diff --git a/index.html b/index.html index e47d065..bcbf5f1 100644 --- a/index.html +++ b/index.html @@ -278,6 +278,74 @@

reset because its [=permission/lifetime=] has expired.

+
+

+ Permission Store +

+

+ The user agent maintains a single permission store which is a [=/list=] of [=permission store entries=]. Each particular [=entry=] denoted by its [=permission store entry/descriptor=] and [=permission store entry/key=] can only appear at most once in this list. +

+

+ The user agent MAY remove [=entries=] from the [=permission store=] when their respective [=permission=]'s [=permission/lifetime=] has expired. +

+

+ A permission store entry is a [=tuple=] of {{PermissionDescriptor}} descriptor, [=permission key=] key, and [=permission/state=] state. +

+

+ To get a permission store entry given a {{PermissionDescriptor}} |descriptor| and [=permission key=] |key|: +

    +
  1. + + If the user agent's [=permission store=] [=list/contains=] an [=entry=] whose [=permission store entry/descriptor=] is |descriptor|, and whose [=permission store entry/key=] [=permission key/is equal to=] |key| given |descriptor|, return that entry. +
    2. +
  2. + Return null. +
    3. +
+

+

+ To set a permission store entry given a {{PermissionDescriptor}} |descriptor|, a [=permission key=] |key|, and a [=permission/state=] |state|, run these steps: +

    +
  1. + Let |newEntry| be a new [=permission store entry=] whose [=permission store entry/descriptor=] is |descriptor|, and whose [=permission store entry/key=] is |key|, and whose [=permission store entry/state=] is |state|. +
    2. +
  2. + If the user agent's [=permission store=] [=list/contains=] an [=entry=] whose [=permission store entry/descriptor=] is |descriptor|, and whose [=permission store entry/key=] [=permission key/is equal to=] |key| given |descriptor|, [=list/replace=] that entry with |newEntry| and abort these steps. +
    3. +
  3. + [=list/Append=] |newEntry| to the user agent's [=permission store=]. +
    4. +
+

+

+ To remove a permission store entry given a {{PermissionDescriptor}} |descriptor| and [=permission key=] |key|, run these steps: +

    +
  1. + [=list/Remove=] the [=entry=] whose [=permission store entry/descriptor=] is |descriptor|, and whose [=permission store entry/key=] [=permission key/is equal to=] |key| given |descriptor|, from the user agent's [=permission store=]. +
    2. +
+

+

+ A permission key has its type defined by a feature's [=powerful feature/permission key type=]. +

+

+

+ To determine whether a [=permission key=] |key1| is equal to a [=permission key=] |key2|, given a {{PermissionDescriptor}} |descriptor|, run the following steps: +

    +
  1. + If |key1| is not of |descriptor|'s [=powerful feature/permission key type=] or |key2| is not of |descriptor|'s [=powerful feature/permission key type=], return false. +
    2. +
  2. + Return the result of running the [=powerful feature/permission key comparison algorithm=] for the feature named by |descriptor|'s {{PermissionDescriptor/name}}, passing |key1| and |key2|. +
    3. +
+

+

Powerful features @@ -510,6 +578,58 @@

+
+ A permission key type: +
+
+

+ The type of [=permission key=] used by the feature. Defaults to [=origin=]. + A feature that specifies a custom [=powerful feature/permission key type=] MUST also specify a + [=powerful feature/permission key generation algorithm=]. +

+
+
+ A permission key generation algorithm: +
+
+

+ Takes an [=environment settings object=], and returns a new [=permission key=]. + If unspecified, this defaults to the default permission key generation algorithm. + A feature that specifies a custom [=powerful feature/permission key generation algorithm=] MUST also specify a + [=powerful feature/permission key comparison algorithm=]. +

+

+ The default permission key generation algorithm, + given an [=environment settings object=] |settings|, runs the following steps: +

+
    +
  1. + Return |settings|'s [=environment/top-level origin=]. +
    2. +
+ +
+
+ A permission key comparison algorithm: +
+
+

+ Takes two [=permission keys=] and returns a [=boolean=] that shows whether the two keys are equal. + If unspecified, this defaults to the default permission key comparison algorithm. +

+

+ The default permission key comparison algorithm, + given [=permission keys=] |key1| and |key2|, runs the following steps: +

+
    +
  1. + Return |key1| is [=same origin=] with |key2|. +
    2. +
+
A permission revocation algorithm: @@ -518,7 +638,7 @@

Takes no arguments. Updates any other parts of the implementation that need to be kept in sync with changes in the results of permission states or [=powerful - feature/extra permission data=], and then [=react to the user revoking permission=]. + feature/extra permission data=].

If unspecified, this defaults to running [=react to the user revoking permission=]. @@ -637,9 +757,11 @@

-
  • If there was a previous invocation of this algorithm with the same |descriptor| and - |settings|, returning |previousResult|, and the user agent has not received new - information about the user's intent since that invocation, return |previousResult|. +
  • Let |key| be the result of [=powerful feature/permission key generation algorithm|generating a permission key=] for |descriptor| with |settings|. +
    • +
  • Let |entry| be the result of [=get a permission store entry|getting a permission store entry=] with |descriptor| and |key|. +
    • +
  • If |entry| is not null, return a {{PermissionState}} enum value from |entry|'s [=permission store entry/state=].
  • Return the {{PermissionState}} enum value that represents the permission state of |feature|, taking into account any [=powerful feature/permission state constraints=] for @@ -671,8 +793,8 @@

  • Ask the user for express permission for the calling algorithm to use the powerful feature described by |descriptor|.
    • -
  • If the user gives [=express permission=] to use the powerful feature, return - {{PermissionState/"granted"}}; otherwise return {{PermissionState/"denied"}}. The user's +
  • If the user gives [=express permission=] to use the powerful feature, set |current state| to + {{PermissionState/"granted"}}; otherwise to {{PermissionState/"denied"}}. The user's interaction may provide new information about the user's intent for the [=origin=].

    @@ -681,6 +803,16 @@

    this framework.

    • +
  • + Let |key| be the result of [=powerful feature/permission key generation algorithm|generating a permission key=] with the [=current settings object=]. +
    • +
  • + [=Queue a task=] on the [=current settings object=]'s [=environment settings + object/responsible event loop=] to [=set a permission store entry=] with |descriptor|, |key|, and |current state|. +
    • +
  • + Return |current state|. +

    • As a shorthand, requesting permission to use a {{DOMString}} |name|, is the same @@ -743,12 +875,16 @@

    When the user agent learns that the user no longer intends to grant permission to use a - feature, react to the user revoking permission by running these steps: + feature described by the {{PermissionDescriptor}} |descriptor| in the context + described by the [=permission key=] |key|, react to the user revoking permission + by running these steps:

    1. - Queue a global task on the [=user interaction task source=] to run that - feature's [=powerful feature/permission revocation algorithm=]. + Run |descriptor|'s {{PermissionDescriptor/name}}'s [=powerful feature/permission revocation algorithm=]. +
      2. +
    2. + [=Remove a permission store entry=] with |descriptor| and |key|.