Chromium Code Reviews Chromium Code Reviews
Issue 421693002:
Adds an AccessPolicy that is queried to determine what a connection can do (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: mojo/services/view_manager/default_access_policy.cc |
| diff --git a/mojo/services/view_manager/default_access_policy.cc b/mojo/services/view_manager/default_access_policy.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..6a13dfefb25902e15c3407130b7d1b249d1b3ddf |
| --- /dev/null |
| +++ b/mojo/services/view_manager/default_access_policy.cc |
| @@ -0,0 +1,131 @@ |
| +// Copyright 2014 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "mojo/services/view_manager/default_access_policy.h" |
| + |
| +#include "mojo/services/view_manager/access_policy_delegate.h" |
| +#include "mojo/services/view_manager/node.h" |
| +#include "mojo/services/view_manager/view.h" |
| + |
| +namespace mojo { |
| +namespace service { |
| + |
| +DefaultAccessPolicy::DefaultAccessPolicy(ConnectionSpecificId connection_id, |
| + AccessPolicyDelegate* delegate) |
| + : connection_id_(connection_id), |
| + delegate_(delegate) { |
| +} |
| + |
| +DefaultAccessPolicy::~DefaultAccessPolicy() { |
| +} |
| + |
| +bool DefaultAccessPolicy::CanRemoveNodeFromParent(const Node* node) const { |
| + if (!IsNodeFromThisConnection(node)) |
| + return false; // Can only unparent nodes we created. |
| + |
| + const Node* parent = node->GetParent(); |
| + return IsNodeInRoots(parent) || IsNodeFromThisConnection(parent); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanAddNode(const Node* parent, |
| + const Node* child) const { |
| + return IsNodeFromThisConnection(child) && |
| + (IsNodeInRoots(parent) || |
| + (IsNodeFromThisConnection(parent) && |
| + !delegate_->IsNodeEmbeddedInAnotherConnectionForAccessPolicy(parent))); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanReorderNode(const Node* node, |
| + const Node* relative_node, |
| + OrderDirection direction) const { |
| + return IsNodeFromThisConnection(node) && |
| + IsNodeFromThisConnection(relative_node); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanDeleteNode(const Node* node) const { |
| + return IsNodeFromThisConnection(node); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanDeleteView(const View* view) const { |
| + return view->id().connection_id == connection_id_; |
|
Ben Goodger (Google)
2014/07/25 20:51:46
I would distill this pattern to an "IdOwnedByThisC
sky
2014/07/25 21:10:46
I went with a template (ick!) so that I can keep t
|
| +} |
| + |
| +bool DefaultAccessPolicy::CanSetView(const Node* node, const View* view) const { |
| + if (view && view->id().connection_id != connection_id_) |
| + return false; |
| + |
| + return IsNodeFromThisConnection(node) || IsNodeInRoots(node); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanSetFocus(const Node* node) const { |
| + // TODO(beng): security. |
| + return true; |
| +} |
| + |
| +bool DefaultAccessPolicy::CanGetNodeTree(const Node* node) const { |
| + return IsNodeFromThisConnection(node) || IsNodeInRoots(node); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanDescendIntoNodeForNodeTree( |
| + const Node* node) const { |
| + return IsNodeFromThisConnection(node) && |
| + !delegate_->IsNodeEmbeddedInAnotherConnectionForAccessPolicy(node); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanEmbed(const Node* node) const { |
| + return IsNodeFromThisConnection(node); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanChangeNodeVisibility(const Node* node) const { |
| + return IsNodeFromThisConnection(node) || IsNodeInRoots(node); |
| +} |
| + |
| +bool DefaultAccessPolicy::CanSetViewContents(const View* view) const { |
| + return view->id().connection_id == connection_id_; |
| +} |
| + |
| +bool DefaultAccessPolicy::CanSetNodeBounds(const Node* node) const { |
| + return IsNodeFromThisConnection(node); |
| +} |
| + |
| +bool DefaultAccessPolicy::ShouldNotifyOnHierarchyChange( |
| + const Node* node, |
| + const Node** new_parent, |
| + const Node** old_parent) const { |
| + if (!IsNodeFromThisConnection(node)) |
| + return false; |
| + |
| + if (*new_parent && !IsNodeFromThisConnection(*new_parent) && |
| + !IsNodeInRoots(*new_parent)) { |
| + *new_parent = NULL; |
| + } |
| + |
| + if (*old_parent && !IsNodeFromThisConnection(*old_parent) && |
| + !IsNodeInRoots(*old_parent)) { |
| + *old_parent = NULL; |
| + } |
| + return true; |
| +} |
| + |
| +Id DefaultAccessPolicy::GetViewIdToSend(const Node* node, |
| + const View* view) const { |
| + // TODO(sky): should we send null if view is not from this connection? |
| + return ViewIdToTransportId(view->id()); |
| +} |
| + |
| +bool DefaultAccessPolicy::ShouldSendViewDeleted(const ViewId& view_id) const { |
| + return view_id.connection_id == connection_id_; |
| +} |
| + |
| +bool DefaultAccessPolicy::IsNodeInRoots(const Node* node) const { |
| + return delegate_->GetRootsForAccessPolicy().count( |
| + NodeIdToTransportId(node->id())) > 0; |
| +} |
| + |
| +bool DefaultAccessPolicy::IsNodeFromThisConnection(const Node* node) const { |
| + return node->id().connection_id == connection_id_; |
| +} |
| + |
| +} // namespace service |
| +} // namespace mojo |
