Supervised Users Initiated Installs v2

chrome/browser/supervised_user/supervised_user_service_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/supervised_user/supervised_user_service.h"
 
 #include <stddef.h>
 
 #include <memory>
 #include <utility>
 
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/path_service.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "build/build_config.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/fake_profile_oauth2_token_service_builder.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/supervised_user/legacy/custodian_profile_downloader_service.h"
 #include "chrome/browser/supervised_user/legacy/custodian_profile_downloader_service_factory.h"
 #include "chrome/browser/supervised_user/permission_request_creator.h"
+#include "chrome/browser/supervised_user/supervised_user_features.h"
 #include "chrome/browser/supervised_user/supervised_user_service_factory.h"
 #include "chrome/browser/supervised_user/supervised_user_whitelist_service.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/testing_profile.h"
 #include "components/prefs/pref_service.h"
 #include "components/prefs/scoped_user_pref_update.h"
 #include "components/signin/core/browser/fake_profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager.h"
 #include "components/version_info/version_info.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "content/public/test/test_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #if defined(ENABLE_EXTENSIONS)
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_service_test_base.h"
 #include "chrome/browser/extensions/unpacked_installer.h"
 #include "chrome/common/extensions/features/feature_channel.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_builder.h"
 #include "extensions/common/manifest_constants.h"
+
+using extensions::Extension;
 #endif
 
 using content::MessageLoopRunner;
 
 namespace {
 
 #if !defined(OS_ANDROID)
 void OnProfileDownloadedFail(const base::string16& full_name) {
   ASSERT_TRUE(false) << "Profile download should not have succeeded.";
 }
@@ skipping 193 matching lines @@
   // PermissionRequestCreator:
   bool IsEnabled() const override { return enabled_; }
 
   void CreateURLAccessRequest(const GURL& url_requested,
                               const SuccessCallback& callback) override {
     ASSERT_TRUE(enabled_);
     requested_urls_.push_back(url_requested);
     callbacks_.push_back(callback);
   }
 
+  void CreateExtensionInstallRequest(const std::string& extension_id,
+                                     const SuccessCallback& callback) override {
+    FAIL();
+  }
+
   void CreateExtensionUpdateRequest(const std::string& id,
                                     const SuccessCallback& callback) override {
     FAIL();
   }
 
   bool enabled_;
   std::vector<GURL> requested_urls_;
   std::vector<SuccessCallback> callbacks_;
 
   DISALLOW_COPY_AND_ASSIGN(MockPermissionRequestCreator);
@@ skipping 157 matching lines @@
  public:
   SupervisedUserServiceExtensionTestUnsupervised()
       : SupervisedUserServiceExtensionTestBase(false) {}
 };
 
 class SupervisedUserServiceExtensionTest
     : public SupervisedUserServiceExtensionTestBase {
  public:
   SupervisedUserServiceExtensionTest()
       : SupervisedUserServiceExtensionTestBase(true) {}
+
+ protected:
+  void InitSupervisedUserInitiatedExtensionInstallFeature(bool enabled) {
+    base::FeatureList::ClearInstanceForTesting();
+    std::unique_ptr<base::FeatureList> feature_list(new base::FeatureList);
+    if (enabled) {
+      feature_list->InitializeFromCommandLine(
+          "SupervisedUserInitiatedExtensionInstall", std::string());
+    }
+    base::FeatureList::SetInstance(std::move(feature_list));
+  }
 };
 
-TEST_F(SupervisedUserServiceExtensionTest, ExtensionManagementPolicyProvider) {
+TEST_F(SupervisedUserServiceExtensionTest,
+       ExtensionManagementPolicyProviderWithoutSUInitiatedInstalls) {
   SupervisedUserService* supervised_user_service =
       SupervisedUserServiceFactory::GetForProfile(profile_.get());
   ASSERT_TRUE(profile_->IsSupervised());
 
-  // Check that a supervised user can install and uninstall a theme.
+  // Disable supervised user initiated installs.
+  InitSupervisedUserInitiatedExtensionInstallFeature(false);
+
+  // Check that a supervised user can install and uninstall a theme even if
+  // they are not allowed to install extensions.
   {
     scoped_refptr<extensions::Extension> theme = MakeThemeExtension();
 
     base::string16 error_1;
     EXPECT_TRUE(supervised_user_service->UserMayLoad(theme.get(), &error_1));
     EXPECT_TRUE(error_1.empty());
 
     base::string16 error_2;
     EXPECT_FALSE(
         supervised_user_service->MustRemainInstalled(theme.get(), &error_2));
@@ skipping 25 matching lines @@
         supervised_user_service->MustRemainInstalled(extension.get(),
                                                      &error_2));
     EXPECT_FALSE(error_2.empty());
   }
 
 #ifndef NDEBUG
   EXPECT_FALSE(supervised_user_service->GetDebugPolicyProviderName().empty());
 #endif
 }
 
+TEST_F(SupervisedUserServiceExtensionTest,
+       ExtensionManagementPolicyProviderWithSUInitiatedInstalls) {
+  SupervisedUserService* supervised_user_service =
+      SupervisedUserServiceFactory::GetForProfile(profile_.get());
+  ASSERT_TRUE(profile_->IsSupervised());
+
+  // Enable supervised user initiated installs.
+  InitSupervisedUserInitiatedExtensionInstallFeature(true);
+  // The supervised user should be able to load and uninstall the extensions
+  // they install.
+  {
+    scoped_refptr<extensions::Extension> extension = MakeExtension(false);
+
+    base::string16 error;
+    EXPECT_TRUE(supervised_user_service->UserMayLoad(extension.get(), &error));
+    EXPECT_TRUE(error.empty());
+
+    base::string16 error_2;
+    EXPECT_FALSE(supervised_user_service->MustRemainInstalled(extension.get(),
+                                                              &error_2));
+    EXPECT_TRUE(error_2.empty());
+
+    base::string16 error_3;
+    Extension::DisableReason reason = Extension::DISABLE_NONE;
+    EXPECT_TRUE(supervised_user_service->MustRemainDisabled(extension.get(),
+                                                            &reason,
+                                                            &error_3));
+    EXPECT_EQ(Extension::DISABLE_CUSTODIAN_APPROVAL_REQUIRED, reason);
+    EXPECT_FALSE(error_3.empty());
+
+    base::string16 error_4;
+    EXPECT_TRUE(supervised_user_service->UserMayModifySettings(extension.get(),
+                                                               &error_4));
+    EXPECT_TRUE(error_4.empty());
+  }
+
+  {
+    // A custodian-installed extension may be loaded, but not uninstalled.
+    scoped_refptr<extensions::Extension> extension = MakeExtension(true);
+
+    base::string16 error_1;
+    EXPECT_TRUE(
+        supervised_user_service->UserMayLoad(extension.get(), &error_1));
+    EXPECT_TRUE(error_1.empty());
+
+    base::string16 error_2;
+    EXPECT_TRUE(supervised_user_service->MustRemainInstalled(extension.get(),
+                                                             &error_2));
+    EXPECT_FALSE(error_2.empty());
+
+    base::string16 error_3;
+    Extension::DisableReason reason = Extension::DISABLE_NONE;
+    EXPECT_FALSE(supervised_user_service->MustRemainDisabled(extension.get(),
+                                                             &reason,
+                                                             &error_3));
+    EXPECT_EQ(Extension::DISABLE_NONE, reason);
+    EXPECT_TRUE(error_3.empty());
+
+    base::string16 error_4;
+    EXPECT_FALSE(supervised_user_service->UserMayModifySettings(extension.get(),
+                                                             &error_4));
+    EXPECT_FALSE(error_4.empty());
+  }
+
+#ifndef NDEBUG
+  EXPECT_FALSE(supervised_user_service->GetDebugPolicyProviderName().empty());
+#endif
+}
+
 TEST_F(SupervisedUserServiceExtensionTest, NoContentPacks) {
   SupervisedUserService* supervised_user_service =
       SupervisedUserServiceFactory::GetForProfile(profile_.get());
   SupervisedUserURLFilter* url_filter =
       supervised_user_service->GetURLFilterForUIThread();
 
   // ASSERT_EQ instead of ASSERT_TRUE([...].empty()) so that the error
   // message contains the size in case of failure.
   ASSERT_EQ(0u, site_list_observer_.site_lists().size());
 
@@ skipping 80 matching lines @@
   EXPECT_EQ(title2, site_list_observer_.site_lists()[0]->title());
   EXPECT_TRUE(site_list_observer_.site_lists()[0]->entry_point().is_empty());
 
   url_filter_observer_.Wait();
   EXPECT_EQ(SupervisedUserURLFilter::WARN,
             url_filter->GetFilteringBehaviorForURL(youtube_url));
   EXPECT_EQ(SupervisedUserURLFilter::ALLOW,
             url_filter->GetFilteringBehaviorForURL(moose_url));
 }
 #endif  // defined(ENABLE_EXTENSIONS)