MD Settings: Set all content setting values in Site Details Javascript.

chrome/browser/ui/webui/settings/site_settings_handler.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/settings/site_settings_handler.h"
 
 #include <algorithm>
 #include <memory>
 #include <string>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/i18n/number_formatting.h"
 #include "base/macros.h"
 #include "base/values.h"
 #include "chrome/browser/browsing_data/browsing_data_local_storage_helper.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/content_settings/web_site_settings_uma_util.h"
 #include "chrome/browser/permissions/chooser_context_base.h"
+#include "chrome/browser/permissions/permission_manager.h"
+#include "chrome/browser/permissions/permission_result.h"
 #include "chrome/browser/permissions/permission_uma_util.h"
 #include "chrome/browser/permissions/permission_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/webui/site_settings_helper.h"
 #include "chrome/common/extensions/manifest_handlers/app_launch_info.h"
 #include "chrome/grit/generated_resources.h"
+#include "components/content_settings/core/browser/content_settings_utils.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/common/content_settings_types.h"
 #include "components/crx_file/id_util.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/web_ui.h"
 #include "content/public/common/page_zoom.h"
 #include "content/public/common/url_constants.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/common/permissions/api_permission.h"
@@ skipping 55 matching lines @@
     GURL launch_url =
         extensions::AppLaunchInfo::GetLaunchWebURL(extension->get());
     // Skip adding the launch URL if it is part of the web extent.
     if (web_extent.MatchesURL(launch_url))
       continue;
     site_settings::AddExceptionForHostedApp(
         launch_url.spec(), *extension->get(), exceptions);
   }
 }
 
+// Retrieves the corresponding string, according to the following precedence
+// order from highest to lowest priority:
+//    1. Enterprise policy.
+//    2. Extensions.
+//    3. User-set per-origin setting.
+//    4. Embargo.
+//    5. User-set patterns.
+//    6. User-set global default for a ContentSettingsType.
+//    7. Chrome's built-in default.
+std::string ConvertContentSettingSourceToString(
+    content_settings::SettingSource content_settings_source,
+    PermissionStatusSource permission_status_source) {
+  switch (content_settings_source) {
+    case content_settings::SETTING_SOURCE_POLICY:
+      return site_settings::kPolicyProviderId;
+    case content_settings::SETTING_SOURCE_EXTENSION:
+      return site_settings::kExtensionProviderId;
+
+    case content_settings::SETTING_SOURCE_NONE:
+    case content_settings::SETTING_SOURCE_USER:
+    // The above two sources fall into #3, #5 and #6.
+    case content_settings::SETTING_SOURCE_WHITELIST:
+    case content_settings::SETTING_SOURCE_SUPERVISED:
+      // These are not possible.

[raymes, 2017/06/20 23:42:36]

Hmm, I think these may actually be possible. WHITELIST may not happen in these
cases by chance, but supervised could. I think supervised should use the same
string as the policy provider. Maybe we just return user-defined for whitelist
for now, but if these values are ever returned, the setting shouldn't be
modifiable.

[Patti Lor, 2017/06/21 06:36:37]

Ah, OK, thanks for clarifying. I did some investigating for supervised (made a
supervised account and tried to use it) and could only find a way to
whitelist/blacklist specific origins, not change the content settings of
anything; but I'll defer to you on this. Fixed.

[raymes, 2017/06/22 00:07:03]

I think it's possible for geolocation/camera based on
content_settings_supervised_provider.cc. With that said, I haven't actually
tested it.

[Patti Lor, 2017/06/22 05:31:59]

Oh ok, interesting. Thanks for the FYI.

+      break;
+  }
+
+  switch (permission_status_source) {
+    case PermissionStatusSource::UNSPECIFIED:
+      break;
+    case PermissionStatusSource::SAFE_BROWSING_BLACKLIST:
+    case PermissionStatusSource::KILL_SWITCH:
+    case PermissionStatusSource::MULTIPLE_DISMISSALS:
+    case PermissionStatusSource::MULTIPLE_IGNORES:
+      // The above four sources fall into #4.
+      // TODO(patricialor): Plumb this through to the Web UI.
+      return site_settings::kPreferencesSource;
+  }

[raymes, 2017/06/20 23:42:36]

You've done a good job of this logic considering that it's virtually impossible
to get right!

I might suggest that we reverse the order of checks though. For example, it's
possible that KILL_SWITCH takes precedence over POLICY.

So we might just want to move this switch statement first. If UNSPECIFIED is
returned then fall back to the content settings source. This won't be completely
correct because there are cases right now where we return UNSPECIFIED which
aren't due to falling back to the HostContentSettingsMap. But I think it will be
slightly more correct.

We should definitely prioritize fixing up these decision reasons after v0 :)

[Patti Lor, 2017/06/21 06:36:37]

Ah, thanks for pointing that out. Fixed. I added a comment to document one of
the incorrect cases (the latest patchset will make embargo look like it takes
precedence over a setting the user has explicitly overridden embargo for).

+
+  return site_settings::kPreferencesSource;
+}
+
+ContentSetting GetContentSettingForOrigin(const GURL& origin,
+                                          ContentSettingsType content_type,
+                                          Profile* profile,
+                                          std::string* source_string) {
+  // TODO(patricialor): In future, PermissionManager should know about all
+  // content settings, not just the permissions, plus all the possible sources,
+  // and the calls to HostContentSettingsMap should be removed.
+  content_settings::SettingInfo info;
+  HostContentSettingsMap* map =
+      HostContentSettingsMapFactory::GetForProfile(profile);
+  std::unique_ptr<base::Value> value = map->GetWebsiteSetting(
+      origin, origin, content_type, std::string(), &info);
+
+  // Retrieve the content setting.
+  PermissionResult result(CONTENT_SETTING_DEFAULT,
+                          PermissionStatusSource::UNSPECIFIED);
+  if (PermissionUtil::IsPermission(content_type)) {
+    result = PermissionManager::Get(profile)->GetPermissionStatus(
+        content_type, origin, origin);
+  } else {
+    DCHECK(value.get());
+    DCHECK_EQ(base::Value::Type::INTEGER, value->GetType());
+    result.content_setting =
+        content_settings::ValueToContentSetting(value.get());
+  }
+
+  // Retrieve the source of the content setting.
+  *source_string =
+      ConvertContentSettingSourceToString(info.source, result.source);
+  return result.content_setting;
+}
+
 }  // namespace
 
 
 SiteSettingsHandler::SiteSettingsHandler(Profile* profile)
     : profile_(profile), observer_(this) {
 }
 
 SiteSettingsHandler::~SiteSettingsHandler() {
 }
 
@@ skipping 24 matching lines @@
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
       "getExceptionList",
       base::Bind(&SiteSettingsHandler::HandleGetExceptionList,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
       "resetCategoryPermissionForOrigin",
       base::Bind(&SiteSettingsHandler::HandleResetCategoryPermissionForOrigin,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
+      "getCategoryPermissionForOrigin",
+      base::Bind(&SiteSettingsHandler::HandleGetCategoryPermissionForOrigin,
+                 base::Unretained(this)));
+  web_ui()->RegisterMessageCallback(
       "setCategoryPermissionForOrigin",
       base::Bind(&SiteSettingsHandler::HandleSetCategoryPermissionForOrigin,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
-      "getSiteDetails",
-      base::Bind(&SiteSettingsHandler::HandleGetSiteDetails,
-                 base::Unretained(this)));
-  web_ui()->RegisterMessageCallback(
       "isPatternValid",
       base::Bind(&SiteSettingsHandler::HandleIsPatternValid,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
       "updateIncognitoStatus",
       base::Bind(&SiteSettingsHandler::HandleUpdateIncognitoStatus,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
       "fetchZoomLevels",
       base::Bind(&SiteSettingsHandler::HandleFetchZoomLevels,
@@ skipping 330 matching lines @@
       profile, primary_pattern, secondary_pattern, content_type,
       PermissionSourceUI::SITE_SETTINGS);
 
   map->SetContentSettingCustomScope(primary_pattern, secondary_pattern,
                                     content_type, "", CONTENT_SETTING_DEFAULT);
 
   WebSiteSettingsUmaUtil::LogPermissionChange(
       content_type, ContentSetting::CONTENT_SETTING_DEFAULT);
 }
 
+void SiteSettingsHandler::HandleGetCategoryPermissionForOrigin(
+    const base::ListValue* args) {
+  AllowJavascript();
+
+  CHECK_EQ(3U, args->GetSize());
+  const base::Value* callback_id;
+  CHECK(args->Get(0, &callback_id));
+  std::string type;
+  CHECK(args->GetString(1, &type));
+  std::string origin;
+  CHECK(args->GetString(2, &origin));
+
+  const GURL origin_url(origin);
+  ContentSettingsType content_type = static_cast<ContentSettingsType>(
+      static_cast<int>(site_settings::ContentSettingsTypeFromGroupName(type)));
+  std::string source_string = "";
+  ContentSetting content_setting = GetContentSettingForOrigin(
+      origin_url, content_type, profile_, &source_string);
+  std::string content_setting_string =
+      content_settings::ContentSettingToString(content_setting);
+
+  auto raw_site_exception = base::MakeUnique<base::DictionaryValue>();
+  raw_site_exception->SetString(site_settings::kEmbeddingOrigin, "");

[raymes, 2017/06/20 23:42:36]

nit: I'm not sure if it matters, but we could just keep the embedding origin the
same as the origin.

[Patti Lor, 2017/06/21 06:36:37]

Done.

+  raw_site_exception->SetBoolean(site_settings::kIncognito,
+                                 profile_->IsOffTheRecord());
+  raw_site_exception->SetString(site_settings::kOrigin, origin);
+  raw_site_exception->SetString(site_settings::kDisplayName, origin);
+  raw_site_exception->SetString(site_settings::kSetting,
+                                content_setting_string);
+  raw_site_exception->SetString(site_settings::kSource, source_string);
+  // The remaining "embeddingDisplayName" field is handled later in Javascript.
+
+  ResolveJavascriptCallback(*callback_id, *raw_site_exception);
+}
+
 void SiteSettingsHandler::HandleSetCategoryPermissionForOrigin(
     const base::ListValue* args) {
   CHECK_EQ(5U, args->GetSize());
   std::string primary_pattern_string;
   CHECK(args->GetString(0, &primary_pattern_string));
   // TODO(dschuyler): Review whether |secondary_pattern_string| should be used.
   std::string secondary_pattern_string;
   CHECK(args->GetString(1, &secondary_pattern_string));
   std::string type;
   CHECK(args->GetString(2, &type));
@@ skipping 30 matching lines @@
   PermissionUtil::ScopedRevocationReporter scoped_revocation_reporter(
       profile, primary_pattern, secondary_pattern, content_type,
       PermissionSourceUI::SITE_SETTINGS);
 
   map->SetContentSettingCustomScope(primary_pattern, secondary_pattern,
                                     content_type, "", setting);
 
   WebSiteSettingsUmaUtil::LogPermissionChange(content_type, setting);
 }
 
-void SiteSettingsHandler::HandleGetSiteDetails(
-    const base::ListValue* args) {
-  AllowJavascript();
-
-  CHECK_EQ(2U, args->GetSize());
-  const base::Value* callback_id;
-  CHECK(args->Get(0, &callback_id));
-  std::string site;
-  CHECK(args->GetString(1, &site));
-
-  // A subset of the ContentSettingsType enum that we show in the settings UI.
-  const ContentSettingsType kSettingsDetailTypes[] = {
-    CONTENT_SETTINGS_TYPE_COOKIES,
-    CONTENT_SETTINGS_TYPE_IMAGES,
-    CONTENT_SETTINGS_TYPE_JAVASCRIPT,
-    CONTENT_SETTINGS_TYPE_PLUGINS,
-    CONTENT_SETTINGS_TYPE_POPUPS,
-    CONTENT_SETTINGS_TYPE_GEOLOCATION,
-    CONTENT_SETTINGS_TYPE_NOTIFICATIONS,
-    CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC,
-    CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA,
-    CONTENT_SETTINGS_TYPE_PROTOCOL_HANDLERS,
-    CONTENT_SETTINGS_TYPE_AUTOMATIC_DOWNLOADS,
-    CONTENT_SETTINGS_TYPE_BACKGROUND_SYNC,
-    CONTENT_SETTINGS_TYPE_USB_CHOOSER_DATA,
-    CONTENT_SETTINGS_TYPE_PROMPT_NO_DECISION_COUNT,
-  };
-
-  // Create a list to be consistent with existing API, we are expecting a single
-  // element (or none).
-  std::unique_ptr<base::ListValue> exceptions(new base::ListValue);
-  for (size_t type = 0; type < arraysize(kSettingsDetailTypes); ++type) {
-    ContentSettingsType content_type = kSettingsDetailTypes[type];
-
-    HostContentSettingsMap* map =
-        HostContentSettingsMapFactory::GetForProfile(profile_);
-    const auto* extension_registry =
-        extensions::ExtensionRegistry::Get(profile_);
-    site_settings::GetExceptionsFromHostContentSettingsMap(
-        map, content_type, extension_registry, web_ui(), /*incognito=*/false,
-        /*filter=*/&site, exceptions.get());
-
-    if (profile_->HasOffTheRecordProfile()) {
-      Profile* incognito = profile_->GetOffTheRecordProfile();
-      map = HostContentSettingsMapFactory::GetForProfile(incognito);
-      extension_registry = extensions::ExtensionRegistry::Get(incognito);
-      site_settings::GetExceptionsFromHostContentSettingsMap(
-          map, content_type, extension_registry, web_ui(), /*incognito=*/true,
-          /*filter=*/&site, exceptions.get());
-    }
-  }
-
-  if (!exceptions->GetSize()) {
-    RejectJavascriptCallback(*callback_id, base::Value());
-    return;
-  }
-
-  // We only need a single response element.
-  const base::DictionaryValue* exception = nullptr;
-  exceptions->GetDictionary(0, &exception);
-  ResolveJavascriptCallback(*callback_id, *exception);
-}
-
 void SiteSettingsHandler::HandleIsPatternValid(
     const base::ListValue* args) {
   CHECK_EQ(2U, args->GetSize());
   const base::Value* callback_id;
   CHECK(args->Get(0, &callback_id));
   std::string pattern_string;
   CHECK(args->GetString(1, &pattern_string));
 
   ContentSettingsPattern pattern =
       ContentSettingsPattern::FromString(pattern_string);
@@ skipping 122 matching lines @@
     origin = content::kUnreachableWebDataURL;
   }
 
   content::HostZoomMap* host_zoom_map;
   host_zoom_map = content::HostZoomMap::GetDefaultForBrowserContext(profile_);
   double default_level = host_zoom_map->GetDefaultZoomLevel();
   host_zoom_map->SetZoomLevelForHost(origin, default_level);
 }
 
 }  // namespace settings