Deprecate MountPointProvider::IsAccessAllowed in favor of GetPermissionPolicy

webkit/chromeos/fileapi/cros_mount_point_provider.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webkit/chromeos/fileapi/cros_mount_point_provider.h"
 
 #include "base/chromeos/chromeos_version.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
@@ skipping 71 matching lines @@
   base::FilePath root_path;
   std::string mount_name = url.filesystem_id();
   if (!mount_points_->GetRegisteredPath(mount_name, &root_path) &&
       !system_mount_points_->GetRegisteredPath(mount_name, &root_path)) {
     return base::FilePath();
   }
 
   return root_path.DirName();
 }
 
-bool CrosMountPointProvider::IsAccessAllowed(
-    const fileapi::FileSystemURL& url) {
-  if (!url.is_valid())
-    return false;
-
-  // Permit access to mount points from internal WebUI.
-  const GURL& origin_url = url.origin();
-  if (origin_url.SchemeIs(kChromeUIScheme))
-    return true;
-
-  // No extra check is needed for isolated file systems.
-  if (url.mount_type() == fileapi::kFileSystemTypeIsolated)
-    return true;
-
-  if (!CanHandleURL(url))
-    return false;
-
-  std::string extension_id = origin_url.host();
-  // Check first to make sure this extension has fileBrowserHander permissions.
-  if (!special_storage_policy_->IsFileHandler(extension_id))
-    return false;
-
-  return file_access_permissions_->HasAccessPermission(extension_id,
-                                                       url.virtual_path());
-}
-
-// TODO(zelidrag): Share this code with SandboxMountPointProvider impl.
-bool CrosMountPointProvider::IsRestrictedFileName(
-    const base::FilePath& path) const {
-  return false;
-}
-
 fileapi::FileSystemQuotaUtil* CrosMountPointProvider::GetQuotaUtil() {
   // No quota support.
   return NULL;
 }
 
 void CrosMountPointProvider::DeleteFileSystem(
     const GURL& origin_url,
     fileapi::FileSystemType type,
     fileapi::FileSystemContext* context,
     const DeleteFileSystemCallback& callback) {
@@ skipping 67 matching lines @@
 
 fileapi::AsyncFileUtil* CrosMountPointProvider::GetAsyncFileUtil(
     fileapi::FileSystemType type) {
   DCHECK(type == fileapi::kFileSystemTypeNativeLocal ||
          type == fileapi::kFileSystemTypeRestrictedNativeLocal);
   return local_file_util_.get();
 }
 
 fileapi::FilePermissionPolicy CrosMountPointProvider::GetPermissionPolicy(
     const fileapi::FileSystemURL& url, int permissions) const {
+  if (url.mount_type() == fileapi::kFileSystemTypeRestrictedNativeLocal &&
+      permissions != fileapi::kReadFilePermissions) {
+    // Restricted file system is read-only.
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+  }
+
+  // Permit access to mount points from internal WebUI.
+  const GURL& origin_url = url.origin();
+  if (origin_url.SchemeIs(kChromeUIScheme))
+    return fileapi::FILE_PERMISSION_ALWAYS_ALLOW;
+
   if (url.mount_type() == fileapi::kFileSystemTypeIsolated) {
     // Permissions in isolated filesystems should be examined with
     // FileSystem permission.
     return fileapi::FILE_PERMISSION_USE_FILESYSTEM_PERMISSION;
   }
-  return fileapi::FILE_PERMISSION_USE_FILE_PERMISSION;
+
+  if (!CanHandleURL(url))
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+
+  std::string extension_id = origin_url.host();
+  // Check first to make sure this extension has fileBrowserHander permissions.
+  if (!special_storage_policy_->IsFileHandler(extension_id))
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+
+  if (!file_access_permissions_->HasAccessPermission(
+          extension_id, url.virtual_path())) {
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+  }
+
+  if (url.type() == fileapi::kFileSystemTypeNativeLocal ||
+      url.type() == fileapi::kFileSystemTypeRestrictedNativeLocal) {
+    // Also apply system's file permission by default.
+    return fileapi::FILE_PERMISSION_USE_FILE_PERMISSION;
+  }
+
+  DCHECK_EQ(fileapi::kFileSystemTypeDrive, url.type());

[tonibarzic, 2013/02/04 08:01:53]

I think FILE_PERMISSION_USE_FILE_PERMISSIONS should br returned for drive file
system too

[kinuko, 2013/02/04 08:58:25]

Done.

+  return fileapi::FILE_PERMISSION_ALWAYS_ALLOW;
 }
 
 fileapi::FileSystemOperation* CrosMountPointProvider::CreateFileSystemOperation(
     const fileapi::FileSystemURL& url,
     fileapi::FileSystemContext* context,
     base::PlatformFileError* error_code) const {
   DCHECK(url.is_valid());
 
   if (url.type() == fileapi::kFileSystemTypeDrive) {
     fileapi::RemoteFileSystemProxyInterface* remote_proxy =
@@ skipping 55 matching lines @@
 fileapi::RemoteFileSystemProxyInterface* CrosMountPointProvider::GetRemoteProxy(
     const std::string& mount_name) const {
   fileapi::RemoteFileSystemProxyInterface* proxy =
       mount_points_->GetRemoteFileSystemProxy(mount_name);
   if (proxy)
     return proxy;
   return system_mount_points_->GetRemoteFileSystemProxy(mount_name);
 }
 
 }  // namespace chromeos