1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_ 6 #define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_ 7 8 #include <set> 9 #include <vector> 10 11 #include "base/callback.h" 12 #include "base/gtest_prod_util.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/prefs/pref_change_registrar.h" 15 #include "base/scoped_observer.h" 16 #include "base/strings/string16.h" 17 #include "chrome/browser/supervised_user/supervised_user_url_filter.h" 18 #include "chrome/browser/supervised_user/supervised_users.h" 19 #include "chrome/browser/sync/profile_sync_service_observer.h" 20 #include "chrome/browser/ui/browser_list_observer.h" 21 #include "components/keyed_service/core/keyed_service.h" 22 #include "content/public/browser/web_contents.h" 23 #include "extensions/browser/extension_registry_observer.h" 24 #include "extensions/browser/management_policy.h" 25 26 class Browser; 27 class GoogleServiceAuthError; 28 class PermissionRequestCreator; 29 class Profile; 30 class SupervisedUserRegistrationUtility; 31 class SupervisedUserSettingsService; 32 class SupervisedUserSiteList; 33 class SupervisedUserURLFilter; 34 35 namespace extensions { 36 class ExtensionRegistry; 37 } 38 39 namespace user_prefs { 40 class PrefRegistrySyncable; 41 } 42 43 // This class handles all the information related to a given supervised profile 44 // (e.g. the installed content packs, the default URL filtering behavior, or 45 // manual whitelist/blacklist overrides). 46 class SupervisedUserService : public KeyedService, 47 public extensions::ManagementPolicy::Provider, 48 public ProfileSyncServiceObserver, 49 public extensions::ExtensionRegistryObserver, 50 public chrome::BrowserListObserver { 51 public: 52 typedef std::vector<base::string16> CategoryList; 53 typedef base::Callback<void(content::WebContents*)> NavigationBlockedCallback; 54 typedef base::Callback<void(const GoogleServiceAuthError&)> AuthErrorCallback; 55 56 enum ManualBehavior { 57 MANUAL_NONE = 0, 58 MANUAL_ALLOW, 59 MANUAL_BLOCK 60 }; 61 62 class Delegate { 63 public: 64 virtual ~Delegate() {} 65 // Returns true to indicate that the delegate handled the (de)activation, or 66 // false to indicate that the SupervisedUserService itself should handle it. 67 virtual bool SetActive(bool active) = 0; 68 }; 69 70 virtual ~SupervisedUserService(); 71 72 // ProfileKeyedService override: 73 virtual void Shutdown() OVERRIDE; 74 75 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 76 77 static void MigrateUserPrefs(PrefService* prefs); 78 79 void SetDelegate(Delegate* delegate); 80 81 // Returns the URL filter for the IO thread, for filtering network requests 82 // (in SupervisedUserResourceThrottle). 83 scoped_refptr<const SupervisedUserURLFilter> GetURLFilterForIOThread(); 84 85 // Returns the URL filter for the UI thread, for filtering navigations and 86 // classifying sites in the history view. 87 SupervisedUserURLFilter* GetURLFilterForUIThread(); 88 89 // Returns the URL's category, obtained from the installed content packs. 90 int GetCategory(const GURL& url); 91 92 // Returns the list of all known human-readable category names, sorted by ID 93 // number. Called in the critical path of drawing the history UI, so needs to 94 // be fast. 95 void GetCategoryNames(CategoryList* list); 96 97 // Whether the user can request access to blocked URLs. 98 bool AccessRequestsEnabled(); 99 100 void OnPermissionRequestIssued(); 101 102 // Adds an access request for the given URL. The requests are stored using 103 // a prefix followed by a URIEncoded version of the URL. Each entry contains 104 // a dictionary which currently has the timestamp of the request in it. 105 void AddAccessRequest(const GURL& url); 106 107 // Returns the email address of the custodian. 108 std::string GetCustodianEmailAddress() const; 109 110 // Returns the name of the custodian, or the email address if the name is 111 // empty. 112 std::string GetCustodianName() const; 113 114 // These methods allow querying and modifying the manual filtering behavior. 115 // The manual behavior is set by the user and overrides all other settings 116 // (whitelists or the default behavior). 117 118 // Returns the manual behavior for the given host. 119 ManualBehavior GetManualBehaviorForHost(const std::string& hostname); 120 121 // Returns the manual behavior for the given URL. 122 ManualBehavior GetManualBehaviorForURL(const GURL& url); 123 124 // Returns all URLS on the given host that have exceptions. 125 void GetManualExceptionsForHost(const std::string& host, 126 std::vector<GURL>* urls); 127 128 // Initializes this object. This method does nothing if the profile is not 129 // supervised. 130 void Init(); 131 132 // Initializes this profile for syncing, using the provided |refresh_token| to 133 // mint access tokens for Sync. 134 void InitSync(const std::string& refresh_token); 135 136 // Convenience method that registers this supervised user using 137 // |registration_utility| and initializes sync with the returned token. 138 // The |callback| will be called when registration is complete, 139 // whether it suceeded or not -- unless registration was cancelled manually, 140 // in which case the callback will be ignored. 141 void RegisterAndInitSync( 142 SupervisedUserRegistrationUtility* registration_utility, 143 Profile* custodian_profile, 144 const std::string& supervised_user_id, 145 const AuthErrorCallback& callback); 146 147 void set_elevated_for_testing(bool skip) { 148 elevated_for_testing_ = skip; 149 } 150 151 void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback); 152 void DidBlockNavigation(content::WebContents* web_contents); 153 154 // extensions::ManagementPolicy::Provider implementation: 155 virtual std::string GetDebugPolicyProviderName() const OVERRIDE; 156 virtual bool UserMayLoad(const extensions::Extension* extension, 157 base::string16* error) const OVERRIDE; 158 virtual bool UserMayModifySettings(const extensions::Extension* extension, 159 base::string16* error) const OVERRIDE; 160 161 // ProfileSyncServiceObserver implementation: 162 virtual void OnStateChanged() OVERRIDE; 163 164 // extensions::ExtensionRegistryObserver implementation. 165 virtual void OnExtensionLoaded( 166 content::BrowserContext* browser_context, 167 const extensions::Extension* extension) OVERRIDE; 168 virtual void OnExtensionUnloaded( 169 content::BrowserContext* browser_context, 170 const extensions::Extension* extension, 171 extensions::UnloadedExtensionInfo::Reason reason) OVERRIDE; 172 173 // chrome::BrowserListObserver implementation: 174 virtual void OnBrowserSetLastActive(Browser* browser) OVERRIDE; 175 176 private: 177 friend class SupervisedUserServiceExtensionTestBase; 178 friend class SupervisedUserServiceFactory; 179 FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest, ClearOmitOnRegistration); 180 181 // A bridge from the UI thread to the SupervisedUserURLFilters, one of which 182 // lives on the IO thread. This class mediates access to them and makes sure 183 // they are kept in sync. 184 class URLFilterContext { 185 public: 186 URLFilterContext(); 187 ~URLFilterContext(); 188 189 SupervisedUserURLFilter* ui_url_filter() const; 190 SupervisedUserURLFilter* io_url_filter() const; 191 192 void SetDefaultFilteringBehavior( 193 SupervisedUserURLFilter::FilteringBehavior behavior); 194 void LoadWhitelists(ScopedVector<SupervisedUserSiteList> site_lists); 195 void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map); 196 void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map); 197 198 private: 199 // SupervisedUserURLFilter is refcounted because the IO thread filter is 200 // used both by ProfileImplIOData and OffTheRecordProfileIOData (to filter 201 // network requests), so they both keep a reference to it. 202 // Clients should not keep references to the UI thread filter, however 203 // (the filter will live as long as the profile lives, and afterwards it 204 // should not be used anymore either). 205 scoped_refptr<SupervisedUserURLFilter> ui_url_filter_; 206 scoped_refptr<SupervisedUserURLFilter> io_url_filter_; 207 208 DISALLOW_COPY_AND_ASSIGN(URLFilterContext); 209 }; 210 211 // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get 212 // an instance of this service. 213 explicit SupervisedUserService(Profile* profile); 214 215 void SetActive(bool active); 216 217 void OnCustodianProfileDownloaded(const base::string16& full_name); 218 219 void OnSupervisedUserRegistered(const AuthErrorCallback& callback, 220 Profile* custodian_profile, 221 const GoogleServiceAuthError& auth_error, 222 const std::string& token); 223 224 void SetupSync(); 225 226 bool ProfileIsSupervised() const; 227 228 // Internal implementation for ExtensionManagementPolicy::Delegate methods. 229 // If |error| is not NULL, it will be filled with an error message if the 230 // requested extension action (install, modify status, etc.) is not permitted. 231 bool ExtensionManagementPolicyImpl(const extensions::Extension* extension, 232 base::string16* error) const; 233 234 // Returns a list of all installed and enabled site lists in the current 235 // supervised profile. 236 ScopedVector<SupervisedUserSiteList> GetActiveSiteLists(); 237 238 SupervisedUserSettingsService* GetSettingsService(); 239 240 void OnSupervisedUserIdChanged(); 241 242 void OnDefaultFilteringBehaviorChanged(); 243 244 void UpdateSiteLists(); 245 246 // Updates the manual overrides for hosts in the URL filters when the 247 // corresponding preference is changed. 248 void UpdateManualHosts(); 249 250 // Updates the manual overrides for URLs in the URL filters when the 251 // corresponding preference is changed. 252 void UpdateManualURLs(); 253 254 // Returns the human readable name of the supervised user. 255 std::string GetSupervisedUserName() const; 256 257 // Owns us via the KeyedService mechanism. 258 Profile* profile_; 259 260 bool active_; 261 262 Delegate* delegate_; 263 264 ScopedObserver<extensions::ExtensionRegistry, 265 extensions::ExtensionRegistryObserver> 266 extension_registry_observer_; 267 268 PrefChangeRegistrar pref_change_registrar_; 269 270 // True iff we're waiting for the Sync service to be initialized. 271 bool waiting_for_sync_initialization_; 272 bool is_profile_active_; 273 274 std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_; 275 276 // Sets a profile in elevated state for testing if set to true. 277 bool elevated_for_testing_; 278 279 // True only when |Shutdown()| method has been called. 280 bool did_shutdown_; 281 282 URLFilterContext url_filter_context_; 283 284 // Used to create permission requests. 285 scoped_ptr<PermissionRequestCreator> permissions_creator_; 286 287 // True iff we are waiting for a permission request to be issued. 288 bool waiting_for_permissions_; 289 290 base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_; 291 }; 292 293 #endif // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_ 294