17 files changed:
LayoutTests/storage/private-browsing-noread-nowrite-expected.txt [moved from LayoutTests/storage/private-browsing-readonly-expected.txt with 81% similarity]
LayoutTests/storage/private-browsing-noread-nowrite.html [moved from LayoutTests/storage/private-browsing-readonly.html with 91% similarity]
WebCore/ChangeLog
WebCore/dom/Document.cpp
WebCore/dom/Document.h
WebCore/dom/ScriptExecutionContext.h
WebCore/storage/AbstractDatabase.cpp
WebCore/storage/AbstractDatabase.h
WebCore/storage/DatabaseAuthorizer.cpp
WebCore/storage/DatabaseAuthorizer.h
WebCore/storage/SQLStatement.cpp
WebCore/storage/SQLStatement.h
WebCore/storage/SQLStatementSync.cpp
WebCore/storage/SQLStatementSync.h
WebCore/storage/SQLTransaction.cpp
WebCore/storage/SQLTransactionSync.cpp
WebCore/workers/WorkerContext.h

@@ -9,5 +9,7 @@ Private browsing statement 3 completed with an error
 not authorized
 Private browsing statement 4 completed with an error
 not authorized
+Private browsing statement 5 completed with an error
+access to PrivateTest1.randomData is prohibited
 Test ended
 
@@ -16,7 +16,8 @@ var privateBrowsingStatements = [
     "CREATE TABLE IF NOT EXISTS PrivateTest2 (randomData)",
     "DELETE FROM PrivateTest1",
     "DROP TABLE PrivateTest1",
-    "INSERT INTO PrivateTest1 VALUES ('somedata')"
+    "INSERT INTO PrivateTest1 VALUES ('somedata')",
+    "SELECT * FROM PrivateTest1"
 ];
 
 var completed = 0;
@@ -88,7 +89,7 @@ function runTest()
         layoutTestController.waitUntilDone();
     }
 
-    var database = openDatabase("PrivateBrowsingReadOnlyTest", "1.0", "Test private browsing read-only safety", 1);
+    var database = openDatabase("PrivateBrowsingNoReadNoWriteTest", "1.0", "Test private browsing no read/write safety", 1);
     database.transaction(runSetup, endTest, endTest);
 }
 
index 7ea9da0..2fbd30f 100644 (file)
@@ -1,3 +1,79 @@
+2010-12-14  Anton D'Auria  <adauria@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Do not allow access to existing HTML5 databases in private browsing
+        mode https://bugs.webkit.org/show_bug.cgi?id=49332
+
+        Test: storage/private-browsing-noread-nowrite.html
+
+        Previously, read-only transactions and private browsing mode were
+        represented by the same SQLStatement and DatabaseAuthorizer states.
+        This patch removes the m_readOnly member variable from SQLStatement and
+        DatabaseAuthorizer, and replaces it with m_permissions whose bit fields
+        are initialized by a DatabaseAuthorizer enum Permissions (ReadWrite,
+        ReadOnly, NoAccess). A read-only transaction sets permissions to
+        ReadOnly, and if !m_database->scriptExecutionContext()->allowDatabaseAccess(),
+        then permissions also set to NoAccess.
+
+        * dom/Document.cpp:
+        (WebCore::Document::allowDatabaseAccess): this method was previously
+        called isDatabaseReadOnly. It checks if private browsing preference is
+        set. This method is renamed because it is used to check if private
+        browsing restricts access to databases.
+        * dom/Document.h:
+        * dom/ScriptExecutionContext.h:
+        * storage/AbstractDatabase.cpp:
+        (WebCore::AbstractDatabase::setAuthorizerPermissions):
+        * storage/AbstractDatabase.h:
+        * storage/DatabaseAuthorizer.cpp:
+        (WebCore::DatabaseAuthorizer::reset):
+        (WebCore::DatabaseAuthorizer::createTable):
+        (WebCore::DatabaseAuthorizer::createTempTable):
+        (WebCore::DatabaseAuthorizer::dropTable):
+        (WebCore::DatabaseAuthorizer::dropTempTable):
+        (WebCore::DatabaseAuthorizer::allowAlterTable):
+        (WebCore::DatabaseAuthorizer::createIndex):
+        (WebCore::DatabaseAuthorizer::createTempIndex):
+        (WebCore::DatabaseAuthorizer::dropIndex):
+        (WebCore::DatabaseAuthorizer::dropTempIndex):
+        (WebCore::DatabaseAuthorizer::createTrigger):
+        (WebCore::DatabaseAuthorizer::createTempTrigger):
+        (WebCore::DatabaseAuthorizer::dropTrigger):
+        (WebCore::DatabaseAuthorizer::dropTempTrigger):
+        (WebCore::DatabaseAuthorizer::createView):
+        (WebCore::DatabaseAuthorizer::createTempView):
+        (WebCore::DatabaseAuthorizer::dropView):
+        (WebCore::DatabaseAuthorizer::dropTempView):
+        (WebCore::DatabaseAuthorizer::createVTable):
+        (WebCore::DatabaseAuthorizer::dropVTable):
+        (WebCore::DatabaseAuthorizer::allowDelete):
+        (WebCore::DatabaseAuthorizer::allowInsert):
+        (WebCore::DatabaseAuthorizer::allowUpdate):
+        (WebCore::DatabaseAuthorizer::allowRead):
+        (WebCore::DatabaseAuthorizer::allowReindex):
+        (WebCore::DatabaseAuthorizer::allowWrite): a new private method that
+        checks if DatabaseAuthorizer is enabled and if it is in ReadOnly or
+        NoAccess mode.
+        (WebCore::DatabaseAuthorizer::setReadOnly):
+        (WebCore::DatabaseAuthorizer::setPermissions):
+        * storage/DatabaseAuthorizer.h:
+        * storage/SQLStatement.cpp:
+        (WebCore::SQLStatement::create):
+        (WebCore::SQLStatement::SQLStatement):
+        (WebCore::SQLStatement::execute):
+        * storage/SQLStatement.h:
+        * storage/SQLStatementSync.cpp:
+        (WebCore::SQLStatementSync::SQLStatementSync):
+        (WebCore::SQLStatementSync::execute):
+        * storage/SQLStatementSync.h:
+        * storage/SQLTransaction.cpp:
+        (WebCore::SQLTransaction::executeSQL):
+        * storage/SQLTransactionSync.cpp:
+        (WebCore::SQLTransactionSync::executeSQL):
+        * workers/WorkerContext.h:
+        (WebCore::WorkerContext::allowDatabaseAccess):
+
 2010-12-02  MORITA Hajime  <morrita@google.com>
 
         Reviewed by Dimitri Glazkov.
index f286d9d..87a40d6 100644 (file)
@@ -4496,11 +4496,11 @@ void Document::setSecurityOrigin(SecurityOrigin* securityOrigin)
 
 #if ENABLE(DATABASE)
 
-bool Document::isDatabaseReadOnly() const
+bool Document::allowDatabaseAccess() const
 {
     if (!page() || page()->settings()->privateBrowsingEnabled())
-        return true;
-    return false;
+        return false;
+    return true;
 }
 
 void Document::databaseExceededQuota(const String& name)
index 54aed24..7df0f8e 100644 (file)
@@ -1006,7 +1006,7 @@ public:
     bool processingLoadEvent() const { return m_processingLoadEvent; }
 
 #if ENABLE(DATABASE)
-    virtual bool isDatabaseReadOnly() const;
+    virtual bool allowDatabaseAccess() const;
     virtual void databaseExceededQuota(const String& name);
 #endif
 
index b46a0f4..12eb776 100644 (file)
@@ -70,7 +70,7 @@ namespace WebCore {
         virtual bool isWorkerContext() const { return false; }
 
 #if ENABLE(DATABASE)
-        virtual bool isDatabaseReadOnly() const = 0;
+        virtual bool allowDatabaseAccess() const = 0;
         virtual void databaseExceededQuota(const String& name) = 0;
         DatabaseThread* databaseThread();
         void setHasOpenDatabases() { m_hasOpenDatabases = true; }
index c8b8894..951b621 100644 (file)
@@ -432,6 +432,12 @@ void AbstractDatabase::setAuthorizerReadOnly()
     m_databaseAuthorizer->setReadOnly();
 }
 
+void AbstractDatabase::setAuthorizerPermissions(int permissions)
+{
+    ASSERT(m_databaseAuthorizer);
+    m_databaseAuthorizer->setPermissions(permissions);
+}
+
 bool AbstractDatabase::lastActionChangedDatabase()
 {
     ASSERT(m_databaseAuthorizer);
index 3d8d363..bd5d0db 100644 (file)
@@ -80,6 +80,7 @@ public:
     void disableAuthorizer();
     void enableAuthorizer();
     void setAuthorizerReadOnly();
+    void setAuthorizerPermissions(int permissions);
     bool lastActionChangedDatabase();
     bool lastActionWasInsert();
     void resetDeletes();
index e287dee..b90565c 100644 (file)
@@ -53,7 +53,7 @@ void DatabaseAuthorizer::reset()
 {
     m_lastActionWasInsert = false;
     m_lastActionChangedDatabase = false;
-    m_readOnly = false;
+    m_permissions = ReadWriteMask;
 }
 
 void DatabaseAuthorizer::resetDeletes()
@@ -127,7 +127,7 @@ void DatabaseAuthorizer::addWhitelistedFunctions()
 
 int DatabaseAuthorizer::createTable(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_lastActionChangedDatabase = true;
@@ -139,7 +139,7 @@ int DatabaseAuthorizer::createTempTable(const String& tableName)
     // SQLITE_CREATE_TEMP_TABLE results in a UPDATE operation, which is not
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_CREATE_TEMP_TABLE in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return denyBasedOnTableName(tableName);
@@ -147,7 +147,7 @@ int DatabaseAuthorizer::createTempTable(const String& tableName)
 
 int DatabaseAuthorizer::dropTable(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return updateDeletesBasedOnTableName(tableName);
@@ -158,7 +158,7 @@ int DatabaseAuthorizer::dropTempTable(const String& tableName)
     // SQLITE_DROP_TEMP_TABLE results in a DELETE operation, which is not
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_DROP_TEMP_TABLE in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return updateDeletesBasedOnTableName(tableName);
@@ -166,7 +166,7 @@ int DatabaseAuthorizer::dropTempTable(const String& tableName)
 
 int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_lastActionChangedDatabase = true;
@@ -175,7 +175,7 @@ int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName)
 
 int DatabaseAuthorizer::createIndex(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_lastActionChangedDatabase = true;
@@ -187,7 +187,7 @@ int DatabaseAuthorizer::createTempIndex(const String&, const String& tableName)
     // SQLITE_CREATE_TEMP_INDEX should result in a UPDATE or INSERT operation,
     // which is not allowed in read-only transactions or private browsing,
     // so we might as well disallow SQLITE_CREATE_TEMP_INDEX in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return denyBasedOnTableName(tableName);
@@ -195,7 +195,7 @@ int DatabaseAuthorizer::createTempIndex(const String&, const String& tableName)
 
 int DatabaseAuthorizer::dropIndex(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return updateDeletesBasedOnTableName(tableName);
@@ -206,7 +206,7 @@ int DatabaseAuthorizer::dropTempIndex(const String&, const String& tableName)
     // SQLITE_DROP_TEMP_INDEX should result in a DELETE operation, which is
     // not allowed in read-only transactions or private browsing, so we might
     // as well disallow SQLITE_DROP_TEMP_INDEX in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return updateDeletesBasedOnTableName(tableName);
@@ -214,7 +214,7 @@ int DatabaseAuthorizer::dropTempIndex(const String&, const String& tableName)
 
 int DatabaseAuthorizer::createTrigger(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_lastActionChangedDatabase = true;
@@ -226,7 +226,7 @@ int DatabaseAuthorizer::createTempTrigger(const String&, const String& tableName
     // SQLITE_CREATE_TEMP_TRIGGER results in a INSERT operation, which is not
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_CREATE_TEMP_TRIGGER in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return denyBasedOnTableName(tableName);
@@ -234,7 +234,7 @@ int DatabaseAuthorizer::createTempTrigger(const String&, const String& tableName
 
 int DatabaseAuthorizer::dropTrigger(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return updateDeletesBasedOnTableName(tableName);
@@ -245,7 +245,7 @@ int DatabaseAuthorizer::dropTempTrigger(const String&, const String& tableName)
     // SQLITE_DROP_TEMP_TRIGGER results in a DELETE operation, which is not
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_DROP_TEMP_TRIGGER in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return updateDeletesBasedOnTableName(tableName);
@@ -253,7 +253,7 @@ int DatabaseAuthorizer::dropTempTrigger(const String&, const String& tableName)
 
 int DatabaseAuthorizer::createView(const String&)
 {
-    return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+    return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
 }
 
 int DatabaseAuthorizer::createTempView(const String&)
@@ -261,12 +261,12 @@ int DatabaseAuthorizer::createTempView(const String&)
     // SQLITE_CREATE_TEMP_VIEW results in a UPDATE operation, which is not
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_CREATE_TEMP_VIEW in these cases
-    return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+    return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
 }
 
 int DatabaseAuthorizer::dropView(const String&)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_hadDeletes = true;
@@ -278,7 +278,7 @@ int DatabaseAuthorizer::dropTempView(const String&)
     // SQLITE_DROP_TEMP_VIEW results in a DELETE operation, which is not
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_DROP_TEMP_VIEW in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_hadDeletes = true;
@@ -287,7 +287,7 @@ int DatabaseAuthorizer::dropTempView(const String&)
 
 int DatabaseAuthorizer::createVTable(const String& tableName, const String& moduleName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     // Allow only the FTS3 extension
@@ -300,7 +300,7 @@ int DatabaseAuthorizer::createVTable(const String& tableName, const String& modu
 
 int DatabaseAuthorizer::dropVTable(const String& tableName, const String& moduleName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     // Allow only the FTS3 extension
@@ -312,7 +312,7 @@ int DatabaseAuthorizer::dropVTable(const String& tableName, const String& module
 
 int DatabaseAuthorizer::allowDelete(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     return updateDeletesBasedOnTableName(tableName);
@@ -320,7 +320,7 @@ int DatabaseAuthorizer::allowDelete(const String& tableName)
 
 int DatabaseAuthorizer::allowInsert(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_lastActionChangedDatabase = true;
@@ -330,7 +330,7 @@ int DatabaseAuthorizer::allowInsert(const String& tableName)
 
 int DatabaseAuthorizer::allowUpdate(const String& tableName, const String&)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
     m_lastActionChangedDatabase = true;
@@ -344,12 +344,15 @@ int DatabaseAuthorizer::allowTransaction()
 
 int DatabaseAuthorizer::allowRead(const String& tableName, const String&)
 {
+    if (m_permissions & NoAccessMask && m_securityEnabled)
+        return SQLAuthDeny;
+    
     return denyBasedOnTableName(tableName);
 }
 
 int DatabaseAuthorizer::allowReindex(const String&)
 {
-    return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+    return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
 }
 
 int DatabaseAuthorizer::allowAnalyze(const String& tableName)
@@ -390,9 +393,19 @@ void DatabaseAuthorizer::enable()
     m_securityEnabled = true;
 }
 
+bool DatabaseAuthorizer::allowWrite()
+{
+    return !(m_securityEnabled && (m_permissions & ReadOnlyMask || m_permissions & NoAccessMask));
+}
+
 void DatabaseAuthorizer::setReadOnly()
 {
-    m_readOnly = true;
+    m_permissions |= ReadOnlyMask;
+}
+   
+void DatabaseAuthorizer::setPermissions(int permissions)
+{
+    m_permissions = permissions;
 }
 
 int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName) const
index e7c3922..da7761d 100644 (file)
@@ -42,6 +42,13 @@ extern const int SQLAuthDeny;
 
 class DatabaseAuthorizer : public ThreadSafeShared<DatabaseAuthorizer> {
 public:
+
+    enum Permissions {
+        ReadWriteMask = 0,
+        ReadOnlyMask = 1 << 1,
+        NoAccessMask = 1 << 2
+    };
+
     static PassRefPtr<DatabaseAuthorizer> create(const String& databaseInfoTableName);
 
     int createTable(const String& tableName);
@@ -87,6 +94,7 @@ public:
     void disable();
     void enable();
     void setReadOnly();
+    void setPermissions(int permissions);
 
     void reset();
     void resetDeletes();
@@ -100,11 +108,12 @@ private:
     void addWhitelistedFunctions();
     int denyBasedOnTableName(const String&) const;
     int updateDeletesBasedOnTableName(const String&);
+    bool allowWrite();
 
+    int m_permissions;
     bool m_securityEnabled : 1;
     bool m_lastActionWasInsert : 1;
     bool m_lastActionChangedDatabase : 1;
-    bool m_readOnly : 1;
     bool m_hadDeletes : 1;
 
     const String m_databaseInfoTableName;
index 19e9e38..306f561 100644 (file)
 
 namespace WebCore {
 
-PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)
+PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
 {
-    return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, readOnly));
+    return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, permissions));
 }
 
-SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)
+SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
     : m_statement(statement.crossThreadString())
     , m_arguments(arguments)
     , m_statementCallback(callback)
     , m_statementErrorCallback(errorCallback)
-    , m_readOnly(readOnly)
+    , m_permissions(permissions)
 {
 }
 
@@ -69,8 +69,7 @@ bool SQLStatement::execute(Database* db)
     if (m_error)
         return false;
 
-    if (m_readOnly)
-        db->setAuthorizerReadOnly();
+    db->setAuthorizerPermissions(m_permissions);
 
     SQLiteDatabase* database = &db->sqliteDatabase();
 
index 89af377..afd605a 100644 (file)
@@ -46,7 +46,7 @@ class SQLTransaction;
 
 class SQLStatement : public ThreadSafeShared<SQLStatement> {
 public:
-    static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);
+    static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions);
 
     bool execute(Database*);
     bool lastExecutionFailedDueToQuota() const;
@@ -61,7 +61,7 @@ public:
 
     SQLError* sqlError() const { return m_error.get(); }
 private:
-    SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);
+    SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions);
 
     void setFailureDueToQuota();
     void clearFailureDueToQuota();
@@ -74,7 +74,7 @@ private:
     RefPtr<SQLError> m_error;
     RefPtr<SQLResultSet> m_resultSet;
 
-    bool m_readOnly;
+    int m_permissions;
 };
 
 } // namespace WebCore
index e47919f..673d50d 100644 (file)
 
 namespace WebCore {
 
-SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly)
+SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions)
     : m_statement(statement)
     , m_arguments(arguments)
-    , m_readOnly(readOnly)
+    , m_permissions(permissions)
 {
     ASSERT(!m_statement.isEmpty());
 }
 
 PassRefPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionCode& ec)
 {
-    if (m_readOnly)
-        db->setAuthorizerReadOnly();
+    db->setAuthorizerPermissions(m_permissions);
 
     SQLiteDatabase* database = &db->sqliteDatabase();
 
index dc0394c..d807e55 100644 (file)
@@ -46,14 +46,14 @@ class SQLResultSet;
 
 class SQLStatementSync {
 public:
-    SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly);
+    SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions);
 
     PassRefPtr<SQLResultSet> execute(DatabaseSync*, ExceptionCode&);
 
 private:
     String m_statement;
     Vector<SQLValue> m_arguments;
-    bool m_readOnly;
+    int m_permissions;
 };
 
 } // namespace WebCore
index feaa46e..dea9d97 100644 (file)
@@ -32,6 +32,7 @@
 #if ENABLE(DATABASE)
 
 #include "Database.h"
+#include "DatabaseAuthorizer.h"
 #include "DatabaseThread.h"
 #include "Logging.h"
 #include "PlatformString.h"
@@ -93,13 +94,13 @@ void SQLTransaction::executeSQL(const String& sqlStatement, const Vector<SQLValu
         return;
     }
 
-    bool readOnlyMode = m_readOnly;
-    if (!readOnlyMode) {
-        if (m_database->scriptExecutionContext()->isDatabaseReadOnly())
-            readOnlyMode = true;
-    }
+    int permissions = DatabaseAuthorizer::ReadWriteMask;
+    if (!m_database->scriptExecutionContext()->allowDatabaseAccess())
+        permissions |= DatabaseAuthorizer::NoAccessMask;
+    else if (m_readOnly)
+        permissions |= DatabaseAuthorizer::ReadOnlyMask;
 
-    RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, readOnlyMode);
+    RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, permissions);
 
     if (m_database->deleted())
         statement->setDatabaseDeletedError();
index 87f1eff..97a5cc5 100644 (file)
@@ -33,6 +33,7 @@
 
 #if ENABLE(DATABASE)
 
+#include "DatabaseAuthorizer.h"
 #include "DatabaseSync.h"
 #include "PlatformString.h"
 #include "SQLException.h"
@@ -86,8 +87,13 @@ PassRefPtr<SQLResultSet> SQLTransactionSync::executeSQL(const String& sqlStateme
     if (sqlStatement.isEmpty())
         return 0;
 
-    bool readOnlyMode = m_readOnly || m_database->scriptExecutionContext()->isDatabaseReadOnly();
-    SQLStatementSync statement(sqlStatement, arguments, readOnlyMode);
+    int permissions = DatabaseAuthorizer::ReadWriteMask;
+    if (!m_database->scriptExecutionContext()->allowDatabaseAccess())
+      permissions |= DatabaseAuthorizer::NoAccessMask;
+    else if (m_readOnly)
+      permissions |= DatabaseAuthorizer::ReadOnlyMask;
+
+    SQLStatementSync statement(sqlStatement, arguments, permissions);
 
     m_database->resetAuthorizer();
     bool retryStatement = true;
index 5d15d94..7b6c9a2 100644 (file)
@@ -113,7 +113,7 @@ namespace WebCore {
         PassRefPtr<DatabaseSync> openDatabaseSync(const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassRefPtr<DatabaseCallback> creationCallback, ExceptionCode&);
 
         // Not implemented yet.
-        virtual bool isDatabaseReadOnly() const { return false; }
+        virtual bool allowDatabaseAccess() const { return true; }
         // Not implemented for real yet.
         virtual void databaseExceededQuota(const String&);
 #endif