Public Sessions - prompt the user for pageCapture requests

chrome/browser/chromeos/extensions/public_session_permission_helper_impl.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/extensions/public_session_permission_helper_impl.h"
+
+#include <utility>
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/memory/ptr_util.h"
+#include "content/public/browser/web_contents.h"
+#include "extensions/common/permissions/api_permission_set.h"
+#include "extensions/common/permissions/manifest_permission_set.h"
+#include "extensions/common/permissions/permission_set.h"
+#include "extensions/common/url_pattern_set.h"
+
+namespace extensions {
+
+PublicSessionPermissionHelperImpl::RequestCallback::RequestCallback(
+    const base::Closure& success_callback,
+    const base::Closure& failure_callback,
+    const PermissionHelperSet& permission_list)
+    : success_callback(success_callback),
+      failure_callback(failure_callback),
+      permission_list(permission_list) {}
+
+PublicSessionPermissionHelperImpl::RequestCallback::RequestCallback(
+    const RequestCallback& other)
+    : success_callback(other.success_callback),
+      failure_callback(other.failure_callback),
+      permission_list(other.permission_list) {}

[Devlin, 2017/01/25 16:00:32]

can we not just use = default?

[Ivan Šandrk, 2017/01/26 18:53:22]

Done.

+
+PublicSessionPermissionHelperImpl::RequestCallback::~RequestCallback() {}
+
+PublicSessionPermissionHelperImpl::PublicSessionPermissionHelperImpl() {}
+
+PublicSessionPermissionHelperImpl::PublicSessionPermissionHelperImpl(
+    PublicSessionPermissionHelperImpl&& other) = default;
+
+PublicSessionPermissionHelperImpl::~PublicSessionPermissionHelperImpl() {}
+
+void PublicSessionPermissionHelperImpl::HandlePermissionRequest(
+    const Extension* extension,
+    PermissionHelperSet requested_permissions,
+    content::WebContents* web_contents,
+    const base::Closure& success_callback,
+    const base::Closure& failure_callback) {
+  CHECK(web_contents);
+
+  PermissionIDSet requested_permission_set;
+  for (auto permission : requested_permissions) {
+    requested_permission_set.insert(permission);
+  }
+
+  PermissionIDSet unresolved_permissions = PermissionIDSet::Difference(
+      requested_permission_set, allowed_permission_set_);
+  if (unresolved_permissions.empty()) {
+    success_callback.Run();
+    return;
+  }
+  unresolved_permissions = PermissionIDSet::Difference(
+      unresolved_permissions, denied_permission_set_);
+  if (unresolved_permissions.empty()) {

[Devlin, 2017/01/25 16:00:32]

If an item requests A and B, and the user has already rejected B, do we need to
prompt for A?  Or would it make sense to just fire the failure callback
immediately, since there's no way it could succeed (and potentially no way to
tell if having just permission A would be useful)?

[Ivan Šandrk, 2017/01/26 18:53:22]

PublicSessionMediaAccessHandler can pass to the App only one of the requested
A/V streams and it's up to it to decide what it wants to do.

+    failure_callback.Run();
+    return;
+  }
+
+  // Since not all permissions are resolved yet, queue the callback to be called
+  // when all of them are resolved.
+  callbacks_.push_back(RequestCallback(
+      success_callback, failure_callback, requested_permissions));
+
+  PermissionIDSet unprompted_permissions = PermissionIDSet::Difference(
+      unresolved_permissions, prompted_permission_set_);
+  if (unprompted_permissions.empty()) return;
+
+  APIPermission::ID first_unprompted_permission =
+      unprompted_permissions.begin()->id();
+  APIPermissionSet new_apis;
+  for (const auto& permission : unprompted_permissions) {
+    prompted_permission_set_.insert(permission.id());
+    new_apis.insert(permission.id());
+  }
+  auto permission_set = base::MakeUnique<PermissionSet>(
+      new_apis, ManifestPermissionSet(), URLPatternSet(), URLPatternSet());
+  auto prompt = base::MakeUnique<ExtensionInstallPrompt>(web_contents);
+  prompt->ShowDialog(
+      base::Bind(&PublicSessionPermissionHelperImpl::ResolvePermissionPrompt,
+                 base::Unretained(this), extension,
+                 std::move(unprompted_permissions)),
+      extension,
+      nullptr,  // Use the extension icon.
+      base::MakeUnique<ExtensionInstallPrompt::Prompt>(
+          ExtensionInstallPrompt::PERMISSIONS_PROMPT),
+      std::move(permission_set),
+      ExtensionInstallPrompt::GetDefaultShowDialogCallback());
+  prompt_map_[first_unprompted_permission] = std::move(prompt);

[Devlin, 2017/01/25 16:00:32]

storing by arbitrary permission is a little weird to me, since we prompt for
multiple.  Why not just store a set<prompt>?

[Ivan Šandrk, 2017/01/26 18:53:22]

Done.

+}
+
+PermissionState PublicSessionPermissionHelperImpl::GetUserChoice(
+    APIPermission::ID permission_id) {
+  if (allowed_permission_set_.ContainsID(permission_id))
+    return PermissionState::ALLOWED;
+  if (denied_permission_set_.ContainsID(permission_id))
+    return PermissionState::DENIED;
+  if (prompted_permission_set_.ContainsID(permission_id))
+    return PermissionState::SHOWN_PROMPT;
+  return PermissionState::NOT_PROMPTED;
+}
+
+void PublicSessionPermissionHelperImpl::ResolvePermissionPrompt(
+    const Extension* extension,
+    PermissionIDSet unprompted_permissions,
+    ExtensionInstallPrompt::Result prompt_result) {
+  // Dispose of the prompt as it's not needed anymore.
+  prompt_map_.erase(unprompted_permissions.begin()->id());
+
+  bool allowed = prompt_result == ExtensionInstallPrompt::Result::ACCEPTED;
+  for (const auto& permission : unprompted_permissions) {
+    prompted_permission_set_.erase(permission.id());
+    if (allowed)
+      allowed_permission_set_.insert(permission.id());
+    else
+      denied_permission_set_.insert(permission.id());
+  }
+
+  for (auto callback = callbacks_.begin();
+       callback != callbacks_.end(); ) {
+    if (prompted_permission_set_.ContainsAnyID(callback->permission_list)) {
+      callback++;
+      continue;
+    }
+    if (denied_permission_set_.ContainsAnyID(callback->permission_list))
+      callback->failure_callback.Run();
+    else
+      callback->success_callback.Run();
+    callbacks_.erase(callback);

[Devlin, 2017/01/25 16:00:32]

don't we need a callback = callbacks_.erase() or something like that here?

[Ivan Šandrk, 2017/01/26 18:53:22]

Indeed, done.

+  }
+}
+
+}  // namespace extensions