Implement File System Access permission API

Allow web pages to safely access the local file system
by exposing a permission API. Permissions are stored in-memory.
The built-in access rules are the same as the behavior of Chrome:
JS can't request access to system libraries, sensitive directories
and the application itself.

Task-number: QTBUG-97829
Change-Id: Ic675422cafbad5a90243b4fa8f0749c46afa192c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

2 files changed, 34 insertions, 0 deletions

diff --git a/examples/webenginewidgets/simplebrowser/webview.cpp b/examples/webenginewidgets/simplebrowser/webview.cpp
index 31be9f34c..661dd5955 100644
--- a/examples/webenginewidgets/simplebrowser/webview.cpp
+++ b/examples/webenginewidgets/simplebrowser/webview.cpp
@@ -144,6 +144,8 @@ void WebView::setPage(WebPage *page)
                    &WebView::handleProxyAuthenticationRequired);
         disconnect(oldPage, &QWebEnginePage::registerProtocolHandlerRequested, this,
                    &WebView::handleRegisterProtocolHandlerRequested);
+        disconnect(oldPage, &QWebEnginePage::fileSystemAccessRequested, this,
+                   &WebView::handleFileSystemAccessRequested);
     }
     createWebActionTrigger(page,QWebEnginePage::Forward);
     createWebActionTrigger(page,QWebEnginePage::Back);
@@ -159,6 +161,8 @@ void WebView::setPage(WebPage *page)
             &WebView::handleProxyAuthenticationRequired);
     connect(page, &QWebEnginePage::registerProtocolHandlerRequested, this,
             &WebView::handleRegisterProtocolHandlerRequested);
+    connect(page, &QWebEnginePage::fileSystemAccessRequested, this,
+            &WebView::handleFileSystemAccessRequested);
 }
 
 int WebView::loadProgress() const
@@ -347,3 +351,31 @@ void WebView::handleRegisterProtocolHandlerRequested(
         request.reject();
 }
 //! [registerProtocolHandlerRequested]
+
+void WebView::handleFileSystemAccessRequested(QWebEngineFileSystemAccessRequest request)
+{
+    QString accessType;
+    switch (request.accessFlags()) {
+    case QWebEngineFileSystemAccessRequest::Read:
+        accessType = "read";
+        break;
+    case QWebEngineFileSystemAccessRequest::Write:
+        accessType = "write";
+        break;
+    case QWebEngineFileSystemAccessRequest::Read | QWebEngineFileSystemAccessRequest::Write:
+        accessType = "read and write";
+        break;
+    default:
+        Q_UNREACHABLE();
+    }
+
+    auto answer = QMessageBox::question(window(), tr("File system access reques"),
+                                        tr("Give %1 %2 access to %3?")
+                                                .arg(request.origin().host())
+                                                .arg(accessType)
+                                                .arg(request.filePath().toString()));
+    if (answer == QMessageBox::Yes)
+        request.accept();
+    else
+        request.reject();
+}
diff --git a/examples/webenginewidgets/simplebrowser/webview.h b/examples/webenginewidgets/simplebrowser/webview.h
index 0dc7c33ad..7d8ff4e59 100644
--- a/examples/webenginewidgets/simplebrowser/webview.h
+++ b/examples/webenginewidgets/simplebrowser/webview.h
@@ -54,6 +54,7 @@
 #include <QIcon>
 #include <QWebEngineView>
 #include <QWebEngineCertificateError>
+#include <QWebEngineFileSystemAccessRequest>
 #include <QWebEnginePage>
 #include <QWebEngineRegisterProtocolHandlerRequest>
 
@@ -87,6 +88,7 @@ private slots:
     void handleProxyAuthenticationRequired(const QUrl &requestUrl, QAuthenticator *auth,
                                            const QString &proxyHost);
     void handleRegisterProtocolHandlerRequested(QWebEngineRegisterProtocolHandlerRequest request);
+    void handleFileSystemAccessRequested(QWebEngineFileSystemAccessRequest request);
 
 private:
     void createWebActionTrigger(QWebEnginePage *page, QWebEnginePage::WebAction);