Add permission request creator class.

chrome/browser/managed_mode/managed_user_service.cc

Index: chrome/browser/managed_mode/managed_user_service.cc
diff --git a/chrome/browser/managed_mode/managed_user_service.cc b/chrome/browser/managed_mode/managed_user_service.cc
index 8ca555f7c129bac3ed47141c368f33d36c77bb33..565147b1cd3e41e99b4c9e734684f1b4908b3881 100644
--- a/chrome/browser/managed_mode/managed_user_service.cc
+++ b/chrome/browser/managed_mode/managed_user_service.cc
@@ -23,6 +23,7 @@
 #include "chrome/browser/managed_mode/managed_user_shared_settings_service_factory.h"
 #include "chrome/browser/managed_mode/managed_user_sync_service.h"
 #include "chrome/browser/managed_mode/managed_user_sync_service_factory.h"
+#include "chrome/browser/managed_mode/permission_request_creator.h"
 #include "chrome/browser/managed_mode/supervised_user_pref_mapping_service.h"
 #include "chrome/browser/managed_mode/supervised_user_pref_mapping_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
@@ -140,6 +141,7 @@ ManagedUserService::ManagedUserService(Profile* profile)
       is_profile_active_(false),
       elevated_for_testing_(false),
       did_shutdown_(false),
+      waiting_for_permissions_(false),
       weak_ptr_factory_(this) {
 }
 
@@ -444,6 +446,10 @@ void ManagedUserService::UpdateSiteLists() {
 }
 
 bool ManagedUserService::AccessRequestsEnabled() {
+  if (waiting_for_permissions_) {
+    return false;
+  }
+
   ProfileSyncService* service =
       ProfileSyncServiceFactory::GetForProfile(profile_);
   GoogleServiceAuthError::State state = service->GetAuthError().state();
@@ -453,6 +459,13 @@ bool ManagedUserService::AccessRequestsEnabled() {
           state == GoogleServiceAuthError::SERVICE_UNAVAILABLE);
 }
 
+void ManagedUserService::OnPermissionRequestIssued(
+    const GoogleServiceAuthError& error) {
+  waiting_for_permissions_ = false;
+  // TODO(akuegel): Figure out how to show the result of issuing the permission
+  // in the UI.
+}
+
 void ManagedUserService::AddAccessRequest(const GURL& url) {
   // Normalize the URL.
   GURL normalized_url = ManagedModeURLFilter::Normalize(url);
@@ -460,6 +473,16 @@ void ManagedUserService::AddAccessRequest(const GURL& url) {
   // Escape the URL.
   std::string output(net::EscapeQueryParamValue(normalized_url.spec(), true));
 
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kPermissionRequestAPI)) {
+    waiting_for_permissions_ = true;
+    permissions_creator_->CreatePermissionRequest(
+            output,

[Bernhard Bauer, 2014/05/15 13:56:40]

Nit: Indent (4 spaces)

[Adrian Kuegel, 2014/05/15 14:35:32]

Done.

+            base::Bind(&ManagedUserService::OnPermissionRequestIssued,
+                       weak_ptr_factory_.GetWeakPtr()));
+    return;
+  }
+
   // Add the prefix.
   std::string key = ManagedUserSettingsService::MakeSplitSettingKey(
       kManagedUserAccessRequestKeyPrefix, output);
@@ -568,6 +591,10 @@ void ManagedUserService::Init() {
   ProfileOAuth2TokenService* token_service =
       ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
   token_service->LoadCredentials(managed_users::kManagedUserPseudoEmail);
+  std::string account_id = SigninManagerFactory::GetForProfile(profile_)
+                               ->GetAuthenticatedAccountId();

[Bernhard Bauer, 2014/05/15 13:56:40]

This is going to be empty for a supervised user (because that user is not
considered signed in). The pseudo account ID that we use in
ProfileOAuth2TokenService is managed_users::kManagedUserPseudoEmail.

[Adrian Kuegel, 2014/05/15 14:35:32]

Right. This explains why fetching the access token didn't work. It works now,
thanks :)

[Bernhard Bauer, 2014/05/15 15:04:54]

An alternative would be to use
ManagedUserSigninManagerWrapper::GetAccountIdToUse(), which will return the same
thing, but doesn't require clients of PermissionRequestCreator to know which
exact account ID to use.

[Adrian Kuegel, 2014/05/15 15:42:16]

Right. I refactored this a bit, and pass now only the profile to
PermissionRequestCreator::Create, and use the ManagedUserSigninManagerWrapper
there. What do you think?

[Bernhard Bauer, 2014/05/15 15:58:18]

Passing only the profile to Create() is okay, but personally, I would pass in
the ManagedUserSigninManagerWrapper, ProfileOAuth2TokenService and
RequestContextGetter to the constructor, because dependency injection.

Also, if you have a ManagedUserSigninManagerWrapper, you could use that to get
the OAuth2 scope to use, which removes more dependencies on Supervised User
implementation details.

[Adrian Kuegel, 2014/05/16 13:21:57]

Makes sense. Done.

+  permissions_creator_ = PermissionRequestCreator::Create(
+      token_service, account_id, profile_->GetRequestContext());
 
   extensions::ExtensionSystem* extension_system =
       extensions::ExtensionSystem::Get(profile_);