diff --git a/interface/src/AvatarBookmarks.cpp b/interface/src/AvatarBookmarks.cpp index 256ce2f6fc..461c55e64e 100644 --- a/interface/src/AvatarBookmarks.cpp +++ b/interface/src/AvatarBookmarks.cpp @@ -41,6 +41,15 @@ #include #include #include "WarningsSuppression.h" +#include "ScriptPermissions.h" + +QVariantMap AvatarBookmarks::getBookmarks() { + if (ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission::SCRIPT_PERMISSION_GET_AVATAR_URL)) { + return _bookmarks; + } else { + return {}; + } +} void addAvatarEntities(const QVariantList& avatarEntities) { auto nodeList = DependencyManager::get(); @@ -123,6 +132,12 @@ AvatarBookmarks::AvatarBookmarks() { } void AvatarBookmarks::addBookmark(const QString& bookmarkName) { + if (ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission::SCRIPT_PERMISSION_GET_AVATAR_URL)) { + addBookmarkInternal(bookmarkName); + } +} + +void AvatarBookmarks::addBookmarkInternal(const QString& bookmarkName) { if (QThread::currentThread() != thread()) { BLOCKING_INVOKE_METHOD(this, "addBookmark", Q_ARG(QString, bookmarkName)); return; @@ -134,6 +149,12 @@ void AvatarBookmarks::addBookmark(const QString& bookmarkName) { } void AvatarBookmarks::saveBookmark(const QString& bookmarkName) { + if (ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission::SCRIPT_PERMISSION_GET_AVATAR_URL)) { + saveBookmarkInternal(bookmarkName); + } +} + +void AvatarBookmarks::saveBookmarkInternal(const QString& bookmarkName) { if (QThread::currentThread() != thread()) { BLOCKING_INVOKE_METHOD(this, "saveBookmark", Q_ARG(QString, bookmarkName)); return; @@ -145,6 +166,12 @@ void AvatarBookmarks::saveBookmark(const QString& bookmarkName) { } void AvatarBookmarks::removeBookmark(const QString& bookmarkName) { + if (ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission::SCRIPT_PERMISSION_GET_AVATAR_URL)) { + removeBookmarkInternal(bookmarkName); + } +} + +void AvatarBookmarks::removeBookmarkInternal(const QString& bookmarkName) { if (QThread::currentThread() != thread()) { BLOCKING_INVOKE_METHOD(this, "removeBookmark", Q_ARG(QString, bookmarkName)); return; @@ -200,6 +227,12 @@ void AvatarBookmarks::updateAvatarEntities(const QVariantList &avatarEntities) { */ void AvatarBookmarks::loadBookmark(const QString& bookmarkName) { + if (ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission::SCRIPT_PERMISSION_GET_AVATAR_URL)) { + loadBookmarkInternal(bookmarkName); + } +} + +void AvatarBookmarks::loadBookmarkInternal(const QString& bookmarkName) { if (QThread::currentThread() != thread()) { BLOCKING_INVOKE_METHOD(this, "loadBookmark", Q_ARG(QString, bookmarkName)); return; @@ -268,6 +301,15 @@ void AvatarBookmarks::readFromFile() { } QVariantMap AvatarBookmarks::getBookmark(const QString &bookmarkName) +{ + if (ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission::SCRIPT_PERMISSION_GET_AVATAR_URL)) { + return getBookmarkInternal(bookmarkName); + } else { + return {}; + } +} + +QVariantMap AvatarBookmarks::getBookmarkInternal(const QString &bookmarkName) { if (QThread::currentThread() != thread()) { QVariantMap result; diff --git a/interface/src/AvatarBookmarks.h b/interface/src/AvatarBookmarks.h index c2c7eb5a0a..bf06743b3f 100644 --- a/interface/src/AvatarBookmarks.h +++ b/interface/src/AvatarBookmarks.h @@ -100,7 +100,7 @@ public slots: * print("- " + key + " " + bookmarks[key].avatarUrl); * }; */ - QVariantMap getBookmarks() { return _bookmarks; } + QVariantMap getBookmarks(); signals: /*@jsdoc @@ -147,6 +147,11 @@ protected slots: void deleteBookmark() override; private: + QVariantMap getBookmarkInternal(const QString &bookmarkName); + void addBookmarkInternal(const QString& bookmarkName); + void saveBookmarkInternal(const QString& bookmarkName); + void loadBookmarkInternal(const QString& bookmarkName); + void removeBookmarkInternal(const QString& bookmarkName); const QString AVATARBOOKMARKS_FILENAME = "avatarbookmarks.json"; const QString ENTRY_AVATAR_URL = "avatarUrl"; const QString ENTRY_AVATAR_ICON = "avatarIcon"; diff --git a/libraries/script-engine/src/ScriptPermissions.cpp b/libraries/script-engine/src/ScriptPermissions.cpp index 80bdb5ef4d..91d225b98f 100644 --- a/libraries/script-engine/src/ScriptPermissions.cpp +++ b/libraries/script-engine/src/ScriptPermissions.cpp @@ -46,8 +46,12 @@ bool ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission per // Get the script manager: auto engine = Scriptable::engine(); if (!engine) { - qDebug() << "ScriptPermissions::isCurrentScriptAllowed called outside script engine for permission: " << scriptPermissionNames[permissionIndex]; - return false; + // When this happens it means that function was called from QML or C++ and should always be allowed + if (PERMISSIONS_DEBUG_ENABLED) { + qDebug() << "ScriptPermissions::isCurrentScriptAllowed called outside script engine for permission: " + << scriptPermissionNames[permissionIndex]; + } + return true; } auto manager = engine->manager(); if (!manager) { @@ -76,7 +80,7 @@ bool ScriptPermissions::isCurrentScriptAllowed(ScriptPermissions::Permission per } // Check if the script is allowed: QList safeURLPrefixes = { "file:///", "qrc:/", NetworkingConstants::OVERTE_COMMUNITY_APPLICATIONS, - NetworkingConstants::OVERTE_TUTORIAL_SCRIPTS/*, "about:console"*/}; + NetworkingConstants::OVERTE_TUTORIAL_SCRIPTS, "about:console"}; Setting::Handle allowedURLsSetting(scriptPermissionSettingKeyNames[permissionIndex]); QList allowedURLs = allowedURLsSetting.get().split("\n");