/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * The contents of this file are subject to the Netscape Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/NPL/
 *
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * The Original Code is mozilla.org code.
 *
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are
 * Copyright (C) 1999 Netscape Communications Corporation. All
 * Rights Reserved.
 *
 * Contributor(s): 
 */

#include "nsISupports.idl"
#include "nsIPrincipal.idl"

%{C++
#include "jspubtd.h"
%}
[ptr] native JSContextPtr(JSContext);

interface nsIURI;

[scriptable, uuid(58df5780-8006-11d2-bd91-00805f8ae3f4)]
interface nsIScriptSecurityManager : nsISupports
{
	///////////////// Principals /////////////////////// 

	/**
	 * Return the principal of the innermost frame of the currently 
	 * executing script. Will return null if there is no script 
	 * currently executing.
	 */
    nsIPrincipal GetSubjectPrincipal();

	/**
	 * Return the all-powerful system principal.
	 */
    nsIPrincipal GetSystemPrincipal();

	/**
	 * Return a principal that can be QI'd to nsICodebasePrincipal and 
	 * has the same origin as aURI.
	 */
    nsIPrincipal GetCodebasePrincipal(in nsIURI aURI);

	/**
	 * Return a principal that can be QI'd to nsICertificatePrincipal.
	 */
    nsIPrincipal GetCertificatePrincipal(in string CertID);

	///////////////// Security Checks //////////////////

    /**
     * Checks whether the currently executing script can access the given 
     * property.
     *
     * @param cx The current active JavaScript context
     * @param obj The object that is being accessed
     * @param prop The ordinal of the property being accessed (see nsDOMPropEnums.h)
     * @param isWrite True if write access is being attempted
     */
	[noscript] void CheckScriptAccess(in JSContextPtr cx, in voidPtr obj, 
	                       in long prop, in boolean isWrite);

	/**
	 * Check that the script with context "cx" can load "uri".
	 *
	 * Will return error code NS_ERROR_DOM_BAD_URI if the load request 
	 * should be denied.
	 *
	 * @param cx the JSContext of the script causing the load
	 * @param uri the URI that is being loaded
	 */
    [noscript] void CheckLoadURIFromScript(in JSContextPtr cx, in nsIURI uri);

    /** 
     * Default CheckLoadURI permissions
     */
    const unsigned long STANDARD = 0;

    /** 
     * If the source is mail, disallow the load
     */
    const unsigned long DISALLOW_FROM_MAIL = 1 << 0;

    /** 
     * Allow the loading of chrome URLs by non-chrome URLs
     */
    const unsigned long ALLOW_CHROME = 1 << 1;

	/**
	 * Check that content from "from" can load "uri".
	 *
	 * Will return error code NS_ERROR_DOM_BAD_URI if the load request 
	 * should be denied.
	 *
	 * @param from the URI causing the load
	 * @param uri the URI that is being loaded
	 * @param disallowFromMail if true, return NS_ERROR_DOM_BAD_URI if 'from'
	 *                         is a URI associated with mail or news
	 */
    void CheckLoadURI(in nsIURI from, in nsIURI uri, 
	                  in unsigned long flags);

  /**
   * Check that the function 'funObj' is allowed to run on 'targetObj'
   *
   * Will return error code NS_ERROR_DOM_SECURITY_ERR if the function
   * should not run
   *
   * @param cx The current active JavaScript context.
   * @param funObj The function trying to run..
   * @param targetObj The object the function will run on.
   */
    [noscript] void CheckFunctionAccess(in JSContextPtr cx, in voidPtr funObj,
                                        in voidPtr targetObj);

	/**
	 * Return true if content from the given principal is allowed to
	 * execute scripts.
	 */
    boolean CanExecuteScripts(in nsIPrincipal principal);


	///////////////// Capabilities /////////////////////

    /**
     * Request that 'capability' can be enabled by scripts or applets running 
     * with 'principal'. Will prompt user if necessary. Returns 
     * nsIPrincipal::ENABLE_GRANTED or nsIPrincipal::ENABLE_DENIED based on user's choice.
     */
    void RequestCapability(in nsIPrincipal principal, in string capability, out short result);
	
	/**
	 * Return true if the currently executing script has 'capability' enabled.
	 */
    boolean IsCapabilityEnabled(in string capability);
	
	/**
	 * Enable 'capability' in the innermost frame of the currently executing
	 * script.
	 */
	void EnableCapability(in string capability);

	/**
	 * Remove 'capability' from the innermost frame of the currently executing
	 * script. Any setting of 'capability' from enclosing frames thus comes into
	 * effect.
	 */
    void RevertCapability(in string capability);

	/**
	 * Disable 'capability' in the innermost frame of the currently executing
	 * script.
	 */
    void DisableCapability(in string capability);

    //////////////// Master Certificate Functions ////////////////////

	/**
	 * Allow 'certificateID' to enable 'capability.' Can only be performed
     * by code signed by the system certificate.
	 */
    void SetCanEnableCapability(in string certificateID, in string capability, 
                                in short canEnable);    
};

%{C++
#define NS_SCRIPTSECURITYMANAGER_CONTRACTID "@mozilla.org/scriptsecuritymanager;1"
#define NS_SCRIPTSECURITYMANAGER_CLASSNAME "scriptsecuritymanager"
%}