Public Sessions - prompt the user for pageCapture requests

chrome/browser/chromeos/extensions/public_session_permission_helper.cc

Index: chrome/browser/chromeos/extensions/public_session_permission_helper.cc
diff --git a/chrome/browser/chromeos/extensions/public_session_permission_helper.cc b/chrome/browser/chromeos/extensions/public_session_permission_helper.cc
new file mode 100644
index 0000000000000000000000000000000000000000..10f1bab7cf1179dbf203c985ce83d2353a06bb36
--- /dev/null
+++ b/chrome/browser/chromeos/extensions/public_session_permission_helper.cc
@@ -0,0 +1,170 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/extensions/public_session_permission_helper.h"
+
+#include <map>
+#include <utility>
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/lazy_instance.h"
+#include "base/macros.h"
+#include "base/memory/ptr_util.h"
+#include "content/public/browser/browser_thread.h"
+#include "content/public/browser/web_contents.h"
+#include "extensions/common/extension.h"
+#include "extensions/common/permissions/api_permission_set.h"
+#include "extensions/common/permissions/manifest_permission_set.h"
+#include "extensions/common/permissions/permission_set.h"
+#include "extensions/common/url_pattern_set.h"
+
+namespace extensions {
+
+namespace {
+
+base::LazyInstance<std::map<ExtensionId, PublicSessionPermissionHelper>>::Leaky
+    g_helpers = LAZY_INSTANCE_INITIALIZER;
+
+}  // namespace
+
+// static
+void PublicSessionPermissionHelper::HandlePermissionRequest(
+    const Extension& extension,
+    PermissionHelperSet requested_permissions,
+    content::WebContents* web_contents,
+    const base::Closure& success_callback,
+    const base::Closure& failure_callback) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  return g_helpers.Get()[extension.id()].HandlePermissionRequestImpl(
+      extension, requested_permissions, web_contents, success_callback,
+      failure_callback);
+}
+
+// static
+bool PublicSessionPermissionHelper::PermissionAllowed(
+    ExtensionId extension_id,
+    APIPermission::ID permission_id) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  return g_helpers.Get()[extension_id].PermissionAllowedImpl(permission_id);
+}
+
+PublicSessionPermissionHelper::PublicSessionPermissionHelper() {}
+
+PublicSessionPermissionHelper::PublicSessionPermissionHelper(
+    PublicSessionPermissionHelper&& other) = default;
+
+PublicSessionPermissionHelper::~PublicSessionPermissionHelper() {}
+
+void PublicSessionPermissionHelper::HandlePermissionRequestImpl(
+    const Extension& extension,
+    PermissionHelperSet requested_permissions,
+    content::WebContents* web_contents,
+    const base::Closure& success_callback,
+    const base::Closure& failure_callback) {
+  CHECK(web_contents);
+

[Andrew T Wilson (Slow), 2017/01/31 16:22:25]

There's some subtle logic in this implementation - dealing with overlapping
permission requests, etc. How is this covered by tests (for example, if one
caller asks for permissions A & B, and a second caller asks for permission B
while the prompt for A&B is still on-screen, what test covers that case?

[Ivan Šandrk, 2017/02/01 18:11:29]

Currently none, I'll write one.

+  PermissionIDSet requested_permission_set;
+  for (auto permission : requested_permissions) {
+    requested_permission_set.insert(permission);
+  }
+
+  PermissionIDSet unresolved_permissions = PermissionIDSet::Difference(
+      requested_permission_set, allowed_permission_set_);
+  if (unresolved_permissions.empty()) {
+    success_callback.Run();
+    return;
+  }
+  unresolved_permissions = PermissionIDSet::Difference(
+      unresolved_permissions, denied_permission_set_);
+  if (unresolved_permissions.empty()) {
+    failure_callback.Run();
+    return;
+  }
+
+  // Since not all permissions are resolved yet, queue the callback to be called
+  // when all of them are resolved.
+  callbacks_.push_back(RequestCallback(
+      success_callback, failure_callback, requested_permissions));
+
+  PermissionIDSet unprompted_permissions = PermissionIDSet::Difference(
+      unresolved_permissions, prompted_permission_set_);
+  if (unprompted_permissions.empty())
+    return;
+
+  APIPermissionSet new_apis;
+  for (const auto& permission : unprompted_permissions) {
+    prompted_permission_set_.insert(permission.id());
+    new_apis.insert(permission.id());
+  }
+  auto permission_set = base::MakeUnique<PermissionSet>(
+      new_apis, ManifestPermissionSet(), URLPatternSet(), URLPatternSet());
+  auto prompt = base::MakeUnique<ExtensionInstallPrompt>(web_contents);
+  static int prompt_id = 0;
+  // This Unretained is safe because the lifetime of this object is until
+  // process exit.
+  prompt->ShowDialog(
+      base::Bind(&PublicSessionPermissionHelper::ResolvePermissionPrompt,
+                 base::Unretained(this), prompt_id,
+                 std::move(unprompted_permissions)),
+      &extension,
+      nullptr,  // Use the extension icon.
+      base::MakeUnique<ExtensionInstallPrompt::Prompt>(
+          ExtensionInstallPrompt::PERMISSIONS_PROMPT),
+      std::move(permission_set),
+      ExtensionInstallPrompt::GetDefaultShowDialogCallback());
+  prompts_[prompt_id++] = std::move(prompt);
+}
+
+bool PublicSessionPermissionHelper::PermissionAllowedImpl(
+    APIPermission::ID permission_id) {
+  return allowed_permission_set_.ContainsID(permission_id);
+}
+
+void PublicSessionPermissionHelper::ResolvePermissionPrompt(
+    int prompt_id,
+    const PermissionIDSet& unprompted_permissions,
+    ExtensionInstallPrompt::Result prompt_result) {
+  // Dispose of the prompt as it's not needed anymore.
+  size_t erased = prompts_.erase(prompt_id);
+  DCHECK_EQ(1u, erased);
+
+  bool allowed = prompt_result == ExtensionInstallPrompt::Result::ACCEPTED;
+  for (const auto& permission : unprompted_permissions) {
+    prompted_permission_set_.erase(permission.id());
+    if (allowed)
+      allowed_permission_set_.insert(permission.id());
+    else
+      denied_permission_set_.insert(permission.id());
+  }
+
+  for (auto callback = callbacks_.begin(); callback != callbacks_.end(); ) {
+    if (prompted_permission_set_.ContainsAnyID(callback->permission_list)) {
+      // The request is still waiting on other permissions to be resolved - wait
+      // until all of them are resolved before calling the callback.
+      callback++;
+      continue;
+    }
+    if (denied_permission_set_.ContainsAnyID(callback->permission_list))
+      callback->failure_callback.Run();
+    else
+      callback->success_callback.Run();
+    callback = callbacks_.erase(callback);

[Andrew T Wilson (Slow), 2017/01/31 16:22:25]

What happens if in the callback, the callback invokes
HandlePermissionRequestImpl() again? Won't that modify the set and change your
iterator/yield some kind of exception/crash?

[Ivan Šandrk, 2017/02/01 18:11:29]

Very good point, it can possibly result in a crash. I need to add explicit
CHECKs to guard against this and mention in the comments that calling
HandlePermissionRequest from inside the callback is not allowed.

[Andrew T Wilson (Slow), 2017/02/03 07:38:38]

BTW, the canonical way to do this is not to add documentation/CHECKs() but to
instead do something like:

1) Walk list of callbacks.
2) If a callback needs to get invoked, remove it from the list and add it to a
new temporary list.
3) Once you are done, walk the temporary list and invoke all of the callbacks.

That way, if a given callback does something that changes the main list, it
doesn't cause a crash because we aren't walking that list - we're walking our
own local list of "callbacks to be invoked".

I haven't reviewed your change yet, so maybe that's what you've done, but that
would be my recommendation here.

+  }
+}
+
+PublicSessionPermissionHelper::RequestCallback::RequestCallback(
+    const base::Closure& success_callback,
+    const base::Closure& failure_callback,
+    const PermissionHelperSet& permission_list)
+    : success_callback(success_callback),
+      failure_callback(failure_callback),
+      permission_list(permission_list) {}
+
+PublicSessionPermissionHelper::RequestCallback::RequestCallback(
+    const RequestCallback& other) = default;
+
+PublicSessionPermissionHelper::RequestCallback::~RequestCallback() {}
+
+}  // namespace extensions