Issue 1873343002: [Policy] HostContentSettingsMap: Add AreUserExceptionsAllowedForType() and tests.

huangs

huangs@chromium.org changed reviewers: + bartfab@chromium.org, bauerb@chromium.org, grt@chromium.org

4 years, 8 months ago (2016-04-11 21:37:32 UTC) #1

huangs

This CL extracts some content from https://codereview.chromium.org/1865803002/, and enables a number of relatively independent follow-ups: ...

4 years, 8 months ago (2016-04-11 21:37:33 UTC) #2

huangs

Description was changed from ========== [Policy] Refactor HostContentSettingsMap and adding tests. Relative mechanical changes to ...

4 years, 8 months ago (2016-04-11 21:38:32 UTC) #3

huangs

The CQ bit was checked by huangs@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-11 21:41:05 UTC) #4

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1873343002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1873343002/1

4 years, 8 months ago (2016-04-11 21:42:01 UTC) #5

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-11 23:36:27 UTC) #6

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-04-11 23:36:28 UTC) #7

raymes

raymes@chromium.org changed reviewers: + raymes@chromium.org

4 years, 8 months ago (2016-04-12 04:52:46 UTC) #8

raymes

Thanks! https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_settings/host_content_settings_map_unittest.cc File chrome/browser/content_settings/host_content_settings_map_unittest.cc (right): https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_settings/host_content_settings_map_unittest.cc#newcode55 chrome/browser/content_settings/host_content_settings_map_unittest.cc:55: class HostContentSettingsMapTester { Since these are specific to ...

4 years, 8 months ago (2016-04-12 04:52:47 UTC) #9

Bernhard Bauer

Before we go much further with this CL, I would like to consider the overall ...

4 years, 8 months ago (2016-04-12 09:30:05 UTC) #10

Before we go much further with this CL, I would like to consider the overall
design for a bit, to avoid doing unnecessary changes here. Leaving the issue of
wildcard user exceptions aside, I'm fairly certain we can get the desired
behavior by adding a recommended policy content settings provider below the user
pref content settings provider. The provider stack would (simplified) look like
this:

(highest precedence)
mandatory policy
user prefs
recommended policy
hardcoded defaults
(lowest precedence)

The two policy providers could probably be the same class, with just a flag that
determines their position in the stack. That is, the mandatory policy provider
would not set any content settings if the policy is set to allow user
exceptions, and vice-versa the recommended policy provider would not set
anything if the policy is set not to allow user exceptions (not that it would
matter).

With that approach, we could keep the invariant that content setting providers
are always consulted in order of their precedence, and we could remove some of
the current special-casing for the policy provider in HCSM in this CL. WDYT?

https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
File chrome/browser/content_settings/host_content_settings_map_unittest.cc
(right):

https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
chrome/browser/content_settings/host_content_settings_map_unittest.cc:104: GURL
host(url_str);
Should this be |url|?

https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
HostContentSettingsMapTester tester;
Move this into the loop to limit its scope?

https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
File components/content_settings/core/test/content_settings_test_utils.cc
(right):

https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
components/content_settings/core/test/content_settings_test_utils.cc:54: bool
TestUtils::AddUserException(const std::string& pattern_string,
On 2016/04/12 04:52:47, raymes wrote:
> Could you instead just call HostContentSettingsMap::SetContentSetting? It will
> always end up setting the user's preference.

+1 (That's what I meant in my earlier comments).

bartfab (slow)

On 2016/04/12 09:30:05, Bernhard Bauer wrote: > Before we go much further with this CL, ...

4 years, 8 months ago (2016-04-12 12:33:07 UTC) #11

On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> Before we go much further with this CL, I would like to consider the overall
> design for a bit, to avoid doing unnecessary changes here. Leaving the issue
of
> wildcard user exceptions aside, I'm fairly certain we can get the desired
> behavior by adding a recommended policy content settings provider below the
user
> pref content settings provider. The provider stack would (simplified) look
like
> this:
> 
> (highest precedence)
> mandatory policy
> user prefs
> recommended policy
> hardcoded defaults
> (lowest precedence)
> 
> The two policy providers could probably be the same class, with just a flag
that
> determines their position in the stack. That is, the mandatory policy provider
> would not set any content settings if the policy is set to allow user
> exceptions, and vice-versa the recommended policy provider would not set
> anything if the policy is set not to allow user exceptions (not that it would
> matter).
> 
> With that approach, we could keep the invariant that content setting providers
> are always consulted in order of their precedence, and we could remove some of
> the current special-casing for the policy provider in HCSM in this CL. WDYT?

What you describe is how regular prefs work. Content settings were always a
weird exception that did not support such layering. A definite +1 to supporting
it. However, I am not sure this alone will cover the feature request at hand:
The layering happens on a per-setting basis. The default behavior and a
URL-specific exception will appear as different entities, so even if mandatory
policy locks one of them (e.g. the default behavior), users can still specify
their own value for the other (e.g. a URL-specific exception). We will still
need a mechanism to tell us whether we should honor exceptions and if so,
whether only policy-mandated ones or all should be honored.

> 
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> File chrome/browser/content_settings/host_content_settings_map_unittest.cc
> (right):
> 
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> chrome/browser/content_settings/host_content_settings_map_unittest.cc:104:
GURL
> host(url_str);
> Should this be |url|?
> 
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
> HostContentSettingsMapTester tester;
> Move this into the loop to limit its scope?
> 
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> File components/content_settings/core/test/content_settings_test_utils.cc
> (right):
> 
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> components/content_settings/core/test/content_settings_test_utils.cc:54: bool
> TestUtils::AddUserException(const std::string& pattern_string,
> On 2016/04/12 04:52:47, raymes wrote:
> > Could you instead just call HostContentSettingsMap::SetContentSetting? It
will
> > always end up setting the user's preference.
> 
> +1 (That's what I meant in my earlier comments).

Bernhard Bauer

On 2016/04/12 12:33:07, bartfab (slow) wrote: > On 2016/04/12 09:30:05, Bernhard Bauer wrote: > > ...

4 years, 8 months ago (2016-04-12 12:41:26 UTC) #12

On 2016/04/12 12:33:07, bartfab (slow) wrote:
> On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > Before we go much further with this CL, I would like to consider the overall
> > design for a bit, to avoid doing unnecessary changes here. Leaving the issue
> of
> > wildcard user exceptions aside, I'm fairly certain we can get the desired
> > behavior by adding a recommended policy content settings provider below the
> user
> > pref content settings provider. The provider stack would (simplified) look
> like
> > this:
> > 
> > (highest precedence)
> > mandatory policy
> > user prefs
> > recommended policy
> > hardcoded defaults
> > (lowest precedence)
> > 
> > The two policy providers could probably be the same class, with just a flag
> that
> > determines their position in the stack. That is, the mandatory policy
provider
> > would not set any content settings if the policy is set to allow user
> > exceptions, and vice-versa the recommended policy provider would not set
> > anything if the policy is set not to allow user exceptions (not that it
would
> > matter).
> > 
> > With that approach, we could keep the invariant that content setting
providers
> > are always consulted in order of their precedence, and we could remove some
of
> > the current special-casing for the policy provider in HCSM in this CL. WDYT?
> 
> What you describe is how regular prefs work. Content settings were always a
> weird exception that did not support such layering. 

Well, recommended prefs came _way_ after the content settings refactoring that
introduced the layering. 😃

> A definite +1 to supporting
> it. However, I am not sure this alone will cover the feature request at hand:
> The layering happens on a per-setting basis. The default behavior and a
> URL-specific exception will appear as different entities, so even if mandatory
> policy locks one of them (e.g. the default behavior), users can still specify
> their own value for the other (e.g. a URL-specific exception). We will still
> need a mechanism to tell us whether we should honor exceptions and if so,
> whether only policy-mandated ones or all should be honored.

Sorry, can you give a specific example?


> > 
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > File chrome/browser/content_settings/host_content_settings_map_unittest.cc
> > (right):
> > 
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > chrome/browser/content_settings/host_content_settings_map_unittest.cc:104:
> GURL
> > host(url_str);
> > Should this be |url|?
> > 
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
> > HostContentSettingsMapTester tester;
> > Move this into the loop to limit its scope?
> > 
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > File components/content_settings/core/test/content_settings_test_utils.cc
> > (right):
> > 
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > components/content_settings/core/test/content_settings_test_utils.cc:54:
bool
> > TestUtils::AddUserException(const std::string& pattern_string,
> > On 2016/04/12 04:52:47, raymes wrote:
> > > Could you instead just call HostContentSettingsMap::SetContentSetting? It
> will
> > > always end up setting the user's preference.
> > 
> > +1 (That's what I meant in my earlier comments).

bartfab (slow)

On 2016/04/12 12:41:26, Bernhard Bauer wrote: > On 2016/04/12 12:33:07, bartfab (slow) wrote: > > ...

4 years, 8 months ago (2016-04-12 12:45:20 UTC) #13

On 2016/04/12 12:41:26, Bernhard Bauer wrote:
> On 2016/04/12 12:33:07, bartfab (slow) wrote:
> > On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > > Before we go much further with this CL, I would like to consider the
overall
> > > design for a bit, to avoid doing unnecessary changes here. Leaving the
issue
> > of
> > > wildcard user exceptions aside, I'm fairly certain we can get the desired
> > > behavior by adding a recommended policy content settings provider below
the
> > user
> > > pref content settings provider. The provider stack would (simplified) look
> > like
> > > this:
> > > 
> > > (highest precedence)
> > > mandatory policy
> > > user prefs
> > > recommended policy
> > > hardcoded defaults
> > > (lowest precedence)
> > > 
> > > The two policy providers could probably be the same class, with just a
flag
> > that
> > > determines their position in the stack. That is, the mandatory policy
> provider
> > > would not set any content settings if the policy is set to allow user
> > > exceptions, and vice-versa the recommended policy provider would not set
> > > anything if the policy is set not to allow user exceptions (not that it
> would
> > > matter).
> > > 
> > > With that approach, we could keep the invariant that content setting
> providers
> > > are always consulted in order of their precedence, and we could remove
some
> of
> > > the current special-casing for the policy provider in HCSM in this CL.
WDYT?
> > 
> > What you describe is how regular prefs work. Content settings were always a
> > weird exception that did not support such layering. 
> 
> Well, recommended prefs came _way_ after the content settings refactoring that
> introduced the layering. 😃
> 
> > A definite +1 to supporting
> > it. However, I am not sure this alone will cover the feature request at
hand:
> > The layering happens on a per-setting basis. The default behavior and a
> > URL-specific exception will appear as different entities, so even if
mandatory
> > policy locks one of them (e.g. the default behavior), users can still
specify
> > their own value for the other (e.g. a URL-specific exception). We will still
> > need a mechanism to tell us whether we should honor exceptions and if so,
> > whether only policy-mandated ones or all should be honored.
> 
> Sorry, can you give a specific example?

Sure. Say cookies:

* There is one content setting "default cookie behavior"
* There is another content setting "cookie behavior for example.com"

An admin who wants to disable cookies will set the "default cookie behavior" to
"blocked" via mandatory policy. Since this is the highest-priority source, every
read of the "default cookie behavior" setting will return "blocked." However,
this does not affect any other settings, including "cookie behavior for
example.com." The user can still set that to "allow," trumping the admin policy
for a specific URL. We still need a policy that will tell us how to interpret
exceptions relative to the default policy.

> 
> 
> > > 
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > File chrome/browser/content_settings/host_content_settings_map_unittest.cc
> > > (right):
> > > 
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > chrome/browser/content_settings/host_content_settings_map_unittest.cc:104:
> > GURL
> > > host(url_str);
> > > Should this be |url|?
> > > 
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
> > > HostContentSettingsMapTester tester;
> > > Move this into the loop to limit its scope?
> > > 
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > File components/content_settings/core/test/content_settings_test_utils.cc
> > > (right):
> > > 
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > components/content_settings/core/test/content_settings_test_utils.cc:54:
> bool
> > > TestUtils::AddUserException(const std::string& pattern_string,
> > > On 2016/04/12 04:52:47, raymes wrote:
> > > > Could you instead just call HostContentSettingsMap::SetContentSetting?
It
> > will
> > > > always end up setting the user's preference.
> > > 
> > > +1 (That's what I meant in my earlier comments).

msramek

On 2016/04/12 12:45:20, bartfab (slow) wrote: > On 2016/04/12 12:41:26, Bernhard Bauer wrote: > > ...

4 years, 8 months ago (2016-04-12 12:58:06 UTC) #14

On 2016/04/12 12:45:20, bartfab (slow) wrote:
> On 2016/04/12 12:41:26, Bernhard Bauer wrote:
> > On 2016/04/12 12:33:07, bartfab (slow) wrote:
> > > On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > > > Before we go much further with this CL, I would like to consider the
> overall
> > > > design for a bit, to avoid doing unnecessary changes here. Leaving the
> issue
> > > of
> > > > wildcard user exceptions aside, I'm fairly certain we can get the
desired
> > > > behavior by adding a recommended policy content settings provider below
> the
> > > user
> > > > pref content settings provider. The provider stack would (simplified)
look
> > > like
> > > > this:
> > > > 
> > > > (highest precedence)
> > > > mandatory policy
> > > > user prefs
> > > > recommended policy
> > > > hardcoded defaults
> > > > (lowest precedence)
> > > > 
> > > > The two policy providers could probably be the same class, with just a
> flag
> > > that
> > > > determines their position in the stack. That is, the mandatory policy
> > provider
> > > > would not set any content settings if the policy is set to allow user
> > > > exceptions, and vice-versa the recommended policy provider would not set
> > > > anything if the policy is set not to allow user exceptions (not that it
> > would
> > > > matter).
> > > > 
> > > > With that approach, we could keep the invariant that content setting
> > providers
> > > > are always consulted in order of their precedence, and we could remove
> some
> > of
> > > > the current special-casing for the policy provider in HCSM in this CL.
> WDYT?
> > > 
> > > What you describe is how regular prefs work. Content settings were always
a
> > > weird exception that did not support such layering. 
> > 
> > Well, recommended prefs came _way_ after the content settings refactoring
that
> > introduced the layering. 😃
> > 
> > > A definite +1 to supporting
> > > it. However, I am not sure this alone will cover the feature request at
> hand:
> > > The layering happens on a per-setting basis. The default behavior and a
> > > URL-specific exception will appear as different entities, so even if
> mandatory
> > > policy locks one of them (e.g. the default behavior), users can still
> specify
> > > their own value for the other (e.g. a URL-specific exception). We will
still
> > > need a mechanism to tell us whether we should honor exceptions and if so,
> > > whether only policy-mandated ones or all should be honored.
> > 
> > Sorry, can you give a specific example?
> 
> Sure. Say cookies:
> 
> * There is one content setting "default cookie behavior"
> * There is another content setting "cookie behavior for example.com"
> 
> An admin who wants to disable cookies will set the "default cookie behavior"
to
> "blocked" via mandatory policy. Since this is the highest-priority source,
every
> read of the "default cookie behavior" setting will return "blocked." However,
> this does not affect any other settings, including "cookie behavior for
> example.com." The user can still set that to "allow," trumping the admin
policy
> for a specific URL. We still need a policy that will tell us how to interpret
> exceptions relative to the default policy.
> 

We query providers in the order of priority; the first provider that stores a
pattern matching example.com answers. Within a provider, we take the rule with
the most specific pattern.

Policy provider has a higher priority than pref provider, so it doesn't matter
that "*" is a less specific pattern than "https://example.com". Policy provider
will win. The user-chosen site specific content setting will not override the
policy-set default setting.

So if I'm not mistaken, this ordering of providers would work:
Mandatory policy (defaults & exceptions)
User prefs (exceptions)
Recommended (exceptions)
User prefs (defaults)
Recommended (defaults)
Hardcoded (defaults)

> > 
> > 
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > File
chrome/browser/content_settings/host_content_settings_map_unittest.cc
> > > > (right):
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > >
chrome/browser/content_settings/host_content_settings_map_unittest.cc:104:
> > > GURL
> > > > host(url_str);
> > > > Should this be |url|?
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > >
chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
> > > > HostContentSettingsMapTester tester;
> > > > Move this into the loop to limit its scope?
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > File
components/content_settings/core/test/content_settings_test_utils.cc
> > > > (right):
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > components/content_settings/core/test/content_settings_test_utils.cc:54:
> > bool
> > > > TestUtils::AddUserException(const std::string& pattern_string,
> > > > On 2016/04/12 04:52:47, raymes wrote:
> > > > > Could you instead just call HostContentSettingsMap::SetContentSetting?
> It
> > > will
> > > > > always end up setting the user's preference.
> > > > 
> > > > +1 (That's what I meant in my earlier comments).

Bernhard Bauer

On 2016/04/12 12:45:20, bartfab (slow) wrote: > On 2016/04/12 12:41:26, Bernhard Bauer wrote: > > ...

4 years, 8 months ago (2016-04-12 13:00:52 UTC) #15

On 2016/04/12 12:45:20, bartfab (slow) wrote:
> On 2016/04/12 12:41:26, Bernhard Bauer wrote:
> > On 2016/04/12 12:33:07, bartfab (slow) wrote:
> > > On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > > > Before we go much further with this CL, I would like to consider the
> overall
> > > > design for a bit, to avoid doing unnecessary changes here. Leaving the
> issue
> > > of
> > > > wildcard user exceptions aside, I'm fairly certain we can get the
desired
> > > > behavior by adding a recommended policy content settings provider below
> the
> > > user
> > > > pref content settings provider. The provider stack would (simplified)
look
> > > like
> > > > this:
> > > > 
> > > > (highest precedence)
> > > > mandatory policy
> > > > user prefs
> > > > recommended policy
> > > > hardcoded defaults
> > > > (lowest precedence)
> > > > 
> > > > The two policy providers could probably be the same class, with just a
> flag
> > > that
> > > > determines their position in the stack. That is, the mandatory policy
> > provider
> > > > would not set any content settings if the policy is set to allow user
> > > > exceptions, and vice-versa the recommended policy provider would not set
> > > > anything if the policy is set not to allow user exceptions (not that it
> > would
> > > > matter).
> > > > 
> > > > With that approach, we could keep the invariant that content setting
> > providers
> > > > are always consulted in order of their precedence, and we could remove
> some
> > of
> > > > the current special-casing for the policy provider in HCSM in this CL.
> WDYT?
> > > 
> > > What you describe is how regular prefs work. Content settings were always
a
> > > weird exception that did not support such layering. 
> > 
> > Well, recommended prefs came _way_ after the content settings refactoring
that
> > introduced the layering. 😃
> > 
> > > A definite +1 to supporting
> > > it. However, I am not sure this alone will cover the feature request at
> hand:
> > > The layering happens on a per-setting basis. The default behavior and a
> > > URL-specific exception will appear as different entities, so even if
> mandatory
> > > policy locks one of them (e.g. the default behavior), users can still
> specify
> > > their own value for the other (e.g. a URL-specific exception). We will
still
> > > need a mechanism to tell us whether we should honor exceptions and if so,
> > > whether only policy-mandated ones or all should be honored.
> > 
> > Sorry, can you give a specific example?
> 
> Sure. Say cookies:
> 
> * There is one content setting "default cookie behavior"
> * There is another content setting "cookie behavior for example.com"
> 
> An admin who wants to disable cookies will set the "default cookie behavior"
to
> "blocked" via mandatory policy. Since this is the highest-priority source,
every
> read of the "default cookie behavior" setting will return "blocked." However,
> this does not affect any other settings, including "cookie behavior for
> example.com." The user can still set that to "allow," trumping the admin
policy
> for a specific URL. We still need a policy that will tell us how to interpret
> exceptions relative to the default policy.

Thanks! I think this will still work, because the policy provider reads from a
different pref, one that is exclusively used for policy
(kManagedDefaultCookiesSetting).

I do see a problem with implementing recommended content settings though in the
current architecture, which is that the hardcoded defaults and the user-defined
defaults are coming from the same provider. That means the stack actually looks
like this:

policy
user exceptions
user defaults & hardcoded defaults

And this means that we can't put another content setting provider between user
settings and hardcoded defaults, because it would override any user defaults.
That could be fixed though by moving the user defaults to the current
content_settings_pref_provider (so that it would contain all user-defined
content settings, wildcard or exception).

bartfab (slow)

On 2016/04/12 12:58:06, msramek wrote: > On 2016/04/12 12:45:20, bartfab (slow) wrote: > > On ...

4 years, 8 months ago (2016-04-12 13:12:41 UTC) #16

On 2016/04/12 12:58:06, msramek wrote:
> On 2016/04/12 12:45:20, bartfab (slow) wrote:
> > On 2016/04/12 12:41:26, Bernhard Bauer wrote:
> > > On 2016/04/12 12:33:07, bartfab (slow) wrote:
> > > > On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > > > > Before we go much further with this CL, I would like to consider the
> > overall
> > > > > design for a bit, to avoid doing unnecessary changes here. Leaving the
> > issue
> > > > of
> > > > > wildcard user exceptions aside, I'm fairly certain we can get the
> desired
> > > > > behavior by adding a recommended policy content settings provider
below
> > the
> > > > user
> > > > > pref content settings provider. The provider stack would (simplified)
> look
> > > > like
> > > > > this:
> > > > > 
> > > > > (highest precedence)
> > > > > mandatory policy
> > > > > user prefs
> > > > > recommended policy
> > > > > hardcoded defaults
> > > > > (lowest precedence)
> > > > > 
> > > > > The two policy providers could probably be the same class, with just a
> > flag
> > > > that
> > > > > determines their position in the stack. That is, the mandatory policy
> > > provider
> > > > > would not set any content settings if the policy is set to allow user
> > > > > exceptions, and vice-versa the recommended policy provider would not
set
> > > > > anything if the policy is set not to allow user exceptions (not that
it
> > > would
> > > > > matter).
> > > > > 
> > > > > With that approach, we could keep the invariant that content setting
> > > providers
> > > > > are always consulted in order of their precedence, and we could remove
> > some
> > > of
> > > > > the current special-casing for the policy provider in HCSM in this CL.
> > WDYT?
> > > > 
> > > > What you describe is how regular prefs work. Content settings were
always
> a
> > > > weird exception that did not support such layering. 
> > > 
> > > Well, recommended prefs came _way_ after the content settings refactoring
> that
> > > introduced the layering. 😃
> > > 
> > > > A definite +1 to supporting
> > > > it. However, I am not sure this alone will cover the feature request at
> > hand:
> > > > The layering happens on a per-setting basis. The default behavior and a
> > > > URL-specific exception will appear as different entities, so even if
> > mandatory
> > > > policy locks one of them (e.g. the default behavior), users can still
> > specify
> > > > their own value for the other (e.g. a URL-specific exception). We will
> still
> > > > need a mechanism to tell us whether we should honor exceptions and if
so,
> > > > whether only policy-mandated ones or all should be honored.
> > > 
> > > Sorry, can you give a specific example?
> > 
> > Sure. Say cookies:
> > 
> > * There is one content setting "default cookie behavior"
> > * There is another content setting "cookie behavior for example.com"
> > 
> > An admin who wants to disable cookies will set the "default cookie behavior"
> to
> > "blocked" via mandatory policy. Since this is the highest-priority source,
> every
> > read of the "default cookie behavior" setting will return "blocked."
However,
> > this does not affect any other settings, including "cookie behavior for
> > example.com." The user can still set that to "allow," trumping the admin
> policy
> > for a specific URL. We still need a policy that will tell us how to
interpret
> > exceptions relative to the default policy.
> > 
> 
> We query providers in the order of priority; the first provider that stores a
> pattern matching http://example.com answers. Within a provider, we take the
rule with
> the most specific pattern.
> 
> Policy provider has a higher priority than pref provider, so it doesn't matter
> that "*" is a less specific pattern than "https://example.com". Policy
provider
> will win. The user-chosen site specific content setting will not override the
> policy-set default setting.
> 
> So if I'm not mistaken, this ordering of providers would work:
> Mandatory policy (defaults & exceptions)
> User prefs (exceptions)
> Recommended (exceptions)
> User prefs (defaults)
> Recommended (defaults)
> Hardcoded (defaults)

Thanks for clarifying. I was not aware that we allow the providers to process
the patterns and come up with a matching value. In that case, layering will work
but we need more than the four standard layers (default, recommended, user,
mandatory), as you also point out.

Even with the six layers you listed, there still are some use cases we cannot
support though: In current parlance, setting a pref to a mandatory value means
that we do not want the user to change that particular pref. Translating this
into content settings lingo, I would say that setting the default behavior to a
particular value via mandatory policy only means that we want the *default* to
be uncheangeable. It does not say anything about whether we want to allow
exceptions from this default or not. To be fully flexible, we should support
both possibilities - lock down the default and do not allow any exceptions, as
well as lock down default but do allow exceptions.

> 
> > > 
> > > 
> > > > > 
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > > File
> chrome/browser/content_settings/host_content_settings_map_unittest.cc
> > > > > (right):
> > > > > 
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > >
> chrome/browser/content_settings/host_content_settings_map_unittest.cc:104:
> > > > GURL
> > > > > host(url_str);
> > > > > Should this be |url|?
> > > > > 
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > >
> chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
> > > > > HostContentSettingsMapTester tester;
> > > > > Move this into the loop to limit its scope?
> > > > > 
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > > File
> components/content_settings/core/test/content_settings_test_utils.cc
> > > > > (right):
> > > > > 
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > >
components/content_settings/core/test/content_settings_test_utils.cc:54:
> > > bool
> > > > > TestUtils::AddUserException(const std::string& pattern_string,
> > > > > On 2016/04/12 04:52:47, raymes wrote:
> > > > > > Could you instead just call
HostContentSettingsMap::SetContentSetting?
> > It
> > > > will
> > > > > > always end up setting the user's preference.
> > > > > 
> > > > > +1 (That's what I meant in my earlier comments).

msramek

On 2016/04/12 13:00:52, Bernhard Bauer wrote: > On 2016/04/12 12:45:20, bartfab (slow) wrote: > > ...

4 years, 8 months ago (2016-04-12 13:20:19 UTC) #17

On 2016/04/12 13:00:52, Bernhard Bauer wrote:
> On 2016/04/12 12:45:20, bartfab (slow) wrote:
> > On 2016/04/12 12:41:26, Bernhard Bauer wrote:
> > > On 2016/04/12 12:33:07, bartfab (slow) wrote:
> > > > On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > > > > Before we go much further with this CL, I would like to consider the
> > overall
> > > > > design for a bit, to avoid doing unnecessary changes here. Leaving the
> > issue
> > > > of
> > > > > wildcard user exceptions aside, I'm fairly certain we can get the
> desired
> > > > > behavior by adding a recommended policy content settings provider
below
> > the
> > > > user
> > > > > pref content settings provider. The provider stack would (simplified)
> look
> > > > like
> > > > > this:
> > > > > 
> > > > > (highest precedence)
> > > > > mandatory policy
> > > > > user prefs
> > > > > recommended policy
> > > > > hardcoded defaults
> > > > > (lowest precedence)
> > > > > 
> > > > > The two policy providers could probably be the same class, with just a
> > flag
> > > > that
> > > > > determines their position in the stack. That is, the mandatory policy
> > > provider
> > > > > would not set any content settings if the policy is set to allow user
> > > > > exceptions, and vice-versa the recommended policy provider would not
set
> > > > > anything if the policy is set not to allow user exceptions (not that
it
> > > would
> > > > > matter).
> > > > > 
> > > > > With that approach, we could keep the invariant that content setting
> > > providers
> > > > > are always consulted in order of their precedence, and we could remove
> > some
> > > of
> > > > > the current special-casing for the policy provider in HCSM in this CL.
> > WDYT?
> > > > 
> > > > What you describe is how regular prefs work. Content settings were
always
> a
> > > > weird exception that did not support such layering. 
> > > 
> > > Well, recommended prefs came _way_ after the content settings refactoring
> that
> > > introduced the layering. 😃
> > > 
> > > > A definite +1 to supporting
> > > > it. However, I am not sure this alone will cover the feature request at
> > hand:
> > > > The layering happens on a per-setting basis. The default behavior and a
> > > > URL-specific exception will appear as different entities, so even if
> > mandatory
> > > > policy locks one of them (e.g. the default behavior), users can still
> > specify
> > > > their own value for the other (e.g. a URL-specific exception). We will
> still
> > > > need a mechanism to tell us whether we should honor exceptions and if
so,
> > > > whether only policy-mandated ones or all should be honored.
> > > 
> > > Sorry, can you give a specific example?
> > 
> > Sure. Say cookies:
> > 
> > * There is one content setting "default cookie behavior"
> > * There is another content setting "cookie behavior for example.com"
> > 
> > An admin who wants to disable cookies will set the "default cookie behavior"
> to
> > "blocked" via mandatory policy. Since this is the highest-priority source,
> every
> > read of the "default cookie behavior" setting will return "blocked."
However,
> > this does not affect any other settings, including "cookie behavior for
> > example.com." The user can still set that to "allow," trumping the admin
> policy
> > for a specific URL. We still need a policy that will tell us how to
interpret
> > exceptions relative to the default policy.
> 
> Thanks! I think this will still work, because the policy provider reads from a
> different pref, one that is exclusively used for policy
> (kManagedDefaultCookiesSetting).
> 
> I do see a problem with implementing recommended content settings though in
the
> current architecture, which is that the hardcoded defaults and the
user-defined
> defaults are coming from the same provider. That means the stack actually
looks
> like this:
> 
> policy
> user exceptions
> user defaults & hardcoded defaults
> 
> And this means that we can't put another content setting provider between user
> settings and hardcoded defaults, because it would override any user defaults.
> That could be fixed though by moving the user defaults to the current
> content_settings_pref_provider (so that it would contain all user-defined
> content settings, wildcard or exception).

Just to avoid confusion: I believe Bernhard and I are proposing the same thing.

I started with the assumption that DefaultProvider would be split into hardcoded
and user defaults; if we don't need the recommended exceptions provider, then we
can collapse the two user pref providers in my stack and get the same thing that
Bernhard proposes.

However! There is one unfortunate side effect. Default provider currently stores
"user choice == hardcoded default" as "user choice == NULL". If we insert the
recommended default provider between user default and hardcoded default, all
users that explicitly chose the hardcoded default value will be switched to the
recommended default value. This is probably not such a big deal though, as it
only affects policy users, where the administrator is *supposed* to be in
control of the setting anyway.

msramek

On 2016/04/12 13:12:41, bartfab (slow) wrote: > On 2016/04/12 12:58:06, msramek wrote: > > On ...

4 years, 8 months ago (2016-04-12 13:36:12 UTC) #18

On 2016/04/12 13:12:41, bartfab (slow) wrote:
> On 2016/04/12 12:58:06, msramek wrote:
> > On 2016/04/12 12:45:20, bartfab (slow) wrote:
> > > On 2016/04/12 12:41:26, Bernhard Bauer wrote:
> > > > On 2016/04/12 12:33:07, bartfab (slow) wrote:
> > > > > On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > > > > > Before we go much further with this CL, I would like to consider the
> > > overall
> > > > > > design for a bit, to avoid doing unnecessary changes here. Leaving
the
> > > issue
> > > > > of
> > > > > > wildcard user exceptions aside, I'm fairly certain we can get the
> > desired
> > > > > > behavior by adding a recommended policy content settings provider
> below
> > > the
> > > > > user
> > > > > > pref content settings provider. The provider stack would
(simplified)
> > look
> > > > > like
> > > > > > this:
> > > > > > 
> > > > > > (highest precedence)
> > > > > > mandatory policy
> > > > > > user prefs
> > > > > > recommended policy
> > > > > > hardcoded defaults
> > > > > > (lowest precedence)
> > > > > > 
> > > > > > The two policy providers could probably be the same class, with just
a
> > > flag
> > > > > that
> > > > > > determines their position in the stack. That is, the mandatory
policy
> > > > provider
> > > > > > would not set any content settings if the policy is set to allow
user
> > > > > > exceptions, and vice-versa the recommended policy provider would not
> set
> > > > > > anything if the policy is set not to allow user exceptions (not that
> it
> > > > would
> > > > > > matter).
> > > > > > 
> > > > > > With that approach, we could keep the invariant that content setting
> > > > providers
> > > > > > are always consulted in order of their precedence, and we could
remove
> > > some
> > > > of
> > > > > > the current special-casing for the policy provider in HCSM in this
CL.
> > > WDYT?
> > > > > 
> > > > > What you describe is how regular prefs work. Content settings were
> always
> > a
> > > > > weird exception that did not support such layering. 
> > > > 
> > > > Well, recommended prefs came _way_ after the content settings
refactoring
> > that
> > > > introduced the layering. 😃
> > > > 
> > > > > A definite +1 to supporting
> > > > > it. However, I am not sure this alone will cover the feature request
at
> > > hand:
> > > > > The layering happens on a per-setting basis. The default behavior and
a
> > > > > URL-specific exception will appear as different entities, so even if
> > > mandatory
> > > > > policy locks one of them (e.g. the default behavior), users can still
> > > specify
> > > > > their own value for the other (e.g. a URL-specific exception). We will
> > still
> > > > > need a mechanism to tell us whether we should honor exceptions and if
> so,
> > > > > whether only policy-mandated ones or all should be honored.
> > > > 
> > > > Sorry, can you give a specific example?
> > > 
> > > Sure. Say cookies:
> > > 
> > > * There is one content setting "default cookie behavior"
> > > * There is another content setting "cookie behavior for example.com"
> > > 
> > > An admin who wants to disable cookies will set the "default cookie
behavior"
> > to
> > > "blocked" via mandatory policy. Since this is the highest-priority source,
> > every
> > > read of the "default cookie behavior" setting will return "blocked."
> However,
> > > this does not affect any other settings, including "cookie behavior for
> > > example.com." The user can still set that to "allow," trumping the admin
> > policy
> > > for a specific URL. We still need a policy that will tell us how to
> interpret
> > > exceptions relative to the default policy.
> > > 
> > 
> > We query providers in the order of priority; the first provider that stores
a
> > pattern matching http://example.com answers. Within a provider, we take the
> rule with
> > the most specific pattern.
> > 
> > Policy provider has a higher priority than pref provider, so it doesn't
matter
> > that "*" is a less specific pattern than "https://example.com". Policy
> provider
> > will win. The user-chosen site specific content setting will not override
the
> > policy-set default setting.
> > 
> > So if I'm not mistaken, this ordering of providers would work:
> > Mandatory policy (defaults & exceptions)
> > User prefs (exceptions)
> > Recommended (exceptions)
> > User prefs (defaults)
> > Recommended (defaults)
> > Hardcoded (defaults)
> 
> Thanks for clarifying. I was not aware that we allow the providers to process
> the patterns and come up with a matching value. In that case, layering will
work
> but we need more than the four standard layers (default, recommended, user,
> mandatory), as you also point out.

By the way, there is also a UI bug filed for this:
https://bugs.chromium.org/p/chromium/issues/detail?id=155516. You are actually
the reporter :-)

> 
> Even with the six layers you listed, there still are some use cases we cannot
> support though: In current parlance, setting a pref to a mandatory value means
> that we do not want the user to change that particular pref. Translating this
> into content settings lingo, I would say that setting the default behavior to
a
> particular value via mandatory policy only means that we want the *default* to
> be uncheangeable. It does not say anything about whether we want to allow
> exceptions from this default or not. To be fully flexible, we should support
> both possibilities - lock down the default and do not allow any exceptions, as
> well as lock down default but do allow exceptions.

Indeed. This is a bit more difficult to capture within the framework of content
settings.

Although arguably, if the admin sets a mandatory default policy and allows me to
override it by exceptions - semantically, isn't that exactly a *recommendation*?
I can change admin's decision on any site that I visit, or if the content
setting allows custom exceptions, simply define two exceptions for "https://*"
and "http://*" (yes, that's possible).

(but I guess this is a bit off topic now, so we can continue the discussion
elsewhere)

> 
> > 
> > > > 
> > > > 
> > > > > > 
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > > > File
> > chrome/browser/content_settings/host_content_settings_map_unittest.cc
> > > > > > (right):
> > > > > > 
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > > >
> > chrome/browser/content_settings/host_content_settings_map_unittest.cc:104:
> > > > > GURL
> > > > > > host(url_str);
> > > > > > Should this be |url|?
> > > > > > 
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > > >
> > chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
> > > > > > HostContentSettingsMapTester tester;
> > > > > > Move this into the loop to limit its scope?
> > > > > > 
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > > > File
> > components/content_settings/core/test/content_settings_test_utils.cc
> > > > > > (right):
> > > > > > 
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > > >
> components/content_settings/core/test/content_settings_test_utils.cc:54:
> > > > bool
> > > > > > TestUtils::AddUserException(const std::string& pattern_string,
> > > > > > On 2016/04/12 04:52:47, raymes wrote:
> > > > > > > Could you instead just call
> HostContentSettingsMap::SetContentSetting?
> > > It
> > > > > will
> > > > > > > always end up setting the user's preference.
> > > > > > 
> > > > > > +1 (That's what I meant in my earlier comments).

bartfab (slow)

On 2016/04/12 13:36:12, msramek wrote: > On 2016/04/12 13:12:41, bartfab (slow) wrote: > > On ...

4 years, 8 months ago (2016-04-12 13:50:51 UTC) #19

On 2016/04/12 13:36:12, msramek wrote:
> On 2016/04/12 13:12:41, bartfab (slow) wrote:
> > On 2016/04/12 12:58:06, msramek wrote:
> > > On 2016/04/12 12:45:20, bartfab (slow) wrote:
> > > > On 2016/04/12 12:41:26, Bernhard Bauer wrote:
> > > > > On 2016/04/12 12:33:07, bartfab (slow) wrote:
> > > > > > On 2016/04/12 09:30:05, Bernhard Bauer wrote:
> > > > > > > Before we go much further with this CL, I would like to consider
the
> > > > overall
> > > > > > > design for a bit, to avoid doing unnecessary changes here. Leaving
> the
> > > > issue
> > > > > > of
> > > > > > > wildcard user exceptions aside, I'm fairly certain we can get the
> > > desired
> > > > > > > behavior by adding a recommended policy content settings provider
> > below
> > > > the
> > > > > > user
> > > > > > > pref content settings provider. The provider stack would
> (simplified)
> > > look
> > > > > > like
> > > > > > > this:
> > > > > > > 
> > > > > > > (highest precedence)
> > > > > > > mandatory policy
> > > > > > > user prefs
> > > > > > > recommended policy
> > > > > > > hardcoded defaults
> > > > > > > (lowest precedence)
> > > > > > > 
> > > > > > > The two policy providers could probably be the same class, with
just
> a
> > > > flag
> > > > > > that
> > > > > > > determines their position in the stack. That is, the mandatory
> policy
> > > > > provider
> > > > > > > would not set any content settings if the policy is set to allow
> user
> > > > > > > exceptions, and vice-versa the recommended policy provider would
not
> > set
> > > > > > > anything if the policy is set not to allow user exceptions (not
that
> > it
> > > > > would
> > > > > > > matter).
> > > > > > > 
> > > > > > > With that approach, we could keep the invariant that content
setting
> > > > > providers
> > > > > > > are always consulted in order of their precedence, and we could
> remove
> > > > some
> > > > > of
> > > > > > > the current special-casing for the policy provider in HCSM in this
> CL.
> > > > WDYT?
> > > > > > 
> > > > > > What you describe is how regular prefs work. Content settings were
> > always
> > > a
> > > > > > weird exception that did not support such layering. 
> > > > > 
> > > > > Well, recommended prefs came _way_ after the content settings
> refactoring
> > > that
> > > > > introduced the layering. 😃
> > > > > 
> > > > > > A definite +1 to supporting
> > > > > > it. However, I am not sure this alone will cover the feature request
> at
> > > > hand:
> > > > > > The layering happens on a per-setting basis. The default behavior
and
> a
> > > > > > URL-specific exception will appear as different entities, so even if
> > > > mandatory
> > > > > > policy locks one of them (e.g. the default behavior), users can
still
> > > > specify
> > > > > > their own value for the other (e.g. a URL-specific exception). We
will
> > > still
> > > > > > need a mechanism to tell us whether we should honor exceptions and
if
> > so,
> > > > > > whether only policy-mandated ones or all should be honored.
> > > > > 
> > > > > Sorry, can you give a specific example?
> > > > 
> > > > Sure. Say cookies:
> > > > 
> > > > * There is one content setting "default cookie behavior"
> > > > * There is another content setting "cookie behavior for example.com"
> > > > 
> > > > An admin who wants to disable cookies will set the "default cookie
> behavior"
> > > to
> > > > "blocked" via mandatory policy. Since this is the highest-priority
source,
> > > every
> > > > read of the "default cookie behavior" setting will return "blocked."
> > However,
> > > > this does not affect any other settings, including "cookie behavior for
> > > > example.com." The user can still set that to "allow," trumping the admin
> > > policy
> > > > for a specific URL. We still need a policy that will tell us how to
> > interpret
> > > > exceptions relative to the default policy.
> > > > 
> > > 
> > > We query providers in the order of priority; the first provider that
stores
> a
> > > pattern matching http://example.com answers. Within a provider, we take
the
> > rule with
> > > the most specific pattern.
> > > 
> > > Policy provider has a higher priority than pref provider, so it doesn't
> matter
> > > that "*" is a less specific pattern than "https://example.com". Policy
> > provider
> > > will win. The user-chosen site specific content setting will not override
> the
> > > policy-set default setting.
> > > 
> > > So if I'm not mistaken, this ordering of providers would work:
> > > Mandatory policy (defaults & exceptions)
> > > User prefs (exceptions)
> > > Recommended (exceptions)
> > > User prefs (defaults)
> > > Recommended (defaults)
> > > Hardcoded (defaults)
> > 
> > Thanks for clarifying. I was not aware that we allow the providers to
process
> > the patterns and come up with a matching value. In that case, layering will
> work
> > but we need more than the four standard layers (default, recommended, user,
> > mandatory), as you also point out.
> 
> By the way, there is also a UI bug filed for this:
> https://bugs.chromium.org/p/chromium/issues/detail?id=155516. You are actually
> the reporter :-)
> 
> > 
> > Even with the six layers you listed, there still are some use cases we
cannot
> > support though: In current parlance, setting a pref to a mandatory value
means
> > that we do not want the user to change that particular pref. Translating
this
> > into content settings lingo, I would say that setting the default behavior
to
> a
> > particular value via mandatory policy only means that we want the *default*
to
> > be uncheangeable. It does not say anything about whether we want to allow
> > exceptions from this default or not. To be fully flexible, we should support
> > both possibilities - lock down the default and do not allow any exceptions,
as
> > well as lock down default but do allow exceptions.
> 
> Indeed. This is a bit more difficult to capture within the framework of
content
> settings.
> 
> Although arguably, if the admin sets a mandatory default policy and allows me
to
> override it by exceptions - semantically, isn't that exactly a
*recommendation*?
> I can change admin's decision on any site that I visit, or if the content
> setting allows custom exceptions, simply define two exceptions for "https://*"
> and "http://*" (yes, that's possible).
> 
> (but I guess this is a bit off topic now, so we can continue the discussion
> elsewhere)

I think this is on topic. What granularity of control do we want to provide?
Only after we have settled that will we know what the right implementation is.

Yes, a default value that you can override could be interpreted as a
recommendation. In the prefs system today, the semantics would be slightly
different - recommended would mean that you can change the default value itself.
Pattern-based exceptions aside, forcing a default value and allowing exceptions
can actually be useful: The admin could make sure that by default, e.g. access
to your camera is off (to avoid any accidental data leaks) but still allow you
to selectively turn it on for sites of your choosing.

> 
> > 
> > > 
> > > > > 
> > > > > 
> > > > > > > 
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > > > > File
> > > chrome/browser/content_settings/host_content_settings_map_unittest.cc
> > > > > > > (right):
> > > > > > > 
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > > > >
> > > chrome/browser/content_settings/host_content_settings_map_unittest.cc:104:
> > > > > > GURL
> > > > > > > host(url_str);
> > > > > > > Should this be |url|?
> > > > > > > 
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/chrome/browser/content_sett...
> > > > > > >
> > > chrome/browser/content_settings/host_content_settings_map_unittest.cc:855:
> > > > > > > HostContentSettingsMapTester tester;
> > > > > > > Move this into the loop to limit its scope?
> > > > > > > 
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > > > > File
> > > components/content_settings/core/test/content_settings_test_utils.cc
> > > > > > > (right):
> > > > > > > 
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/1873343002/diff/1/components/content_settings...
> > > > > > >
> > components/content_settings/core/test/content_settings_test_utils.cc:54:
> > > > > bool
> > > > > > > TestUtils::AddUserException(const std::string& pattern_string,
> > > > > > > On 2016/04/12 04:52:47, raymes wrote:
> > > > > > > > Could you instead just call
> > HostContentSettingsMap::SetContentSetting?
> > > > It
> > > > > > will
> > > > > > > > always end up setting the user's preference.
> > > > > > > 
> > > > > > > +1 (That's what I meant in my earlier comments).

huangs

Replying some comments for discussion, before changing code. Regarding recommended policy: this seems like the ...

4 years, 8 months ago (2016-04-12 14:19:14 UTC) #20

Replying some comments for discussion, before changing code.

Regarding recommended policy: this seems like the first proposed solution to the
main problem, and I experiment with it in 
https://chromiumcodereview.appspot.com/1825173003/ .

This looks like a much bigger change, in terms of UI (creating many more fields
in gpedit.msc) and in code (upstream data does not support this).

Meanwhile, the feature at hand would break the assumption of having one fixed
priority stack:

Old behavior: Policy default > User exceptions
New option:   User exceptions > policy default

However, this CL only refactors, and does not touch this.  Perhaps I should
hurry up on a design doc.  Since we're still settling on key architecture
changes, it will be more of a "discussion" doc rather than "intent to implement"
doc.

Thanks!

https://chromiumcodereview.appspot.com/1873343002/diff/1/chrome/browser/conte...
File chrome/browser/content_settings/host_content_settings_map_unittest.cc
(right):

https://chromiumcodereview.appspot.com/1873343002/diff/1/chrome/browser/conte...
chrome/browser/content_settings/host_content_settings_map_unittest.cc:65:
HostContentSettingsMapTester& SelectType(ContentSettingsType content_type) {
The ability to select "cur" state once to establish context, and avoid
repetition was the main purpose of this helper class.  But if the preferred
style is to explicitly state |content_type| then I can remove this (need
feedback).

https://chromiumcodereview.appspot.com/1873343002/diff/1/components/content_s...
File components/content_settings/core/browser/host_content_settings_map.cc
(right):

https://chromiumcodereview.appspot.com/1873343002/diff/1/components/content_s...
components/content_settings/core/browser/host_content_settings_map.cc:268: bool
HostContentSettingsMap::AreUserExceptionsAllowedForType(
Yes.  The advantage of adding this function now is that we can immediately
proceed on the JS work.

https://chromiumcodereview.appspot.com/1873343002/diff/1/components/content_s...
File components/content_settings/core/browser/host_content_settings_map.h
(right):

https://chromiumcodereview.appspot.com/1873343002/diff/1/components/content_s...
components/content_settings/core/browser/host_content_settings_map.h:88:
GetDefaultContentSetting(ContentSettingsType content_type) const;
I'm fine with changing all callers (see FIXME(huangs) in the .cc file), but that
will bloat this CL.  Probably better to omit this from this CL and do all this
in a separate CL, with callers and all.

https://chromiumcodereview.appspot.com/1873343002/diff/1/components/content_s...
File components/content_settings/core/test/content_settings_test_utils.cc
(right):

https://chromiumcodereview.appspot.com/1873343002/diff/1/components/content_s...
components/content_settings/core/test/content_settings_test_utils.cc:54: bool
TestUtils::AddUserException(const std::string& pattern_string,
But it looks like

SetContentSettingCustomScope()
-> SetWebsiteSettingCustomScope()

loops over all providers?  Even if ultimately only user pref gets set, there
appears to be mismatch in intent?

huangs

Description was changed from ========== [Policy] Refactor HostContentSettingsMap and add tests. Relative mechanical changes to ...

4 years, 8 months ago (2016-04-13 17:35:58 UTC) #21

huangs

Updated and read for next round. PTAL. https://chromiumcodereview.appspot.com/1873343002/diff/1/chrome/browser/content_settings/host_content_settings_map_unittest.cc File chrome/browser/content_settings/host_content_settings_map_unittest.cc (right): https://chromiumcodereview.appspot.com/1873343002/diff/1/chrome/browser/content_settings/host_content_settings_map_unittest.cc#newcode55 chrome/browser/content_settings/host_content_settings_map_unittest.cc:55: class HostContentSettingsMapTester ...

4 years, 8 months ago (2016-04-13 17:36:18 UTC) #22

raymes

Overall this looks ok to me but I know Bernhard wanted to settle on the ...

4 years, 8 months ago (2016-04-18 05:16:48 UTC) #25

huangs

Updated, PTAL. Please note that this change is rather agnostic of whichever alternative we take. ...

4 years, 8 months ago (2016-04-18 21:02:06 UTC) #26

grt (UTC plus 2)

looks good https://codereview.chromium.org/1873343002/diff/60001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://codereview.chromium.org/1873343002/diff/60001/components/content_settings/core/browser/host_content_settings_map.cc#newcode156 components/content_settings/core/browser/host_content_settings_map.cc:156: pref_provider_ = nit: i find the double ...

4 years, 8 months ago (2016-04-19 01:57:34 UTC) #27

huangs

Updated. OWNER review for bauerb@, PTAL. https://chromiumcodereview.appspot.com/1873343002/diff/60001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://chromiumcodereview.appspot.com/1873343002/diff/60001/components/content_settings/core/browser/host_content_settings_map.cc#newcode156 components/content_settings/core/browser/host_content_settings_map.cc:156: pref_provider_ = Done. ...

4 years, 8 months ago (2016-04-19 14:59:53 UTC) #28

Bernhard Bauer

https://codereview.chromium.org/1873343002/diff/1/components/content_settings/core/test/content_settings_test_utils.cc File components/content_settings/core/test/content_settings_test_utils.cc (right): https://codereview.chromium.org/1873343002/diff/1/components/content_settings/core/test/content_settings_test_utils.cc#newcode54 components/content_settings/core/test/content_settings_test_utils.cc:54: bool TestUtils::AddUserException(const std::string& pattern_string, On 2016/04/12 14:19:14, huangs wrote: ...

4 years, 8 months ago (2016-04-19 15:20:08 UTC) #29

Bernhard Bauer

https://codereview.chromium.org/1873343002/diff/1/components/content_settings/core/test/content_settings_test_utils.cc File components/content_settings/core/test/content_settings_test_utils.cc (right): https://codereview.chromium.org/1873343002/diff/1/components/content_settings/core/test/content_settings_test_utils.cc#newcode54 components/content_settings/core/test/content_settings_test_utils.cc:54: bool TestUtils::AddUserException(const std::string& pattern_string, On 2016/04/12 14:19:14, huangs wrote: ...

4 years, 8 months ago (2016-04-19 15:20:08 UTC) #30

huangs

Replied to comment, update to follow later today. https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc#newcode261 components/content_settings/core/browser/host_content_settings_map.cc:261: kProviderNamesSourceMap[POLICY_PROVIDER].provider_name; ...

4 years, 8 months ago (2016-04-20 15:20:32 UTC) #31

Bernhard Bauer

https://codereview.chromium.org/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://codereview.chromium.org/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc#newcode261 components/content_settings/core/browser/host_content_settings_map.cc:261: kProviderNamesSourceMap[POLICY_PROVIDER].provider_name; On 2016/04/20 15:20:32, huangs wrote: > Supvervised user ...

4 years, 8 months ago (2016-04-20 15:29:32 UTC) #32

huangs

https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc#newcode261 components/content_settings/core/browser/host_content_settings_map.cc:261: kProviderNamesSourceMap[POLICY_PROVIDER].provider_name; It might be easier if we just let ...

4 years, 8 months ago (2016-04-20 15:40:41 UTC) #33

Bernhard Bauer

https://codereview.chromium.org/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://codereview.chromium.org/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc#newcode261 components/content_settings/core/browser/host_content_settings_map.cc:261: kProviderNamesSourceMap[POLICY_PROVIDER].provider_name; On 2016/04/20 15:40:41, huangs wrote: > It might ...

4 years, 8 months ago (2016-04-20 15:53:24 UTC) #34

huangs

https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc#newcode261 components/content_settings/core/browser/host_content_settings_map.cc:261: kProviderNamesSourceMap[POLICY_PROVIDER].provider_name; Or we can just get the numerical index, ...

4 years, 8 months ago (2016-04-20 16:07:48 UTC) #35

Bernhard Bauer

https://codereview.chromium.org/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://codereview.chromium.org/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc#newcode261 components/content_settings/core/browser/host_content_settings_map.cc:261: kProviderNamesSourceMap[POLICY_PROVIDER].provider_name; On 2016/04/20 16:07:48, huangs wrote: > Or we ...

4 years, 8 months ago (2016-04-20 16:11:02 UTC) #36

huangs

Description was changed from ========== [Policy] HostContentSettingsMap: Add AreUserExceptionsAllowedForType() and tests. Simple changes, with some ...

4 years, 8 months ago (2016-04-20 17:55:41 UTC) #37

huangs

Updated, PTAL. https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://chromiumcodereview.appspot.com/1873343002/diff/80001/components/content_settings/core/browser/host_content_settings_map.cc#newcode261 components/content_settings/core/browser/host_content_settings_map.cc:261: kProviderNamesSourceMap[POLICY_PROVIDER].provider_name; Okay, did this using just numerical ...

4 years, 8 months ago (2016-04-20 17:55:53 UTC) #38

huangs

The CQ bit was checked by huangs@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-20 22:13:13 UTC) #39

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1873343002/100001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1873343002/100001

4 years, 8 months ago (2016-04-20 22:13:56 UTC) #40

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-20 22:46:39 UTC) #41

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_chromium_clobber_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_clobber_rel_ng/builds/162237)

4 years, 8 months ago (2016-04-20 22:46:41 UTC) #42

huangs

The CQ bit was checked by huangs@chromium.org to run a CQ dry run

4 years, 8 months ago (2016-04-21 03:35:25 UTC) #43

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1873343002/100001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1873343002/100001

4 years, 8 months ago (2016-04-21 03:35:40 UTC) #44

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

4 years, 8 months ago (2016-04-21 03:56:20 UTC) #45

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 8 months ago (2016-04-21 03:56:21 UTC) #46

Bernhard Bauer

LGTM https://codereview.chromium.org/1873343002/diff/100001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://codereview.chromium.org/1873343002/diff/100001/components/content_settings/core/browser/host_content_settings_map.cc#newcode271 components/content_settings/core/browser/host_content_settings_map.cc:271: if (content_setting == CONTENT_SETTING_DEFAULT) I think we could ...

4 years, 8 months ago (2016-04-21 15:20:12 UTC) #48

huangs

Thanks! Committing. https://chromiumcodereview.appspot.com/1873343002/diff/100001/components/content_settings/core/browser/host_content_settings_map.cc File components/content_settings/core/browser/host_content_settings_map.cc (right): https://chromiumcodereview.appspot.com/1873343002/diff/100001/components/content_settings/core/browser/host_content_settings_map.cc#newcode271 components/content_settings/core/browser/host_content_settings_map.cc:271: if (content_setting == CONTENT_SETTING_DEFAULT) Indeed, heh. Adding ...

4 years, 8 months ago (2016-04-21 19:39:36 UTC) #49

huangs

The patchset sent to the CQ was uploaded after l-g-t-m from bauerb@chromium.org Link to the ...

4 years, 8 months ago (2016-04-21 19:39:44 UTC) #51

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1873343002/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1873343002/120001

4 years, 8 months ago (2016-04-21 19:40:28 UTC) #52

commit-bot: I haz the power

Description was changed from ========== [Policy] HostContentSettingsMap: Add AreUserExceptionsAllowedForType() and tests. Simple changes, with some ...

4 years, 8 months ago (2016-04-21 20:37:57 UTC) #53

commit-bot: I haz the power

Description was changed from ========== [Policy] HostContentSettingsMap: Add AreUserExceptionsAllowedForType() and tests. Simple changes, with some ...

4 years, 8 months ago (2016-04-22 19:38:59 UTC) #55

commit-bot: I haz the power

4 years, 8 months ago (2016-04-22 19:39:01 UTC) #56

Message was sent while issue was closed.

Patchset 7 (id:??) landed as
https://crrev.com/3973014f0fbf36ec4a961e97273516b2ed1953d6
Cr-Commit-Position: refs/heads/master@{#388885}

Issue 1873343002: [Policy] HostContentSettingsMap: Add AreUserExceptionsAllowedForType() and tests. (Closed)

Description

Patch Set 1 #

Patch Set 2 : Sync. #

Patch Set 3 : Deferring GetDefaultContentSetting() change to another CL; removing TestUtils addition. #

Patch Set 4 : Fix comments. #

Patch Set 5 : Cleanups. #

Patch Set 6 : Make AreUserExceptionsAllowedForType() more general and use ProviderType directly. #

Patch Set 7 : Add DCHECK in AreUserExceptionsAllowedForType(). #

Messages