1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
7 #include "base/memory/scoped_ptr.h"
8 #include "chrome/browser/chrome_notification_types.h"
9 #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h"
10 #include "chrome/browser/extensions/permissions_updater.h"
11 #include "chrome/browser/profiles/profile.h"
12 #include "chrome/common/extensions/api/permissions.h"
13 #include "extensions/browser/extension_prefs.h"
14 #include "extensions/common/error_utils.h"
15 #include "extensions/common/extension.h"
16 #include "extensions/common/permissions/permission_message_provider.h"
17 #include "extensions/common/permissions/permissions_data.h"
18 #include "extensions/common/permissions/permissions_info.h"
20 namespace extensions {
22 using api::permissions::Permissions;
24 namespace Contains = api::permissions::Contains;
25 namespace GetAll = api::permissions::GetAll;
26 namespace Remove = api::permissions::Remove;
27 namespace Request = api::permissions::Request;
28 namespace helpers = permissions_api_helpers;
32 const char kCantRemoveRequiredPermissionsError[] =
33 "You cannot remove required permissions.";
34 const char kNotInOptionalPermissionsError[] =
35 "Optional permissions must be listed in extension manifest.";
36 const char kNotWhitelistedError[] =
37 "The optional permissions API does not support '*'.";
38 const char kUserGestureRequiredError[] =
39 "This function must be called during a user gesture";
41 enum AutoConfirmForTest {
46 AutoConfirmForTest auto_confirm_for_tests = DO_NOT_SKIP;
47 bool ignore_user_gesture_for_tests = false;
51 bool PermissionsContainsFunction::RunImpl() {
52 scoped_ptr<Contains::Params> params(Contains::Params::Create(*args_));
53 EXTENSION_FUNCTION_VALIDATE(params);
55 scoped_refptr<PermissionSet> permissions = helpers::UnpackPermissionSet(
57 ExtensionPrefs::Get(GetProfile())->AllowFileAccess(extension_->id()),
59 if (!permissions.get())
62 results_ = Contains::Results::Create(
63 GetExtension()->GetActivePermissions()->Contains(*permissions.get()));
67 bool PermissionsGetAllFunction::RunImpl() {
68 scoped_ptr<Permissions> permissions =
69 helpers::PackPermissionSet(GetExtension()->GetActivePermissions().get());
70 results_ = GetAll::Results::Create(*permissions);
74 bool PermissionsRemoveFunction::RunImpl() {
75 scoped_ptr<Remove::Params> params(Remove::Params::Create(*args_));
76 EXTENSION_FUNCTION_VALIDATE(params);
78 scoped_refptr<PermissionSet> permissions = helpers::UnpackPermissionSet(
80 ExtensionPrefs::Get(GetProfile())->AllowFileAccess(extension_->id()),
82 if (!permissions.get())
85 const Extension* extension = GetExtension();
87 // Make sure they're only trying to remove permissions supported by this API.
88 APIPermissionSet apis = permissions->apis();
89 for (APIPermissionSet::const_iterator i = apis.begin();
90 i != apis.end(); ++i) {
91 if (!i->info()->supports_optional()) {
92 error_ = ErrorUtils::FormatErrorMessage(
93 kNotWhitelistedError, i->name());
98 // Make sure we don't remove any required pemissions.
99 const PermissionSet* required =
100 PermissionsData::GetRequiredPermissions(extension);
101 scoped_refptr<PermissionSet> intersection(
102 PermissionSet::CreateIntersection(permissions.get(), required));
103 if (!intersection->IsEmpty()) {
104 error_ = kCantRemoveRequiredPermissionsError;
108 PermissionsUpdater(GetProfile())
109 .RemovePermissions(extension, permissions.get());
110 results_ = Remove::Results::Create(true);
115 void PermissionsRequestFunction::SetAutoConfirmForTests(bool should_proceed) {
116 auto_confirm_for_tests = should_proceed ? PROCEED : ABORT;
120 void PermissionsRequestFunction::SetIgnoreUserGestureForTests(
122 ignore_user_gesture_for_tests = ignore;
125 PermissionsRequestFunction::PermissionsRequestFunction() {}
127 void PermissionsRequestFunction::InstallUIProceed() {
128 PermissionsUpdater perms_updater(GetProfile());
129 perms_updater.AddPermissions(GetExtension(), requested_permissions_.get());
131 results_ = Request::Results::Create(true);
134 Release(); // Balanced in RunImpl().
137 void PermissionsRequestFunction::InstallUIAbort(bool user_initiated) {
140 Release(); // Balanced in RunImpl().
143 PermissionsRequestFunction::~PermissionsRequestFunction() {}
145 bool PermissionsRequestFunction::RunImpl() {
146 results_ = Request::Results::Create(false);
148 if (!user_gesture() &&
149 !ignore_user_gesture_for_tests &&
150 extension_->location() != Manifest::COMPONENT) {
151 error_ = kUserGestureRequiredError;
155 scoped_ptr<Request::Params> params(Request::Params::Create(*args_));
156 EXTENSION_FUNCTION_VALIDATE(params);
158 requested_permissions_ = helpers::UnpackPermissionSet(
160 ExtensionPrefs::Get(GetProfile())->AllowFileAccess(extension_->id()),
162 if (!requested_permissions_.get())
165 // Make sure they're only requesting permissions supported by this API.
166 APIPermissionSet apis = requested_permissions_->apis();
167 for (APIPermissionSet::const_iterator i = apis.begin();
168 i != apis.end(); ++i) {
169 if (!i->info()->supports_optional()) {
170 error_ = ErrorUtils::FormatErrorMessage(
171 kNotWhitelistedError, i->name());
176 // The requested permissions must be defined as optional in the manifest.
177 if (!PermissionsData::GetOptionalPermissions(GetExtension())
178 ->Contains(*requested_permissions_.get())) {
179 error_ = kNotInOptionalPermissionsError;
183 // We don't need to prompt the user if the requested permissions are a subset
184 // of the granted permissions set.
185 scoped_refptr<const PermissionSet> granted = ExtensionPrefs::Get(
186 GetProfile())->GetGrantedPermissions(GetExtension()->id());
187 if (granted.get() && granted->Contains(*requested_permissions_.get())) {
188 PermissionsUpdater perms_updater(GetProfile());
189 perms_updater.AddPermissions(GetExtension(), requested_permissions_.get());
190 results_ = Request::Results::Create(true);
195 // Filter out the granted permissions so we only prompt for new ones.
196 requested_permissions_ = PermissionSet::CreateDifference(
197 requested_permissions_.get(), granted.get());
199 AddRef(); // Balanced in InstallUIProceed() / InstallUIAbort().
201 // We don't need to show the prompt if there are no new warnings, or if
202 // we're skipping the confirmation UI. All extension types but INTERNAL
203 // are allowed to silently increase their permission level.
204 bool has_no_warnings =
205 PermissionMessageProvider::Get()->GetWarningMessages(
206 requested_permissions_, GetExtension()->GetType()).empty();
207 if (auto_confirm_for_tests == PROCEED || has_no_warnings ||
208 extension_->location() == Manifest::COMPONENT) {
210 } else if (auto_confirm_for_tests == ABORT) {
211 // Pretend the user clicked cancel.
212 InstallUIAbort(true);
214 CHECK_EQ(DO_NOT_SKIP, auto_confirm_for_tests);
215 install_ui_.reset(new ExtensionInstallPrompt(GetAssociatedWebContents()));
216 install_ui_->ConfirmPermissions(
217 this, GetExtension(), requested_permissions_.get());
223 } // namespace extensions