[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 1 | // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_ |
| 6 | #define CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_ |
| 7 | |
[email protected] | 0d9a1da8 | 2013-03-14 21:52:07 | [diff] [blame] | 8 | #include <set> |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 9 | #include <vector> |
| 10 | |
[email protected] | a581ea2 | 2013-05-06 12:34:19 | [diff] [blame] | 11 | #include "base/memory/scoped_ptr.h" |
[email protected] | 1ab137b | 2013-03-21 03:33:18 | [diff] [blame] | 12 | #include "base/prefs/pref_change_registrar.h" |
[email protected] | f9b29436 | 2013-06-10 20:22:31 | [diff] [blame] | 13 | #include "base/strings/string16.h" |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 14 | #include "chrome/browser/extensions/management_policy.h" |
| 15 | #include "chrome/browser/managed_mode/managed_mode_url_filter.h" |
[email protected] | 4e2b6f3 | 2013-06-04 16:38:34 | [diff] [blame] | 16 | #include "chrome/browser/profiles/profile_manager.h" |
[email protected] | a243d644c | 2013-06-20 18:37:55 | [diff] [blame] | 17 | #include "chrome/browser/sync/profile_sync_service_observer.h" |
[email protected] | 0dd6f203 | 2013-05-20 23:33:40 | [diff] [blame] | 18 | #include "components/browser_context_keyed_service/browser_context_keyed_service.h" |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 19 | #include "content/public/browser/notification_observer.h" |
| 20 | #include "content/public/browser/notification_registrar.h" |
[email protected] | bfd8cf98 | 2013-03-04 15:24:00 | [diff] [blame] | 21 | #include "content/public/browser/web_contents.h" |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 22 | |
[email protected] | 509ad1a9 | 2013-03-19 21:41:06 | [diff] [blame] | 23 | class Browser; |
[email protected] | acfcfbb | 2013-05-13 18:01:27 | [diff] [blame] | 24 | class GoogleServiceAuthError; |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 25 | class ManagedModeURLFilter; |
| 26 | class ManagedModeSiteList; |
[email protected] | acfcfbb | 2013-05-13 18:01:27 | [diff] [blame] | 27 | class ManagedUserRegistrationService; |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 28 | class Profile; |
| 29 | |
[email protected] | e861bba | 2013-06-17 15:20:54 | [diff] [blame] | 30 | namespace policy { |
| 31 | class ManagedModePolicyProvider; |
| 32 | } |
| 33 | |
[email protected] | 443e931 | 2013-05-06 06:17:34 | [diff] [blame] | 34 | namespace user_prefs { |
| 35 | class PrefRegistrySyncable; |
| 36 | } |
| 37 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 38 | // This class handles all the information related to a given managed profile |
| 39 | // (e.g. the installed content packs, the default URL filtering behavior, or |
| 40 | // manual whitelist/blacklist overrides). |
[email protected] | f1484c5 | 2013-05-22 23:25:44 | [diff] [blame] | 41 | class ManagedUserService : public BrowserContextKeyedService, |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 42 | public extensions::ManagementPolicy::Provider, |
[email protected] | a243d644c | 2013-06-20 18:37:55 | [diff] [blame] | 43 | public ProfileSyncServiceObserver, |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 44 | public content::NotificationObserver { |
| 45 | public: |
| 46 | typedef std::vector<string16> CategoryList; |
| 47 | |
[email protected] | 5e02229 | 2013-02-06 16:42:17 | [diff] [blame] | 48 | enum ManualBehavior { |
| 49 | MANUAL_NONE = 0, |
| 50 | MANUAL_ALLOW, |
| 51 | MANUAL_BLOCK |
| 52 | }; |
| 53 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 54 | explicit ManagedUserService(Profile* profile); |
| 55 | virtual ~ManagedUserService(); |
| 56 | |
[email protected] | a243d644c | 2013-06-20 18:37:55 | [diff] [blame] | 57 | // ProfileKeyedService override: |
| 58 | virtual void Shutdown() OVERRIDE; |
| 59 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 60 | bool ProfileIsManaged() const; |
[email protected] | ce764fc | 2013-03-25 12:01:44 | [diff] [blame] | 61 | |
[email protected] | a19df3e | 2013-05-21 00:03:03 | [diff] [blame] | 62 | // Checks whether the given profile is managed without constructing a |
| 63 | // ManagedUserService (which could lead to cyclic dependencies). |
| 64 | static bool ProfileIsManaged(Profile* profile); |
| 65 | |
[email protected] | 443e931 | 2013-05-06 06:17:34 | [diff] [blame] | 66 | static void RegisterUserPrefs(user_prefs::PrefRegistrySyncable* registry); |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 67 | |
[email protected] | e34a797 | 2013-05-24 13:47:02 | [diff] [blame] | 68 | // Returns whether managed users are enabled by Finch or the command line |
| 69 | // flag. |
| 70 | static bool AreManagedUsersEnabled(); |
| 71 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 72 | // Returns the URL filter for the IO thread, for filtering network requests |
| 73 | // (in ManagedModeResourceThrottle). |
| 74 | scoped_refptr<const ManagedModeURLFilter> GetURLFilterForIOThread(); |
| 75 | |
| 76 | // Returns the URL filter for the UI thread, for filtering navigations and |
| 77 | // classifying sites in the history view. |
| 78 | ManagedModeURLFilter* GetURLFilterForUIThread(); |
| 79 | |
| 80 | // Returns the URL's category, obtained from the installed content packs. |
| 81 | int GetCategory(const GURL& url); |
| 82 | |
| 83 | // Returns the list of all known human-readable category names, sorted by ID |
| 84 | // number. Called in the critical path of drawing the history UI, so needs to |
| 85 | // be fast. |
| 86 | void GetCategoryNames(CategoryList* list); |
| 87 | |
[email protected] | e861bba | 2013-06-17 15:20:54 | [diff] [blame] | 88 | // Adds an access request for the given URL. The requests are stored using |
| 89 | // a prefix followed by a URIEncoded version of the URL. Each entry contains |
| 90 | // a dictionary which currently has the timestamp of the request in it. |
| 91 | void AddAccessRequest(const GURL& url); |
| 92 | |
[email protected] | a9c2d64 | 2013-05-31 14:37:14 | [diff] [blame] | 93 | // Returns the email address of the custodian. |
| 94 | std::string GetCustodianEmailAddress() const; |
| 95 | |
[email protected] | fae057a | 2013-06-21 22:46:08 | [diff] [blame] | 96 | // Returns the name of the custodian, or the email address if the name is |
| 97 | // empty. |
| 98 | std::string GetCustodianName() const; |
| 99 | |
[email protected] | 5e02229 | 2013-02-06 16:42:17 | [diff] [blame] | 100 | // These methods allow querying and modifying the manual filtering behavior. |
| 101 | // The manual behavior is set by the user and overrides all other settings |
| 102 | // (whitelists or the default behavior). |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 103 | |
[email protected] | 5e02229 | 2013-02-06 16:42:17 | [diff] [blame] | 104 | // Returns the manual behavior for the given host. |
| 105 | ManualBehavior GetManualBehaviorForHost(const std::string& hostname); |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 106 | |
[email protected] | 5e02229 | 2013-02-06 16:42:17 | [diff] [blame] | 107 | // Returns the manual behavior for the given URL. |
| 108 | ManualBehavior GetManualBehaviorForURL(const GURL& url); |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 109 | |
[email protected] | 4325790 | 2013-03-26 20:59:37 | [diff] [blame] | 110 | // Returns all URLS on the given host that have exceptions. |
| 111 | void GetManualExceptionsForHost(const std::string& host, |
| 112 | std::vector<GURL>* urls); |
| 113 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 114 | // Initializes this object. This method does nothing if the profile is not |
[email protected] | ce01914 | 2013-02-12 18:08:10 | [diff] [blame] | 115 | // managed. |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 116 | void Init(); |
| 117 | |
[email protected] | a581ea2 | 2013-05-06 12:34:19 | [diff] [blame] | 118 | // Marks the profile as managed and initializes it. |
| 119 | void InitForTesting(); |
| 120 | |
[email protected] | a243d644c | 2013-06-20 18:37:55 | [diff] [blame] | 121 | // Initializes this profile for syncing, using the provided |refresh_token| to |
| 122 | // mint access tokens for Sync. |
| 123 | void InitSync(const std::string& refresh_token); |
[email protected] | acfcfbb | 2013-05-13 18:01:27 | [diff] [blame] | 124 | |
| 125 | // Convenience method that registers this managed user with |
| 126 | // |registration_service| and initializes sync with the returned token. |
| 127 | // Note that |registration_service| should belong to the custodian's profile, |
[email protected] | 54d016d2 | 2013-06-10 08:40:23 | [diff] [blame] | 128 | // not this one. The |callback| will be called when registration is complete, |
| 129 | // whether it suceeded or not -- unless registration was cancelled in the |
| 130 | // ManagedUserRegistrationService manually, in which case the callback will |
| 131 | // be ignored. |
[email protected] | f252df2e | 2013-06-06 23:47:19 | [diff] [blame] | 132 | void RegisterAndInitSync(Profile* custodian_profile, |
| 133 | const ProfileManager::CreateCallback& callback); |
[email protected] | acfcfbb | 2013-05-13 18:01:27 | [diff] [blame] | 134 | |
[email protected] | a19df3e | 2013-05-21 00:03:03 | [diff] [blame] | 135 | // Returns a pseudo-email address for systems that expect well-formed email |
| 136 | // addresses (like Sync), even though we're not signed in. |
| 137 | static const char* GetManagedUserPseudoEmail(); |
| 138 | |
[email protected] | 4f02aac1 | 2013-05-20 05:19:06 | [diff] [blame] | 139 | void set_elevated_for_testing(bool skip) { |
| 140 | elevated_for_testing_ = skip; |
[email protected] | 849749d | 2013-05-06 17:30:45 | [diff] [blame] | 141 | } |
| 142 | |
[email protected] | ce01914 | 2013-02-12 18:08:10 | [diff] [blame] | 143 | // extensions::ManagementPolicy::Provider implementation: |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 144 | virtual std::string GetDebugPolicyProviderName() const OVERRIDE; |
| 145 | virtual bool UserMayLoad(const extensions::Extension* extension, |
| 146 | string16* error) const OVERRIDE; |
| 147 | virtual bool UserMayModifySettings(const extensions::Extension* extension, |
| 148 | string16* error) const OVERRIDE; |
| 149 | |
[email protected] | a243d644c | 2013-06-20 18:37:55 | [diff] [blame] | 150 | // ProfileSyncServiceObserver implementation: |
| 151 | virtual void OnStateChanged() OVERRIDE; |
| 152 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 153 | // content::NotificationObserver implementation: |
| 154 | virtual void Observe(int type, |
| 155 | const content::NotificationSource& source, |
| 156 | const content::NotificationDetails& details) OVERRIDE; |
| 157 | |
| 158 | private: |
| 159 | friend class ManagedUserServiceExtensionTest; |
| 160 | |
| 161 | // A bridge from ManagedMode (which lives on the UI thread) to the |
| 162 | // ManagedModeURLFilters, one of which lives on the IO thread. This class |
| 163 | // mediates access to them and makes sure they are kept in sync. |
| 164 | class URLFilterContext { |
| 165 | public: |
| 166 | URLFilterContext(); |
| 167 | ~URLFilterContext(); |
| 168 | |
| 169 | ManagedModeURLFilter* ui_url_filter() const; |
| 170 | ManagedModeURLFilter* io_url_filter() const; |
| 171 | |
| 172 | void SetDefaultFilteringBehavior( |
| 173 | ManagedModeURLFilter::FilteringBehavior behavior); |
| 174 | void LoadWhitelists(ScopedVector<ManagedModeSiteList> site_lists); |
[email protected] | 5e02229 | 2013-02-06 16:42:17 | [diff] [blame] | 175 | void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map); |
| 176 | void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map); |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 177 | |
| 178 | private: |
| 179 | // ManagedModeURLFilter is refcounted because the IO thread filter is used |
| 180 | // both by ProfileImplIOData and OffTheRecordProfileIOData (to filter |
| 181 | // network requests), so they both keep a reference to it. |
| 182 | // Clients should not keep references to the UI thread filter, however |
| 183 | // (the filter will live as long as the profile lives, and afterwards it |
| 184 | // should not be used anymore either). |
| 185 | scoped_refptr<ManagedModeURLFilter> ui_url_filter_; |
| 186 | scoped_refptr<ManagedModeURLFilter> io_url_filter_; |
| 187 | |
| 188 | DISALLOW_COPY_AND_ASSIGN(URLFilterContext); |
| 189 | }; |
| 190 | |
[email protected] | 200729f8 | 2013-06-22 07:05:55 | [diff] [blame^] | 191 | void OnCustodianProfileDownloaded(const string16& full_name); |
| 192 | |
[email protected] | 4e2b6f3 | 2013-06-04 16:38:34 | [diff] [blame] | 193 | void OnManagedUserRegistered(const ProfileManager::CreateCallback& callback, |
[email protected] | f252df2e | 2013-06-06 23:47:19 | [diff] [blame] | 194 | Profile* custodian_profile, |
[email protected] | 4e2b6f3 | 2013-06-04 16:38:34 | [diff] [blame] | 195 | const GoogleServiceAuthError& auth_error, |
[email protected] | acfcfbb | 2013-05-13 18:01:27 | [diff] [blame] | 196 | const std::string& token); |
| 197 | |
[email protected] | a243d644c | 2013-06-20 18:37:55 | [diff] [blame] | 198 | void SetupSync(); |
| 199 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 200 | // Internal implementation for ExtensionManagementPolicy::Delegate methods. |
| 201 | // If |error| is not NULL, it will be filled with an error message if the |
| 202 | // requested extension action (install, modify status, etc.) is not permitted. |
[email protected] | 0d9a1da8 | 2013-03-14 21:52:07 | [diff] [blame] | 203 | bool ExtensionManagementPolicyImpl(const std::string& extension_id, |
| 204 | string16* error) const; |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 205 | |
| 206 | // Returns a list of all installed and enabled site lists in the current |
| 207 | // managed profile. |
| 208 | ScopedVector<ManagedModeSiteList> GetActiveSiteLists(); |
| 209 | |
[email protected] | e861bba | 2013-06-17 15:20:54 | [diff] [blame] | 210 | policy::ManagedModePolicyProvider* GetPolicyProvider(); |
| 211 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 212 | void OnDefaultFilteringBehaviorChanged(); |
| 213 | |
| 214 | void UpdateSiteLists(); |
| 215 | |
[email protected] | 5e02229 | 2013-02-06 16:42:17 | [diff] [blame] | 216 | // Updates the manual overrides for hosts in the URL filters when the |
| 217 | // corresponding preference is changed. |
| 218 | void UpdateManualHosts(); |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 219 | |
[email protected] | 5e02229 | 2013-02-06 16:42:17 | [diff] [blame] | 220 | // Updates the manual overrides for URLs in the URL filters when the |
| 221 | // corresponding preference is changed. |
| 222 | void UpdateManualURLs(); |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 223 | |
[email protected] | acfcfbb | 2013-05-13 18:01:27 | [diff] [blame] | 224 | base::WeakPtrFactory<ManagedUserService> weak_ptr_factory_; |
| 225 | |
[email protected] | f1484c5 | 2013-05-22 23:25:44 | [diff] [blame] | 226 | // Owns us via the BrowserContextKeyedService mechanism. |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 227 | Profile* profile_; |
| 228 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 229 | content::NotificationRegistrar registrar_; |
| 230 | PrefChangeRegistrar pref_change_registrar_; |
| 231 | |
[email protected] | a243d644c | 2013-06-20 18:37:55 | [diff] [blame] | 232 | // True iff we're waiting for the Sync service to be initialized. |
| 233 | bool waiting_for_sync_initialization_; |
| 234 | |
[email protected] | 4f02aac1 | 2013-05-20 05:19:06 | [diff] [blame] | 235 | // Sets a profile in elevated state for testing if set to true. |
| 236 | bool elevated_for_testing_; |
[email protected] | 849749d | 2013-05-06 17:30:45 | [diff] [blame] | 237 | |
[email protected] | 0850e84 | 2013-01-19 03:44:31 | [diff] [blame] | 238 | URLFilterContext url_filter_context_; |
| 239 | }; |
| 240 | |
| 241 | #endif // CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_ |