Add permission request creator class.

chrome/browser/managed_mode/managed_user_service.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/managed_mode/managed_user_service.h"
 
 #include "base/command_line.h"
 #include "base/memory/ref_counted.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/managed_mode/custodian_profile_downloader_service.h"
 #include "chrome/browser/managed_mode/custodian_profile_downloader_service_factory.h"
 #include "chrome/browser/managed_mode/managed_mode_site_list.h"
 #include "chrome/browser/managed_mode/managed_user_constants.h"
 #include "chrome/browser/managed_mode/managed_user_registration_utility.h"
 #include "chrome/browser/managed_mode/managed_user_settings_service.h"
 #include "chrome/browser/managed_mode/managed_user_settings_service_factory.h"
 #include "chrome/browser/managed_mode/managed_user_shared_settings_service.h"
 #include "chrome/browser/managed_mode/managed_user_shared_settings_service_factory.h"
 #include "chrome/browser/managed_mode/managed_user_sync_service.h"
 #include "chrome/browser/managed_mode/managed_user_sync_service_factory.h"
+#include "chrome/browser/managed_mode/permission_request_creator.h"
 #include "chrome/browser/managed_mode/supervised_user_pref_mapping_service.h"
 #include "chrome/browser/managed_mode/supervised_user_pref_mapping_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/browser/ui/browser.h"
@@ skipping 97 matching lines @@
       base::Bind(&ManagedModeURLFilter::SetManualURLs,
                  io_url_filter_, base::Owned(url_map.release())));
 }
 
 ManagedUserService::ManagedUserService(Profile* profile)
     : profile_(profile),
       waiting_for_sync_initialization_(false),
       is_profile_active_(false),
       elevated_for_testing_(false),
       did_shutdown_(false),
+      waiting_for_permissions_(false),
       weak_ptr_factory_(this) {
 }
 
 ManagedUserService::~ManagedUserService() {
   DCHECK(did_shutdown_);
 }
 
 void ManagedUserService::Shutdown() {
   did_shutdown_ = true;
   if (ProfileIsManaged()) {
@@ skipping 284 matching lines @@
   ManagedModeURLFilter::FilteringBehavior behavior =
       ManagedModeURLFilter::BehaviorFromInt(behavior_value);
   url_filter_context_.SetDefaultFilteringBehavior(behavior);
 }
 
 void ManagedUserService::UpdateSiteLists() {
   url_filter_context_.LoadWhitelists(GetActiveSiteLists());
 }
 
 bool ManagedUserService::AccessRequestsEnabled() {
+  if (waiting_for_permissions_) {
+    return false;
+  }
+
   ProfileSyncService* service =
       ProfileSyncServiceFactory::GetForProfile(profile_);
   GoogleServiceAuthError::State state = service->GetAuthError().state();
   // We allow requesting access if Sync is working or has a transient error.
   return (state == GoogleServiceAuthError::NONE ||
           state == GoogleServiceAuthError::CONNECTION_FAILED ||
           state == GoogleServiceAuthError::SERVICE_UNAVAILABLE);
 }
 
+void ManagedUserService::OnPermissionRequestIssued(
+    const GoogleServiceAuthError& error) {
+  waiting_for_permissions_ = false;
+  // TODO(akuegel): Figure out how to show the result of issuing the permission
+  // in the UI.
+}
+
 void ManagedUserService::AddAccessRequest(const GURL& url) {
   // Normalize the URL.
   GURL normalized_url = ManagedModeURLFilter::Normalize(url);
 
   // Escape the URL.
   std::string output(net::EscapeQueryParamValue(normalized_url.spec(), true));
 
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kPermissionRequestAPI)) {
+    waiting_for_permissions_ = true;
+    permissions_creator_->CreatePermissionRequest(
+            output,

[Bernhard Bauer, 2014/05/15 13:56:40]

Nit: Indent (4 spaces)

[Adrian Kuegel, 2014/05/15 14:35:32]

Done.

+            base::Bind(&ManagedUserService::OnPermissionRequestIssued,
+                       weak_ptr_factory_.GetWeakPtr()));
+    return;
+  }
+
   // Add the prefix.
   std::string key = ManagedUserSettingsService::MakeSplitSettingKey(
       kManagedUserAccessRequestKeyPrefix, output);
 
   scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue);
 
   // TODO(sergiu): Use sane time here when it's ready.
   dict->SetDouble(kManagedUserAccessRequestTime, base::Time::Now().ToJsTime());
 
   dict->SetString(kManagedUserName,
@@ skipping 88 matching lines @@
 
   CommandLine* command_line = CommandLine::ForCurrentProcess();
   if (command_line->HasSwitch(switches::kManagedUserSyncToken)) {
     InitSync(
         command_line->GetSwitchValueASCII(switches::kManagedUserSyncToken));
   }
 
   ProfileOAuth2TokenService* token_service =
       ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
   token_service->LoadCredentials(managed_users::kManagedUserPseudoEmail);
+  std::string account_id = SigninManagerFactory::GetForProfile(profile_)
+                               ->GetAuthenticatedAccountId();

[Bernhard Bauer, 2014/05/15 13:56:40]

This is going to be empty for a supervised user (because that user is not
considered signed in). The pseudo account ID that we use in
ProfileOAuth2TokenService is managed_users::kManagedUserPseudoEmail.

[Adrian Kuegel, 2014/05/15 14:35:32]

Right. This explains why fetching the access token didn't work. It works now,
thanks :)

[Bernhard Bauer, 2014/05/15 15:04:54]

An alternative would be to use
ManagedUserSigninManagerWrapper::GetAccountIdToUse(), which will return the same
thing, but doesn't require clients of PermissionRequestCreator to know which
exact account ID to use.

[Adrian Kuegel, 2014/05/15 15:42:16]

Right. I refactored this a bit, and pass now only the profile to
PermissionRequestCreator::Create, and use the ManagedUserSigninManagerWrapper
there. What do you think?

[Bernhard Bauer, 2014/05/15 15:58:18]

Passing only the profile to Create() is okay, but personally, I would pass in
the ManagedUserSigninManagerWrapper, ProfileOAuth2TokenService and
RequestContextGetter to the constructor, because dependency injection.

Also, if you have a ManagedUserSigninManagerWrapper, you could use that to get
the OAuth2 scope to use, which removes more dependencies on Supervised User
implementation details.

[Adrian Kuegel, 2014/05/16 13:21:57]

Makes sense. Done.

+  permissions_creator_ = PermissionRequestCreator::Create(
+      token_service, account_id, profile_->GetRequestContext());
 
   extensions::ExtensionSystem* extension_system =
       extensions::ExtensionSystem::Get(profile_);
   extensions::ManagementPolicy* management_policy =
       extension_system->management_policy();
   if (management_policy)
     extension_system->management_policy()->RegisterProvider(this);
 
   registrar_.Add(this,
                  chrome::NOTIFICATION_EXTENSION_LOADED_DEPRECATED,
@@ skipping 115 matching lines @@
 
 void ManagedUserService::OnBrowserSetLastActive(Browser* browser) {
   bool profile_became_active = profile_->IsSameProfile(browser->profile());
   if (!is_profile_active_ && profile_became_active)
     content::RecordAction(UserMetricsAction("ManagedUsers_OpenProfile"));
   else if (is_profile_active_ && !profile_became_active)
     content::RecordAction(UserMetricsAction("ManagedUsers_SwitchProfile"));
 
   is_profile_active_ = profile_became_active;
 }