Enable permission warnings from ManifestHandlers.

extensions/common/permissions/api_permission_set.h

Index: extensions/common/permissions/api_permission_set.h
diff --git a/extensions/common/permissions/api_permission_set.h b/extensions/common/permissions/api_permission_set.h
index 9b6f26da35432ff80be0ff89bce6786d386117a8..e9727717679c8b135b17ce70ba25ac56b7d77c67 100644
--- a/extensions/common/permissions/api_permission_set.h
+++ b/extensions/common/permissions/api_permission_set.h
@@ -168,6 +168,181 @@ class APIPermissionSet {
   APIPermissionMap map_;
 };
 
+
+// TODO(rpaquay): Is ManifestPermission abstraction really needed, or should we
+// delegate everything to ManifestHandlers?
+class ManifestPermission {
+ public:
+  virtual std::string id() const = 0;
+
+  virtual std::string name() const = 0;
+
+  // Stores this into a new created |value|.
+  virtual scoped_ptr<base::Value> ToValue() const = 0;
+
+  // Clones this.
+  virtual ManifestPermission* Clone() const = 0;
+
+  // Returns a new API permission which equals this - |rhs|.
+  virtual ManifestPermission* Diff(const ManifestPermission* rhs)
+      const = 0;
+
+  // Returns a new API permission which equals the union of this and |rhs|.
+  virtual ManifestPermission* Union(const ManifestPermission* rhs)
+      const = 0;
+
+  // Returns a new API permission which equals the intersect of this and |rhs|.
+  virtual ManifestPermission* Intersect(const ManifestPermission* rhs)
+      const = 0;
+
+  // Returns true if |rhs| is a subset of this.
+  virtual bool Contains(const ManifestPermission* rhs) const = 0;
+
+  // Returns true if |rhs| is equal to this.
+  virtual bool Equal(const ManifestPermission* rhs) const = 0;
+};
+
+typedef std::map<std::string,
+  linked_ptr<ManifestPermission> > ManifestPermissionMap;
+
+class ManifestPermissionSet {

[Yoyo Zhou, 2013/11/06 04:02:36]

Would it make more sense to have the generic at this level, i.e.

Set<APIPermission>
Set<ManifestPermission>

(we'd need a better name for the container - PermissionSet is unfortunately
already taken)

You could make ParseFromJSON, etc. template specializations.

[rpaquay, 2013/11/06 16:16:16]

I *think* it might make sense. At the very least, we could have a common base
class (template) and expose the specific behavior (if there is any) in
sub-classes.

+ public:
+  class const_iterator :
+    public std::iterator<std::input_iterator_tag, const APIPermission*> {
+   public:
+    const_iterator(const ManifestPermissionMap::const_iterator& it);
+    const_iterator(const const_iterator& ids_it);
+
+    const_iterator& operator++() {
+      ++it_;
+      return *this;
+    }
+
+    const_iterator operator++(int) {
+      const_iterator tmp(it_++);
+      return tmp;
+    }
+
+    bool operator==(const const_iterator& rhs) const {
+      return it_ == rhs.it_;
+    }
+
+    bool operator!=(const const_iterator& rhs) const {
+      return it_ != rhs.it_;
+    }
+
+    const ManifestPermission* operator*() const {
+      return it_->second.get();
+    }
+
+    const ManifestPermission* operator->() const {
+      return it_->second.get();
+    }
+
+   private:
+    ManifestPermissionMap::const_iterator it_;
+  };
+
+  ManifestPermissionSet();
+
+  ManifestPermissionSet(const ManifestPermissionSet& set);
+
+  ~ManifestPermissionSet();
+
+  const_iterator begin() const {
+    return const_iterator(map().begin());
+  }
+
+  const_iterator end() const {
+    return map().end();
+  }
+
+  const_iterator find(std::string id) const {
+    return map().find(id);
+  }
+
+  const ManifestPermissionMap& map() const {
+    return map_;
+  }
+
+  ManifestPermissionMap& map() {
+    return map_;
+  }
+
+  void clear() {
+    map_.clear();
+  }
+
+  size_t count(std::string id) const {
+    return map().count(id);
+  }
+
+  bool empty() const {
+    return map().empty();
+  }
+
+  size_t erase(std::string id) {
+    return map().erase(id);
+  }
+
+  size_t size() const {
+    return map().size();
+  }
+
+  ManifestPermissionSet& operator=(const ManifestPermissionSet& rhs);
+
+  bool operator==(const ManifestPermissionSet& rhs) const;
+
+  bool operator!=(const ManifestPermissionSet& rhs) const {
+    return !operator==(rhs);
+  }
+
+  void insert(std::string id);
+
+  // Insert |permission| into the APIPermissionSet. The APIPermissionSet will
+  // take the ownership of |permission|,
+  void insert(ManifestPermission* permission);
+
+  bool Contains(const ManifestPermissionSet& rhs) const;
+
+  static void Difference(
+      const ManifestPermissionSet& set1,
+      const ManifestPermissionSet& set2,
+      ManifestPermissionSet* set3);
+
+  static void Intersection(
+      const ManifestPermissionSet& set1,
+      const ManifestPermissionSet& set2,
+      ManifestPermissionSet* set3);
+
+  static void Union(
+      const ManifestPermissionSet& set1,
+      const ManifestPermissionSet& set2,
+      ManifestPermissionSet* set3);
+
+  // Parses permissions from |permissions| and adds the parsed permissions to
+  // |manifest_permissions|. If |unhandled_permissions| is not NULL, the names
+  // of all permissions that couldn't be parsed will be added to this vector.
+  // If |error| is NULL, parsing will continue with the next permission if
+  // invalid data is detected. If |error| is not NULL, it will be set to an
+  // error message and false is returned when an invalid permission is found.
+  static bool ParseFromJSON(
+      const base::ListValue* permissions,
+      ManifestPermissionSet* manifest_permissions,
+      string16* error,
+      std::vector<std::string>* unhandled_permissions);
+
+ private:
+  static bool CreateManifestPermission(
+      const std::string& permission_name,
+      const base::Value* permission_value,
+      ManifestPermissionSet* manifest_permissions,
+      string16* error,
+      std::vector<std::string>* unhandled_permissions);
+
+  ManifestPermissionMap map_;
+};
+
 }  // namespace extensions
 
 #endif  // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_SET_H_