This is one case where the spreadsheet is a little inadequate I think since the permission model is more complex. See the wiki perhaps, though it could do with some updates for clarity I think: https://wiki.mozilla.org/WebAPI/Security/OpenWebApp
As far as I understand, there are two APIs here: navigator.mozApps.* -> available to all, install is OS mediated. Is a permission needed here at all, since it is the same behavior for all apps. From your email it sounds like we don't need a permission for this. navigator.mozApps.mgmt.* -> Only available to certified apps. .getAll is only needed by the home screen/system apps. Even if/when we have other marketplace apps, they can use navigator.mozApps.getInstalled() to see their apps. Permission is web "apps-manage" and implicit (http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.js#354). So I have changed all of the columns to explicit, but added notes to emphasize that .install() is OS mediated (which is similar to Explicit permission, but there is no actual permission string involved) and also noted that .mgmt.* is certified apps only which have the web apps-manage permission. That is basically what the wiki says anyways I think. PS in the spreadsheet there is a mozApps permission in the permission string column. Does that actually exist, or is webapps-manage the only permission string related to this API? -Paul On Aug 7, 2012, at 4:24 AM, Jonas Sicking wrote: > Hi All, > > I just noticed that in the permission matrix [1] the ability to use > the OpenWebApps API to install an app is listed as "implicit" for > privileged apps. I believe that in all cases we should show a prompt > to the user when an app is about to be installed. That's the UI > approach that has been used so far and I haven't heard of any requests > from WebApps team to change this. > > Could we change this to be "explicit" everywhere? (I'd actually even > prefer to have it explicit for certified apps, but I think the > distinction is moot since I don't believe we're planning on having any > certified apps use this API). > > [1] > https://docs.google.com/a/sicking.cc/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0 > > / Jonas > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
