Add origin permissions to the extension permissions API.

chrome/test/data/extensions/api_test/permissions/optional/background.html

Index: chrome/test/data/extensions/api_test/permissions/optional/background.html
diff --git a/chrome/test/data/extensions/api_test/permissions/optional/background.html b/chrome/test/data/extensions/api_test/permissions/optional/background.html
index ba9a1c84b9c090e0668935c795f4fdfd4779788b..322f302aba5eb831fd4e7ae4133c6f7730ae753d 100644
--- a/chrome/test/data/extensions/api_test/permissions/optional/background.html
+++ b/chrome/test/data/extensions/api_test/permissions/optional/background.html
@@ -21,14 +21,21 @@ var NOT_WHITE_LISTED_ERROR =
 var UNKNOWN_PERMISSIONS_ERROR =
     "'*' is not a recognized permission.";
 
-var emptyPermissions = {permissions: []};
+var emptyPermissions = {permissions: [], origins: []};
 
 var initialPermissions = {
-  permissions: ['experimental', 'management', 'permissions']
+  permissions: ['experimental', 'management', 'permissions'],
+  origins: ['http://a.com/*']
 };
 
 var permissionsWithTabs = {
-  permissions: ['experimental', 'management', 'permissions', 'tabs']
+  permissions: ['experimental', 'management', 'permissions', 'tabs'],
+  origins: ['http://a.com/*']
+}
+
+var permissionsWithOrigin = {
+  permissions: ['experimental', 'management', 'permissions'],
+  origins: ['http://a.com/*', 'http://*.c.com/*']
 }
 
 function checkEqualSets(set1, set2) {
@@ -45,144 +52,225 @@ function checkEqualSets(set1, set2) {
 
 function checkPermSetsEq(set1, set2) {
   return checkEqualSets(set1.permissions, set2.permissions);
+  return checkEqualSets(set1.origins, set2.origins);

[Matt Perry, 2011/08/03 22:08:14]

2 return statements in a row :)

[jstritar, 2011/08/04 16:35:15]

Woops! Done.

 }
 
-chrome.test.runTests([
-  function contains() {
-    chrome.experimental.permissions.contains(
-      {permissions: ['management']},
-      pass(function(result) {
-        assertTrue(result);
-    }));
-    chrome.experimental.permissions.contains(
-      {permissions: ['devtools']},
-      pass(function(result) {
-        assertFalse(result);
-    }));
-    chrome.experimental.permissions.contains(
-      {permissions: ['permissions', 'management']},
-      pass(function(result) {
-        assertTrue(result);
-    }));
-    chrome.experimental.permissions.contains(
-      {permissions: ['management', 'permissions']},
-      pass(function(result) {
-        assertTrue(result);
-    }));
-  },
-
-  function getAll() {
-    chrome.experimental.permissions.getAll(pass(function(permissions) {
-      assertTrue(checkPermSetsEq(initialPermissions, permissions));
-    }));
-  },
-
-  // Nothing should happen if we request permission we already have
-  function requestNoOp() {
-    chrome.experimental.permissions.request(
-      {permissions:['management']},
-      pass(function(granted) {
-        assertTrue(granted);
-    }));
-  },
-
-  // We should get an error when requesting permissions that haven't been
-  // defined in "optional_permissions".
-  function requestNonOptional() {
-    chrome.experimental.permissions.request(
-        {permissions:['debugger']}, fail(NOT_OPTIONAL_ERROR));
-  },
-
-  // We should be able to request the tabs API since it's in the granted
-  // permissions list (see permissions_apitest.cc).
-  function requestTabs() {
-    try {
-      chrome.windows.getAll({populate: true}, function() {
-        chrome.test.fail("Should not have tabs API permission.");
-      });
-    } catch (e) {
-      assertTrue(e.message.indexOf(NO_TABS_PERMISSION) == 0);
+chrome.test.getConfig(function(config) {
+
+  function doReq(domain, expectSuccess) {
+    var req = new XMLHttpRequest();
+    var url = domain + ":PORT/files/extensions/test_file.txt";
+    url = url.replace(/PORT/, config.testServer.port);
+
+    chrome.test.log("Requesting url: " + url);
+    req.open("GET", url, true);
+
+
+    if (expectSuccess) {
+      req.onload = function() {
+        chrome.test.assertEq(200, req.status);
+        chrome.test.assertEq("Hello!", req.responseText);
+        chrome.test.runNextTest();
+      }
+      req.onerror = function() {
+        chrome.test.log("status: " + req.status);
+        chrome.test.log("text: " + req.responseText);
+        chrome.test.fail("Unexpected error for domain: " + domain);
+      }
+    } else {
+      req.onload = function() {
+        chrome.test.fail("Unexpected success for domain: " + domain);
+      }
+      req.onerror = function() {
+        chrome.test.assertEq(0, req.status);
+        chrome.test.runNextTest();
+      }
     }
-    listenOnce(chrome.experimental.permissions.onAdded, function(permissions) {
-      assertTrue(permissions.permissions.length == 1);
-      assertTrue(permissions.permissions[0] == 'tabs');
-    });
-    chrome.experimental.permissions.request(
-      {permissions:['tabs']},
-      pass(function(granted) {
-        assertTrue(granted);
-        chrome.windows.getAll({populate: true}, pass(function(windows) {
-          assertTrue(true);
-        }));
-        chrome.experimental.permissions.getAll(pass(function(permissions) {
-          assertTrue(checkPermSetsEq(permissionsWithTabs, permissions));
-        }));
-    }));
-  },
-
-  // You can't remove required permissions.
-  function removeRequired() {
-    chrome.experimental.permissions.remove(
-        {permissions:['management']}, fail(REQUIRED_ERROR));
-  },
-
-  // You can remove permissions you don't have (nothing happens).
-  function removeNoOp() {
-    chrome.experimental.permissions.remove(
-      {permissions:['background']},
-      pass(function(removed) {
-        assertTrue(removed);
-    }));
-  },
-
-  function removeTabs() {
-    chrome.windows.getAll({populate: true}, pass(function(windows) {
-      assertTrue(true);
-    }));
-    listenOnce(chrome.experimental.permissions.onRemoved,
-               function(permissions) {
-      assertTrue(permissions.permissions.length == 1);
-      assertTrue(permissions.permissions[0] == 'tabs');
-    });
-    chrome.experimental.permissions.remove(
-      {permissions:['tabs']},
-      pass(function() {
-        chrome.experimental.permissions.getAll(pass(function(permissions) {
-          assertTrue(checkPermSetsEq(initialPermissions, permissions));
-        }));
-        try {
-          chrome.windows.getAll({populate: true}, function() {
-            chrome.test.fail("Should not have tabs API permission.");
-          });
-        } catch (e) {
-          assertTrue(e.message.indexOf(NO_TABS_PERMISSION) == 0);
-        }
-    }));
-  },
-
-  // The user shouldn't have to approve permissions that have no warnings.
-  // TODO(jstritar): move to its own test and set a low timeout
-  function noPromptForNoWarnings() {
-    chrome.experimental.permissions.request(
-      {permissions: ['notifications']},
-      pass(function(granted) {
-        assertTrue(granted);
-    }));
-  },
-
-  // Make sure you can only access the white listed permissions.
-  function whitelist() {
-    var error_msg = NOT_WHITE_LISTED_ERROR.replace('*', 'chromeAuthPrivate');
-    chrome.experimental.permissions.request(
-        {permissions: ['chromeAuthPrivate']}, fail(error_msg));
-    chrome.experimental.permissions.remove(
-        {permissions: ['chromeAuthPrivate']}, fail(error_msg));
-  },
-
-  function unknownPermission() {
-    var error_msg = UNKNOWN_PERMISSIONS_ERROR.replace('*', 'asdf');
-    chrome.experimental.permissions.request(
-      {permissions: ['asdf']}, fail(error_msg));
+
+    req.send(null);
   }
-]);
+
+  chrome.test.runTests([
+    function contains() {
+      chrome.experimental.permissions.contains(
+          {permissions: ['management'], origins: ['http://a.com/*']},
+          pass(function(result) { assertTrue(result); }));
+      chrome.experimental.permissions.contains(
+          {permissions: ['devtools'], origins: ['http://a.com/*']},
+          pass(function(result) { assertFalse(result); }));
+      chrome.experimental.permissions.contains(
+          {permissions: ['permissions', 'management']},
+          pass(function(result) { assertTrue(result); }));
+      chrome.experimental.permissions.contains(
+          {permissions: ['management', 'permissions']},
+          pass(function(result) { assertTrue(result); }));
+    },
+
+    function getAll() {
+      chrome.experimental.permissions.getAll(pass(function(permissions) {
+        assertTrue(checkPermSetsEq(initialPermissions, permissions));
+      }));
+    },
+
+    // Nothing should happen if we request permission we already have
+    function requestNoOp() {
+      chrome.experimental.permissions.request(
+          {permissions:['management'], origins:['http://*.c.com/*']},
+          pass(function(granted) { assertTrue(granted); }));
+    },
+
+    // We should get an error when requesting permissions that haven't been
+    // defined in "optional_permissions".
+    function requestNonOptional() {
+      chrome.experimental.permissions.request(
+          {permissions: ['debugger']}, fail(NOT_OPTIONAL_ERROR));
+      chrome.experimental.permissions.request(
+          {origins: ['http://*.b.com/*']}, fail(NOT_OPTIONAL_ERROR));
+      chrome.experimental.permissions.request(
+          {permissions: ['tabs'], origins: ['http://*.b.com/*']},
+          fail(NOT_OPTIONAL_ERROR));
+    },
+
+    // We should be able to request the tabs API since it's in the granted
+    // permissions list (see permissions_apitest.cc).
+    function requestTabs() {
+      try {
+        chrome.windows.getAll({populate: true}, function() {
+          chrome.test.fail("Should not have tabs API permission.");
+        });
+      } catch (e) {
+        assertTrue(e.message.indexOf(NO_TABS_PERMISSION) == 0);
+      }
+      listenOnce(chrome.experimental.permissions.onAdded,
+                 function(permissions) {
+        assertTrue(permissions.permissions.length == 1);
+        assertTrue(permissions.permissions[0] == 'tabs');
+      });
+      chrome.experimental.permissions.request(
+          {permissions:['tabs']},
+          pass(function(granted) {
+            assertTrue(granted);
+            chrome.windows.getAll({populate: true}, pass(function(windows) {
+              assertTrue(true);
+            }));
+            chrome.experimental.permissions.getAll(pass(function(permissions) {
+              assertTrue(checkPermSetsEq(permissionsWithTabs, permissions));
+            }));
+      }));
+    },
+
+    // You can't remove required permissions.
+    function removeRequired() {
+      chrome.experimental.permissions.remove(
+          {permissions: ['management']}, fail(REQUIRED_ERROR));
+      chrome.experimental.permissions.remove(
+          {origins: ['http://a.com/*']}, fail(REQUIRED_ERROR));
+      chrome.experimental.permissions.remove(
+          {permissions: ['tabs'], origins: ['http://a.com/*']},
+          fail(REQUIRED_ERROR));
+    },
+
+    // You can remove permissions you don't have (nothing happens).
+    function removeNoOp() {
+      chrome.experimental.permissions.remove(
+          {permissions:['background']},
+          pass(function(removed) { assertTrue(removed); }));
+      chrome.experimental.permissions.remove(
+          {origins:['http://*.c.com/*']},
+          pass(function(removed) { assertTrue(removed); }));
+      chrome.experimental.permissions.remove(
+          {permissions:['background'], origins:['http://*.c.com/*']},
+          pass(function(removed) { assertTrue(removed); }));
+    },
+
+    function removeTabs() {
+      chrome.windows.getAll({populate: true}, pass(function(windows) {
+        assertTrue(true);
+      }));
+      listenOnce(chrome.experimental.permissions.onRemoved,
+                 function(permissions) {
+        assertTrue(permissions.permissions.length == 1);
+        assertTrue(permissions.permissions[0] == 'tabs');
+      });
+      chrome.experimental.permissions.remove(
+          {permissions:['tabs']},
+          pass(function() {
+            chrome.experimental.permissions.getAll(pass(function(permissions) {
+              assertTrue(checkPermSetsEq(initialPermissions, permissions));
+            }));
+            try {
+              chrome.windows.getAll({populate: true}, function() {
+                chrome.test.fail("Should not have tabs API permission.");
+              });
+            } catch (e) {
+              assertTrue(e.message.indexOf(NO_TABS_PERMISSION) == 0);
+            }
+      }));
+    },
+
+    // The user shouldn't have to approve permissions that have no warnings.
+    // TODO(jstritar): move to its own test and set a low timeout
+    function noPromptForNoWarnings() {
+      chrome.experimental.permissions.request(
+          {permissions: ['notifications']},
+          pass(function(granted) { assertTrue(granted); }));
+    },
+
+    // Make sure you can only access the white listed permissions.
+    function whitelist() {
+      var error_msg = NOT_WHITE_LISTED_ERROR.replace('*', 'chromeAuthPrivate');
+      chrome.experimental.permissions.request(
+          {permissions: ['chromeAuthPrivate']}, fail(error_msg));
+      chrome.experimental.permissions.remove(
+          {permissions: ['chromeAuthPrivate']}, fail(error_msg));
+    },
+
+    function unknownPermission() {
+      var error_msg = UNKNOWN_PERMISSIONS_ERROR.replace('*', 'asdf');
+      chrome.experimental.permissions.request(
+          {permissions: ['asdf']}, fail(error_msg));
+    },
+
+    function requestOrigin() {
+      doReq('http://c.com', false);
+      listenOnce(chrome.experimental.permissions.onAdded,
+                 function(permissions) {
+        assertTrue(permissions.permissions.length == 0);
+        assertTrue(permissions.origins.length == 1);
+        assertTrue(permissions.origins[0] == 'http://*.c.com/*');
+      });
+      chrome.experimental.permissions.request(
+          {origins: ['http://*.c.com/*']},
+          pass(function(granted) { assertTrue(granted); }));
+      chrome.experimental.permissions.getAll(function(permissions) {
+        assertEq(permissionsWithOrigin, permissions);
+      });
+      chrome.experimental.permissions.contains(
+          {origins:['http://*.c.com/*']},
+          pass(function(result) { assertTrue(result); }));
+      doReq('http://c.com', true);

[Matt Perry, 2011/08/03 22:08:14]

I believe the behavior of the pass/fail functions is that once all of them
finish, they call chrome.test.runNextTest(). If that's true, there's a race
between them calling runNextTest and doReq completing and calling it. I think
you need to wrap doReq's onload and onerror functions in pass/fail calls.

[jstritar, 2011/08/04 16:35:15]

Thanks for catching that. I had copied the doReq function from the cross origin
XHR test, but I didn't use it as originally intended. I've updated doReq to
accept a callback so the caller can use the callbackPass function.

+    },
+
+    function removeOrigin() {
+      doReq('http://c.com', true);
+      listenOnce(chrome.experimental.permissions.onRemoved,
+                 function(permissions) {
+        assertTrue(permissions.permissions.length == 0);
+        assertTrue(permissions.origins.length == 1);
+        assertTrue(permissions.origins[0] == 'http://*.c.com/*');
+      });
+      chrome.experimental.permissions.remove(
+          {origins: ['http://*.c.com/*']},
+          pass(function(removed) { assertTrue(removed); }));
+      chrome.experimental.permissions.getAll(function(permissions) {
+        assertEq(initialPermissions, permissions);
+      });
+      chrome.experimental.permissions.contains(
+          {origins:['http://*.c.com/*']},
+          pass(function(result) { assertFalse(result); }));
+      doReq('http://c.com', false);
+    }
+
+  ]);
+});
 </script>