Add OAuth2 scopes to the ExtensionPermissionSet and granted permissions.

chrome/common/extensions/extension_permission_set.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_
 #define CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_
 #pragma once
 
 #include <map>
 #include <set>
 #include <string>
 #include <vector>
 
+#include "base/callback.h"

[Yoyo Zhou, 2012/04/24 23:16:36]

You don't seem to use this.

[jstritar, 2012/04/24 23:33:34]

Done.

 #include "base/gtest_prod_util.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "base/string16.h"
 #include "chrome/common/extensions/url_pattern_set.h"
 
 // TODO(jstritar): Move each class to its own file in extensions/permissions.
 
 class Extension;
@@ skipping 241 matching lines @@
   IDMap id_map_;
   NameMap name_map_;
 
   size_t hosted_app_permission_count_;
   size_t permission_count_;
 
   friend struct DefaultSingletonTraits<ExtensionPermissionsInfo>;
   DISALLOW_COPY_AND_ASSIGN(ExtensionPermissionsInfo);
 };
 
+typedef std::set<std::string> ExtensionOAuth2Scopes;
+
 // The ExtensionPermissionSet is an immutable class that encapsulates an
 // extension's permissions. The class exposes set operations for combining and
 // manipulating the permissions.
 class ExtensionPermissionSet
     : public base::RefCountedThreadSafe<ExtensionPermissionSet> {
  public:
+

[Yoyo Zhou, 2012/04/24 23:16:36]

nit: why this extra line?

[jstritar, 2012/04/24 23:33:34]

Done.

   // Creates an empty permission set (e.g. default permissions).
   ExtensionPermissionSet();
 
   // Creates a new permission set based on the |extension| manifest data, and
   // the api and host permissions (|apis| and |hosts|). The effective hosts
   // of the newly created permission set will be inferred from the |extension|
   // manifest, |apis| and |hosts|.
   ExtensionPermissionSet(const Extension* extension,
                          const ExtensionAPIPermissionSet& apis,
-                         const URLPatternSet& explicit_hosts);
+                         const URLPatternSet& explicit_hosts,
+                         const ExtensionOAuth2Scopes& scopes);
+
 
   // Creates a new permission set based on the specified data.
   ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis,
                          const URLPatternSet& explicit_hosts,
                          const URLPatternSet& scriptable_hosts);
 
+  // Creates a new permission set that has oauth scopes in it.
+  ExtensionPermissionSet(const ExtensionAPIPermissionSet& apis,
+                         const URLPatternSet& explicit_hosts,
+                         const URLPatternSet& scriptable_hosts,
+                         const ExtensionOAuth2Scopes& scopes);
+
+  // Creates a new permission set containing only oauth scopes.
+  explicit ExtensionPermissionSet(const ExtensionOAuth2Scopes& scopes);
+
   ~ExtensionPermissionSet();
 
   // Creates a new permission set equal to |set1| - |set2|, passing ownership of
   // the new set to the caller.
   static ExtensionPermissionSet* CreateDifference(
       const ExtensionPermissionSet* set1, const ExtensionPermissionSet* set2);
 
   // Creates a new permission set equal to the intersection of |set1| and
   // |set2|, passing ownership of the new set to the caller.
   static ExtensionPermissionSet* CreateIntersection(
@@ skipping 68 matching lines @@
   bool HasLessPrivilegesThan(const ExtensionPermissionSet* permissions) const;
 
   const ExtensionAPIPermissionSet& apis() const { return apis_; }
 
   const URLPatternSet& effective_hosts() const { return effective_hosts_; }
 
   const URLPatternSet& explicit_hosts() const { return explicit_hosts_; }
 
   const URLPatternSet& scriptable_hosts() const { return scriptable_hosts_; }
 
+  const ExtensionOAuth2Scopes& scopes() const { return scopes_; }
+
  private:
   FRIEND_TEST_ALL_PREFIXES(ExtensionPermissionsTest,
                            HasLessHostPrivilegesThan);
 
   friend class base::RefCountedThreadSafe<ExtensionPermissionSet>;
 
   static std::set<std::string> GetDistinctHosts(
       const URLPatternSet& host_patterns,
       bool include_rcd,
       bool exclude_file_scheme);
@@ skipping 10 matching lines @@
   // Returns true if |permissions| has an elevated API privilege level than
   // this set.
   bool HasLessAPIPrivilegesThan(
       const ExtensionPermissionSet* permissions) const;
 
   // Returns true if |permissions| has more host permissions compared to this
   // set.
   bool HasLessHostPrivilegesThan(
       const ExtensionPermissionSet* permissions) const;
 
+  // Returns true if |permissions| has more oauth2 scopes compared to this set.
+  bool HasLessScopesThan(const ExtensionPermissionSet* permissions) const;
+
   // The api list is used when deciding if an extension can access certain
   // extension APIs and features.
   ExtensionAPIPermissionSet apis_;
 
   // The list of hosts that can be accessed directly from the extension.
   // TODO(jstritar): Rename to "hosts_"?
   URLPatternSet explicit_hosts_;
 
   // The list of hosts that can be scripted by content scripts.
   // TODO(jstritar): Rename to "user_script_hosts_"?
   URLPatternSet scriptable_hosts_;
 
   // The list of hosts this effectively grants access to.
   URLPatternSet effective_hosts_;
+
+  // A set of oauth2 scopes that are specific to Google Accounts.

[Yoyo Zhou, 2012/04/24 23:16:36]

Can you elaborate on what these are used for in the comment (looks like the
signed-in sync account)?

[jstritar, 2012/04/24 23:33:34]

Done.

+  ExtensionOAuth2Scopes scopes_;
 };
 
 #endif  // CHROME_COMMON_EXTENSIONS_EXTENSION_PERMISSION_SET_H_