Add API for restricting operations for sensitive files

This change adds the following API:

* org.eclipse.core.resources.IWorkspace.isRestrictedContentEnabled()
* org.eclipse.core.resources.IWorkspace.setRestrictedContentEnabled(boolean)
* org.eclipse.core.resources.IFile.isContentRestricted()
* org.eclipse.core.resources.IFile.setContentRestricted(boolean)

The goal of this API is to allow Eclipse-based IDEs to restrict certain
platform functionality on a per-file basis, for sensitive files.

To restrict access to sensitive files, at runtime call:

1. IWorkspace.setRestrictedContentEnabled(true)
2. For each sensitive file, call: IFile.setContentRestricted(true)

Neither the IWorkspace nor the IFile flags are persisted,
to enable restricted handling these flags must be set for each session.

The restrictions will apply to following functionality:

* File search
* Storing file history

Potentially more platform functionality will be restricted,
if the workspace has restricted handling enabled.

See: #2588

Author: trancexpress

resources/bundles/org.eclipse.core.resources/META-INF/MANIFEST.MF

@@ -2,7 +2,7 @@ Manifest-Version: 1.0
 Bundle-ManifestVersion: 2
 Bundle-Name: %pluginName
 Bundle-SymbolicName: org.eclipse.core.resources; singleton:=true
-Bundle-Version: 3.23.300.qualifier
+Bundle-Version: 3.24.0.qualifier
 Bundle-Activator: org.eclipse.core.resources.ResourcesPlugin
 Bundle-Vendor: %providerName
 Bundle-Localization: plugin

resources/bundles/org.eclipse.core.resources/src/org/eclipse/core/internal/resources/Workspace.java

@@ -271,6 +271,8 @@ public class Workspace extends PlatformObject implements IWorkspace, ICoreConsta
 	 */
 	protected IFileModificationValidator validator = null;
 
+	private boolean enableRestrictedContent;
+
 	/**
 	 * Data structure for holding the multi-part outcome of
 	 * <code>IWorkspace.computeProjectBuildConfigOrder</code>.
@@ -2945,4 +2947,14 @@ private void createMultiple(ConcurrentMap<File, byte[]> filesToCreate, int updat
 			subMonitor.done();
 		}
 	}
+
+	@Override
+	public boolean isRestrictedContentEnabled() {
+		return enableRestrictedContent;
+	}
+
+	@Override
+	public void setRestrictedContentEnabled(boolean enabled) {
+		this.enableRestrictedContent = enabled;
+	}
 }

resources/bundles/org.eclipse.core.resources/src/org/eclipse/core/internal/resources/WorkspaceDescription.java

@@ -227,4 +227,5 @@ public boolean isKeepDerivedState() {
 	public void setKeepDerivedState(boolean keepDerivedState) {
 		this.keepDerivedState = keepDerivedState;
 	}
+
 }

resources/bundles/org.eclipse.core.resources/src/org/eclipse/core/resources/IFile.java

@@ -53,6 +53,14 @@
  * @noextend This interface is not intended to be extended by clients.
  */
 public interface IFile extends IResource, IEncodedStorage, IAdaptable {
+
+	/**
+	 * Session property used to mark a file as containing restricted content
+	 *
+	 * @since 3.24
+	 */
+	QualifiedName RESTRICTED_CONTENT = new QualifiedName(ResourcesPlugin.PI_RESOURCES, "restrictedContent"); //$NON-NLS-1$
+
 	/**
 	 * Character encoding constant (value 0) which identifies
 	 * files that have an unknown character encoding scheme.
@@ -1414,4 +1422,31 @@ public default String readString() throws CoreException {
 	public default String getLineSeparator(boolean checkParent) throws CoreException {
 		return getProject().getDefaultLineSeparator();
 	}
+
+	/**
+	 * Returns whether the current file is marked as containing restricted
+	 * (sensitive) content, where some IDE functionality related to the file content
+	 * might be limited.
+	 *
+	 * @return whether the current file is marked as containing sensitive content.
+	 *         This flag is not persisted and is {@code false} by default.
+	 * @since 3.24
+	 */
+	default boolean isContentRestricted() throws CoreException {
+		IWorkspace workspace = getWorkspace();
+		return workspace != null && workspace.isRestrictedContentEnabled()
+				&& getSessionProperty(RESTRICTED_CONTENT) != null;
+	}
+
+	/**
+	 * Marks the current file as containing restricted (sensitive) content. Some IDE
+	 * functionality related to the file content might be limited as long as the
+	 * file is marked as restricted. This flag is not persisted and is {@code false}
+	 * by default.
+	 *
+	 * @since 3.24
+	 */
+	default void setContentRestricted(boolean restricted) throws CoreException {
+		setSessionProperty(RESTRICTED_CONTENT, Boolean.toString(restricted));
+	}
 }

resources/bundles/org.eclipse.core.resources/src/org/eclipse/core/resources/IWorkspace.java

@@ -1861,4 +1861,28 @@ public default void write(Map<IFile, byte[]> contentMap, boolean force, boolean
 			e.getKey().write(e.getValue(), force, derived, keepHistory, subMon.split(1));
 		}
 	}
+
+	/**
+	 * Returns whether certain IDE functionality should be disabled for restricted
+	 * (sensitive) files. Examples are file history and search.
+	 *
+	 * @return <code>true</code> if restricted (sensitive) files handling is enabled
+	 *         by the IDE, <code>false</code> otherwise
+	 * @see IFile#setContentRestricted(boolean)
+	 * @see IFile#isContentRestricted()
+	 * @since 3.24
+	 */
+	boolean isRestrictedContentEnabled();
+
+	/**
+	 * Specifies whether certain IDE functionality should be disabled for restricted
+	 * (sensitive) files. Examples are file history and search.
+	 *
+	 * @param enabled <code>true</code> to enable restricted (sensitive) files
+	 *                handling, <code>false</code> otherwise
+	 * @see IFile#setContentRestricted(boolean)
+	 * @see IFile#isContentRestricted()
+	 * @since 3.24
+	 */
+	void setRestrictedContentEnabled(boolean enabled);
 }