!15412 [翻译完成】#I6E7G0

Merge pull request !15412 from Annie_wang/PR14525

!15412 [翻译完成】#I6E7G0
Merge pull request !15412 from Annie_wang/PR14525
3d47b112 · openharmony_ci · Gitee · 51dec222 · ea5d49b6 · 3d47b112
隐藏空白更改
内联并排

Showing with 19 addition and 14 deletion

en/application-dev/security/permission-verify-guidelines.md en/application-dev/security/permission-verify-guidelines.md +19 -14

未找到文件。
--- a/en/application-dev/security/permission-verify-guidelines.md
+++ b/en/application-dev/security/permission-verify-guidelines.md
@@ -2,15 +2,18 @@

 ## When to Use

-To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
+To protect sensitive data and eliminate security threats on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.

 ## Available APIs

-The table below lists only the API used for access permission verification. For more information, see [AbilityContext](../reference/apis/js-apis-ability-context.md).
+The following describes only the API used for permission verification. For more information about the APIs, see [Application Access Control](../reference/apis/js-apis-abilityAccessCtrl.md).

-| API                                                      | Description                                            |
-| ------------------------------------------------------------ | --------------------------------------------------- |
-| verifyAccessToken(tokenID: number, permissionName: string): Promise&lt;GrantStatus&gt; | Checks whether an application process has the specified permission.|
+checkAccessToken(tokenID: number, permissionName: Permissions): Promise&lt;GrantStatus&gt;
+
+| Name  | Type                | Mandatory| Description                                      |
+| -------- | -------------------  | ---- | ------------------------------------------ |
+| tokenID   |  number   | Yes  | Token ID of the application. You can obtain the value from the [ApplicationInfo](../reference/apis/js-apis-bundleManager-applicationInfo.md) of the application.            |
+| permissionName | Permissions | Yes  | Name of the permission to verify. Valid permission names are defined in the [Application Permission List](permission-list.md). |


 ## Example
@@ -19,10 +22,9 @@ The procedure is as follows:

 1. Obtain the caller's identity (**tokenId**).
   > **NOTE**
-   > 
-   > You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8).
-2. Determine the permission to verify, which is **ohos.permission.PERMISSION** in this example.
-3. Call **verifyAccessToken()** to perform a permission verification for the caller.
+   > You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md).
+2. Determine the permission to verify, which is **ohos.permission.ACCELEROMETER** in this example.
+3. Call **checkAccessToken()** to perform a permission verification for the caller.
 4. Proceed based on the permission verification result.

 ```js
@@ -34,11 +36,14 @@ The procedure is as follows:
          let callerTokenId = rpc.IPCSkeleton.getCallingTokenId();
          console.log("RpcServer: getCallingTokenId result: " + callerTokenId);
          var atManager = abilityAccessCtrl.createAtManager();
-          var result = await atManager.verifyAccessToken(tokenID, "ohos.permission.PERMISSION");
-          if (result == abilityAccessCtrl.GrantStatus.PERMISSION_GRANTED) {
-            // Allow the caller to invoke the API provided by the app.
-          } else {
-            // Deny the caller's access to the API.
+          try {
+              atManager.checkAccessToken(callerTokenId, "ohos.permission.ACCELEROMETER").then((data) => {
+                  console.log(`checkAccessToken success, data->${JSON.stringify(data)}`);
+              }).catch((err) => {
+                  console.log(`checkAccessToken fail, err->${JSON.stringify(err)}`);
+              });
+          } catch(err) {
+              console.log(`catch err->${JSON.stringify(err)}`);
          }
          return true;
      }