Home | History | Annotate | Download | only in supervised_user 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
      6 #define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
      7 
      8 #include <set>
      9 #include <vector>
     10 
     11 #include "base/callback.h"
     12 #include "base/gtest_prod_util.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "base/prefs/pref_change_registrar.h"
     15 #include "base/scoped_observer.h"
     16 #include "base/strings/string16.h"
     17 #include "chrome/browser/supervised_user/supervised_user_url_filter.h"
     18 #include "chrome/browser/supervised_user/supervised_users.h"
     19 #include "chrome/browser/sync/profile_sync_service_observer.h"
     20 #include "chrome/browser/ui/browser_list_observer.h"
     21 #include "components/keyed_service/core/keyed_service.h"
     22 #include "content/public/browser/web_contents.h"
     23 #include "extensions/browser/extension_registry_observer.h"
     24 #include "extensions/browser/management_policy.h"
     25 
     26 class Browser;
     27 class GoogleServiceAuthError;
     28 class PermissionRequestCreator;
     29 class Profile;
     30 class SupervisedUserRegistrationUtility;
     31 class SupervisedUserSettingsService;
     32 class SupervisedUserSiteList;
     33 class SupervisedUserURLFilter;
     34 
     35 namespace extensions {
     36 class ExtensionRegistry;
     37 }
     38 
     39 namespace user_prefs {
     40 class PrefRegistrySyncable;
     41 }
     42 
     43 // This class handles all the information related to a given supervised profile
     44 // (e.g. the installed content packs, the default URL filtering behavior, or
     45 // manual whitelist/blacklist overrides).
     46 class SupervisedUserService : public KeyedService,
     47                               public extensions::ManagementPolicy::Provider,
     48                               public ProfileSyncServiceObserver,
     49                               public extensions::ExtensionRegistryObserver,
     50                               public chrome::BrowserListObserver {
     51  public:
     52   typedef std::vector<base::string16> CategoryList;
     53   typedef base::Callback<void(content::WebContents*)> NavigationBlockedCallback;
     54   typedef base::Callback<void(const GoogleServiceAuthError&)> AuthErrorCallback;
     55 
     56   enum ManualBehavior {
     57     MANUAL_NONE = 0,
     58     MANUAL_ALLOW,
     59     MANUAL_BLOCK
     60   };
     61 
     62   class Delegate {
     63    public:
     64     virtual ~Delegate() {}
     65     // Returns true to indicate that the delegate handled the (de)activation, or
     66     // false to indicate that the SupervisedUserService itself should handle it.
     67     virtual bool SetActive(bool active) = 0;
     68   };
     69 
     70   virtual ~SupervisedUserService();
     71 
     72   // ProfileKeyedService override:
     73   virtual void Shutdown() OVERRIDE;
     74 
     75   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
     76 
     77   static void MigrateUserPrefs(PrefService* prefs);
     78 
     79   void SetDelegate(Delegate* delegate);
     80 
     81   // Returns the URL filter for the IO thread, for filtering network requests
     82   // (in SupervisedUserResourceThrottle).
     83   scoped_refptr<const SupervisedUserURLFilter> GetURLFilterForIOThread();
     84 
     85   // Returns the URL filter for the UI thread, for filtering navigations and
     86   // classifying sites in the history view.
     87   SupervisedUserURLFilter* GetURLFilterForUIThread();
     88 
     89   // Returns the URL's category, obtained from the installed content packs.
     90   int GetCategory(const GURL& url);
     91 
     92   // Returns the list of all known human-readable category names, sorted by ID
     93   // number. Called in the critical path of drawing the history UI, so needs to
     94   // be fast.
     95   void GetCategoryNames(CategoryList* list);
     96 
     97   // Whether the user can request access to blocked URLs.
     98   bool AccessRequestsEnabled();
     99 
    100   void OnPermissionRequestIssued();
    101 
    102   // Adds an access request for the given URL. The requests are stored using
    103   // a prefix followed by a URIEncoded version of the URL. Each entry contains
    104   // a dictionary which currently has the timestamp of the request in it.
    105   void AddAccessRequest(const GURL& url);
    106 
    107   // Returns the email address of the custodian.
    108   std::string GetCustodianEmailAddress() const;
    109 
    110   // Returns the name of the custodian, or the email address if the name is
    111   // empty.
    112   std::string GetCustodianName() const;
    113 
    114   // These methods allow querying and modifying the manual filtering behavior.
    115   // The manual behavior is set by the user and overrides all other settings
    116   // (whitelists or the default behavior).
    117 
    118   // Returns the manual behavior for the given host.
    119   ManualBehavior GetManualBehaviorForHost(const std::string& hostname);
    120 
    121   // Returns the manual behavior for the given URL.
    122   ManualBehavior GetManualBehaviorForURL(const GURL& url);
    123 
    124   // Returns all URLS on the given host that have exceptions.
    125   void GetManualExceptionsForHost(const std::string& host,
    126                                   std::vector<GURL>* urls);
    127 
    128   // Initializes this object. This method does nothing if the profile is not
    129   // supervised.
    130   void Init();
    131 
    132   // Initializes this profile for syncing, using the provided |refresh_token| to
    133   // mint access tokens for Sync.
    134   void InitSync(const std::string& refresh_token);
    135 
    136   // Convenience method that registers this supervised user using
    137   // |registration_utility| and initializes sync with the returned token.
    138   // The |callback| will be called when registration is complete,
    139   // whether it suceeded or not -- unless registration was cancelled manually,
    140   // in which case the callback will be ignored.
    141   void RegisterAndInitSync(
    142       SupervisedUserRegistrationUtility* registration_utility,
    143       Profile* custodian_profile,
    144       const std::string& supervised_user_id,
    145       const AuthErrorCallback& callback);
    146 
    147   void set_elevated_for_testing(bool skip) {
    148     elevated_for_testing_ = skip;
    149   }
    150 
    151   void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback);
    152   void DidBlockNavigation(content::WebContents* web_contents);
    153 
    154   // extensions::ManagementPolicy::Provider implementation:
    155   virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
    156   virtual bool UserMayLoad(const extensions::Extension* extension,
    157                            base::string16* error) const OVERRIDE;
    158   virtual bool UserMayModifySettings(const extensions::Extension* extension,
    159                                      base::string16* error) const OVERRIDE;
    160 
    161   // ProfileSyncServiceObserver implementation:
    162   virtual void OnStateChanged() OVERRIDE;
    163 
    164   // extensions::ExtensionRegistryObserver implementation.
    165   virtual void OnExtensionLoaded(
    166       content::BrowserContext* browser_context,
    167       const extensions::Extension* extension) OVERRIDE;
    168   virtual void OnExtensionUnloaded(
    169       content::BrowserContext* browser_context,
    170       const extensions::Extension* extension,
    171       extensions::UnloadedExtensionInfo::Reason reason) OVERRIDE;
    172 
    173   // chrome::BrowserListObserver implementation:
    174   virtual void OnBrowserSetLastActive(Browser* browser) OVERRIDE;
    175 
    176  private:
    177   friend class SupervisedUserServiceExtensionTestBase;
    178   friend class SupervisedUserServiceFactory;
    179   FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest, ClearOmitOnRegistration);
    180 
    181   // A bridge from the UI thread to the SupervisedUserURLFilters, one of which
    182   // lives on the IO thread. This class mediates access to them and makes sure
    183   // they are kept in sync.
    184   class URLFilterContext {
    185    public:
    186     URLFilterContext();
    187     ~URLFilterContext();
    188 
    189     SupervisedUserURLFilter* ui_url_filter() const;
    190     SupervisedUserURLFilter* io_url_filter() const;
    191 
    192     void SetDefaultFilteringBehavior(
    193         SupervisedUserURLFilter::FilteringBehavior behavior);
    194     void LoadWhitelists(ScopedVector<SupervisedUserSiteList> site_lists);
    195     void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map);
    196     void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map);
    197 
    198    private:
    199     // SupervisedUserURLFilter is refcounted because the IO thread filter is
    200     // used both by ProfileImplIOData and OffTheRecordProfileIOData (to filter
    201     // network requests), so they both keep a reference to it.
    202     // Clients should not keep references to the UI thread filter, however
    203     // (the filter will live as long as the profile lives, and afterwards it
    204     // should not be used anymore either).
    205     scoped_refptr<SupervisedUserURLFilter> ui_url_filter_;
    206     scoped_refptr<SupervisedUserURLFilter> io_url_filter_;
    207 
    208     DISALLOW_COPY_AND_ASSIGN(URLFilterContext);
    209   };
    210 
    211   // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get
    212   // an instance of this service.
    213   explicit SupervisedUserService(Profile* profile);
    214 
    215   void SetActive(bool active);
    216 
    217   void OnCustodianProfileDownloaded(const base::string16& full_name);
    218 
    219   void OnSupervisedUserRegistered(const AuthErrorCallback& callback,
    220                                   Profile* custodian_profile,
    221                                   const GoogleServiceAuthError& auth_error,
    222                                   const std::string& token);
    223 
    224   void SetupSync();
    225 
    226   bool ProfileIsSupervised() const;
    227 
    228   // Internal implementation for ExtensionManagementPolicy::Delegate methods.
    229   // If |error| is not NULL, it will be filled with an error message if the
    230   // requested extension action (install, modify status, etc.) is not permitted.
    231   bool ExtensionManagementPolicyImpl(const extensions::Extension* extension,
    232                                      base::string16* error) const;
    233 
    234   // Returns a list of all installed and enabled site lists in the current
    235   // supervised profile.
    236   ScopedVector<SupervisedUserSiteList> GetActiveSiteLists();
    237 
    238   SupervisedUserSettingsService* GetSettingsService();
    239 
    240   void OnSupervisedUserIdChanged();
    241 
    242   void OnDefaultFilteringBehaviorChanged();
    243 
    244   void UpdateSiteLists();
    245 
    246   // Updates the manual overrides for hosts in the URL filters when the
    247   // corresponding preference is changed.
    248   void UpdateManualHosts();
    249 
    250   // Updates the manual overrides for URLs in the URL filters when the
    251   // corresponding preference is changed.
    252   void UpdateManualURLs();
    253 
    254   // Returns the human readable name of the supervised user.
    255   std::string GetSupervisedUserName() const;
    256 
    257   // Owns us via the KeyedService mechanism.
    258   Profile* profile_;
    259 
    260   bool active_;
    261 
    262   Delegate* delegate_;
    263 
    264   ScopedObserver<extensions::ExtensionRegistry,
    265                  extensions::ExtensionRegistryObserver>
    266       extension_registry_observer_;
    267 
    268   PrefChangeRegistrar pref_change_registrar_;
    269 
    270   // True iff we're waiting for the Sync service to be initialized.
    271   bool waiting_for_sync_initialization_;
    272   bool is_profile_active_;
    273 
    274   std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_;
    275 
    276   // Sets a profile in elevated state for testing if set to true.
    277   bool elevated_for_testing_;
    278 
    279   // True only when |Shutdown()| method has been called.
    280   bool did_shutdown_;
    281 
    282   URLFilterContext url_filter_context_;
    283 
    284   // Used to create permission requests.
    285   scoped_ptr<PermissionRequestCreator> permissions_creator_;
    286 
    287   // True iff we are waiting for a permission request to be issued.
    288   bool waiting_for_permissions_;
    289 
    290   base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_;
    291 };
    292 
    293 #endif  // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
    294