extensions/common/permissions/api_permission_set.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_SET_H_
   6 #define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_SET_H_
   7
   8
   9 #include "extensions/common/permissions/api_permission.h"
  10 #include "extensions/common/permissions/base_set_operators.h"
  11
  12 namespace base {
  13 class ListValue;
  14 }  // namespace base
  15
  16 namespace extensions {
  17
  18 class APIPermissionSet;
  19 class Extension;
  20 class PermissionIDSet;
  21
  22 template<>
  23 struct BaseSetOperatorsTraits<APIPermissionSet> {
  24   typedef APIPermission ElementType;
  25   typedef APIPermission::ID ElementIDType;
  26 };
  27
  28 class APIPermissionSet : public BaseSetOperators<APIPermissionSet> {
  29  public:
  30   enum ParseSource {
  31     // Don't allow internal permissions to be parsed (e.g. entries in the
  32     // "permissions" list in a manifest).
  33     kDisallowInternalPermissions,
  34
  35     // Allow internal permissions to be parsed (e.g. from the "api" field of a
  36     // permissions list in the prefs).
  37     kAllowInternalPermissions,
  38   };
  39
  40   void insert(APIPermission::ID id);
  41
  42   // Insert |permission| into the APIPermissionSet. The APIPermissionSet will
  43   // take the ownership of |permission|,
  44   void insert(APIPermission* permission);
  45
  46   // Parses permissions from |permissions| and adds the parsed permissions to
  47   // |api_permissions|. If |source| is kDisallowInternalPermissions, treat
  48   // permissions with kFlagInternal as errors. If |unhandled_permissions| is
  49   // not NULL, the names of all permissions that couldn't be parsed will be
  50   // added to this vector. If |error| is NULL, parsing will continue with the
  51   // next permission if invalid data is detected. If |error| is not NULL, it
  52   // will be set to an error message and false is returned when an invalid
  53   // permission is found.
  54   static bool ParseFromJSON(
  55       const base::ListValue* permissions,
  56       ParseSource source,
  57       APIPermissionSet* api_permissions,
  58       base::string16* error,
  59       std::vector<std::string>* unhandled_permissions);
  60
  61   void AddImpliedPermissions();
  62 };
  63
  64 // An ID representing a single permission that belongs to an app or extension.
  65 //
  66 // Each PermissionID has a required ID to identify the permission. For most
  67 // permissions, this is all they have.
  68 //
  69 // Some more complex permissions have a parameter, which acts like an argument
  70 // for the permission. For example, host permissions might have the ID
  71 // kReadOnlyHost and the argument 'www.google.com' (the host which is
  72 // read-only). Parameters are passed to the permission message rules for this
  73 // permission, so they can affect the displayed message.
  74 //
  75 // TODO(sashab): Move this to the same file as PermissionIDSet once that moves
  76 // to its own file.
  77 class PermissionID : public std::pair<APIPermission::ID, base::string16> {
  78  public:
  79   PermissionID(APIPermission::ID id);
  80   PermissionID(APIPermission::ID id, const base::string16& parameter);
  81   virtual ~PermissionID();
  82
  83   const APIPermission::ID& id() const { return this->first; }
  84   const base::string16& parameter() const { return this->second; }
  85 };
  86
  87 // A set of permissions for an app or extension. Used for passing around groups
  88 // of permissions, such as required or optional permissions. Has convenience
  89 // constructors so that it can be constructed inline.
  90 //
  91 // Each permission can also store a string, such as a hostname or device number,
  92 // as a parameter that helps identify the permission. This parameter can then
  93 // be used when the permission message is generated. For example, the permission
  94 // kHostReadOnly might have the parameter "google.com", which means that the app
  95 // or extension has the permission to read the host google.com. This parameter
  96 // may then be included in the permission message when it is generated later.
  97 //
  98 // Example:
  99 //   // Create a PermissionIDSet.
 100 //   PermissionIDSet p(APIPermission::kBluetooth, APIPermission::kFavicon);
 101 //   // Add a permission to the set.
 102 //   p.insertPermission(APIPermission::kNetworkState);
 103 //   // Add a permission with a parameter to the set.
 104 //   p.insertPermission(APIPermission::kHostReadOnly,
 105 //           base::ASCIIToUTF16("http://www.google.com"));
 106 //
 107 // TODO(sashab): Move this to its own file and rename it to PermissionSet after
 108 // APIPermission is removed, the current PermissionSet is no longer used, and
 109 // APIPermission::ID is the only type of Permission ID.
 110 // TODO(sashab): Change BaseSetOperators to support storing plain objects
 111 // instead of pointers and change this to extend BaseSetOperators<PermissionID>.
 112 class PermissionIDSet {
 113  public:
 114   PermissionIDSet();
 115   virtual ~PermissionIDSet();
 116
 117   // Adds the given permission, and an optional parameter, to the set.
 118   void insert(APIPermission::ID permission_id);
 119   void insert(APIPermission::ID permission_id,
 120               base::string16 permission_parameter);
 121   void InsertAll(const PermissionIDSet& permission_set);
 122
 123   // Returns the parameters for all PermissionIDs in this set.
 124   std::vector<base::string16> GetAllPermissionParameters() const;
 125
 126   // Check if the set contains permissions with all the given IDs.
 127   bool ContainsAllIDs(std::set<APIPermission::ID> permission_ids);
 128
 129   // Returns all the permissions in this set with one of the given IDs.
 130   PermissionIDSet GetAllPermissionsWithIDs(
 131       const std::set<APIPermission::ID>& permission_ids) const;
 132
 133   // Convenience functions that call their stl_util counterparts.
 134   bool Includes(const PermissionIDSet& subset) const;
 135   static PermissionIDSet Difference(const PermissionIDSet& set_1,
 136                                     const PermissionIDSet& set_2);
 137   static PermissionIDSet Intersection(const PermissionIDSet& set_1,
 138                                       const PermissionIDSet& set_2);
 139   static PermissionIDSet Union(const PermissionIDSet& set_1,
 140                                const PermissionIDSet& set_2);
 141
 142   size_t size() const;
 143   bool empty() const;
 144
 145  private:
 146   PermissionIDSet(std::set<PermissionID> permissions);
 147
 148   // Check if the set contains a permission with the given ID.
 149   bool ContainsID(APIPermission::ID permission_id);
 150
 151   std::set<PermissionID> permissions_;
 152 };
 153
 154 }  // namespace extensions
 155
 156 #endif  // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_SET_H_