Upstreaming browser/ui/uikit_ui_util from iOS.
[chromium-blink-merge.git] / extensions / common / permissions / permission_set.h
blobe7b5311ddbde21bcc04a13242489fd85fcf1db05
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
6 #define EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_
8 #include <set>
9 #include <string>
11 #include "base/gtest_prod_util.h"
12 #include "base/memory/ref_counted.h"
13 #include "extensions/common/permissions/api_permission.h"
14 #include "extensions/common/permissions/api_permission_set.h"
15 #include "extensions/common/permissions/manifest_permission.h"
16 #include "extensions/common/permissions/manifest_permission_set.h"
17 #include "extensions/common/url_pattern_set.h"
19 namespace extensions {
21 // The PermissionSet is an immutable class that encapsulates an
22 // extension's permissions. The class exposes set operations for combining and
23 // manipulating the permissions.
24 // TODO(sashab): PermissionIDSet should be called PermissionSet. Once
25 // PermissionMessageProvider::GetCoalescedPermissionMessages() is the only
26 // method used for generating permission messages, find the other users of this
27 // class and deprecate or rename it as appropriate.
28 class PermissionSet
29 : public base::RefCountedThreadSafe<PermissionSet> {
30 public:
31 // Creates an empty permission set (e.g. default permissions).
32 PermissionSet();
34 // Creates a new permission set based on the specified data: the API
35 // permissions, manifest key permissions, host permissions, and scriptable
36 // hosts. The effective hosts of the newly created permission set will be
37 // inferred from the given host permissions.
38 PermissionSet(const APIPermissionSet& apis,
39 const ManifestPermissionSet& manifest_permissions,
40 const URLPatternSet& explicit_hosts,
41 const URLPatternSet& scriptable_hosts);
43 // Creates a new permission set equal to |set1| - |set2|, passing ownership of
44 // the new set to the caller.
45 static PermissionSet* CreateDifference(
46 const PermissionSet* set1, const PermissionSet* set2);
48 // Creates a new permission set equal to the intersection of |set1| and
49 // |set2|, passing ownership of the new set to the caller.
50 static PermissionSet* CreateIntersection(
51 const PermissionSet* set1, const PermissionSet* set2);
53 // Creates a new permission set equal to the union of |set1| and |set2|.
54 // Passes ownership of the new set to the caller.
55 static PermissionSet* CreateUnion(
56 const PermissionSet* set1, const PermissionSet* set2);
58 bool operator==(const PermissionSet& rhs) const;
59 bool operator!=(const PermissionSet& rhs) const;
61 // Returns true if every API or host permission available to |set| is also
62 // available to this. In other words, if the API permissions of |set| are a
63 // subset of this, and the host permissions in this encompass those in |set|.
64 bool Contains(const PermissionSet& set) const;
66 // Gets the API permissions in this set as a set of strings.
67 std::set<std::string> GetAPIsAsStrings() const;
69 // Returns true if this is an empty set (e.g., the default permission set).
70 bool IsEmpty() const;
72 // Returns true if the set has the specified API permission.
73 bool HasAPIPermission(APIPermission::ID permission) const;
75 // Returns true if the |extension| explicitly requests access to the given
76 // |permission_name|. Note this does not include APIs without no corresponding
77 // permission, like "runtime" or "browserAction".
78 bool HasAPIPermission(const std::string& permission_name) const;
80 // Returns true if the set allows the given permission with the default
81 // permission detal.
82 bool CheckAPIPermission(APIPermission::ID permission) const;
84 // Returns true if the set allows the given permission and permission param.
85 bool CheckAPIPermissionWithParam(APIPermission::ID permission,
86 const APIPermission::CheckParam* param) const;
88 // Returns true if this includes permission to access |origin|.
89 bool HasExplicitAccessToOrigin(const GURL& origin) const;
91 // Returns true if this permission set includes access to script |url|.
92 bool HasScriptableAccessToURL(const GURL& url) const;
94 // Returns true if this permission set includes effective access to all
95 // origins.
96 bool HasEffectiveAccessToAllHosts() const;
98 // Returns true if this permission set has access to so many hosts, that we
99 // should treat it as all hosts for warning purposes.
100 // For example, '*://*.com/*'.
101 bool ShouldWarnAllHosts() const;
103 // Returns true if this permission set includes effective access to |url|.
104 bool HasEffectiveAccessToURL(const GURL& url) const;
106 // Returns true if this permission set effectively represents full access
107 // (e.g. native code).
108 bool HasEffectiveFullAccess() const;
110 const APIPermissionSet& apis() const { return apis_; }
112 const ManifestPermissionSet& manifest_permissions() const {
113 return manifest_permissions_;
116 const URLPatternSet& effective_hosts() const { return effective_hosts_; }
118 const URLPatternSet& explicit_hosts() const { return explicit_hosts_; }
120 const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
122 private:
123 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, GetWarningMessages_AudioVideo);
124 FRIEND_TEST_ALL_PREFIXES(PermissionsTest, AccessToDevicesMessages);
125 friend class base::RefCountedThreadSafe<PermissionSet>;
127 ~PermissionSet();
129 // Adds permissions implied independently of other context.
130 void InitImplicitPermissions();
132 // Initializes the effective host permission based on the data in this set.
133 void InitEffectiveHosts();
135 // Initializes |has_access_to_most_hosts_|.
136 void InitShouldWarnAllHosts() const;
138 // The api list is used when deciding if an extension can access certain
139 // extension APIs and features.
140 APIPermissionSet apis_;
142 // The manifest key permission list is used when deciding if an extension
143 // can access certain extension APIs and features.
144 ManifestPermissionSet manifest_permissions_;
146 // The list of hosts that can be accessed directly from the extension.
147 // TODO(jstritar): Rename to "hosts_"?
148 URLPatternSet explicit_hosts_;
150 // The list of hosts that can be scripted by content scripts.
151 // TODO(jstritar): Rename to "user_script_hosts_"?
152 URLPatternSet scriptable_hosts_;
154 // The list of hosts this effectively grants access to.
155 URLPatternSet effective_hosts_;
157 enum ShouldWarnAllHostsType {
158 UNINITIALIZED = 0,
159 WARN_ALL_HOSTS,
160 DONT_WARN_ALL_HOSTS
162 // Whether or not this permission set includes access to so many origins, we
163 // should treat it as all_hosts for warning purposes.
164 // Lazily initialized (and therefore mutable).
165 mutable ShouldWarnAllHostsType should_warn_all_hosts_;
168 } // namespace extensions
170 #endif // EXTENSIONS_COMMON_PERMISSIONS_PERMISSION_SET_H_