search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove the old signature of NotificationManager::closePersistent().
[chromium-blink-merge.git] / chrome / browser / supervised_user / supervised_user_service.cc
blob102b9f5ecca5733f0851f9e3a26c885b4df00458
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/supervised_user/supervised_user_service.h"
6
7 #include "base/command_line.h"
8 #include "base/files/file_path.h"
9 #include "base/memory/ref_counted.h"
10 #include "base/prefs/pref_service.h"
11 #include "base/strings/utf_string_conversions.h"
12 #include "chrome/browser/browser_process.h"
13 #include "chrome/browser/component_updater/supervised_user_whitelist_installer.h"
14 #include "chrome/browser/profiles/profile.h"
15 #include "chrome/browser/profiles/profile_info_cache.h"
16 #include "chrome/browser/profiles/profile_manager.h"
17 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
18 #include "chrome/browser/signin/signin_manager_factory.h"
19 #include "chrome/browser/supervised_user/experimental/supervised_user_blacklist_downloader.h"
20 #include "chrome/browser/supervised_user/legacy/custodian_profile_downloader_service.h"
21 #include "chrome/browser/supervised_user/legacy/custodian_profile_downloader_service_factory.h"
22 #include "chrome/browser/supervised_user/legacy/permission_request_creator_sync.h"
23 #include "chrome/browser/supervised_user/legacy/supervised_user_pref_mapping_service.h"
24 #include "chrome/browser/supervised_user/legacy/supervised_user_pref_mapping_service_factory.h"
25 #include "chrome/browser/supervised_user/legacy/supervised_user_registration_utility.h"
26 #include "chrome/browser/supervised_user/legacy/supervised_user_shared_settings_service_factory.h"
27 #include "chrome/browser/supervised_user/supervised_user_constants.h"
28 #include "chrome/browser/supervised_user/supervised_user_service_observer.h"
29 #include "chrome/browser/supervised_user/supervised_user_settings_service.h"
30 #include "chrome/browser/supervised_user/supervised_user_settings_service_factory.h"
31 #include "chrome/browser/supervised_user/supervised_user_site_list.h"
32 #include "chrome/browser/supervised_user/supervised_user_whitelist_service.h"
33 #include "chrome/browser/sync/profile_sync_service.h"
34 #include "chrome/browser/sync/profile_sync_service_factory.h"
35 #include "chrome/browser/ui/browser.h"
36 #include "chrome/browser/ui/browser_list.h"
37 #include "chrome/common/chrome_switches.h"
38 #include "chrome/common/pref_names.h"
39 #include "chrome/grit/generated_resources.h"
40 #include "components/pref_registry/pref_registry_syncable.h"
41 #include "components/signin/core/browser/profile_oauth2_token_service.h"
42 #include "components/signin/core/browser/signin_manager.h"
43 #include "components/signin/core/browser/signin_manager_base.h"
44 #include "content/public/browser/browser_thread.h"
45 #include "content/public/browser/user_metrics.h"
46 #include "ui/base/l10n/l10n_util.h"
47
48 #if defined(OS_CHROMEOS)
49 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
50 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
51 #include "components/user_manager/user_manager.h"
52 #endif
53
54 #if defined(ENABLE_EXTENSIONS)
55 #include "extensions/browser/extension_registry.h"
56 #include "extensions/browser/extension_system.h"
57 #endif
58
59 #if defined(ENABLE_THEMES)
60 #include "chrome/browser/themes/theme_service.h"
61 #include "chrome/browser/themes/theme_service_factory.h"
62 #endif
63
64 using base::DictionaryValue;
65 using base::UserMetricsAction;
66 using content::BrowserThread;
67
68 namespace {
69
70 const char* const kCustodianInfoPrefs[] = {
71 prefs::kSupervisedUserCustodianName,
72 prefs::kSupervisedUserCustodianEmail,
73 prefs::kSupervisedUserCustodianProfileImageURL,
74 prefs::kSupervisedUserCustodianProfileURL,
75 prefs::kSupervisedUserSecondCustodianName,
76 prefs::kSupervisedUserSecondCustodianEmail,
77 prefs::kSupervisedUserSecondCustodianProfileImageURL,
78 prefs::kSupervisedUserSecondCustodianProfileURL,
79 };
80
81 void CreateURLAccessRequest(
82 const GURL& url,
83 PermissionRequestCreator* creator,
84 const SupervisedUserService::SuccessCallback& callback) {
85 creator->CreateURLAccessRequest(url, callback);
86 }
87
88 void CreateExtensionUpdateRequest(
89 const std::string& extension_id,
90 PermissionRequestCreator* creator,
91 const SupervisedUserService::SuccessCallback& callback) {
92 creator->CreateExtensionUpdateRequest(extension_id, callback);
93 }
94
95 #if defined(ENABLE_EXTENSIONS)
96 enum ExtensionState {
97 EXTENSION_FORCED,
98 EXTENSION_BLOCKED,
99 EXTENSION_ALLOWED
100 };
101
102 ExtensionState GetExtensionState(const extensions::Extension* extension) {
103 if (extension->is_theme())
104 return EXTENSION_ALLOWED;
105
106 bool was_installed_by_default = extension->was_installed_by_default();
107 bool was_installed_by_custodian = extension->was_installed_by_custodian();
108 #if defined(OS_CHROMEOS)
109 // On Chrome OS all external sources are controlled by us so it means that
110 // they are "default". Method was_installed_by_default returns false because
111 // extensions creation flags are ignored in case of default extensions with
112 // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound).
113 // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation
114 // flags are not ignored.
115 was_installed_by_default =
116 extensions::Manifest::IsExternalLocation(extension->location());
117 #endif
118 if (extensions::Manifest::IsComponentLocation(extension->location()) ||
119 was_installed_by_default ||
120 was_installed_by_custodian) {
121 // Enforce default extensions as well as custodian-installed extensions
122 // (if we'd allow the supervised user to uninstall them, there'd be no way
123 // to get them back).
124 return EXTENSION_FORCED;
125 }
126
127 return EXTENSION_BLOCKED;
128 }
129 #endif
130
131 } // namespace
132
133 base::FilePath SupervisedUserService::Delegate::GetBlacklistPath() const {
134 return base::FilePath();
135 }
136
137 GURL SupervisedUserService::Delegate::GetBlacklistURL() const {
138 return GURL();
139 }
140
141 std::string SupervisedUserService::Delegate::GetSafeSitesCx() const {
142 return std::string();
143 }
144
145 SupervisedUserService::URLFilterContext::URLFilterContext()
146 : ui_url_filter_(new SupervisedUserURLFilter),
147 io_url_filter_(new SupervisedUserURLFilter) {}
148 SupervisedUserService::URLFilterContext::~URLFilterContext() {}
149
150 SupervisedUserURLFilter*
151 SupervisedUserService::URLFilterContext::ui_url_filter() const {
152 return ui_url_filter_.get();
153 }
154
155 SupervisedUserURLFilter*
156 SupervisedUserService::URLFilterContext::io_url_filter() const {
157 return io_url_filter_.get();
158 }
159
160 void SupervisedUserService::URLFilterContext::SetDefaultFilteringBehavior(
161 SupervisedUserURLFilter::FilteringBehavior behavior) {
162 ui_url_filter_->SetDefaultFilteringBehavior(behavior);
163 BrowserThread::PostTask(
164 BrowserThread::IO,
165 FROM_HERE,
166 base::Bind(&SupervisedUserURLFilter::SetDefaultFilteringBehavior,
167 io_url_filter_.get(), behavior));
168 }
169
170 void SupervisedUserService::URLFilterContext::LoadWhitelists(
171 const std::vector<scoped_refptr<SupervisedUserSiteList> >& site_lists) {
172 ui_url_filter_->LoadWhitelists(site_lists);
173 BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
174 base::Bind(&SupervisedUserURLFilter::LoadWhitelists,
175 io_url_filter_, site_lists));
176 }
177
178 void SupervisedUserService::URLFilterContext::LoadBlacklist(
179 const base::FilePath& path,
180 const base::Closure& callback) {
181 // For now, support loading only once. If we want to support re-load, we'll
182 // have to clear the blacklist pointer in the url filters first.
183 DCHECK_EQ(0u, blacklist_.GetEntryCount());
184 blacklist_.ReadFromFile(
185 path,
186 base::Bind(&SupervisedUserService::URLFilterContext::OnBlacklistLoaded,
187 base::Unretained(this), callback));
188 }
189
190 void SupervisedUserService::URLFilterContext::SetManualHosts(
191 scoped_ptr<std::map<std::string, bool> > host_map) {
192 ui_url_filter_->SetManualHosts(host_map.get());
193 BrowserThread::PostTask(
194 BrowserThread::IO,
195 FROM_HERE,
196 base::Bind(&SupervisedUserURLFilter::SetManualHosts,
197 io_url_filter_, base::Owned(host_map.release())));
198 }
199
200 void SupervisedUserService::URLFilterContext::SetManualURLs(
201 scoped_ptr<std::map<GURL, bool> > url_map) {
202 ui_url_filter_->SetManualURLs(url_map.get());
203 BrowserThread::PostTask(
204 BrowserThread::IO,
205 FROM_HERE,
206 base::Bind(&SupervisedUserURLFilter::SetManualURLs,
207 io_url_filter_, base::Owned(url_map.release())));
208 }
209
210 void SupervisedUserService::URLFilterContext::Clear() {
211 ui_url_filter_->Clear();
212 BrowserThread::PostTask(
213 BrowserThread::IO,
214 FROM_HERE,
215 base::Bind(&SupervisedUserURLFilter::Clear,
216 io_url_filter_));
217 }
218
219 void SupervisedUserService::URLFilterContext::OnBlacklistLoaded(
220 const base::Closure& callback) {
221 ui_url_filter_->SetBlacklist(&blacklist_);
222 BrowserThread::PostTask(
223 BrowserThread::IO,
224 FROM_HERE,
225 base::Bind(&SupervisedUserURLFilter::SetBlacklist,
226 io_url_filter_,
227 &blacklist_));
228 callback.Run();
229 }
230
231 void SupervisedUserService::URLFilterContext::InitAsyncURLChecker(
232 const scoped_refptr<net::URLRequestContextGetter>& context,
233 const std::string& cx) {
234 ui_url_filter_->InitAsyncURLChecker(context.get(), cx);
235 BrowserThread::PostTask(
236 BrowserThread::IO,
237 FROM_HERE,
238 base::Bind(&SupervisedUserURLFilter::InitAsyncURLChecker,
239 io_url_filter_, context, cx));
240 }
241
242 SupervisedUserService::SupervisedUserService(Profile* profile)
243 : includes_sync_sessions_type_(true),
244 profile_(profile),
245 active_(false),
246 delegate_(NULL),
247 waiting_for_sync_initialization_(false),
248 is_profile_active_(false),
249 did_init_(false),
250 did_shutdown_(false),
251 weak_ptr_factory_(this) {
252 url_filter_context_.ui_url_filter()->AddObserver(this);
253 }
254
255 SupervisedUserService::~SupervisedUserService() {
256 DCHECK(!did_init_ || did_shutdown_);
257 url_filter_context_.ui_url_filter()->RemoveObserver(this);
258 }
259
260 void SupervisedUserService::Shutdown() {
261 if (!did_init_)
262 return;
263 DCHECK(!did_shutdown_);
264 did_shutdown_ = true;
265 if (ProfileIsSupervised()) {
266 content::RecordAction(UserMetricsAction("ManagedUsers_QuitBrowser"));
267 }
268 SetActive(false);
269
270 ProfileSyncService* sync_service =
271 ProfileSyncServiceFactory::GetForProfile(profile_);
272 // Can be null in tests.
273 if (sync_service)
274 sync_service->RemovePreferenceProvider(this);
275 }
276
277 bool SupervisedUserService::ProfileIsSupervised() const {
278 return profile_->IsSupervised();
279 }
280
281 void SupervisedUserService::OnCustodianInfoChanged() {
282 FOR_EACH_OBSERVER(
283 SupervisedUserServiceObserver, observer_list_, OnCustodianInfoChanged());
284 }
285
286 // static
287 void SupervisedUserService::RegisterProfilePrefs(
288 user_prefs::PrefRegistrySyncable* registry) {
289 registry->RegisterDictionaryPref(
290 prefs::kSupervisedUserManualHosts,
291 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
292 registry->RegisterDictionaryPref(
293 prefs::kSupervisedUserManualURLs,
294 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
295 registry->RegisterIntegerPref(
296 prefs::kDefaultSupervisedUserFilteringBehavior,
297 SupervisedUserURLFilter::ALLOW,
298 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
299 registry->RegisterBooleanPref(prefs::kSupervisedUserCreationAllowed, true,
300 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
301 for (const char* pref : kCustodianInfoPrefs) {
302 registry->RegisterStringPref(pref, std::string(),
303 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
304 }
305 }
306
307 void SupervisedUserService::SetDelegate(Delegate* delegate) {
308 if (delegate) {
309 // Changing delegates isn't allowed.
310 DCHECK(!delegate_);
311 } else {
312 // If the delegate is removed, deactivate first to give the old delegate a
313 // chance to clean up.
314 SetActive(false);
315 }
316 delegate_ = delegate;
317 }
318
319 scoped_refptr<const SupervisedUserURLFilter>
320 SupervisedUserService::GetURLFilterForIOThread() {
321 return url_filter_context_.io_url_filter();
322 }
323
324 SupervisedUserURLFilter* SupervisedUserService::GetURLFilterForUIThread() {
325 return url_filter_context_.ui_url_filter();
326 }
327
328 SupervisedUserWhitelistService* SupervisedUserService::GetWhitelistService() {
329 return whitelist_service_.get();
330 }
331
332 std::string SupervisedUserService::GetCustodianEmailAddress() const {
333 std::string custodian_email = profile_->GetPrefs()->GetString(
334 prefs::kSupervisedUserCustodianEmail);
335 #if defined(OS_CHROMEOS)
336 if (custodian_email.empty()) {
337 custodian_email = chromeos::ChromeUserManager::Get()
338 ->GetSupervisedUserManager()
339 ->GetManagerDisplayEmail(
340 user_manager::UserManager::Get()->GetActiveUser()->email());
341 }
342 #endif
343 return custodian_email;
344 }
345
346 std::string SupervisedUserService::GetCustodianName() const {
347 std::string name = profile_->GetPrefs()->GetString(
348 prefs::kSupervisedUserCustodianName);
349 #if defined(OS_CHROMEOS)
350 if (name.empty()) {
351 name = base::UTF16ToUTF8(chromeos::ChromeUserManager::Get()
352 ->GetSupervisedUserManager()
353 ->GetManagerDisplayName(
354 user_manager::UserManager::Get()->GetActiveUser()->email()));
355 }
356 #endif
357 return name.empty() ? GetCustodianEmailAddress() : name;
358 }
359
360 std::string SupervisedUserService::GetSecondCustodianEmailAddress() const {
361 return profile_->GetPrefs()->GetString(
362 prefs::kSupervisedUserSecondCustodianEmail);
363 }
364
365 std::string SupervisedUserService::GetSecondCustodianName() const {
366 std::string name = profile_->GetPrefs()->GetString(
367 prefs::kSupervisedUserSecondCustodianName);
368 return name.empty() ? GetSecondCustodianEmailAddress() : name;
369 }
370
371 void SupervisedUserService::AddNavigationBlockedCallback(
372 const NavigationBlockedCallback& callback) {
373 navigation_blocked_callbacks_.push_back(callback);
374 }
375
376 void SupervisedUserService::DidBlockNavigation(
377 content::WebContents* web_contents) {
378 for (const auto& callback : navigation_blocked_callbacks_)
379 callback.Run(web_contents);
380 }
381
382 void SupervisedUserService::AddObserver(
383 SupervisedUserServiceObserver* observer) {
384 observer_list_.AddObserver(observer);
385 }
386
387 void SupervisedUserService::RemoveObserver(
388 SupervisedUserServiceObserver* observer) {
389 observer_list_.RemoveObserver(observer);
390 }
391
392 void SupervisedUserService::AddPermissionRequestCreator(
393 scoped_ptr<PermissionRequestCreator> creator) {
394 permissions_creators_.push_back(creator.release());
395 }
396
397 syncer::ModelTypeSet SupervisedUserService::GetPreferredDataTypes() const {
398 if (!ProfileIsSupervised())
399 return syncer::ModelTypeSet();
400
401 syncer::ModelTypeSet result;
402 if (IncludesSyncSessionsType())
403 result.Put(syncer::SESSIONS);
404 result.Put(syncer::EXTENSIONS);
405 result.Put(syncer::EXTENSION_SETTINGS);
406 result.Put(syncer::APPS);
407 result.Put(syncer::APP_SETTINGS);
408 result.Put(syncer::APP_NOTIFICATIONS);
409 result.Put(syncer::APP_LIST);
410 return result;
411 }
412
413 void SupervisedUserService::OnHistoryRecordingStateChanged() {
414 bool record_history =
415 profile_->GetPrefs()->GetBoolean(prefs::kRecordHistory);
416 includes_sync_sessions_type_ = record_history;
417 ProfileSyncServiceFactory::GetForProfile(profile_)
418 ->ReconfigureDatatypeManager();
419 }
420
421 bool SupervisedUserService::IncludesSyncSessionsType() const {
422 return includes_sync_sessions_type_;
423 }
424
425 void SupervisedUserService::OnStateChanged() {
426 ProfileSyncService* service =
427 ProfileSyncServiceFactory::GetForProfile(profile_);
428 if (waiting_for_sync_initialization_ && service->backend_initialized() &&
429 service->backend_mode() == ProfileSyncService::SYNC) {
430 waiting_for_sync_initialization_ = false;
431 service->RemoveObserver(this);
432 FinishSetupSync();
433 return;
434 }
435
436 DLOG_IF(ERROR, service->GetAuthError().state() ==
437 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS)
438 << "Credentials rejected";
439 }
440
441 void SupervisedUserService::SetupSync() {
442 StartSetupSync();
443 FinishSetupSyncWhenReady();
444 }
445
446 void SupervisedUserService::StartSetupSync() {
447 // Tell the sync service that setup is in progress so we don't start syncing
448 // until we've finished configuration.
449 ProfileSyncServiceFactory::GetForProfile(profile_)->SetSetupInProgress(true);
450 }
451
452 void SupervisedUserService::FinishSetupSyncWhenReady() {
453 // If we're already waiting for the Sync backend, there's nothing to do here.
454 if (waiting_for_sync_initialization_)
455 return;
456
457 // Continue in FinishSetupSync() once the Sync backend has been initialized.
458 ProfileSyncService* service =
459 ProfileSyncServiceFactory::GetForProfile(profile_);
460 if (service->backend_initialized() &&
461 service->backend_mode() == ProfileSyncService::SYNC) {
462 FinishSetupSync();
463 } else {
464 service->AddObserver(this);
465 waiting_for_sync_initialization_ = true;
466 }
467 }
468
469 void SupervisedUserService::FinishSetupSync() {
470 ProfileSyncService* service =
471 ProfileSyncServiceFactory::GetForProfile(profile_);
472 DCHECK(service->backend_initialized());
473 DCHECK(service->backend_mode() == ProfileSyncService::SYNC);
474
475 // Sync nothing (except types which are set via GetPreferredDataTypes).
476 bool sync_everything = false;
477 syncer::ModelTypeSet synced_datatypes;
478 service->OnUserChoseDatatypes(sync_everything, synced_datatypes);
479
480 // Notify ProfileSyncService that we are done with configuration.
481 service->SetSetupInProgress(false);
482 service->SetSyncSetupCompleted();
483 }
484
485 #if defined(ENABLE_EXTENSIONS)
486 std::string SupervisedUserService::GetDebugPolicyProviderName() const {
487 // Save the string space in official builds.
488 #ifdef NDEBUG
489 NOTREACHED();
490 return std::string();
491 #else
492 return "Supervised User Service";
493 #endif
494 }
495
496 bool SupervisedUserService::UserMayLoad(const extensions::Extension* extension,
497 base::string16* error) const {
498 DCHECK(ProfileIsSupervised());
499 ExtensionState result = GetExtensionState(extension);
500 bool may_load = (result != EXTENSION_BLOCKED);
501 if (!may_load && error)
502 *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER);
503 return may_load;
504 }
505
506 // Note: Having MustRemainInstalled always say "true" for custodian-installed
507 // extensions does NOT prevent remote uninstalls (which is a bit unexpected, but
508 // exactly what we want).
509 bool SupervisedUserService::MustRemainInstalled(
510 const extensions::Extension* extension,
511 base::string16* error) const {
512 DCHECK(ProfileIsSupervised());
513 ExtensionState result = GetExtensionState(extension);
514 bool may_not_uninstall = (result == EXTENSION_FORCED);
515 if (may_not_uninstall && error)
516 *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_SUPERVISED_USER);
517 return may_not_uninstall;
518 }
519
520 void SupervisedUserService::SetExtensionsActive() {
521 extensions::ExtensionSystem* extension_system =
522 extensions::ExtensionSystem::Get(profile_);
523 extensions::ManagementPolicy* management_policy =
524 extension_system->management_policy();
525
526 if (management_policy) {
527 if (active_)
528 management_policy->RegisterProvider(this);
529 else
530 management_policy->UnregisterProvider(this);
531 }
532 }
533 #endif // defined(ENABLE_EXTENSIONS)
534
535 SupervisedUserSettingsService* SupervisedUserService::GetSettingsService() {
536 return SupervisedUserSettingsServiceFactory::GetForProfile(profile_);
537 }
538
539 size_t SupervisedUserService::FindEnabledPermissionRequestCreator(
540 size_t start) {
541 for (size_t i = start; i < permissions_creators_.size(); ++i) {
542 if (permissions_creators_[i]->IsEnabled())
543 return i;
544 }
545 return permissions_creators_.size();
546 }
547
548 void SupervisedUserService::AddPermissionRequestInternal(
549 const CreatePermissionRequestCallback& create_request,
550 const SuccessCallback& callback,
551 size_t index) {
552 // Find a permission request creator that is enabled.
553 size_t next_index = FindEnabledPermissionRequestCreator(index);
554 if (next_index >= permissions_creators_.size()) {
555 callback.Run(false);
556 return;
557 }
558
559 create_request.Run(
560 permissions_creators_[next_index],
561 base::Bind(&SupervisedUserService::OnPermissionRequestIssued,
562 weak_ptr_factory_.GetWeakPtr(), create_request,
563 callback, next_index));
564 }
565
566 void SupervisedUserService::OnPermissionRequestIssued(
567 const CreatePermissionRequestCallback& create_request,
568 const SuccessCallback& callback,
569 size_t index,
570 bool success) {
571 if (success) {
572 callback.Run(true);
573 return;
574 }
575
576 AddPermissionRequestInternal(create_request, callback, index + 1);
577 }
578
579 void SupervisedUserService::OnSupervisedUserIdChanged() {
580 SetActive(ProfileIsSupervised());
581 }
582
583 void SupervisedUserService::OnDefaultFilteringBehaviorChanged() {
584 DCHECK(ProfileIsSupervised());
585
586 int behavior_value = profile_->GetPrefs()->GetInteger(
587 prefs::kDefaultSupervisedUserFilteringBehavior);
588 SupervisedUserURLFilter::FilteringBehavior behavior =
589 SupervisedUserURLFilter::BehaviorFromInt(behavior_value);
590 url_filter_context_.SetDefaultFilteringBehavior(behavior);
591
592 FOR_EACH_OBSERVER(
593 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged());
594 }
595
596 void SupervisedUserService::OnSiteListsChanged(
597 const std::vector<scoped_refptr<SupervisedUserSiteList> >& site_lists) {
598 url_filter_context_.LoadWhitelists(site_lists);
599 }
600
601 void SupervisedUserService::OnSiteListUpdated() {
602 FOR_EACH_OBSERVER(
603 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged());
604 }
605
606 void SupervisedUserService::LoadBlacklist(const base::FilePath& path,
607 const GURL& url) {
608 if (!url.is_valid()) {
609 LoadBlacklistFromFile(path);
610 return;
611 }
612
613 DCHECK(!blacklist_downloader_);
614 blacklist_downloader_.reset(new SupervisedUserBlacklistDownloader(
615 url,
616 path,
617 profile_->GetRequestContext(),
618 base::Bind(&SupervisedUserService::OnBlacklistDownloadDone,
619 base::Unretained(this), path)));
620 }
621
622 void SupervisedUserService::LoadBlacklistFromFile(const base::FilePath& path) {
623 // This object is guaranteed to outlive the URLFilterContext, so we can bind a
624 // raw pointer to it in the callback.
625 url_filter_context_.LoadBlacklist(
626 path, base::Bind(&SupervisedUserService::OnBlacklistLoaded,
627 base::Unretained(this)));
628 }
629
630 void SupervisedUserService::OnBlacklistDownloadDone(const base::FilePath& path,
631 bool success) {
632 if (success) {
633 LoadBlacklistFromFile(path);
634 } else {
635 LOG(WARNING) << "Blacklist download failed";
636 }
637 blacklist_downloader_.reset();
638 }
639
640 void SupervisedUserService::OnBlacklistLoaded() {
641 FOR_EACH_OBSERVER(
642 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged());
643 }
644
645 bool SupervisedUserService::AccessRequestsEnabled() {
646 return FindEnabledPermissionRequestCreator(0) < permissions_creators_.size();
647 }
648
649 void SupervisedUserService::AddURLAccessRequest(
650 const GURL& url,
651 const SuccessCallback& callback) {
652 AddPermissionRequestInternal(
653 base::Bind(CreateURLAccessRequest,
654 SupervisedUserURLFilter::Normalize(url)),
655 callback, 0);
656 }
657
658 void SupervisedUserService::AddExtensionUpdateRequest(
659 const std::string& extension_id,
660 const SuccessCallback& callback) {
661 AddPermissionRequestInternal(
662 base::Bind(CreateExtensionUpdateRequest, extension_id),
663 callback, 0);
664 }
665
666 void SupervisedUserService::InitSync(const std::string& refresh_token) {
667 StartSetupSync();
668
669 ProfileOAuth2TokenService* token_service =
670 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
671 token_service->UpdateCredentials(supervised_users::kSupervisedUserPseudoEmail,
672 refresh_token);
673
674 FinishSetupSyncWhenReady();
675 }
676
677 void SupervisedUserService::Init() {
678 DCHECK(!did_init_);
679 did_init_ = true;
680 DCHECK(GetSettingsService()->IsReady());
681
682 pref_change_registrar_.Init(profile_->GetPrefs());
683 pref_change_registrar_.Add(
684 prefs::kSupervisedUserId,
685 base::Bind(&SupervisedUserService::OnSupervisedUserIdChanged,
686 base::Unretained(this)));
687 pref_change_registrar_.Add(
688 prefs::kRecordHistory,
689 base::Bind(&SupervisedUserService::OnHistoryRecordingStateChanged,
690 base::Unretained(this)));
691
692 ProfileSyncService* sync_service =
693 ProfileSyncServiceFactory::GetForProfile(profile_);
694 // Can be null in tests.
695 if (sync_service)
696 sync_service->AddPreferenceProvider(this);
697
698 std::string client_id = component_updater::SupervisedUserWhitelistInstaller::
699 ClientIdForProfilePath(profile_->GetPath());
700 whitelist_service_.reset(new SupervisedUserWhitelistService(
701 profile_->GetPrefs(),
702 g_browser_process->supervised_user_whitelist_installer(), client_id));
703 whitelist_service_->AddSiteListsChangedCallback(
704 base::Bind(&SupervisedUserService::OnSiteListsChanged,
705 weak_ptr_factory_.GetWeakPtr()));
706
707 SetActive(ProfileIsSupervised());
708 }
709
710 void SupervisedUserService::SetActive(bool active) {
711 if (active_ == active)
712 return;
713 active_ = active;
714
715 if (!delegate_ || !delegate_->SetActive(active_)) {
716 if (active_) {
717 SupervisedUserPrefMappingServiceFactory::GetForBrowserContext(profile_)
718 ->Init();
719
720 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
721 if (command_line->HasSwitch(switches::kSupervisedUserSyncToken)) {
722 InitSync(
723 command_line->GetSwitchValueASCII(
724 switches::kSupervisedUserSyncToken));
725 }
726
727 ProfileOAuth2TokenService* token_service =
728 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
729 token_service->LoadCredentials(
730 supervised_users::kSupervisedUserPseudoEmail);
731
732 permissions_creators_.push_back(new PermissionRequestCreatorSync(
733 GetSettingsService(),
734 SupervisedUserSharedSettingsServiceFactory::GetForBrowserContext(
735 profile_),
736 ProfileSyncServiceFactory::GetForProfile(profile_),
737 GetSupervisedUserName(),
738 profile_->GetPrefs()->GetString(prefs::kSupervisedUserId)));
739
740 SetupSync();
741 }
742 }
743
744 // Now activate/deactivate anything not handled by the delegate yet.
745
746 #if defined(ENABLE_THEMES)
747 // Re-set the default theme to turn the SU theme on/off.
748 ThemeService* theme_service = ThemeServiceFactory::GetForProfile(profile_);
749 if (theme_service->UsingDefaultTheme() || theme_service->UsingSystemTheme()) {
750 ThemeServiceFactory::GetForProfile(profile_)->UseDefaultTheme();
751 }
752 #endif
753
754 ProfileSyncService* sync_service =
755 ProfileSyncServiceFactory::GetForProfile(profile_);
756 sync_service->SetEncryptEverythingAllowed(!active_);
757
758 GetSettingsService()->SetActive(active_);
759
760 #if defined(ENABLE_EXTENSIONS)
761 SetExtensionsActive();
762 #endif
763
764 if (active_) {
765 pref_change_registrar_.Add(
766 prefs::kDefaultSupervisedUserFilteringBehavior,
767 base::Bind(&SupervisedUserService::OnDefaultFilteringBehaviorChanged,
768 base::Unretained(this)));
769 pref_change_registrar_.Add(prefs::kSupervisedUserManualHosts,
770 base::Bind(&SupervisedUserService::UpdateManualHosts,
771 base::Unretained(this)));
772 pref_change_registrar_.Add(prefs::kSupervisedUserManualURLs,
773 base::Bind(&SupervisedUserService::UpdateManualURLs,
774 base::Unretained(this)));
775 for (const char* pref : kCustodianInfoPrefs) {
776 pref_change_registrar_.Add(pref,
777 base::Bind(&SupervisedUserService::OnCustodianInfoChanged,
778 base::Unretained(this)));
779 }
780
781 // Initialize the filter.
782 OnDefaultFilteringBehaviorChanged();
783 whitelist_service_->Init();
784 UpdateManualHosts();
785 UpdateManualURLs();
786 bool use_blacklist = base::CommandLine::ForCurrentProcess()->HasSwitch(
787 switches::kEnableSupervisedUserBlacklist);
788 if (delegate_ && use_blacklist) {
789 base::FilePath blacklist_path = delegate_->GetBlacklistPath();
790 if (!blacklist_path.empty())
791 LoadBlacklist(blacklist_path, delegate_->GetBlacklistURL());
792 }
793 bool use_safesites = base::CommandLine::ForCurrentProcess()->HasSwitch(
794 switches::kEnableSupervisedUserSafeSites);
795 if (delegate_ && use_safesites) {
796 const std::string& cx = delegate_->GetSafeSitesCx();
797 if (!cx.empty()) {
798 url_filter_context_.InitAsyncURLChecker(
799 profile_->GetRequestContext(), cx);
800 }
801 }
802
803 #if !defined(OS_ANDROID)
804 // TODO(bauerb): Get rid of the platform-specific #ifdef here.
805 // http://crbug.com/313377
806 BrowserList::AddObserver(this);
807 #endif
808 } else {
809 permissions_creators_.clear();
810
811 pref_change_registrar_.Remove(
812 prefs::kDefaultSupervisedUserFilteringBehavior);
813 pref_change_registrar_.Remove(prefs::kSupervisedUserManualHosts);
814 pref_change_registrar_.Remove(prefs::kSupervisedUserManualURLs);
815 for (const char* pref : kCustodianInfoPrefs) {
816 pref_change_registrar_.Remove(pref);
817 }
818
819 url_filter_context_.Clear();
820 FOR_EACH_OBSERVER(
821 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged());
822
823 if (waiting_for_sync_initialization_)
824 ProfileSyncServiceFactory::GetForProfile(profile_)->RemoveObserver(this);
825
826 #if !defined(OS_ANDROID)
827 // TODO(bauerb): Get rid of the platform-specific #ifdef here.
828 // http://crbug.com/313377
829 BrowserList::RemoveObserver(this);
830 #endif
831 }
832 }
833
834 void SupervisedUserService::RegisterAndInitSync(
835 SupervisedUserRegistrationUtility* registration_utility,
836 Profile* custodian_profile,
837 const std::string& supervised_user_id,
838 const AuthErrorCallback& callback) {
839 DCHECK(ProfileIsSupervised());
840 DCHECK(!custodian_profile->IsSupervised());
841
842 base::string16 name = base::UTF8ToUTF16(
843 profile_->GetPrefs()->GetString(prefs::kProfileName));
844 int avatar_index = profile_->GetPrefs()->GetInteger(
845 prefs::kProfileAvatarIndex);
846 SupervisedUserRegistrationInfo info(name, avatar_index);
847 registration_utility->Register(
848 supervised_user_id,
849 info,
850 base::Bind(&SupervisedUserService::OnSupervisedUserRegistered,
851 weak_ptr_factory_.GetWeakPtr(), callback, custodian_profile));
852
853 // Fetch the custodian's profile information, to store the name.
854 // TODO(pamg): If --google-profile-info (flag: switches::kGoogleProfileInfo)
855 // is ever enabled, take the name from the ProfileInfoCache instead.
856 CustodianProfileDownloaderService* profile_downloader_service =
857 CustodianProfileDownloaderServiceFactory::GetForProfile(
858 custodian_profile);
859 profile_downloader_service->DownloadProfile(
860 base::Bind(&SupervisedUserService::OnCustodianProfileDownloaded,
861 weak_ptr_factory_.GetWeakPtr()));
862 }
863
864 void SupervisedUserService::OnCustodianProfileDownloaded(
865 const base::string16& full_name) {
866 profile_->GetPrefs()->SetString(prefs::kSupervisedUserCustodianName,
867 base::UTF16ToUTF8(full_name));
868 }
869
870 void SupervisedUserService::OnSupervisedUserRegistered(
871 const AuthErrorCallback& callback,
872 Profile* custodian_profile,
873 const GoogleServiceAuthError& auth_error,
874 const std::string& token) {
875 if (auth_error.state() == GoogleServiceAuthError::NONE) {
876 InitSync(token);
877 SigninManagerBase* signin =
878 SigninManagerFactory::GetForProfile(custodian_profile);
879 profile_->GetPrefs()->SetString(prefs::kSupervisedUserCustodianEmail,
880 signin->GetAuthenticatedUsername());
881
882 // The supervised user profile is now ready for use.
883 ProfileManager* profile_manager = g_browser_process->profile_manager();
884 ProfileInfoCache& cache = profile_manager->GetProfileInfoCache();
885 size_t index = cache.GetIndexOfProfileWithPath(profile_->GetPath());
886 cache.SetIsOmittedProfileAtIndex(index, false);
887 } else {
888 DCHECK_EQ(std::string(), token);
889 }
890
891 callback.Run(auth_error);
892 }
893
894 void SupervisedUserService::UpdateManualHosts() {
895 const base::DictionaryValue* dict =
896 profile_->GetPrefs()->GetDictionary(prefs::kSupervisedUserManualHosts);
897 scoped_ptr<std::map<std::string, bool> > host_map(
898 new std::map<std::string, bool>());
899 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) {
900 bool allow = false;
901 bool result = it.value().GetAsBoolean(&allow);
902 DCHECK(result);
903 (*host_map)[it.key()] = allow;
904 }
905 url_filter_context_.SetManualHosts(host_map.Pass());
906
907 FOR_EACH_OBSERVER(
908 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged());
909 }
910
911 void SupervisedUserService::UpdateManualURLs() {
912 const base::DictionaryValue* dict =
913 profile_->GetPrefs()->GetDictionary(prefs::kSupervisedUserManualURLs);
914 scoped_ptr<std::map<GURL, bool> > url_map(new std::map<GURL, bool>());
915 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) {
916 bool allow = false;
917 bool result = it.value().GetAsBoolean(&allow);
918 DCHECK(result);
919 (*url_map)[GURL(it.key())] = allow;
920 }
921 url_filter_context_.SetManualURLs(url_map.Pass());
922
923 FOR_EACH_OBSERVER(
924 SupervisedUserServiceObserver, observer_list_, OnURLFilterChanged());
925 }
926
927 void SupervisedUserService::OnBrowserSetLastActive(Browser* browser) {
928 bool profile_became_active = profile_->IsSameProfile(browser->profile());
929 if (!is_profile_active_ && profile_became_active)
930 content::RecordAction(UserMetricsAction("ManagedUsers_OpenProfile"));
931 else if (is_profile_active_ && !profile_became_active)
932 content::RecordAction(UserMetricsAction("ManagedUsers_SwitchProfile"));
933
934 is_profile_active_ = profile_became_active;
935 }
936
937 std::string SupervisedUserService::GetSupervisedUserName() const {
938 #if defined(OS_CHROMEOS)
939 // The active user can be NULL in unit tests.
940 if (user_manager::UserManager::Get()->GetActiveUser()) {
941 return UTF16ToUTF8(user_manager::UserManager::Get()->GetUserDisplayName(
942 user_manager::UserManager::Get()->GetActiveUser()->GetUserID()));
943 }
944 return std::string();
945 #else
946 return profile_->GetPrefs()->GetString(prefs::kProfileName);
947 #endif
948 }