Chromium Code Reviews Chromium Code Reviews
Issue 925563002:
Supervised users: Slightly relax restrictions around extensions. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test_ext_install_disable| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/webui/extensions/extension_settings_handler.h" | 5 #include "chrome/browser/ui/webui/extensions/extension_settings_handler.h" |
| 6 | 6 |
| 7 #include "apps/app_load_service.h" | 7 #include "apps/app_load_service.h" |
| 8 #include "apps/saved_files_service.h" | 8 #include "apps/saved_files_service.h" |
| 9 #include "base/auto_reset.h" | 9 #include "base/auto_reset.h" |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 269 | 269 |
| 270 bool recommended_install = | 270 bool recommended_install = |
| 271 !managed_install && | 271 !managed_install && |
| 272 management_policy_->MustRemainInstalled(extension, NULL); | 272 management_policy_->MustRemainInstalled(extension, NULL); |
| 273 extension_data->SetBoolean("recommendedInstall", recommended_install); | 273 extension_data->SetBoolean("recommendedInstall", recommended_install); |
| 274 | 274 |
| 275 // Suspicious install should always be mutually exclusive to managed and/or | 275 // Suspicious install should always be mutually exclusive to managed and/or |
| 276 // recommended install. | 276 // recommended install. |
| 277 DCHECK(!(managed_install || recommended_install) || !suspicious_install); | 277 DCHECK(!(managed_install || recommended_install) || !suspicious_install); |
| 278 | 278 |
| 279 // |web_ui()| can be null in unit tests. | |
| 280 bool installed_by_custodian = | |
| 281 web_ui() && Profile::FromWebUI(web_ui())->IsSupervised() && | |
| 282 extension->was_installed_by_custodian(); | |
| 283 extension_data->SetBoolean("installedByCustodian", installed_by_custodian); | |
| 284 | |
| 279 GURL icon = | 285 GURL icon = |
| 280 ExtensionIconSource::GetIconURL(extension, | 286 ExtensionIconSource::GetIconURL(extension, |
| 281 extension_misc::EXTENSION_ICON_MEDIUM, | 287 extension_misc::EXTENSION_ICON_MEDIUM, |
| 282 ExtensionIconSet::MATCH_BIGGER, | 288 ExtensionIconSet::MATCH_BIGGER, |
| 283 !enabled, NULL); | 289 !enabled, NULL); |
| 284 if (Manifest::IsUnpackedLocation(extension->location())) { | 290 if (Manifest::IsUnpackedLocation(extension->location())) { |
| 285 extension_data->SetString("path", extension->path().value()); | 291 extension_data->SetString("path", extension->path().value()); |
| 286 extension_data->SetString( | 292 extension_data->SetString( |
| 287 "prettifiedPath", | 293 "prettifiedPath", |
| 288 extensions::path_util::PrettifyPath(extension->path()).value()); | 294 extensions::path_util::PrettifyPath(extension->path()).value()); |
| (...skipping 785 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1074 CHECK_EQ(2U, args->GetSize()); | 1080 CHECK_EQ(2U, args->GetSize()); |
| 1075 std::string extension_id, enable_str; | 1081 std::string extension_id, enable_str; |
| 1076 CHECK(args->GetString(0, &extension_id)); | 1082 CHECK(args->GetString(0, &extension_id)); |
| 1077 CHECK(args->GetString(1, &enable_str)); | 1083 CHECK(args->GetString(1, &enable_str)); |
| 1078 | 1084 |
| 1079 const Extension* extension = | 1085 const Extension* extension = |
| 1080 extension_service_->GetInstalledExtension(extension_id); | 1086 extension_service_->GetInstalledExtension(extension_id); |
| 1081 if (!extension) | 1087 if (!extension) |
| 1082 return; | 1088 return; |
| 1083 | 1089 |
| 1090 if (Profile::FromWebUI(web_ui())->IsSupervised() && | |
| 1091 extension->was_installed_by_custodian()) { | |
|
Pam (message me for reviews)
2015/02/23 10:18:50
It really seems like being installed by a custodia
Marc Treib
2015/02/23 12:07:38
As mentioned above: UserMayModifySettings = false
Pam (message me for reviews)
2015/02/23 12:20:17
So that's something we should sort out fairly soon
Marc Treib
2015/02/23 12:33:59
Done.
| |
| 1092 return; | |
| 1093 } | |
| 1094 | |
| 1084 if (!management_policy_->UserMayModifySettings(extension, NULL)) { | 1095 if (!management_policy_->UserMayModifySettings(extension, NULL)) { |
| 1085 LOG(ERROR) << "An attempt was made to enable an extension that is " | 1096 LOG(ERROR) << "An attempt was made to enable an extension that is " |
| 1086 << "non-usermanagable. Extension id: " << extension->id(); | 1097 << "non-usermanagable. Extension id: " << extension->id(); |
| 1087 return; | 1098 return; |
| 1088 } | 1099 } |
| 1089 | 1100 |
| 1090 if (enable_str == "true") { | 1101 if (enable_str == "true") { |
| 1091 ExtensionPrefs* prefs = ExtensionPrefs::Get(extension_service_->profile()); | 1102 ExtensionPrefs* prefs = ExtensionPrefs::Get(extension_service_->profile()); |
| 1092 if (prefs->DidExtensionEscalatePermissions(extension_id)) { | 1103 if (prefs->DidExtensionEscalatePermissions(extension_id)) { |
| 1093 ShowExtensionDisabledDialog( | 1104 ShowExtensionDisabledDialog( |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1158 const base::ListValue* args) { | 1169 const base::ListValue* args) { |
| 1159 CHECK_EQ(2U, args->GetSize()); | 1170 CHECK_EQ(2U, args->GetSize()); |
| 1160 std::string extension_id, allow_str; | 1171 std::string extension_id, allow_str; |
| 1161 CHECK(args->GetString(0, &extension_id)); | 1172 CHECK(args->GetString(0, &extension_id)); |
| 1162 CHECK(args->GetString(1, &allow_str)); | 1173 CHECK(args->GetString(1, &allow_str)); |
| 1163 const Extension* extension = | 1174 const Extension* extension = |
| 1164 extension_service_->GetInstalledExtension(extension_id); | 1175 extension_service_->GetInstalledExtension(extension_id); |
| 1165 if (!extension) | 1176 if (!extension) |
| 1166 return; | 1177 return; |
| 1167 | 1178 |
| 1179 if (Profile::FromWebUI(web_ui())->IsSupervised() && | |
| 1180 extension->was_installed_by_custodian()) { | |
| 1181 return; | |
| 1182 } | |
| 1183 | |
| 1168 if (!management_policy_->UserMayModifySettings(extension, NULL)) { | 1184 if (!management_policy_->UserMayModifySettings(extension, NULL)) { |
| 1169 LOG(ERROR) << "An attempt was made to change allow file access of an" | 1185 LOG(ERROR) << "An attempt was made to change allow file access of an" |
| 1170 << " extension that is non-usermanagable. Extension id : " | 1186 << " extension that is non-usermanagable. Extension id : " |
| 1171 << extension->id(); | 1187 << extension->id(); |
| 1172 return; | 1188 return; |
| 1173 } | 1189 } |
| 1174 | 1190 |
| 1175 util::SetAllowFileAccess( | 1191 util::SetAllowFileAccess( |
| 1176 extension_id, extension_service_->profile(), allow_str == "true"); | 1192 extension_id, extension_service_->profile(), allow_str == "true"); |
| 1177 } | 1193 } |
| (...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1532 extension_service_->EnableExtension(extension_id); | 1548 extension_service_->EnableExtension(extension_id); |
| 1533 } else { | 1549 } else { |
| 1534 ExtensionErrorReporter::GetInstance()->ReportError( | 1550 ExtensionErrorReporter::GetInstance()->ReportError( |
| 1535 base::UTF8ToUTF16(JoinString(requirement_errors, ' ')), | 1551 base::UTF8ToUTF16(JoinString(requirement_errors, ' ')), |
| 1536 true); // Be noisy. | 1552 true); // Be noisy. |
| 1537 } | 1553 } |
| 1538 requirements_checker_.reset(); | 1554 requirements_checker_.reset(); |
| 1539 } | 1555 } |
| 1540 | 1556 |
| 1541 } // namespace extensions | 1557 } // namespace extensions |
| OLD | NEW |
