1 // Copyright 2017 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_EXTENSIONS_PUBLIC_SESSION_PERMISSION_HELPER_H_ 6 #define CHROME_BROWSER_CHROMEOS_EXTENSIONS_PUBLIC_SESSION_PERMISSION_HELPER_H_ 7 8 #include <memory> 9 #include <set> 10 11 #include "base/callback_forward.h" 12 #include "extensions/common/permissions/api_permission.h" 13 #include "extensions/common/permissions/api_permission_set.h" 14 15 class ExtensionInstallPrompt; 16 17 namespace content { 18 class WebContents; 19 } 20 21 namespace extensions { 22 23 class Extension; 24 25 namespace permission_helper { 26 27 using RequestResolvedCallback = base::Callback<void(const PermissionIDSet&)>; 28 using PromptFactory = base::Callback<std::unique_ptr<ExtensionInstallPrompt>( 29 content::WebContents*)>; 30 31 // In Public Sessions, extensions (and apps) are force-installed by admin policy 32 // so the user does not get a chance to review the permissions for these 33 // extensions. This is not acceptable from a security/privacy standpoint, so 34 // when an extension uses one of the sensitive APIs for the first time, we show 35 // the user a dialog where they can choose whether to allow the extension access 36 // to the API. 37 // 38 // This function sets up the prompt asking the user for additional 39 // permission(s), handles the result, caches it, and then runs the callback with 40 // the allowed permissions as the argument. It returns true if this 41 // permission(s) is already resolved, and false otherwise. 42 // 43 // The user will be prompted about a certain permission only once, and that 44 // choice will be cached and used in any subsequent requests that use the same 45 // permission. If a request comes for a permission that is currently being 46 // prompted, its callback will be queued up to be invoked when the prompt is 47 // resolved. 48 // 49 // Caller must ensure that web_contents is valid. Must be called on UI thread. 50 // 51 // Callback can be null (permission_helper::RequestResolvedCallback()), in which 52 // case it's not invoked but the permission prompt is still shown. 53 // 54 // Passing in a null prompt_factory (permission_helper::PromptFactory()) 55 // callback gets the default behaviour (ie. it is is used only for tests). 56 bool HandlePermissionRequest(const Extension& extension, 57 const PermissionIDSet& requested_permissions, 58 content::WebContents* web_contents, 59 const RequestResolvedCallback& callback, 60 const PromptFactory& prompt_factory); 61 62 // Returns true if user granted this permission to the extension. 63 bool PermissionAllowed(const Extension* extension, 64 APIPermission::ID permission); 65 66 // Used to completely reset state in between tests. 67 void ResetPermissionsForTesting(); 68 69 } // namespace permission_helper 70 } // namespace extensions 71 72 #endif // CHROME_BROWSER_CHROMEOS_EXTENSIONS_PUBLIC_SESSION_PERMISSION_HELPER_H_ 73