Page 1 of 1

How to set, programmatically, MacroSecurityLevel?

PostPosted: Wed Nov 09, 2011 5:46 pm
by Sean
Hi All,

I'm trying to set the MacroSecurityLevel in LibreOffice programmatically, through the "slot:" / ".uno:" protocol command execution environment.
(This setting is used to determine whether to allow run, prompt user first or prevent, macros from running in a document).
However, there does not appear to be any UNO command URL for this purpose?
(As there is for, for example, ".uno:OptionsTreeDialog" which is used to display the Options dialog. )

I have tried to find documentation on this but there does not appear to be much on this specific topic nor can I find any addressing this specific issue.
Can anyone help with this please?

Thanks,
Sean

Re: How to set, programmatically, MacroSecurityLevel?

PostPosted: Wed Nov 09, 2011 7:48 pm
by B Marcelly
Hi,
Why do you need this ? Explain your context. The solution may be different from what you think.

Re: How to set, programmatically, MacroSecurityLevel?

PostPosted: Thu Nov 10, 2011 1:25 pm
by Sean
Hi Bernard,
Thanks, for your reply.
Context: an applet needs to use LibreOffice (ported from StarOffice) to process documents on an intranet environment.
LibreOffice wont run macros in the document unless set to the lowest macro security level,
and for end users access to LibreOffice Tools->Options will be disabled.
The applet uses the StarOffice SDK Uno packages to communicate with LibreOffice.
I've already searched for a solution online but so far no luck finding the command or slot id number.
I appreciate any help, as I'm on a deadline for this.
Thanks and regards,
Sean

Re: How to set, programmatically, MacroSecurityLevel?

PostPosted: Fri Nov 11, 2011 1:46 am
by Charlie Young
Sean wrote:Hi Bernard,
Thanks, for your reply.
Context: an applet needs to use LibreOffice (ported from StarOffice) to process documents on an intranet environment.
LibreOffice wont run macros in the document unless set to the lowest macro security level,
and for end users access to LibreOffice Tools->Options will be disabled.
The applet uses the StarOffice SDK Uno packages to communicate with LibreOffice.
I've already searched for a solution online but so far no luck finding the command or slot id number.
I appreciate any help, as I'm on a deadline for this.
Thanks and regards,
Sean


Allowing a macro to disable macro security would seem to defeat the whole purpose, wouldn't it? In any case, the usual method, in OOo at least, when running from the SDK, is to specify the MacroExecutionMode when loading the document, as in this snippet from c++

Code: Select all   Expand viewCollapse view
Reference< XInterface  > Desktop = rOfficeServiceManager->createInstance(
    OUString::createFromAscii( "com.sun.star.frame.Desktop" ));
      
   //query for the XComponentLoader interface
   Reference< XComponentLoader > rComponentLoader (Desktop, UNO_QUERY);
    if( rComponentLoader.is() ){
           printf( "XComponentloader successfully instantiated\n");
   }

   Sequence < ::com::sun::star::beans::PropertyValue > args(2);
   args[0].Name = OUString::createFromAscii("Hidden");
   args[0].Value <<= sal_False;
   args[1].Name = OUString::createFromAscii("MacroExecutionMode");
   args[1].Value <<=  (sal_Int16) com::sun::star::document::MacroExecMode::ALWAYS_EXECUTE_NO_WARN;
   //get an instance of the spreadsheet
   Reference< XComponent > xcomponent = rComponentLoader->loadComponentFromURL(
      OUString::createFromAscii("file:/// ... path ..../Filename.ods"),
      OUString::createFromAscii("_blank"),
      0,
      args);


and ALWAYS_EXECUTE_NO_WARN = 4.

Re: How to set, programmatically, MacroSecurityLevel?

PostPosted: Fri Nov 11, 2011 12:44 pm
by Sean
Thanks for your input Charlie.
First, it's running on a intranet, so exposure is controlled.
Second, the macro itself is not changing the MacroSecurityLevel,
but the applet which is calling LibreOffice.
So I'm looking for a solution in Java, but I'll try to use your code to generate
a Java solution which works.
I need to complete this today, so any other help much appreciated.
Thanks,
Sean

Re: How to set, programmatically, MacroSecurityLevel?

PostPosted: Fri Nov 11, 2011 4:24 pm
by Charlie Young
Sean wrote:Thanks for your input Charlie.
First, it's running on a intranet, so exposure is controlled.
Second, the macro itself is not changing the MacroSecurityLevel,
but the applet which is calling LibreOffice.
So I'm looking for a solution in Java, but I'll try to use your code to generate
a Java solution which works.
I need to complete this today, so any other help much appreciated.
Thanks,
Sean


My point is that a slot command would allow a macro to do it. The macro security specified in loadComponentFromURL overrides setting in options anyway, so hopefully that will do the trick in your case.

I was going to suggest the possibility of using a keystroke automation facility like Windows SendKeys, but since you say Tools > Options is going to be disabled, that probably wouldn't be helpful.

Re: How to set, programmatically, MacroSecurityLevel?

PostPosted: Fri Nov 11, 2011 5:02 pm
by hanya
Hi,
your problem is not clear for me but you open a document with css.frame.XComponentLoader interface, Charlie's code is a way to solve your problem.
If you want to change the setting of the security level which can be changed though Tools - Configuration..., change MacroSecurityLevel property of /org.openoffice.Office.Common/Security/Scripting node in the configuration.

Re: How to set, programmatically, MacroSecurityLevel?

PostPosted: Fri Nov 11, 2011 11:07 pm
by Charlie Young
hanya wrote:Hi,
your problem is not clear for me but you open a document with css.frame.XComponentLoader interface, Charlie's code is a way to solve your problem.
If you want to change the setting of the security level which can be changed though Tools - Configuration..., change MacroSecurityLevel property of /org.openoffice.Office.Common/Security/Scripting node in the configuration.


I feel stupid, I had some inkling that such a thing was possible from hanya's earlier posts, and thanks to one of those, here is a Basic sub to disable macro security.

Of course to run this from Basic, macros need to be enabled in the first place ;), but if you can translate it to java and run it as an external program, it may give you the control you seek.

The MacroSecurityLevel numbers appear to be 0 = Low, 1 = Medium, 2 = High, and 3 = Very High

I usually use High with a list of trusted sources (which also seems to be contained in the configuration)

Code: Select all   Expand viewCollapse view
Sub ChangeMacroSecurity
   Dim sNodePath As String
   Dim oCP, oCUA
   
   sNodePath = "/org.openoffice.Office.Common/Security/Scripting"
   
     Dim aProps(0) As New com.sun.star.beans.PropertyValue

   oCP = CreateUnoService("com.sun.star.configuration.ConfigurationProvider" )
   aProps(0).Name = "nodepath"
   aProps(0).Value = sNodePath
   oCUA = oCP.createInstanceWithArguments("com.sun.star.configuration.ConfigurationUpdateAccess", aProps )
   
   oCUA.MacroSecurityLevel = 0
   oCUA.commitChanges()
End Sub


I need to learn more about the configuration. One curiosity here is that if I run this with security set to low from an untrusted source, then change the level to 2, I can still run macros from the untrusted source until I reload the spreadsheet containing the macro, even though the change is immediately reflected in Tools > Options.