tdf#129311 don't allow temporary trusted certs

This simply skips the DocumentMacroConfirmationRequest, if the macro security level (MSL) is *High* and the list of trusted authors is read-only. For the MSL *Medium*, the check box of the dialog is hidden with read-only trusted authors. Change-Id: If6c08e4fdbf200e778d181370cc73fd947cecff5 Reviewed-on: https://gerrit.libreoffice.org/84887 Tested-by: Jenkins Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de> (cherry picked from commit 71c6f438cecc3ce5e8060efe1df840652885701c) Reviewed-on: https://gerrit.libreoffice.org/85299
author: Jan-Marek Glogowski <jan-marek.glogowski@extern.cib.de> 2019-12-10 18:42:40 +0100
committer: Jan-Marek Glogowski <glogow@fbihome.de> 2019-12-18 12:14:03 +0100
commit: 9cdb97cd93e60a0faf0a531949d94cff79e1aab9 (patch)
tree: 96332ec3a6ad10233a4042b4bc1897a028aa5e2e /sfx2
parent: 4b2d4f3c4a68361a6bc03c9ab110ce9376b14b20 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 13954b06f6d8..492bd0a63009 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -225,11 +225,17 @@ namespace sfx2
             if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
             {
                 // the trusted macro check will also retrieve the signature state ( small optimization )
-                bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature( nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN );
+                const SvtSecurityOptions aSecOption;
+                const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
+                                                 && (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
+                                                     || !aSecOption.IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+                const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
 
                 SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
                 if ( nSignatureState == SignatureState::BROKEN )
                 {
+                    if (!bAllowUIToAddAuthor)
+                        lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
                     return disallowMacroExecution();
                 }
                 else if ( bHasTrustedMacroSignature )
@@ -241,6 +247,8 @@ namespace sfx2
                        || nSignatureState == SignatureState::NOTVALIDATED )
                 {
                     // there is valid signature, but it is not from the trusted author
+                    if (!bAllowUIToAddAuthor)
+                        lcl_showDocumentMacrosDisabledError(rxInteraction, m_xData->m_bDocMacroDisabledMessageShown);
                     return disallowMacroExecution();
                 }
             }
author	Jan-Marek Glogowski <jan-marek.glogowski@extern.cib.de>	2019-12-10 18:42:40 +0100
committer	Jan-Marek Glogowski <glogow@fbihome.de>	2019-12-18 12:14:03 +0100
commit	9cdb97cd93e60a0faf0a531949d94cff79e1aab9 (patch)
tree	96332ec3a6ad10233a4042b4bc1897a028aa5e2e /sfx2
parent	4b2d4f3c4a68361a6bc03c9ab110ce9376b14b20 (diff)