1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_
12 #include "base/callback.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/pickle.h"
15 #include "base/values.h"
16 #include "extensions/common/permissions/permission_message.h"
22 namespace extensions {
24 class APIPermissionInfo;
25 class ChromeAPIPermissions;
27 // APIPermission is for handling some complex permissions. Please refer to
28 // extensions::SocketPermission as an example.
29 // There is one instance per permission per loaded extension.
42 kAppCurrentWindowInternal,
51 kBookmarkManagerPrivate,
52 kBrailleDisplayPrivate,
68 kDeclarativeWebRequest,
78 kEnterprisePlatformKeysPrivate,
82 kFileBrowserHandlerInternal,
86 kFileSystemRetainEntries,
88 kFileSystemWriteDirectory,
105 kMediaGalleriesPrivate,
109 kMusicManagerPrivate,
150 kVirtualKeyboardPrivate,
153 kWebConnectable, // for externally_connectable manifest key
160 kWebrtcLoggingPrivate,
173 explicit APIPermission(const APIPermissionInfo* info);
175 virtual ~APIPermission();
177 // Returns the id of this permission.
180 // Returns the name of this permission.
181 const char* name() const;
183 // Returns the APIPermission of this permission.
184 const APIPermissionInfo* info() const {
188 // Returns true if this permission has any PermissionMessages.
189 virtual bool HasMessages() const = 0;
191 // Returns the localized permission messages of this permission.
192 virtual PermissionMessages GetMessages() const = 0;
194 // Returns true if the given permission is allowed.
195 virtual bool Check(const CheckParam* param) const = 0;
197 // Returns true if |rhs| is a subset of this.
198 virtual bool Contains(const APIPermission* rhs) const = 0;
200 // Returns true if |rhs| is equal to this.
201 virtual bool Equal(const APIPermission* rhs) const = 0;
203 // Parses the APIPermission from |value|. Returns false if error happens.
204 virtual bool FromValue(const base::Value* value) = 0;
206 // Stores this into a new created |value|.
207 virtual scoped_ptr<base::Value> ToValue() const = 0;
210 virtual APIPermission* Clone() const = 0;
212 // Returns a new API permission which equals this - |rhs|.
213 virtual APIPermission* Diff(const APIPermission* rhs) const = 0;
215 // Returns a new API permission which equals the union of this and |rhs|.
216 virtual APIPermission* Union(const APIPermission* rhs) const = 0;
218 // Returns a new API permission which equals the intersect of this and |rhs|.
219 virtual APIPermission* Intersect(const APIPermission* rhs) const = 0;
222 // Writes this into the given IPC message |m|.
223 virtual void Write(IPC::Message* m) const = 0;
225 // Reads from the given IPC message |m|.
226 virtual bool Read(const IPC::Message* m, PickleIterator* iter) = 0;
228 // Logs this permission.
229 virtual void Log(std::string* log) const = 0;
232 // Returns the localized permission message associated with this api.
233 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
234 PermissionMessage GetMessage_() const;
237 const APIPermissionInfo* const info_;
241 // The APIPermissionInfo is an immutable class that describes a single
242 // named permission (API permission).
243 // There is one instance per permission.
244 class APIPermissionInfo {
249 // Indicates if the permission implies full access (native code).
250 kFlagImpliesFullAccess = 1 << 0,
252 // Indicates if the permission implies full URL access.
253 kFlagImpliesFullURLAccess = 1 << 1,
255 // Indicates that extensions cannot specify the permission as optional.
256 kFlagCannotBeOptional = 1 << 3,
258 // Indicates that the permission is internal to the extensions
259 // system and cannot be specified in the "permissions" list.
260 kFlagInternal = 1 << 4,
263 typedef APIPermission* (*APIPermissionConstructor)(const APIPermissionInfo*);
265 typedef std::set<APIPermission::ID> IDSet;
267 ~APIPermissionInfo();
269 // Creates a APIPermission instance.
270 APIPermission* CreateAPIPermission() const;
272 int flags() const { return flags_; }
274 APIPermission::ID id() const { return id_; }
276 // Returns the message id associated with this permission.
277 PermissionMessage::ID message_id() const {
281 // Returns the name of this permission.
282 const char* name() const { return name_; }
284 // Returns true if this permission implies full access (e.g., native code).
285 bool implies_full_access() const {
286 return (flags_ & kFlagImpliesFullAccess) != 0;
289 // Returns true if this permission implies full URL access.
290 bool implies_full_url_access() const {
291 return (flags_ & kFlagImpliesFullURLAccess) != 0;
294 // Returns true if this permission can be added and removed via the
295 // optional permissions extension API.
296 bool supports_optional() const {
297 return (flags_ & kFlagCannotBeOptional) == 0;
300 // Returns true if this permission is internal rather than a
301 // "permissions" list entry.
302 bool is_internal() const {
303 return (flags_ & kFlagInternal) != 0;
307 // Instances should only be constructed from within a
308 // PermissionsInfo::Delegate.
309 friend class ChromeAPIPermissions;
310 // Implementations of APIPermission will want to get the permission message,
311 // but this class's implementation should be hidden from everyone else.
312 friend class APIPermission;
314 explicit APIPermissionInfo(
315 APIPermission::ID id,
318 PermissionMessage::ID message_id,
320 APIPermissionConstructor api_permission_constructor);
322 // Returns the localized permission message associated with this api.
323 // Use GetMessage_ to avoid name conflict with macro GetMessage on Windows.
324 PermissionMessage GetMessage_() const;
326 const APIPermission::ID id_;
327 const char* const name_;
329 const int l10n_message_id_;
330 const PermissionMessage::ID message_id_;
331 const APIPermissionConstructor api_permission_constructor_;
334 } // namespace extensions
336 #endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_H_