Add API for restricting operations for sensitive files

This change adds the following API:

* org.eclipse.core.resources.IWorkspaceDescription.isRestrictedContentEnabled()
* org.eclipse.core.resources.IWorkspaceDescription.setRestrictedContentEnabled(boolean)
* org.eclipse.core.resources.IFile.isContentRestricted()
* org.eclipse.core.resources.IFile.setContentRestricted(boolean)

The goal of this API is to allow Eclipse-based IDEs to restrict certain
platform functionality on a per-file basis, for sensitive files.

To restrict access to sensitive files, at runtime call:

1. IWorkspaceDescription.setRestrictedContentEnabled(true)
2. For each sensitive file, call: IFile.setContentRestricted(true)

Neither the IWorkspaceDescription nor the IFile flags are persisted,
to enable restricted handling these flags must be set for each session.

The restrictions will apply to following functionality:

* File search
* Storing file history

Potentially more platform functionality will be restricted,
if the workspace has restricted handling enabled.

See: #2588

Author: trancexpress

resources/bundles/org.eclipse.core.resources/META-INF/MANIFEST.MF

@@ -2,7 +2,7 @@ Manifest-Version: 1.0
 Bundle-ManifestVersion: 2
 Bundle-Name: %pluginName
 Bundle-SymbolicName: org.eclipse.core.resources; singleton:=true
-Bundle-Version: 3.23.300.qualifier
+Bundle-Version: 3.24.0.qualifier
 Bundle-Activator: org.eclipse.core.resources.ResourcesPlugin
 Bundle-Vendor: %providerName
 Bundle-Localization: plugin

resources/bundles/org.eclipse.core.resources/src/org/eclipse/core/internal/resources/WorkspaceDescription.java

@@ -34,6 +34,7 @@ public class WorkspaceDescription extends ModelObject implements IWorkspaceDescr
 	protected int operationsPerSnapshot;
 	protected long deltaExpiration;
 	private int parallelBuildsCount;
+	private boolean enableRestrictedContent;
 
 	public WorkspaceDescription(String name) {
 		super(name);
@@ -51,6 +52,8 @@ public WorkspaceDescription(String name) {
 		operationsPerSnapshot = node.getInt(PreferenceInitializer.PREF_OPERATIONS_PER_SNAPSHOT, PreferenceInitializer.PREF_OPERATIONS_PER_SNAPSHOT_DEFAULT);
 		deltaExpiration = node.getLong(PreferenceInitializer.PREF_DELTA_EXPIRATION, PreferenceInitializer.PREF_DELTA_EXPIRATION_DEFAULT);
 		parallelBuildsCount = node.getInt(ResourcesPlugin.PREF_MAX_CONCURRENT_BUILDS, PreferenceInitializer.PREF_MAX_CONCURRENT_BUILDS_DEFAULT);
+		// set at runtime:
+		enableRestrictedContent = false;
 	}
 
 	/**
@@ -227,4 +230,14 @@ public boolean isKeepDerivedState() {
 	public void setKeepDerivedState(boolean keepDerivedState) {
 		this.keepDerivedState = keepDerivedState;
 	}
+
+	@Override
+	public boolean isRestrictedContentEnabled() {
+		return enableRestrictedContent;
+	}
+
+	@Override
+	public void setRestrictedContentEnabled(boolean enabled) {
+		this.enableRestrictedContent = enabled;
+	}
 }

resources/bundles/org.eclipse.core.resources/src/org/eclipse/core/resources/IFile.java

@@ -53,6 +53,14 @@
  * @noextend This interface is not intended to be extended by clients.
  */
 public interface IFile extends IResource, IEncodedStorage, IAdaptable {
+
+	/**
+	 * Session property used to mark a file as containing restricted content
+	 *
+	 * @since 3.24
+	 */
+	QualifiedName RESTRICTED_CONTENT = new QualifiedName(ResourcesPlugin.PI_RESOURCES, "restrictedContent"); //$NON-NLS-1$
+
 	/**
 	 * Character encoding constant (value 0) which identifies
 	 * files that have an unknown character encoding scheme.
@@ -1414,4 +1422,30 @@ public default String readString() throws CoreException {
 	public default String getLineSeparator(boolean checkParent) throws CoreException {
 		return getProject().getDefaultLineSeparator();
 	}
+
+	/**
+	 * Returns whether the current file is marked as containing restricted
+	 * (sensitive) content, where some IDE functionality related to the file content
+	 * might be limited.
+	 *
+	 * @return whether the current file is marked as containing sensitive content.
+	 *         This flag is not persisted and is {@code false} by default.
+	 * @since 3.24
+	 */
+	default boolean isContentRestricted() throws CoreException {
+		return getWorkspace().getDescription().isRestrictedContentEnabled()
+				&& getSessionProperty(RESTRICTED_CONTENT) != null;
+	}
+
+	/**
+	 * Marks the current file as containing restricted (sensitive) content. Some IDE
+	 * functionality related to the file content might be limited as long as the
+	 * file is marked as restricted. This flag is not persisted and is {@code false}
+	 * by default.
+	 *
+	 * @since 3.24
+	 */
+	default void setContentRestricted(boolean restricted) throws CoreException {
+		setSessionProperty(RESTRICTED_CONTENT, Boolean.toString(restricted));
+	}
 }

resources/bundles/org.eclipse.core.resources/src/org/eclipse/core/resources/IWorkspaceDescription.java

@@ -114,6 +114,18 @@ public interface IWorkspaceDescription {
 	 */
 	boolean isApplyFileStatePolicy();
 
+	/**
+	 * Returns whether certain IDE functionality should be disabled for restricted
+	 * (sensitive) files. Examples are file history and search.
+	 *
+	 * @return <code>true</code> if restricted (sensitive) files handling is enabled
+	 *         by the IDE, <code>false</code> otherwise
+	 * @see IFile#setContentRestricted(boolean)
+	 * @see IFile#isContentRestricted()
+	 * @since 3.24
+	 */
+	boolean isRestrictedContentEnabled();
+
 	/**
 	 * Returns the interval between automatic workspace snapshots.
 	 *
@@ -302,6 +314,18 @@ public interface IWorkspaceDescription {
 	 */
 	void setMaxConcurrentBuilds(int n);
 
+	/**
+	 * Specifies whether certain IDE functionality should be disabled for restricted
+	 * (sensitive) files. Examples are file history and search.
+	 *
+	 * @param enabled <code>true</code> to enable restricted (sensitive) files
+	 *                handling, <code>false</code> otherwise
+	 * @see IFile#setContentRestricted(boolean)
+	 * @see IFile#isContentRestricted()
+	 * @since 3.24
+	 */
+	void setRestrictedContentEnabled(boolean enabled);
+
 	/**
 	 * @return the max number of builds that can happen concurrently during workspace build. 1 means no job (current thread).
 	 * @since 3.13