| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/managed_mode/managed_user_service.h" | |
| 6 | |
| 7 #include "base/command_line.h" | |
| 8 #include "base/memory/ref_counted.h" | |
| 9 #include "base/prefs/pref_service.h" | |
| 10 #include "base/strings/string_number_conversions.h" | |
| 11 #include "base/strings/utf_string_conversions.h" | |
| 12 #include "chrome/browser/browser_process.h" | |
| 13 #include "chrome/browser/extensions/extension_service.h" | |
| 14 #include "chrome/browser/managed_mode/custodian_profile_downloader_service.h" | |
| 15 #include "chrome/browser/managed_mode/custodian_profile_downloader_service_facto
ry.h" | |
| 16 #include "chrome/browser/managed_mode/managed_mode_site_list.h" | |
| 17 #include "chrome/browser/managed_mode/managed_user_constants.h" | |
| 18 #include "chrome/browser/managed_mode/managed_user_registration_utility.h" | |
| 19 #include "chrome/browser/managed_mode/managed_user_settings_service.h" | |
| 20 #include "chrome/browser/managed_mode/managed_user_settings_service_factory.h" | |
| 21 #include "chrome/browser/managed_mode/managed_user_shared_settings_service_facto
ry.h" | |
| 22 #include "chrome/browser/managed_mode/managed_user_sync_service.h" | |
| 23 #include "chrome/browser/managed_mode/managed_user_sync_service_factory.h" | |
| 24 #include "chrome/browser/managed_mode/permission_request_creator_apiary.h" | |
| 25 #include "chrome/browser/managed_mode/permission_request_creator_sync.h" | |
| 26 #include "chrome/browser/managed_mode/supervised_user_pref_mapping_service.h" | |
| 27 #include "chrome/browser/managed_mode/supervised_user_pref_mapping_service_facto
ry.h" | |
| 28 #include "chrome/browser/profiles/profile.h" | |
| 29 #include "chrome/browser/profiles/profile_info_cache.h" | |
| 30 #include "chrome/browser/profiles/profile_manager.h" | |
| 31 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" | |
| 32 #include "chrome/browser/signin/signin_manager_factory.h" | |
| 33 #include "chrome/browser/sync/profile_sync_service.h" | |
| 34 #include "chrome/browser/sync/profile_sync_service_factory.h" | |
| 35 #include "chrome/browser/ui/browser.h" | |
| 36 #include "chrome/browser/ui/browser_list.h" | |
| 37 #include "chrome/common/chrome_switches.h" | |
| 38 #include "chrome/common/extensions/api/managed_mode_private/managed_mode_handler
.h" | |
| 39 #include "chrome/common/pref_names.h" | |
| 40 #include "components/pref_registry/pref_registry_syncable.h" | |
| 41 #include "components/signin/core/browser/profile_oauth2_token_service.h" | |
| 42 #include "components/signin/core/browser/signin_manager.h" | |
| 43 #include "components/signin/core/browser/signin_manager_base.h" | |
| 44 #include "content/public/browser/browser_thread.h" | |
| 45 #include "content/public/browser/user_metrics.h" | |
| 46 #include "extensions/browser/extension_registry.h" | |
| 47 #include "extensions/browser/extension_system.h" | |
| 48 #include "extensions/common/extension_set.h" | |
| 49 #include "google_apis/gaia/google_service_auth_error.h" | |
| 50 #include "grit/generated_resources.h" | |
| 51 #include "net/base/escape.h" | |
| 52 #include "ui/base/l10n/l10n_util.h" | |
| 53 | |
| 54 #if defined(OS_CHROMEOS) | |
| 55 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | |
| 56 #include "chrome/browser/chromeos/login/users/user_manager.h" | |
| 57 #endif | |
| 58 | |
| 59 #if defined(ENABLE_THEMES) | |
| 60 #include "chrome/browser/themes/theme_service.h" | |
| 61 #include "chrome/browser/themes/theme_service_factory.h" | |
| 62 #endif | |
| 63 | |
| 64 using base::DictionaryValue; | |
| 65 using base::UserMetricsAction; | |
| 66 using content::BrowserThread; | |
| 67 | |
| 68 ManagedUserService::URLFilterContext::URLFilterContext() | |
| 69 : ui_url_filter_(new ManagedModeURLFilter), | |
| 70 io_url_filter_(new ManagedModeURLFilter) {} | |
| 71 ManagedUserService::URLFilterContext::~URLFilterContext() {} | |
| 72 | |
| 73 ManagedModeURLFilter* | |
| 74 ManagedUserService::URLFilterContext::ui_url_filter() const { | |
| 75 return ui_url_filter_.get(); | |
| 76 } | |
| 77 | |
| 78 ManagedModeURLFilter* | |
| 79 ManagedUserService::URLFilterContext::io_url_filter() const { | |
| 80 return io_url_filter_.get(); | |
| 81 } | |
| 82 | |
| 83 void ManagedUserService::URLFilterContext::SetDefaultFilteringBehavior( | |
| 84 ManagedModeURLFilter::FilteringBehavior behavior) { | |
| 85 ui_url_filter_->SetDefaultFilteringBehavior(behavior); | |
| 86 BrowserThread::PostTask( | |
| 87 BrowserThread::IO, | |
| 88 FROM_HERE, | |
| 89 base::Bind(&ManagedModeURLFilter::SetDefaultFilteringBehavior, | |
| 90 io_url_filter_.get(), behavior)); | |
| 91 } | |
| 92 | |
| 93 void ManagedUserService::URLFilterContext::LoadWhitelists( | |
| 94 ScopedVector<ManagedModeSiteList> site_lists) { | |
| 95 // ManagedModeURLFilter::LoadWhitelists takes ownership of |site_lists|, | |
| 96 // so we make an additional copy of it. | |
| 97 /// TODO(bauerb): This is kinda ugly. | |
| 98 ScopedVector<ManagedModeSiteList> site_lists_copy; | |
| 99 for (ScopedVector<ManagedModeSiteList>::iterator it = site_lists.begin(); | |
| 100 it != site_lists.end(); ++it) { | |
| 101 site_lists_copy.push_back((*it)->Clone()); | |
| 102 } | |
| 103 ui_url_filter_->LoadWhitelists(site_lists.Pass()); | |
| 104 BrowserThread::PostTask( | |
| 105 BrowserThread::IO, | |
| 106 FROM_HERE, | |
| 107 base::Bind(&ManagedModeURLFilter::LoadWhitelists, | |
| 108 io_url_filter_, base::Passed(&site_lists_copy))); | |
| 109 } | |
| 110 | |
| 111 void ManagedUserService::URLFilterContext::SetManualHosts( | |
| 112 scoped_ptr<std::map<std::string, bool> > host_map) { | |
| 113 ui_url_filter_->SetManualHosts(host_map.get()); | |
| 114 BrowserThread::PostTask( | |
| 115 BrowserThread::IO, | |
| 116 FROM_HERE, | |
| 117 base::Bind(&ManagedModeURLFilter::SetManualHosts, | |
| 118 io_url_filter_, base::Owned(host_map.release()))); | |
| 119 } | |
| 120 | |
| 121 void ManagedUserService::URLFilterContext::SetManualURLs( | |
| 122 scoped_ptr<std::map<GURL, bool> > url_map) { | |
| 123 ui_url_filter_->SetManualURLs(url_map.get()); | |
| 124 BrowserThread::PostTask( | |
| 125 BrowserThread::IO, | |
| 126 FROM_HERE, | |
| 127 base::Bind(&ManagedModeURLFilter::SetManualURLs, | |
| 128 io_url_filter_, base::Owned(url_map.release()))); | |
| 129 } | |
| 130 | |
| 131 ManagedUserService::ManagedUserService(Profile* profile) | |
| 132 : profile_(profile), | |
| 133 active_(false), | |
| 134 delegate_(NULL), | |
| 135 extension_registry_observer_(this), | |
| 136 waiting_for_sync_initialization_(false), | |
| 137 is_profile_active_(false), | |
| 138 elevated_for_testing_(false), | |
| 139 did_shutdown_(false), | |
| 140 waiting_for_permissions_(false), | |
| 141 weak_ptr_factory_(this) { | |
| 142 } | |
| 143 | |
| 144 ManagedUserService::~ManagedUserService() { | |
| 145 DCHECK(did_shutdown_); | |
| 146 } | |
| 147 | |
| 148 void ManagedUserService::Shutdown() { | |
| 149 did_shutdown_ = true; | |
| 150 if (ProfileIsManaged()) { | |
| 151 content::RecordAction(UserMetricsAction("ManagedUsers_QuitBrowser")); | |
| 152 } | |
| 153 SetActive(false); | |
| 154 } | |
| 155 | |
| 156 bool ManagedUserService::ProfileIsManaged() const { | |
| 157 return profile_->IsSupervised(); | |
| 158 } | |
| 159 | |
| 160 // static | |
| 161 void ManagedUserService::RegisterProfilePrefs( | |
| 162 user_prefs::PrefRegistrySyncable* registry) { | |
| 163 registry->RegisterDictionaryPref( | |
| 164 prefs::kSupervisedUserManualHosts, | |
| 165 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | |
| 166 registry->RegisterDictionaryPref( | |
| 167 prefs::kSupervisedUserManualURLs, | |
| 168 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | |
| 169 registry->RegisterIntegerPref( | |
| 170 prefs::kDefaultSupervisedUserFilteringBehavior, | |
| 171 ManagedModeURLFilter::ALLOW, | |
| 172 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | |
| 173 registry->RegisterStringPref( | |
| 174 prefs::kSupervisedUserCustodianEmail, std::string(), | |
| 175 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | |
| 176 registry->RegisterStringPref( | |
| 177 prefs::kSupervisedUserCustodianName, std::string(), | |
| 178 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | |
| 179 registry->RegisterBooleanPref(prefs::kSupervisedUserCreationAllowed, true, | |
| 180 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | |
| 181 } | |
| 182 | |
| 183 // static | |
| 184 void ManagedUserService::MigrateUserPrefs(PrefService* prefs) { | |
| 185 if (!prefs->HasPrefPath(prefs::kProfileIsSupervised)) | |
| 186 return; | |
| 187 | |
| 188 bool is_managed = prefs->GetBoolean(prefs::kProfileIsSupervised); | |
| 189 prefs->ClearPref(prefs::kProfileIsSupervised); | |
| 190 | |
| 191 if (!is_managed) | |
| 192 return; | |
| 193 | |
| 194 std::string managed_user_id = prefs->GetString(prefs::kSupervisedUserId); | |
| 195 if (!managed_user_id.empty()) | |
| 196 return; | |
| 197 | |
| 198 prefs->SetString(prefs::kSupervisedUserId, "Dummy ID"); | |
| 199 } | |
| 200 | |
| 201 void ManagedUserService::SetDelegate(Delegate* delegate) { | |
| 202 if (delegate_ == delegate) | |
| 203 return; | |
| 204 // If the delegate changed, deactivate first to give the old delegate a chance | |
| 205 // to clean up. | |
| 206 SetActive(false); | |
| 207 delegate_ = delegate; | |
| 208 } | |
| 209 | |
| 210 scoped_refptr<const ManagedModeURLFilter> | |
| 211 ManagedUserService::GetURLFilterForIOThread() { | |
| 212 return url_filter_context_.io_url_filter(); | |
| 213 } | |
| 214 | |
| 215 ManagedModeURLFilter* ManagedUserService::GetURLFilterForUIThread() { | |
| 216 return url_filter_context_.ui_url_filter(); | |
| 217 } | |
| 218 | |
| 219 // Items not on any list must return -1 (CATEGORY_NOT_ON_LIST in history.js). | |
| 220 // Items on a list, but with no category, must return 0 (CATEGORY_OTHER). | |
| 221 #define CATEGORY_NOT_ON_LIST -1; | |
| 222 #define CATEGORY_OTHER 0; | |
| 223 | |
| 224 int ManagedUserService::GetCategory(const GURL& url) { | |
| 225 std::vector<ManagedModeSiteList::Site*> sites; | |
| 226 GetURLFilterForUIThread()->GetSites(url, &sites); | |
| 227 if (sites.empty()) | |
| 228 return CATEGORY_NOT_ON_LIST; | |
| 229 | |
| 230 return (*sites.begin())->category_id; | |
| 231 } | |
| 232 | |
| 233 // static | |
| 234 void ManagedUserService::GetCategoryNames(CategoryList* list) { | |
| 235 ManagedModeSiteList::GetCategoryNames(list); | |
| 236 } | |
| 237 | |
| 238 std::string ManagedUserService::GetCustodianEmailAddress() const { | |
| 239 #if defined(OS_CHROMEOS) | |
| 240 return chromeos::UserManager::Get()->GetSupervisedUserManager()-> | |
| 241 GetManagerDisplayEmail( | |
| 242 chromeos::UserManager::Get()->GetActiveUser()->email()); | |
| 243 #else | |
| 244 return profile_->GetPrefs()->GetString(prefs::kSupervisedUserCustodianEmail); | |
| 245 #endif | |
| 246 } | |
| 247 | |
| 248 std::string ManagedUserService::GetCustodianName() const { | |
| 249 #if defined(OS_CHROMEOS) | |
| 250 return base::UTF16ToUTF8(chromeos::UserManager::Get()-> | |
| 251 GetSupervisedUserManager()->GetManagerDisplayName( | |
| 252 chromeos::UserManager::Get()->GetActiveUser()->email())); | |
| 253 #else | |
| 254 std::string name = profile_->GetPrefs()->GetString( | |
| 255 prefs::kSupervisedUserCustodianName); | |
| 256 return name.empty() ? GetCustodianEmailAddress() : name; | |
| 257 #endif | |
| 258 } | |
| 259 | |
| 260 void ManagedUserService::AddNavigationBlockedCallback( | |
| 261 const NavigationBlockedCallback& callback) { | |
| 262 navigation_blocked_callbacks_.push_back(callback); | |
| 263 } | |
| 264 | |
| 265 void ManagedUserService::DidBlockNavigation( | |
| 266 content::WebContents* web_contents) { | |
| 267 for (std::vector<NavigationBlockedCallback>::iterator it = | |
| 268 navigation_blocked_callbacks_.begin(); | |
| 269 it != navigation_blocked_callbacks_.end(); ++it) { | |
| 270 it->Run(web_contents); | |
| 271 } | |
| 272 } | |
| 273 | |
| 274 std::string ManagedUserService::GetDebugPolicyProviderName() const { | |
| 275 // Save the string space in official builds. | |
| 276 #ifdef NDEBUG | |
| 277 NOTREACHED(); | |
| 278 return std::string(); | |
| 279 #else | |
| 280 return "Managed User Service"; | |
| 281 #endif | |
| 282 } | |
| 283 | |
| 284 bool ManagedUserService::UserMayLoad(const extensions::Extension* extension, | |
| 285 base::string16* error) const { | |
| 286 base::string16 tmp_error; | |
| 287 if (ExtensionManagementPolicyImpl(extension, &tmp_error)) | |
| 288 return true; | |
| 289 | |
| 290 // If the extension is already loaded, we allow it, otherwise we'd unload | |
| 291 // all existing extensions. | |
| 292 ExtensionService* extension_service = | |
| 293 extensions::ExtensionSystem::Get(profile_)->extension_service(); | |
| 294 | |
| 295 // |extension_service| can be NULL in a unit test. | |
| 296 if (extension_service && | |
| 297 extension_service->GetInstalledExtension(extension->id())) | |
| 298 return true; | |
| 299 | |
| 300 bool was_installed_by_default = extension->was_installed_by_default(); | |
| 301 #if defined(OS_CHROMEOS) | |
| 302 // On Chrome OS all external sources are controlled by us so it means that | |
| 303 // they are "default". Method was_installed_by_default returns false because | |
| 304 // extensions creation flags are ignored in case of default extensions with | |
| 305 // update URL(the flags aren't passed to OnExternalExtensionUpdateUrlFound). | |
| 306 // TODO(dpolukhin): remove this Chrome OS specific code as soon as creation | |
| 307 // flags are not ignored. | |
| 308 was_installed_by_default = | |
| 309 extensions::Manifest::IsExternalLocation(extension->location()); | |
| 310 #endif | |
| 311 if (extension->location() == extensions::Manifest::COMPONENT || | |
| 312 was_installed_by_default) { | |
| 313 return true; | |
| 314 } | |
| 315 | |
| 316 if (error) | |
| 317 *error = tmp_error; | |
| 318 return false; | |
| 319 } | |
| 320 | |
| 321 bool ManagedUserService::UserMayModifySettings( | |
| 322 const extensions::Extension* extension, | |
| 323 base::string16* error) const { | |
| 324 return ExtensionManagementPolicyImpl(extension, error); | |
| 325 } | |
| 326 | |
| 327 void ManagedUserService::OnStateChanged() { | |
| 328 ProfileSyncService* service = | |
| 329 ProfileSyncServiceFactory::GetForProfile(profile_); | |
| 330 if (waiting_for_sync_initialization_ && service->sync_initialized()) { | |
| 331 waiting_for_sync_initialization_ = false; | |
| 332 service->RemoveObserver(this); | |
| 333 SetupSync(); | |
| 334 return; | |
| 335 } | |
| 336 | |
| 337 DLOG_IF(ERROR, service->GetAuthError().state() == | |
| 338 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS) | |
| 339 << "Credentials rejected"; | |
| 340 } | |
| 341 | |
| 342 void ManagedUserService::OnExtensionLoaded( | |
| 343 content::BrowserContext* browser_context, | |
| 344 const extensions::Extension* extension) { | |
| 345 if (!extensions::ManagedModeInfo::GetContentPackSiteList(extension).empty()) { | |
| 346 UpdateSiteLists(); | |
| 347 } | |
| 348 } | |
| 349 void ManagedUserService::OnExtensionUnloaded( | |
| 350 content::BrowserContext* browser_context, | |
| 351 const extensions::Extension* extension, | |
| 352 extensions::UnloadedExtensionInfo::Reason reason) { | |
| 353 if (!extensions::ManagedModeInfo::GetContentPackSiteList(extension).empty()) { | |
| 354 UpdateSiteLists(); | |
| 355 } | |
| 356 } | |
| 357 | |
| 358 void ManagedUserService::SetupSync() { | |
| 359 ProfileSyncService* service = | |
| 360 ProfileSyncServiceFactory::GetForProfile(profile_); | |
| 361 DCHECK(service->sync_initialized()); | |
| 362 | |
| 363 bool sync_everything = false; | |
| 364 syncer::ModelTypeSet synced_datatypes; | |
| 365 synced_datatypes.Put(syncer::SUPERVISED_USER_SETTINGS); | |
| 366 service->OnUserChoseDatatypes(sync_everything, synced_datatypes); | |
| 367 | |
| 368 // Notify ProfileSyncService that we are done with configuration. | |
| 369 service->SetSetupInProgress(false); | |
| 370 service->SetSyncSetupCompleted(); | |
| 371 } | |
| 372 | |
| 373 bool ManagedUserService::ExtensionManagementPolicyImpl( | |
| 374 const extensions::Extension* extension, | |
| 375 base::string16* error) const { | |
| 376 // |extension| can be NULL in unit_tests. | |
| 377 if (!ProfileIsManaged() || (extension && extension->is_theme())) | |
| 378 return true; | |
| 379 | |
| 380 if (elevated_for_testing_) | |
| 381 return true; | |
| 382 | |
| 383 if (error) | |
| 384 *error = l10n_util::GetStringUTF16(IDS_EXTENSIONS_LOCKED_MANAGED_USER); | |
| 385 return false; | |
| 386 } | |
| 387 | |
| 388 ScopedVector<ManagedModeSiteList> ManagedUserService::GetActiveSiteLists() { | |
| 389 ScopedVector<ManagedModeSiteList> site_lists; | |
| 390 ExtensionService* extension_service = | |
| 391 extensions::ExtensionSystem::Get(profile_)->extension_service(); | |
| 392 // Can be NULL in unit tests. | |
| 393 if (!extension_service) | |
| 394 return site_lists.Pass(); | |
| 395 | |
| 396 const extensions::ExtensionSet* extensions = extension_service->extensions(); | |
| 397 for (extensions::ExtensionSet::const_iterator it = extensions->begin(); | |
| 398 it != extensions->end(); ++it) { | |
| 399 const extensions::Extension* extension = it->get(); | |
| 400 if (!extension_service->IsExtensionEnabled(extension->id())) | |
| 401 continue; | |
| 402 | |
| 403 extensions::ExtensionResource site_list = | |
| 404 extensions::ManagedModeInfo::GetContentPackSiteList(extension); | |
| 405 if (!site_list.empty()) { | |
| 406 site_lists.push_back(new ManagedModeSiteList(extension->id(), | |
| 407 site_list.GetFilePath())); | |
| 408 } | |
| 409 } | |
| 410 | |
| 411 return site_lists.Pass(); | |
| 412 } | |
| 413 | |
| 414 ManagedUserSettingsService* ManagedUserService::GetSettingsService() { | |
| 415 return ManagedUserSettingsServiceFactory::GetForProfile(profile_); | |
| 416 } | |
| 417 | |
| 418 void ManagedUserService::OnManagedUserIdChanged() { | |
| 419 std::string managed_user_id = | |
| 420 profile_->GetPrefs()->GetString(prefs::kSupervisedUserId); | |
| 421 SetActive(!managed_user_id.empty()); | |
| 422 } | |
| 423 | |
| 424 void ManagedUserService::OnDefaultFilteringBehaviorChanged() { | |
| 425 DCHECK(ProfileIsManaged()); | |
| 426 | |
| 427 int behavior_value = profile_->GetPrefs()->GetInteger( | |
| 428 prefs::kDefaultSupervisedUserFilteringBehavior); | |
| 429 ManagedModeURLFilter::FilteringBehavior behavior = | |
| 430 ManagedModeURLFilter::BehaviorFromInt(behavior_value); | |
| 431 url_filter_context_.SetDefaultFilteringBehavior(behavior); | |
| 432 } | |
| 433 | |
| 434 void ManagedUserService::UpdateSiteLists() { | |
| 435 url_filter_context_.LoadWhitelists(GetActiveSiteLists()); | |
| 436 } | |
| 437 | |
| 438 bool ManagedUserService::AccessRequestsEnabled() { | |
| 439 if (waiting_for_permissions_) | |
| 440 return false; | |
| 441 | |
| 442 ProfileSyncService* service = | |
| 443 ProfileSyncServiceFactory::GetForProfile(profile_); | |
| 444 GoogleServiceAuthError::State state = service->GetAuthError().state(); | |
| 445 // We allow requesting access if Sync is working or has a transient error. | |
| 446 return (state == GoogleServiceAuthError::NONE || | |
| 447 state == GoogleServiceAuthError::CONNECTION_FAILED || | |
| 448 state == GoogleServiceAuthError::SERVICE_UNAVAILABLE); | |
| 449 } | |
| 450 | |
| 451 void ManagedUserService::OnPermissionRequestIssued() { | |
| 452 waiting_for_permissions_ = false; | |
| 453 // TODO(akuegel): Figure out how to show the result of issuing the permission | |
| 454 // request in the UI. Currently, we assume the permission request was created | |
| 455 // successfully. | |
| 456 } | |
| 457 | |
| 458 void ManagedUserService::AddAccessRequest(const GURL& url) { | |
| 459 // Normalize the URL. | |
| 460 GURL normalized_url = ManagedModeURLFilter::Normalize(url); | |
| 461 | |
| 462 // Escape the URL. | |
| 463 std::string output(net::EscapeQueryParamValue(normalized_url.spec(), true)); | |
| 464 | |
| 465 waiting_for_permissions_ = true; | |
| 466 permissions_creator_->CreatePermissionRequest( | |
| 467 output, | |
| 468 base::Bind(&ManagedUserService::OnPermissionRequestIssued, | |
| 469 weak_ptr_factory_.GetWeakPtr())); | |
| 470 } | |
| 471 | |
| 472 ManagedUserService::ManualBehavior ManagedUserService::GetManualBehaviorForHost( | |
| 473 const std::string& hostname) { | |
| 474 const base::DictionaryValue* dict = | |
| 475 profile_->GetPrefs()->GetDictionary(prefs::kSupervisedUserManualHosts); | |
| 476 bool allow = false; | |
| 477 if (!dict->GetBooleanWithoutPathExpansion(hostname, &allow)) | |
| 478 return MANUAL_NONE; | |
| 479 | |
| 480 return allow ? MANUAL_ALLOW : MANUAL_BLOCK; | |
| 481 } | |
| 482 | |
| 483 ManagedUserService::ManualBehavior ManagedUserService::GetManualBehaviorForURL( | |
| 484 const GURL& url) { | |
| 485 const base::DictionaryValue* dict = | |
| 486 profile_->GetPrefs()->GetDictionary(prefs::kSupervisedUserManualURLs); | |
| 487 GURL normalized_url = ManagedModeURLFilter::Normalize(url); | |
| 488 bool allow = false; | |
| 489 if (!dict->GetBooleanWithoutPathExpansion(normalized_url.spec(), &allow)) | |
| 490 return MANUAL_NONE; | |
| 491 | |
| 492 return allow ? MANUAL_ALLOW : MANUAL_BLOCK; | |
| 493 } | |
| 494 | |
| 495 void ManagedUserService::GetManualExceptionsForHost(const std::string& host, | |
| 496 std::vector<GURL>* urls) { | |
| 497 const base::DictionaryValue* dict = | |
| 498 profile_->GetPrefs()->GetDictionary(prefs::kSupervisedUserManualURLs); | |
| 499 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { | |
| 500 GURL url(it.key()); | |
| 501 if (url.host() == host) | |
| 502 urls->push_back(url); | |
| 503 } | |
| 504 } | |
| 505 | |
| 506 void ManagedUserService::InitSync(const std::string& refresh_token) { | |
| 507 ProfileSyncService* service = | |
| 508 ProfileSyncServiceFactory::GetForProfile(profile_); | |
| 509 // Tell the sync service that setup is in progress so we don't start syncing | |
| 510 // until we've finished configuration. | |
| 511 service->SetSetupInProgress(true); | |
| 512 | |
| 513 ProfileOAuth2TokenService* token_service = | |
| 514 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_); | |
| 515 token_service->UpdateCredentials(managed_users::kManagedUserPseudoEmail, | |
| 516 refresh_token); | |
| 517 | |
| 518 // Continue in SetupSync() once the Sync backend has been initialized. | |
| 519 if (service->sync_initialized()) { | |
| 520 SetupSync(); | |
| 521 } else { | |
| 522 ProfileSyncServiceFactory::GetForProfile(profile_)->AddObserver(this); | |
| 523 waiting_for_sync_initialization_ = true; | |
| 524 } | |
| 525 } | |
| 526 | |
| 527 void ManagedUserService::Init() { | |
| 528 DCHECK(GetSettingsService()->IsReady()); | |
| 529 | |
| 530 pref_change_registrar_.Init(profile_->GetPrefs()); | |
| 531 pref_change_registrar_.Add( | |
| 532 prefs::kSupervisedUserId, | |
| 533 base::Bind(&ManagedUserService::OnManagedUserIdChanged, | |
| 534 base::Unretained(this))); | |
| 535 | |
| 536 SetActive(ProfileIsManaged()); | |
| 537 } | |
| 538 | |
| 539 void ManagedUserService::SetActive(bool active) { | |
| 540 if (active_ == active) | |
| 541 return; | |
| 542 active_ = active; | |
| 543 | |
| 544 if (!delegate_ || !delegate_->SetActive(active_)) { | |
| 545 if (active_) { | |
| 546 SupervisedUserPrefMappingServiceFactory::GetForBrowserContext(profile_) | |
| 547 ->Init(); | |
| 548 | |
| 549 CommandLine* command_line = CommandLine::ForCurrentProcess(); | |
| 550 if (command_line->HasSwitch(switches::kSupervisedUserSyncToken)) { | |
| 551 InitSync( | |
| 552 command_line->GetSwitchValueASCII( | |
| 553 switches::kSupervisedUserSyncToken)); | |
| 554 } | |
| 555 | |
| 556 ProfileOAuth2TokenService* token_service = | |
| 557 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_); | |
| 558 token_service->LoadCredentials(managed_users::kManagedUserPseudoEmail); | |
| 559 } | |
| 560 } | |
| 561 | |
| 562 // Now activate/deactivate anything not handled by the delegate yet. | |
| 563 | |
| 564 #if defined(ENABLE_THEMES) | |
| 565 // Re-set the default theme to turn the SU theme on/off. | |
| 566 ThemeService* theme_service = ThemeServiceFactory::GetForProfile(profile_); | |
| 567 if (theme_service->UsingDefaultTheme() || theme_service->UsingSystemTheme()) { | |
| 568 ThemeServiceFactory::GetForProfile(profile_)->UseDefaultTheme(); | |
| 569 } | |
| 570 #endif | |
| 571 | |
| 572 ManagedUserSettingsService* settings_service = GetSettingsService(); | |
| 573 settings_service->SetActive(active_); | |
| 574 | |
| 575 extensions::ExtensionSystem* extension_system = | |
| 576 extensions::ExtensionSystem::Get(profile_); | |
| 577 extensions::ManagementPolicy* management_policy = | |
| 578 extension_system->management_policy(); | |
| 579 | |
| 580 if (active_) { | |
| 581 if (CommandLine::ForCurrentProcess()->HasSwitch( | |
| 582 switches::kPermissionRequestApiUrl)) { | |
| 583 permissions_creator_ = | |
| 584 PermissionRequestCreatorApiary::CreateWithProfile(profile_); | |
| 585 } else { | |
| 586 PrefService* pref_service = profile_->GetPrefs(); | |
| 587 permissions_creator_.reset(new PermissionRequestCreatorSync( | |
| 588 settings_service, | |
| 589 ManagedUserSharedSettingsServiceFactory::GetForBrowserContext( | |
| 590 profile_), | |
| 591 pref_service->GetString(prefs::kProfileName), | |
| 592 pref_service->GetString(prefs::kSupervisedUserId))); | |
| 593 } | |
| 594 | |
| 595 if (management_policy) | |
| 596 management_policy->RegisterProvider(this); | |
| 597 | |
| 598 extension_registry_observer_.Add( | |
| 599 extensions::ExtensionRegistry::Get(profile_)); | |
| 600 | |
| 601 pref_change_registrar_.Add( | |
| 602 prefs::kDefaultSupervisedUserFilteringBehavior, | |
| 603 base::Bind(&ManagedUserService::OnDefaultFilteringBehaviorChanged, | |
| 604 base::Unretained(this))); | |
| 605 pref_change_registrar_.Add(prefs::kSupervisedUserManualHosts, | |
| 606 base::Bind(&ManagedUserService::UpdateManualHosts, | |
| 607 base::Unretained(this))); | |
| 608 pref_change_registrar_.Add(prefs::kSupervisedUserManualURLs, | |
| 609 base::Bind(&ManagedUserService::UpdateManualURLs, | |
| 610 base::Unretained(this))); | |
| 611 | |
| 612 // Initialize the filter. | |
| 613 OnDefaultFilteringBehaviorChanged(); | |
| 614 UpdateSiteLists(); | |
| 615 UpdateManualHosts(); | |
| 616 UpdateManualURLs(); | |
| 617 | |
| 618 #if !defined(OS_ANDROID) | |
| 619 // TODO(bauerb): Get rid of the platform-specific #ifdef here. | |
| 620 // http://crbug.com/313377 | |
| 621 BrowserList::AddObserver(this); | |
| 622 #endif | |
| 623 } else { | |
| 624 permissions_creator_.reset(); | |
| 625 | |
| 626 if (management_policy) | |
| 627 management_policy->UnregisterProvider(this); | |
| 628 | |
| 629 extension_registry_observer_.RemoveAll(); | |
| 630 | |
| 631 pref_change_registrar_.Remove( | |
| 632 prefs::kDefaultSupervisedUserFilteringBehavior); | |
| 633 pref_change_registrar_.Remove(prefs::kSupervisedUserManualHosts); | |
| 634 pref_change_registrar_.Remove(prefs::kSupervisedUserManualURLs); | |
| 635 | |
| 636 if (waiting_for_sync_initialization_) { | |
| 637 ProfileSyncService* sync_service = | |
| 638 ProfileSyncServiceFactory::GetForProfile(profile_); | |
| 639 sync_service->RemoveObserver(this); | |
| 640 } | |
| 641 | |
| 642 #if !defined(OS_ANDROID) | |
| 643 // TODO(bauerb): Get rid of the platform-specific #ifdef here. | |
| 644 // http://crbug.com/313377 | |
| 645 BrowserList::RemoveObserver(this); | |
| 646 #endif | |
| 647 } | |
| 648 } | |
| 649 | |
| 650 void ManagedUserService::RegisterAndInitSync( | |
| 651 ManagedUserRegistrationUtility* registration_utility, | |
| 652 Profile* custodian_profile, | |
| 653 const std::string& managed_user_id, | |
| 654 const AuthErrorCallback& callback) { | |
| 655 DCHECK(ProfileIsManaged()); | |
| 656 DCHECK(!custodian_profile->IsSupervised()); | |
| 657 | |
| 658 base::string16 name = base::UTF8ToUTF16( | |
| 659 profile_->GetPrefs()->GetString(prefs::kProfileName)); | |
| 660 int avatar_index = profile_->GetPrefs()->GetInteger( | |
| 661 prefs::kProfileAvatarIndex); | |
| 662 ManagedUserRegistrationInfo info(name, avatar_index); | |
| 663 registration_utility->Register( | |
| 664 managed_user_id, | |
| 665 info, | |
| 666 base::Bind(&ManagedUserService::OnManagedUserRegistered, | |
| 667 weak_ptr_factory_.GetWeakPtr(), callback, custodian_profile)); | |
| 668 | |
| 669 // Fetch the custodian's profile information, to store the name. | |
| 670 // TODO(pamg): If --google-profile-info (flag: switches::kGoogleProfileInfo) | |
| 671 // is ever enabled, take the name from the ProfileInfoCache instead. | |
| 672 CustodianProfileDownloaderService* profile_downloader_service = | |
| 673 CustodianProfileDownloaderServiceFactory::GetForProfile( | |
| 674 custodian_profile); | |
| 675 profile_downloader_service->DownloadProfile( | |
| 676 base::Bind(&ManagedUserService::OnCustodianProfileDownloaded, | |
| 677 weak_ptr_factory_.GetWeakPtr())); | |
| 678 } | |
| 679 | |
| 680 void ManagedUserService::OnCustodianProfileDownloaded( | |
| 681 const base::string16& full_name) { | |
| 682 profile_->GetPrefs()->SetString(prefs::kSupervisedUserCustodianName, | |
| 683 base::UTF16ToUTF8(full_name)); | |
| 684 } | |
| 685 | |
| 686 void ManagedUserService::OnManagedUserRegistered( | |
| 687 const AuthErrorCallback& callback, | |
| 688 Profile* custodian_profile, | |
| 689 const GoogleServiceAuthError& auth_error, | |
| 690 const std::string& token) { | |
| 691 if (auth_error.state() == GoogleServiceAuthError::NONE) { | |
| 692 InitSync(token); | |
| 693 SigninManagerBase* signin = | |
| 694 SigninManagerFactory::GetForProfile(custodian_profile); | |
| 695 profile_->GetPrefs()->SetString(prefs::kSupervisedUserCustodianEmail, | |
| 696 signin->GetAuthenticatedUsername()); | |
| 697 | |
| 698 // The managed-user profile is now ready for use. | |
| 699 ProfileManager* profile_manager = g_browser_process->profile_manager(); | |
| 700 ProfileInfoCache& cache = profile_manager->GetProfileInfoCache(); | |
| 701 size_t index = cache.GetIndexOfProfileWithPath(profile_->GetPath()); | |
| 702 cache.SetIsOmittedProfileAtIndex(index, false); | |
| 703 } else { | |
| 704 DCHECK_EQ(std::string(), token); | |
| 705 } | |
| 706 | |
| 707 callback.Run(auth_error); | |
| 708 } | |
| 709 | |
| 710 void ManagedUserService::UpdateManualHosts() { | |
| 711 const base::DictionaryValue* dict = | |
| 712 profile_->GetPrefs()->GetDictionary(prefs::kSupervisedUserManualHosts); | |
| 713 scoped_ptr<std::map<std::string, bool> > host_map( | |
| 714 new std::map<std::string, bool>()); | |
| 715 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { | |
| 716 bool allow = false; | |
| 717 bool result = it.value().GetAsBoolean(&allow); | |
| 718 DCHECK(result); | |
| 719 (*host_map)[it.key()] = allow; | |
| 720 } | |
| 721 url_filter_context_.SetManualHosts(host_map.Pass()); | |
| 722 } | |
| 723 | |
| 724 void ManagedUserService::UpdateManualURLs() { | |
| 725 const base::DictionaryValue* dict = | |
| 726 profile_->GetPrefs()->GetDictionary(prefs::kSupervisedUserManualURLs); | |
| 727 scoped_ptr<std::map<GURL, bool> > url_map(new std::map<GURL, bool>()); | |
| 728 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { | |
| 729 bool allow = false; | |
| 730 bool result = it.value().GetAsBoolean(&allow); | |
| 731 DCHECK(result); | |
| 732 (*url_map)[GURL(it.key())] = allow; | |
| 733 } | |
| 734 url_filter_context_.SetManualURLs(url_map.Pass()); | |
| 735 } | |
| 736 | |
| 737 void ManagedUserService::OnBrowserSetLastActive(Browser* browser) { | |
| 738 bool profile_became_active = profile_->IsSameProfile(browser->profile()); | |
| 739 if (!is_profile_active_ && profile_became_active) | |
| 740 content::RecordAction(UserMetricsAction("ManagedUsers_OpenProfile")); | |
| 741 else if (is_profile_active_ && !profile_became_active) | |
| 742 content::RecordAction(UserMetricsAction("ManagedUsers_SwitchProfile")); | |
| 743 | |
| 744 is_profile_active_ = profile_became_active; | |
| 745 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 335833003:
Rename "managed (mode|user)" to "supervised user" (part 2) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src