tab capture: Change the permissions for tabs.captureVisibleTab().

extensions/common/permissions/permissions_data.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/common/permissions/permissions_data.h"
 
 #include "base/command_line.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string16.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 519 matching lines @@
 
   const ExtensionsClient::ScriptingWhitelist& whitelist =
       ExtensionsClient::Get()->GetScriptingWhitelist();
 
   return std::find(whitelist.begin(), whitelist.end(), extension->id()) !=
       whitelist.end();
 }
 
 // static
 bool PermissionsData::CanCaptureVisiblePage(const Extension* extension,
-                                            const GURL& page_url,
                                             int tab_id,
                                             std::string* error) {
-  if (tab_id >= 0) {
-    scoped_refptr<const PermissionSet> tab_permissions =
-        GetTabSpecificPermissions(extension, tab_id);
-    if (tab_permissions.get() &&
-        tab_permissions->explicit_hosts().MatchesSecurityOrigin(page_url)) {
-      return true;
-    }
-  }
-
-  if (HasHostPermission(extension, page_url) ||
-      page_url.GetOrigin() == extension->url()) {
+  scoped_refptr<const PermissionSet> active_permissions =
+      GetActivePermissions(extension);
+  const URLPattern all_urls(URLPattern::SCHEME_ALL,
+                            URLPattern::kAllUrlsPattern);
+  if (active_permissions &&

[not at google - send to devlin, 2014/01/23 20:16:35]

it's the tab-specific permissions that need null checking, not the active
permissions. did I read this wrong... again?

[sadrul, 2014/01/23 20:23:49]

More likely I misunderstood. Fixed

+      active_permissions->explicit_hosts().ContainsPattern(all_urls)) {
     return true;
   }
 
-  if (error) {
-    *error = ErrorUtils::FormatErrorMessage(errors::kCannotAccessPage,
-                                            page_url.spec());
+  if (tab_id >= 0 &&
+      HasAPIPermission(extension, APIPermission::kActiveTab)) {

[not at google - send to devlin, 2014/01/23 20:16:35]

I think this check is unnecessary. Just let the ActiveTabPermissionGranter do
its thing, and only check the tab specific permissions (if they exist) without
worrying about it.

[sadrul, 2014/01/23 20:23:49]

Done.

+    scoped_refptr<const PermissionSet> tab_permissions =
+        GetTabSpecificPermissions(extension, tab_id);
+    if (tab_permissions &&
+        tab_permissions->HasAPIPermission(APIPermission::kTab)) {
+      return true;
+    }
+    if (error)
+      *error = errors::kActiveTabPermissionNotGranted;
+    return false;
   }
+
+  if (error)
+    *error = errors::kAllURLOrActiveTabNeeded;
   return false;
 }
 
 bool PermissionsData::ParsePermissions(Extension* extension,
                                        base::string16* error) {
   initial_required_permissions_.reset(new InitialPermissions);
   if (!ParseHelper(extension,
                    keys::kPermissions,
                    &initial_required_permissions_->api_permissions,
                    &initial_required_permissions_->host_permissions,
@@ skipping 35 matching lines @@
       initial_optional_permissions_->api_permissions,
       initial_optional_permissions_->manifest_permissions,
       initial_optional_permissions_->host_permissions,
       URLPatternSet());
 
   initial_required_permissions_.reset();
   initial_optional_permissions_.reset();
 }
 
 }  // namespace extensions