Deprecate MountPointProvider::IsAccessAllowed in favor of GetPermissionPolicy

webkit/chromeos/fileapi/cros_mount_point_provider.cc

Index: webkit/chromeos/fileapi/cros_mount_point_provider.cc
diff --git a/webkit/chromeos/fileapi/cros_mount_point_provider.cc b/webkit/chromeos/fileapi/cros_mount_point_provider.cc
index a90fcfaa6ecd871b295f950bce332557fbff086f..7c5593a5edf552941e2ff406211a00dd60f3379a 100644
--- a/webkit/chromeos/fileapi/cros_mount_point_provider.cc
+++ b/webkit/chromeos/fileapi/cros_mount_point_provider.cc
@@ -89,38 +89,6 @@ base::FilePath CrosMountPointProvider::GetFileSystemRootPathOnFileThread(
   return root_path.DirName();
 }
 
-bool CrosMountPointProvider::IsAccessAllowed(
-    const fileapi::FileSystemURL& url) {
-  if (!url.is_valid())
-    return false;
-
-  // Permit access to mount points from internal WebUI.
-  const GURL& origin_url = url.origin();
-  if (origin_url.SchemeIs(kChromeUIScheme))
-    return true;
-
-  // No extra check is needed for isolated file systems.
-  if (url.mount_type() == fileapi::kFileSystemTypeIsolated)
-    return true;
-
-  if (!CanHandleURL(url))
-    return false;
-
-  std::string extension_id = origin_url.host();
-  // Check first to make sure this extension has fileBrowserHander permissions.
-  if (!special_storage_policy_->IsFileHandler(extension_id))
-    return false;
-
-  return file_access_permissions_->HasAccessPermission(extension_id,
-                                                       url.virtual_path());
-}
-
-// TODO(zelidrag): Share this code with SandboxMountPointProvider impl.
-bool CrosMountPointProvider::IsRestrictedFileName(
-    const base::FilePath& path) const {
-  return false;
-}
-
 fileapi::FileSystemQuotaUtil* CrosMountPointProvider::GetQuotaUtil() {
   // No quota support.
   return NULL;
@@ -208,12 +176,44 @@ fileapi::AsyncFileUtil* CrosMountPointProvider::GetAsyncFileUtil(
 
 fileapi::FilePermissionPolicy CrosMountPointProvider::GetPermissionPolicy(
     const fileapi::FileSystemURL& url, int permissions) const {
+  if (url.mount_type() == fileapi::kFileSystemTypeRestrictedNativeLocal &&
+      permissions != fileapi::kReadFilePermissions) {
+    // Restricted file system is read-only.
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+  }
+
+  // Permit access to mount points from internal WebUI.
+  const GURL& origin_url = url.origin();
+  if (origin_url.SchemeIs(kChromeUIScheme))
+    return fileapi::FILE_PERMISSION_ALWAYS_ALLOW;
+
   if (url.mount_type() == fileapi::kFileSystemTypeIsolated) {
     // Permissions in isolated filesystems should be examined with
     // FileSystem permission.
     return fileapi::FILE_PERMISSION_USE_FILESYSTEM_PERMISSION;
   }
-  return fileapi::FILE_PERMISSION_USE_FILE_PERMISSION;
+
+  if (!CanHandleURL(url))
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+
+  std::string extension_id = origin_url.host();
+  // Check first to make sure this extension has fileBrowserHander permissions.
+  if (!special_storage_policy_->IsFileHandler(extension_id))
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+
+  if (!file_access_permissions_->HasAccessPermission(
+          extension_id, url.virtual_path())) {
+    return fileapi::FILE_PERMISSION_ALWAYS_DENY;
+  }
+
+  if (url.type() == fileapi::kFileSystemTypeNativeLocal ||
+      url.type() == fileapi::kFileSystemTypeRestrictedNativeLocal) {
+    // Also apply system's file permission by default.
+    return fileapi::FILE_PERMISSION_USE_FILE_PERMISSION;
+  }
+
+  DCHECK_EQ(fileapi::kFileSystemTypeDrive, url.type());

[tonibarzic, 2013/02/04 08:01:53]

I think FILE_PERMISSION_USE_FILE_PERMISSIONS should br returned for drive file
system too

[kinuko, 2013/02/04 08:58:25]

Done.

+  return fileapi::FILE_PERMISSION_ALWAYS_ALLOW;
 }
 
 fileapi::FileSystemOperation* CrosMountPointProvider::CreateFileSystemOperation(