[sensors] Add Permission guard to the generic sensor apis.

third_party/WebKit/Source/modules/sensor/Sensor.cpp

Index: third_party/WebKit/Source/modules/sensor/Sensor.cpp
diff --git a/third_party/WebKit/Source/modules/sensor/Sensor.cpp b/third_party/WebKit/Source/modules/sensor/Sensor.cpp
index ca613f9e1e8670fb65e75c1ba499ec3b0a9a2004..81baf6b5eddabd5ed6c96a4a80fc9d29c45c4706 100644
--- a/third_party/WebKit/Source/modules/sensor/Sensor.cpp
+++ b/third_party/WebKit/Source/modules/sensor/Sensor.cpp
@@ -14,11 +14,14 @@
 #include "modules/sensor/SensorProviderProxy.h"
 #include "modules/sensor/SensorReading.h"
 #include "modules/sensor/SensorReadingEvent.h"
+#include "platform/UserGestureIndicator.h"
 
 using namespace device::mojom::blink;
 
 namespace blink {
 
+using mojom::blink::PermissionStatus;
+
 Sensor::Sensor(ScriptState* scriptState,
                const SensorOptions& sensorOptions,
                ExceptionState& exceptionState,
@@ -82,10 +85,39 @@ void Sensor::start(ScriptState* scriptState, ExceptionState& exceptionState) {
     return;
   }
 
-  startListening();
+  // If the algorithm is not allowed to show a popup, throw SecurityError.
+  if (!UserGestureIndicator::consumeUserGesture()) {

[Mikhail, 2016/11/07 08:02:02]

must be moved to the beginning.

[riju_, 2016/11/09 10:30:34]

Done.

+    exceptionState.throwDOMException(
+        SecurityError,
+        "Must be handling a user gesture to show a permission request.");
+    return;
+  }
+
+  // Check the permission status first.
+  auto permissionStatus = m_sensorProxy->getPermissionStatus();
+
+  if (permissionStatus == PermissionStatus::ASK) {
+    m_sensorProxy->requestPermission(scriptState->getExecutionContext(),

[Mikhail, 2016/11/07 08:02:02]

return here?

[riju_, 2016/11/09 10:30:34]

Done.

+                                     permissionStatus);
+  } else if (permissionStatus == PermissionStatus::DENIED) {
+    stopListening();
+
+    ConsoleMessage* consoleMessage = ConsoleMessage::create(
+        JSMessageSource, InfoMessageLevel, "Permission Rejected.");
+    scriptState->getExecutionContext()->addConsoleMessage(consoleMessage);
+
+    reportError(PermissionDeniedError,
+                "start() call has failed as permission was denied.");
+  } else {
+    startListening();
+  }
+
+  // Keep listening to changes.
+  m_sensorProxy->getNextPermissionChange(scriptState->getExecutionContext(),

[shalamov, 2016/11/04 19:00:20]

This can be moved after HasPermission is completed (to callback from
HasPermission for example).

[riju_, 2016/11/09 10:30:34]

Done.

+                                         permissionStatus);
 }
 
-void Sensor::stop(ScriptState*, ExceptionState& exceptionState) {
+void Sensor::stop(ScriptState* scriptState, ExceptionState& exceptionState) {
   if (m_state == Sensor::SensorState::IDLE ||
       m_state == Sensor::SensorState::ERRORED) {
     exceptionState.throwDOMException(
@@ -95,6 +127,22 @@ void Sensor::stop(ScriptState*, ExceptionState& exceptionState) {
   }
 
   stopListening();
+
+  // Check the permission status first.
+  auto permissionStatus = m_sensorProxy->getPermissionStatus();

[shalamov, 2016/11/04 19:00:20]

Is this required for stop()? Should we create issue for spec to clarify it?

[riju_, 2016/11/09 10:30:34]

Will remove.
https://github.com/w3c/sensors/issues/146

+
+  if (permissionStatus != PermissionStatus::GRANTED) {

[Mikhail, 2016/11/07 08:02:02]

is it possible that we had permissions to start but do not have them to stop?

[riju_, 2016/11/09 10:30:34]

My mistake, now spec says we don't need permissions to stop()

+    ConsoleMessage* consoleMessage = ConsoleMessage::create(
+        JSMessageSource, InfoMessageLevel, "Permission Rejected.");
+    scriptState->getExecutionContext()->addConsoleMessage(consoleMessage);
+
+    reportError(PermissionDeniedError,
+                "stop() call has failed as permission was not granted.");
+  }
+
+  // Keep listening to changes.
+  m_sensorProxy->getNextPermissionChange(scriptState->getExecutionContext(),

[Mikhail, 2016/11/07 08:02:02]

this class already has 'getExecutionContext()'

[riju_, 2016/11/09 10:30:34]

Moving this to the onPermissionUpdate callback, as alex suggested.

+                                         permissionStatus);
 }
 
 static String ToString(Sensor::SensorState state) {
@@ -146,14 +194,15 @@ void Sensor::initSensorProxyIfNeeded() {
   if (!document || !document->frame())
     return;
 
-  m_sensorProxy =
-      SensorProviderProxy::from(document->frame())->getOrCreateSensor(m_type);
+  m_sensorProxy = SensorProviderProxy::from(document->frame())
+                      ->getOrCreateSensor(m_type, getExecutionContext());
 }
 
 void Sensor::contextDestroyed() {
   if (m_state == Sensor::SensorState::ACTIVE ||
       m_state == Sensor::SensorState::ACTIVATING)
     stopListening();
+  m_sensorProxy->resetPermissionService();
 }
 
 void Sensor::onSensorInitialized() {
@@ -168,6 +217,17 @@ void Sensor::onSensorReadingChanged() {
     m_polling->onSensorReadingChanged();
 }
 
+void Sensor::onSensorPermissionChanged() {
+  // Check the permission status first.
+  auto permissionStatus = m_sensorProxy->getPermissionStatus();
+
+  if (permissionStatus != PermissionStatus::GRANTED) {
+    stopListening();
+    reportError(PermissionDeniedError,
+                "start/stop() call has failed as permission was denied.");
+  }

[Mikhail, 2016/11/07 08:02:02]

what if permissions are granted? we probably should start sensor than..

[riju_, 2016/11/09 10:30:34]

Yes, provided a start() was waiting for permissions to be granted.

+}
+
 void Sensor::onSensorError(ExceptionCode code,
                            const String& sanitizedMessage,
                            const String& unsanitizedMessage) {