1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
6 #define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
11 #include "base/callback.h"
12 #include "base/gtest_prod_util.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/prefs/pref_change_registrar.h"
15 #include "base/scoped_observer.h"
16 #include "base/strings/string16.h"
17 #include "chrome/browser/supervised_user/supervised_user_url_filter.h"
18 #include "chrome/browser/supervised_user/supervised_users.h"
19 #include "chrome/browser/sync/profile_sync_service_observer.h"
20 #include "chrome/browser/ui/browser_list_observer.h"
21 #include "components/keyed_service/core/keyed_service.h"
22 #include "content/public/browser/web_contents.h"
23 #include "extensions/browser/extension_registry_observer.h"
24 #include "extensions/browser/management_policy.h"
27 class GoogleServiceAuthError;
28 class PermissionRequestCreator;
30 class SupervisedUserRegistrationUtility;
31 class SupervisedUserSettingsService;
32 class SupervisedUserSiteList;
33 class SupervisedUserURLFilter;
35 namespace extensions {
36 class ExtensionRegistry;
39 namespace user_prefs {
40 class PrefRegistrySyncable;
43 // This class handles all the information related to a given supervised profile
44 // (e.g. the installed content packs, the default URL filtering behavior, or
45 // manual whitelist/blacklist overrides).
46 class SupervisedUserService : public KeyedService,
47 public extensions::ManagementPolicy::Provider,
48 public ProfileSyncServiceObserver,
49 public extensions::ExtensionRegistryObserver,
50 public chrome::BrowserListObserver {
52 typedef std::vector<base::string16> CategoryList;
53 typedef base::Callback<void(content::WebContents*)> NavigationBlockedCallback;
54 typedef base::Callback<void(const GoogleServiceAuthError&)> AuthErrorCallback;
64 virtual ~Delegate() {}
65 // Returns true to indicate that the delegate handled the (de)activation, or
66 // false to indicate that the SupervisedUserService itself should handle it.
67 virtual bool SetActive(bool active) = 0;
70 virtual ~SupervisedUserService();
72 // ProfileKeyedService override:
73 virtual void Shutdown() OVERRIDE;
75 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
77 static void MigrateUserPrefs(PrefService* prefs);
79 void SetDelegate(Delegate* delegate);
81 // Returns the URL filter for the IO thread, for filtering network requests
82 // (in SupervisedUserResourceThrottle).
83 scoped_refptr<const SupervisedUserURLFilter> GetURLFilterForIOThread();
85 // Returns the URL filter for the UI thread, for filtering navigations and
86 // classifying sites in the history view.
87 SupervisedUserURLFilter* GetURLFilterForUIThread();
89 // Returns the URL's category, obtained from the installed content packs.
90 int GetCategory(const GURL& url);
92 // Returns the list of all known human-readable category names, sorted by ID
93 // number. Called in the critical path of drawing the history UI, so needs to
95 void GetCategoryNames(CategoryList* list);
97 // Whether the user can request access to blocked URLs.
98 bool AccessRequestsEnabled();
100 void OnPermissionRequestIssued();
102 // Adds an access request for the given URL. The requests are stored using
103 // a prefix followed by a URIEncoded version of the URL. Each entry contains
104 // a dictionary which currently has the timestamp of the request in it.
105 void AddAccessRequest(const GURL& url);
107 // Returns the email address of the custodian.
108 std::string GetCustodianEmailAddress() const;
110 // Returns the name of the custodian, or the email address if the name is
112 std::string GetCustodianName() const;
114 // These methods allow querying and modifying the manual filtering behavior.
115 // The manual behavior is set by the user and overrides all other settings
116 // (whitelists or the default behavior).
118 // Returns the manual behavior for the given host.
119 ManualBehavior GetManualBehaviorForHost(const std::string& hostname);
121 // Returns the manual behavior for the given URL.
122 ManualBehavior GetManualBehaviorForURL(const GURL& url);
124 // Returns all URLS on the given host that have exceptions.
125 void GetManualExceptionsForHost(const std::string& host,
126 std::vector<GURL>* urls);
128 // Initializes this object. This method does nothing if the profile is not
132 // Initializes this profile for syncing, using the provided |refresh_token| to
133 // mint access tokens for Sync.
134 void InitSync(const std::string& refresh_token);
136 // Convenience method that registers this supervised user using
137 // |registration_utility| and initializes sync with the returned token.
138 // The |callback| will be called when registration is complete,
139 // whether it suceeded or not -- unless registration was cancelled manually,
140 // in which case the callback will be ignored.
141 void RegisterAndInitSync(
142 SupervisedUserRegistrationUtility* registration_utility,
143 Profile* custodian_profile,
144 const std::string& supervised_user_id,
145 const AuthErrorCallback& callback);
147 void set_elevated_for_testing(bool skip) {
148 elevated_for_testing_ = skip;
151 void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback);
152 void DidBlockNavigation(content::WebContents* web_contents);
154 // extensions::ManagementPolicy::Provider implementation:
155 virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
156 virtual bool UserMayLoad(const extensions::Extension* extension,
157 base::string16* error) const OVERRIDE;
158 virtual bool UserMayModifySettings(const extensions::Extension* extension,
159 base::string16* error) const OVERRIDE;
161 // ProfileSyncServiceObserver implementation:
162 virtual void OnStateChanged() OVERRIDE;
164 // extensions::ExtensionRegistryObserver implementation.
165 virtual void OnExtensionLoaded(
166 content::BrowserContext* browser_context,
167 const extensions::Extension* extension) OVERRIDE;
168 virtual void OnExtensionUnloaded(
169 content::BrowserContext* browser_context,
170 const extensions::Extension* extension,
171 extensions::UnloadedExtensionInfo::Reason reason) OVERRIDE;
173 // chrome::BrowserListObserver implementation:
174 virtual void OnBrowserSetLastActive(Browser* browser) OVERRIDE;
177 friend class SupervisedUserServiceExtensionTestBase;
178 friend class SupervisedUserServiceFactory;
179 FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest, ClearOmitOnRegistration);
181 // A bridge from the UI thread to the SupervisedUserURLFilters, one of which
182 // lives on the IO thread. This class mediates access to them and makes sure
183 // they are kept in sync.
184 class URLFilterContext {
189 SupervisedUserURLFilter* ui_url_filter() const;
190 SupervisedUserURLFilter* io_url_filter() const;
192 void SetDefaultFilteringBehavior(
193 SupervisedUserURLFilter::FilteringBehavior behavior);
194 void LoadWhitelists(ScopedVector<SupervisedUserSiteList> site_lists);
195 void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map);
196 void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map);
199 // SupervisedUserURLFilter is refcounted because the IO thread filter is
200 // used both by ProfileImplIOData and OffTheRecordProfileIOData (to filter
201 // network requests), so they both keep a reference to it.
202 // Clients should not keep references to the UI thread filter, however
203 // (the filter will live as long as the profile lives, and afterwards it
204 // should not be used anymore either).
205 scoped_refptr<SupervisedUserURLFilter> ui_url_filter_;
206 scoped_refptr<SupervisedUserURLFilter> io_url_filter_;
208 DISALLOW_COPY_AND_ASSIGN(URLFilterContext);
211 // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get
212 // an instance of this service.
213 explicit SupervisedUserService(Profile* profile);
215 void SetActive(bool active);
217 void OnCustodianProfileDownloaded(const base::string16& full_name);
219 void OnSupervisedUserRegistered(const AuthErrorCallback& callback,
220 Profile* custodian_profile,
221 const GoogleServiceAuthError& auth_error,
222 const std::string& token);
226 bool ProfileIsSupervised() const;
228 // Internal implementation for ExtensionManagementPolicy::Delegate methods.
229 // If |error| is not NULL, it will be filled with an error message if the
230 // requested extension action (install, modify status, etc.) is not permitted.
231 bool ExtensionManagementPolicyImpl(const extensions::Extension* extension,
232 base::string16* error) const;
234 // Returns a list of all installed and enabled site lists in the current
235 // supervised profile.
236 ScopedVector<SupervisedUserSiteList> GetActiveSiteLists();
238 SupervisedUserSettingsService* GetSettingsService();
240 void OnSupervisedUserIdChanged();
242 void OnDefaultFilteringBehaviorChanged();
244 void UpdateSiteLists();
246 // Updates the manual overrides for hosts in the URL filters when the
247 // corresponding preference is changed.
248 void UpdateManualHosts();
250 // Updates the manual overrides for URLs in the URL filters when the
251 // corresponding preference is changed.
252 void UpdateManualURLs();
254 // Owns us via the KeyedService mechanism.
261 ScopedObserver<extensions::ExtensionRegistry,
262 extensions::ExtensionRegistryObserver>
263 extension_registry_observer_;
265 PrefChangeRegistrar pref_change_registrar_;
267 // True iff we're waiting for the Sync service to be initialized.
268 bool waiting_for_sync_initialization_;
269 bool is_profile_active_;
271 std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_;
273 // Sets a profile in elevated state for testing if set to true.
274 bool elevated_for_testing_;
276 // True only when |Shutdown()| method has been called.
279 URLFilterContext url_filter_context_;
281 // Used to create permission requests.
282 scoped_ptr<PermissionRequestCreator> permissions_creator_;
284 // True iff we are waiting for a permission request to be issued.
285 bool waiting_for_permissions_;
287 base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_;
290 #endif // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_