diff --git a/zh-cn/application-dev/security/accesstoken-guidelines.md b/zh-cn/application-dev/security/accesstoken-guidelines.md index f78d279be3d9c6fab197bb47e178c100a3cf58de..909da20d50df99ef286988685145e28048617fab 100644 --- a/zh-cn/application-dev/security/accesstoken-guidelines.md +++ b/zh-cn/application-dev/security/accesstoken-guidelines.md @@ -170,9 +170,10 @@ 在进行权限申请之前,需要先检查当前应用程序是否已经被授予了权限。可以通过调用[checkAccessToken()](../reference/apis/js-apis-abilityAccessCtrl.md#checkaccesstoken9)方法来校验当前是否已经授权。如果已经授权,则可以直接访问目标操作,否则需要进行下一步操作,即向用户申请授权。 - ```ts + ```typescript import bundleManager from '@ohos.bundle.bundleManager'; import abilityAccessCtrl, { Permissions } from '@ohos.abilityAccessCtrl'; + import { BusinessError } from '@ohos.base'; async function checkAccessToken(permission: Permissions): Promise { let atManager = abilityAccessCtrl.createAtManager(); @@ -184,14 +185,16 @@ let bundleInfo: bundleManager.BundleInfo = await bundleManager.getBundleInfoForSelf(bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_APPLICATION); let appInfo: bundleManager.ApplicationInfo = bundleInfo.appInfo; tokenId = appInfo.accessTokenId; - } catch (err) { + } catch (error) { + let err: BusinessError = error as BusinessError; console.error(`Failed to get bundle info for self. Code is ${err.code}, message is ${err.message}`); } // 校验应用是否被授予权限 try { grantStatus = await atManager.checkAccessToken(tokenId, permission); - } catch (err) { + } catch (error) { + let err: BusinessError = error as BusinessError; console.error(`Failed to check access token. Code is ${err.code}, message is ${err.message}`); } @@ -222,35 +225,34 @@ import UIAbility from '@ohos.app.ability.UIAbility'; import window from '@ohos.window'; import abilityAccessCtrl, { Permissions } from '@ohos.abilityAccessCtrl'; - + import { BusinessError } from '@ohos.base'; + const permissions: Array = ['ohos.permission.READ_CALENDAR']; - export default class EntryAbility extends UIAbility { - // ... - - onWindowStageCreate(windowStage: window.WindowStage) { - // Main window is created, set main page for this ability - let context = this.context; - let atManager = abilityAccessCtrl.createAtManager(); - // requestPermissionsFromUser会判断权限的授权状态来决定是否唤起弹窗 - - atManager.requestPermissionsFromUser(context, permissions).then((data) => { - let grantStatus: Array = data.authResults; - let length: number = grantStatus.length; - for (let i = 0; i < length; i++) { - if (grantStatus[i] === 0) { - // 用户授权,可以继续访问目标操作 - } else { - // 用户拒绝授权,提示用户必须授权才能访问当前页面的功能,并引导用户到系统设置中打开相应的权限 - return; - } - } - // 授权成功 - }).catch((err) => { - console.error(`Failed to request permissions from user. Code is ${err.code}, message is ${err.message}`); - }) - // ... - } + // ... + onWindowStageCreate(windowStage: window.WindowStage) { + // Main window is created, set main page for this ability + let context = this.context; + let atManager = abilityAccessCtrl.createAtManager(); + // requestPermissionsFromUser会判断权限的授权状态来决定是否唤起弹窗 + + atManager.requestPermissionsFromUser(context, permissions).then((data) => { + let grantStatus: Array = data.authResults; + let length: number = grantStatus.length; + for (let i = 0; i < length; i++) { + if (grantStatus[i] === 0) { + // 用户授权,可以继续访问目标操作 + } else { + // 用户拒绝授权,提示用户必须授权才能访问当前页面的功能,并引导用户到系统设置中打开相应的权限 + return; + } + } + // 授权成功 + }).catch((err: BusinessError) => { + console.error(`Failed to request permissions from user. Code is ${err.code}, message is ${err.message}`); + }) + // ... + } } ``` @@ -259,37 +261,38 @@ ```typescript import abilityAccessCtrl, { Permissions } from '@ohos.abilityAccessCtrl'; import common from '@ohos.app.ability.common'; - + import { BusinessError } from '@ohos.base'; + const permissions: Array = ['ohos.permission.READ_CALENDAR']; - + @Entry @Component struct Index { - reqPermissionsFromUser(permissions: Array): void { - let context = getContext(this) as common.UIAbilityContext; - let atManager = abilityAccessCtrl.createAtManager(); - // requestPermissionsFromUser会判断权限的授权状态来决定是否唤起弹窗 - atManager.requestPermissionsFromUser(context, permissions).then((data) => { - let grantStatus: Array = data.authResults; - let length: number = grantStatus.length; - for (let i = 0; i < length; i++) { - if (grantStatus[i] === 0) { - // 用户授权,可以继续访问目标操作 - } else { - // 用户拒绝授权,提示用户必须授权才能访问当前页面的功能,并引导用户到系统设置中打开相应的权限 - return; - } - } - // 授权成功 - }).catch((err) => { - console.error(`Failed to request permissions from user. Code is ${err.code}, message is ${err.message}`); - }) - } - - // 页面展示 - build() { - // ... - } + reqPermissionsFromUser(permissions: Array): void { + let context = getContext(this) as common.UIAbilityContext; + let atManager = abilityAccessCtrl.createAtManager(); + // requestPermissionsFromUser会判断权限的授权状态来决定是否唤起弹窗 + atManager.requestPermissionsFromUser(context, permissions).then((data) => { + let grantStatus: Array = data.authResults; + let length: number = grantStatus.length; + for (let i = 0; i < length; i++) { + if (grantStatus[i] === 0) { + // 用户授权,可以继续访问目标操作 + } else { + // 用户拒绝授权,提示用户必须授权才能访问当前页面的功能,并引导用户到系统设置中打开相应的权限 + return; + } + } + // 授权成功 + }).catch((err: BusinessError) => { + console.error(`Failed to request permissions from user. Code is ${err.code}, message is ${err.message}`); + }) + } + + // 页面展示 + build() { + // ... + } } ``` @@ -297,10 +300,59 @@ 调用[requestPermissionsFromUser()](../reference/apis/js-apis-abilityAccessCtrl.md#requestpermissionsfromuser9)方法后,应用程序将等待用户授权的结果。如果用户授权,则可以继续访问目标操作。如果用户拒绝授权,则需要提示用户必须授权才能访问当前页面的功能,并引导用户到系统设置中打开相应的权限。 - ```ts + ArkTS语法不支持直接使用globalThis,需要通过一个单例的map来做中转。开发者需要: + + a. 在EntryAbility.ets中导入构建的单例对象GlobalThis。 + ```typescript + import { GlobalThis } from '../utils/globalThis'; // 需要根据globalThis.ets的路径自行适配 + ``` + b. 在onCreate中添加: + ```typescript + GlobalThis.getInstance().setContext('context', this.context); + ``` + + > **说明:** + > + > 由于在ts中引入ets文件会有告警提示,需要将EntryAbility.ts的文件后缀修改为EntryAbility.ets,并在module.json5中同步修改。 + + **globalThis.ets示例代码如下:** + ```typescript + import common from '@ohos.app.ability.common'; + + // 构造单例对象 + export class GlobalThis { + private constructor() {} + private static instance: GlobalThis; + private _uiContexts = new Map(); + + public static getInstance(): GlobalThis { + if (!GlobalThis.instance) { + GlobalThis.instance = new GlobalThis(); + } + return GlobalThis.instance; + } + + getContext(key: string): common.UIAbilityContext | undefined { + return this._uiContexts.get(key); + } + + setContext(key: string, value: common.UIAbilityContext): void { + this._uiContexts.set(key, value); + } + + // 其他需要传递的内容依此扩展 + } + ``` + + ```typescript + import { BusinessError } from '@ohos.base'; + import Want from '@ohos.app.ability.Want'; + import { GlobalThis } from '../utils/globalThis'; + import common from '@ohos.app.ability.common'; + function openPermissionsInSystemSettings(): void { - let context = getContext(this) as common.UIAbilityContext; - let wantInfo = { + let context: common.UIAbilityContext = GlobalThis.getInstance().getContext('context'); + let wantInfo: Want = { action: 'action.settings.app.info', parameters: { settingsParamBundleName: 'com.example.myapplication' // 打开指定应用的详情页面 @@ -308,7 +360,7 @@ } context.startAbility(wantInfo).then(() => { // ... - }).catch((err) => { + }).catch((err: BusinessError) => { // ... }) } @@ -319,6 +371,7 @@ 通过调用[requestPermissionsFromUser()](../reference/apis/js-apis-inner-app-context.md#contextrequestpermissionsfromuser7)接口向用户动态申请授权。 ```js +import { BusinessError } from '@ohos.base'; import featureAbility from '@ohos.ability.featureAbility'; reqPermissions() { @@ -329,7 +382,7 @@ reqPermissions() { console.log("data:" + JSON.stringify(data)); console.log("data permissions:" + JSON.stringify(data.permissions)); console.log("data result:" + JSON.stringify(data.authResults)); - }, (err) => { + }, (err: BusinessError) => { console.error('Failed to start ability', err.code); }); }