1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
16 #include "extensions/common/permissions/permission_message.h"
22 namespace extensions {
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
38 kAccessibilityFeaturesModify,
39 kAccessibilityFeaturesRead,
51 kBookmarkManagerPrivate,
52 kBrailleDisplayPrivate,
69 kDeclarativeWebRequest,
79 kEnterprisePlatformKeysPrivate,
83 kFileBrowserHandlerInternal,
88 kFileSystemRetainEntries,
90 kFileSystemWriteDirectory,
110 kMediaGalleriesPrivate,
114 kMusicManagerPrivate,
118 kOverrideEscFullscreen,
155 kVirtualKeyboardPrivate,
158 kWebConnectable, // for externally_connectable manifest key
164 kWebrtcLoggingPrivate,
181 explicit APIPermission(const APIPermissionInfo* info);
183 virtual ~APIPermission();
185 // Returns the id of this permission.
188 // Returns the name of this permission.
189 const char* name() const;
191 // Returns the APIPermission of this permission.
192 const APIPermissionInfo* info() const {
196 // Returns true if this permission has any PermissionMessages.
197 virtual bool HasMessages() const = 0;
199 // Returns the localized permission messages of this permission.
200 virtual PermissionMessages GetMessages() const = 0;
202 // Returns true if the given permission is allowed.
203 virtual bool Check(const CheckParam* param) const = 0;
205 // Returns true if |rhs| is a subset of this.
206 virtual bool Contains(const APIPermission* rhs) const = 0;
208 // Returns true if |rhs| is equal to this.
209 virtual bool Equal(const APIPermission* rhs) const = 0;
211 // Parses the APIPermission from |value|. Returns false if an error happens
212 // and optionally set |error| if |error| is not NULL.
213 virtual bool FromValue(const base::Value* value, std::string* error) = 0;
215 // Stores this into a new created |value|.
216 virtual scoped_ptr<base::Value> ToValue() const = 0;
219 virtual APIPermission* Clone() const = 0;
221 // Returns a new API permission which equals this - |rhs|.
222 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
224 // Returns a new API permission which equals the union of this and |rhs|.
225 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
227 // Returns a new API permission which equals the intersect of this and |rhs|.
228 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
231 // Writes this into the given IPC message |m|.
232 virtual void Write(IPC::Message* m) const = 0;
234 // Reads from the given IPC message |m|.
235 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
237 // Logs this permission.
238 virtual void Log(std::string* log) const = 0;
241 // Returns the localized permission message associated with this api.
242 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
243 PermissionMessage GetMessage_() const;
246 const APIPermissionInfo* const info_;
250 // The APIPermissionInfo is an immutable class that describes a single
251 // named permission (API permission).
252 // There is one instance per permission.
253 class APIPermissionInfo {
258 // Indicates if the permission implies full access (native code).
259 kFlagImpliesFullAccess = 1 << 0,
261 // Indicates if the permission implies full URL access.
262 kFlagImpliesFullURLAccess = 1 << 1,
264 // Indicates that extensions cannot specify the permission as optional.
265 kFlagCannotBeOptional = 1 << 3,
267 // Indicates that the permission is internal to the extensions
268 // system and cannot be specified in the "permissions" list.
269 kFlagInternal = 1 << 4,
272 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
274 typedef std::set<APIPermission::ID> IDSet;
276 ~APIPermissionInfo();
278 // Creates a APIPermission instance.
279 APIPermission* CreateAPIPermission() const;
281 int flags() const { return flags_; }
283 APIPermission::ID id() const { return id_; }
285 // Returns the message id associated with this permission.
286 PermissionMessage::ID message_id() const {
290 // Returns the name of this permission.
291 const char* name() const { return name_; }
293 // Returns true if this permission implies full access (e.g., native code).
294 bool implies_full_access() const {
295 return (flags_ & kFlagImpliesFullAccess) != 0;
298 // Returns true if this permission implies full URL access.
299 bool implies_full_url_access() const {
300 return (flags_ & kFlagImpliesFullURLAccess) != 0;
303 // Returns true if this permission can be added and removed via the
304 // optional permissions extension API.
305 bool supports_optional() const {
306 return (flags_ & kFlagCannotBeOptional) == 0;
309 // Returns true if this permission is internal rather than a
310 // "permissions" list entry.
311 bool is_internal() const {
312 return (flags_ & kFlagInternal) != 0;
316 // Instances should only be constructed from within a PermissionsProvider.
317 friend class ChromeAPIPermissions;
318 // Implementations of APIPermission will want to get the permission message,
319 // but this class's implementation should be hidden from everyone else.
320 friend class APIPermission;
322 explicit APIPermissionInfo(
323 APIPermission::ID id,
326 PermissionMessage::ID message_id,
328 APIPermissionConstructor api_permission_constructor);
330 // Returns the localized permission message associated with this api.
331 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
332 PermissionMessage GetMessage_() const;
334 const APIPermission::ID id_;
335 const char* const name_;
337 const int l10n_message_id_;
338 const PermissionMessage::ID message_id_;
339 const APIPermissionConstructor api_permission_constructor_;
342 } // namespace extensions
344 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_