Home | History | Annotate | Download | only in managed_mode 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_
      6 #define CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_
      7 
      8 #include <set>
      9 #include <vector>
     10 
     11 #include "base/callback.h"
     12 #include "base/memory/scoped_ptr.h"
     13 #include "base/prefs/pref_change_registrar.h"
     14 #include "base/strings/string16.h"
     15 #include "chrome/browser/managed_mode/managed_mode_url_filter.h"
     16 #include "chrome/browser/managed_mode/managed_users.h"
     17 #include "chrome/browser/sync/profile_sync_service_observer.h"
     18 #include "chrome/browser/ui/browser_list_observer.h"
     19 #include "components/browser_context_keyed_service/browser_context_keyed_service.h"
     20 #include "content/public/browser/notification_observer.h"
     21 #include "content/public/browser/notification_registrar.h"
     22 #include "content/public/browser/web_contents.h"
     23 #include "extensions/browser/management_policy.h"
     24 
     25 class Browser;
     26 class GoogleServiceAuthError;
     27 class ManagedModeURLFilter;
     28 class ManagedModeSiteList;
     29 class ManagedUserRegistrationUtility;
     30 class ManagedUserSettingsService;
     31 class Profile;
     32 
     33 namespace user_prefs {
     34 class PrefRegistrySyncable;
     35 }
     36 
     37 // This class handles all the information related to a given managed profile
     38 // (e.g. the installed content packs, the default URL filtering behavior, or
     39 // manual whitelist/blacklist overrides).
     40 class ManagedUserService : public BrowserContextKeyedService,
     41                            public extensions::ManagementPolicy::Provider,
     42                            public ProfileSyncServiceObserver,
     43                            public content::NotificationObserver,
     44                            public chrome::BrowserListObserver {
     45  public:
     46   typedef std::vector<base::string16> CategoryList;
     47   typedef base::Callback<void(content::WebContents*)> NavigationBlockedCallback;
     48   typedef base::Callback<void(const GoogleServiceAuthError&)> AuthErrorCallback;
     49 
     50   enum ManualBehavior {
     51     MANUAL_NONE = 0,
     52     MANUAL_ALLOW,
     53     MANUAL_BLOCK
     54   };
     55 
     56   virtual ~ManagedUserService();
     57 
     58   // ProfileKeyedService override:
     59   virtual void Shutdown() OVERRIDE;
     60 
     61   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
     62 
     63   static void MigrateUserPrefs(PrefService* prefs);
     64 
     65   // Returns the URL filter for the IO thread, for filtering network requests
     66   // (in ManagedModeResourceThrottle).
     67   scoped_refptr<const ManagedModeURLFilter> GetURLFilterForIOThread();
     68 
     69   // Returns the URL filter for the UI thread, for filtering navigations and
     70   // classifying sites in the history view.
     71   ManagedModeURLFilter* GetURLFilterForUIThread();
     72 
     73   // Returns the URL's category, obtained from the installed content packs.
     74   int GetCategory(const GURL& url);
     75 
     76   // Returns the list of all known human-readable category names, sorted by ID
     77   // number. Called in the critical path of drawing the history UI, so needs to
     78   // be fast.
     79   void GetCategoryNames(CategoryList* list);
     80 
     81   // Whether the user can request access to blocked URLs.
     82   bool AccessRequestsEnabled();
     83 
     84   // Adds an access request for the given URL. The requests are stored using
     85   // a prefix followed by a URIEncoded version of the URL. Each entry contains
     86   // a dictionary which currently has the timestamp of the request in it.
     87   void AddAccessRequest(const GURL& url);
     88 
     89   // Returns the email address of the custodian.
     90   std::string GetCustodianEmailAddress() const;
     91 
     92   // Returns the name of the custodian, or the email address if the name is
     93   // empty.
     94   std::string GetCustodianName() const;
     95 
     96   // These methods allow querying and modifying the manual filtering behavior.
     97   // The manual behavior is set by the user and overrides all other settings
     98   // (whitelists or the default behavior).
     99 
    100   // Returns the manual behavior for the given host.
    101   ManualBehavior GetManualBehaviorForHost(const std::string& hostname);
    102 
    103   // Returns the manual behavior for the given URL.
    104   ManualBehavior GetManualBehaviorForURL(const GURL& url);
    105 
    106   // Returns all URLS on the given host that have exceptions.
    107   void GetManualExceptionsForHost(const std::string& host,
    108                                   std::vector<GURL>* urls);
    109 
    110   // Initializes this object. This method does nothing if the profile is not
    111   // managed.
    112   void Init();
    113 
    114   // Initializes this profile for syncing, using the provided |refresh_token| to
    115   // mint access tokens for Sync.
    116   void InitSync(const std::string& refresh_token);
    117 
    118   // Convenience method that registers this managed user using
    119   // |registration_utility| and initializes sync with the returned token.
    120   // The |callback| will be called when registration is complete,
    121   // whether it suceeded or not -- unless registration was cancelled manually,
    122   // in which case the callback will be ignored.
    123   void RegisterAndInitSync(ManagedUserRegistrationUtility* registration_utility,
    124                            Profile* custodian_profile,
    125                            const std::string& managed_user_id,
    126                            const AuthErrorCallback& callback);
    127 
    128   void set_elevated_for_testing(bool skip) {
    129     elevated_for_testing_ = skip;
    130   }
    131 
    132   void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback);
    133   void DidBlockNavigation(content::WebContents* web_contents);
    134 
    135   // extensions::ManagementPolicy::Provider implementation:
    136   virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
    137   virtual bool UserMayLoad(const extensions::Extension* extension,
    138                            base::string16* error) const OVERRIDE;
    139   virtual bool UserMayModifySettings(const extensions::Extension* extension,
    140                                      base::string16* error) const OVERRIDE;
    141 
    142   // ProfileSyncServiceObserver implementation:
    143   virtual void OnStateChanged() OVERRIDE;
    144 
    145   // content::NotificationObserver implementation:
    146   virtual void Observe(int type,
    147                        const content::NotificationSource& source,
    148                        const content::NotificationDetails& details) OVERRIDE;
    149 
    150   // chrome::BrowserListObserver implementation:
    151   virtual void OnBrowserSetLastActive(Browser* browser) OVERRIDE;
    152 
    153  private:
    154   friend class ManagedUserServiceExtensionTestBase;
    155   friend class ManagedUserServiceFactory;
    156   FRIEND_TEST_ALL_PREFIXES(ManagedUserServiceTest,
    157                            ExtensionManagementPolicyProviderUnmanaged);
    158   FRIEND_TEST_ALL_PREFIXES(ManagedUserServiceTest,
    159                            ExtensionManagementPolicyProviderManaged);
    160 
    161   // A bridge from ManagedMode (which lives on the UI thread) to the
    162   // ManagedModeURLFilters, one of which lives on the IO thread. This class
    163   // mediates access to them and makes sure they are kept in sync.
    164   class URLFilterContext {
    165    public:
    166     URLFilterContext();
    167     ~URLFilterContext();
    168 
    169     ManagedModeURLFilter* ui_url_filter() const;
    170     ManagedModeURLFilter* io_url_filter() const;
    171 
    172     void SetDefaultFilteringBehavior(
    173         ManagedModeURLFilter::FilteringBehavior behavior);
    174     void LoadWhitelists(ScopedVector<ManagedModeSiteList> site_lists);
    175     void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map);
    176     void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map);
    177 
    178    private:
    179     // ManagedModeURLFilter is refcounted because the IO thread filter is used
    180     // both by ProfileImplIOData and OffTheRecordProfileIOData (to filter
    181     // network requests), so they both keep a reference to it.
    182     // Clients should not keep references to the UI thread filter, however
    183     // (the filter will live as long as the profile lives, and afterwards it
    184     // should not be used anymore either).
    185     scoped_refptr<ManagedModeURLFilter> ui_url_filter_;
    186     scoped_refptr<ManagedModeURLFilter> io_url_filter_;
    187 
    188     DISALLOW_COPY_AND_ASSIGN(URLFilterContext);
    189   };
    190 
    191   // Use |ManagedUserServiceFactory::GetForProfile(..)| to get
    192   // an instance of this service.
    193   explicit ManagedUserService(Profile* profile);
    194 
    195   void OnCustodianProfileDownloaded(const base::string16& full_name);
    196 
    197   void OnManagedUserRegistered(const AuthErrorCallback& callback,
    198                                Profile* custodian_profile,
    199                                const GoogleServiceAuthError& auth_error,
    200                                const std::string& token);
    201 
    202   void SetupSync();
    203 
    204   bool ProfileIsManaged() const;
    205 
    206   // Internal implementation for ExtensionManagementPolicy::Delegate methods.
    207   // If |error| is not NULL, it will be filled with an error message if the
    208   // requested extension action (install, modify status, etc.) is not permitted.
    209   bool ExtensionManagementPolicyImpl(const extensions::Extension* extension,
    210                                      base::string16* error) const;
    211 
    212   // Returns a list of all installed and enabled site lists in the current
    213   // managed profile.
    214   ScopedVector<ManagedModeSiteList> GetActiveSiteLists();
    215 
    216   ManagedUserSettingsService* GetSettingsService();
    217 
    218   void OnDefaultFilteringBehaviorChanged();
    219 
    220   void UpdateSiteLists();
    221 
    222   // Updates the manual overrides for hosts in the URL filters when the
    223   // corresponding preference is changed.
    224   void UpdateManualHosts();
    225 
    226   // Updates the manual overrides for URLs in the URL filters when the
    227   // corresponding preference is changed.
    228   void UpdateManualURLs();
    229 
    230   // Records some events (opening the managed user profile, switching from the
    231   // managed user profile, and quitting the browser); each is stored
    232   // using a key with a prefix (|key_prefix|) indicating the type of the event.
    233   // Each entry is a dictionary which has the timestamp of the event.
    234   void RecordProfileAndBrowserEventsHelper(const char* key_prefix);
    235 
    236   // Owns us via the BrowserContextKeyedService mechanism.
    237   Profile* profile_;
    238 
    239   content::NotificationRegistrar registrar_;
    240   PrefChangeRegistrar pref_change_registrar_;
    241 
    242   // True iff we're waiting for the Sync service to be initialized.
    243   bool waiting_for_sync_initialization_;
    244   bool is_profile_active_;
    245 
    246   std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_;
    247 
    248   // Sets a profile in elevated state for testing if set to true.
    249   bool elevated_for_testing_;
    250 
    251   // True only when |Shutdown()| method has been called.
    252   bool did_shutdown_;
    253 
    254   URLFilterContext url_filter_context_;
    255 
    256   base::WeakPtrFactory<ManagedUserService> weak_ptr_factory_;
    257 };
    258 
    259 #endif  // CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_
    260