blob: 22528b05945f08fe194e7d94474f9f9dc0df9bd0 [file] [log] [blame]
[email protected]0850e842013-01-19 03:44:311// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_
6#define CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_
7
[email protected]0d9a1da82013-03-14 21:52:078#include <set>
[email protected]0850e842013-01-19 03:44:319#include <vector>
10
[email protected]a581ea22013-05-06 12:34:1911#include "base/memory/scoped_ptr.h"
[email protected]1ab137b2013-03-21 03:33:1812#include "base/prefs/pref_change_registrar.h"
[email protected]f9b294362013-06-10 20:22:3113#include "base/strings/string16.h"
[email protected]0850e842013-01-19 03:44:3114#include "chrome/browser/extensions/management_policy.h"
15#include "chrome/browser/managed_mode/managed_mode_url_filter.h"
[email protected]4e2b6f32013-06-04 16:38:3416#include "chrome/browser/profiles/profile_manager.h"
[email protected]a243d644c2013-06-20 18:37:5517#include "chrome/browser/sync/profile_sync_service_observer.h"
[email protected]0dd6f2032013-05-20 23:33:4018#include "components/browser_context_keyed_service/browser_context_keyed_service.h"
[email protected]0850e842013-01-19 03:44:3119#include "content/public/browser/notification_observer.h"
20#include "content/public/browser/notification_registrar.h"
[email protected]bfd8cf982013-03-04 15:24:0021#include "content/public/browser/web_contents.h"
[email protected]0850e842013-01-19 03:44:3122
[email protected]509ad1a92013-03-19 21:41:0623class Browser;
[email protected]acfcfbb2013-05-13 18:01:2724class GoogleServiceAuthError;
[email protected]0850e842013-01-19 03:44:3125class ManagedModeURLFilter;
26class ManagedModeSiteList;
[email protected]acfcfbb2013-05-13 18:01:2727class ManagedUserRegistrationService;
[email protected]0850e842013-01-19 03:44:3128class Profile;
29
[email protected]e861bba2013-06-17 15:20:5430namespace policy {
31class ManagedModePolicyProvider;
32}
33
[email protected]443e9312013-05-06 06:17:3434namespace user_prefs {
35class PrefRegistrySyncable;
36}
37
[email protected]0850e842013-01-19 03:44:3138// This class handles all the information related to a given managed profile
39// (e.g. the installed content packs, the default URL filtering behavior, or
40// manual whitelist/blacklist overrides).
[email protected]f1484c52013-05-22 23:25:4441class ManagedUserService : public BrowserContextKeyedService,
[email protected]0850e842013-01-19 03:44:3142 public extensions::ManagementPolicy::Provider,
[email protected]a243d644c2013-06-20 18:37:5543 public ProfileSyncServiceObserver,
[email protected]0850e842013-01-19 03:44:3144 public content::NotificationObserver {
45 public:
46 typedef std::vector<string16> CategoryList;
47
[email protected]5e022292013-02-06 16:42:1748 enum ManualBehavior {
49 MANUAL_NONE = 0,
50 MANUAL_ALLOW,
51 MANUAL_BLOCK
52 };
53
[email protected]0850e842013-01-19 03:44:3154 explicit ManagedUserService(Profile* profile);
55 virtual ~ManagedUserService();
56
[email protected]a243d644c2013-06-20 18:37:5557 // ProfileKeyedService override:
58 virtual void Shutdown() OVERRIDE;
59
[email protected]0850e842013-01-19 03:44:3160 bool ProfileIsManaged() const;
[email protected]ce764fc2013-03-25 12:01:4461
[email protected]a19df3e2013-05-21 00:03:0362 // Checks whether the given profile is managed without constructing a
63 // ManagedUserService (which could lead to cyclic dependencies).
64 static bool ProfileIsManaged(Profile* profile);
65
[email protected]443e9312013-05-06 06:17:3466 static void RegisterUserPrefs(user_prefs::PrefRegistrySyncable* registry);
[email protected]0850e842013-01-19 03:44:3167
[email protected]e34a7972013-05-24 13:47:0268 // Returns whether managed users are enabled by Finch or the command line
69 // flag.
70 static bool AreManagedUsersEnabled();
71
[email protected]0850e842013-01-19 03:44:3172 // Returns the URL filter for the IO thread, for filtering network requests
73 // (in ManagedModeResourceThrottle).
74 scoped_refptr<const ManagedModeURLFilter> GetURLFilterForIOThread();
75
76 // Returns the URL filter for the UI thread, for filtering navigations and
77 // classifying sites in the history view.
78 ManagedModeURLFilter* GetURLFilterForUIThread();
79
80 // Returns the URL's category, obtained from the installed content packs.
81 int GetCategory(const GURL& url);
82
83 // Returns the list of all known human-readable category names, sorted by ID
84 // number. Called in the critical path of drawing the history UI, so needs to
85 // be fast.
86 void GetCategoryNames(CategoryList* list);
87
[email protected]e861bba2013-06-17 15:20:5488 // Adds an access request for the given URL. The requests are stored using
89 // a prefix followed by a URIEncoded version of the URL. Each entry contains
90 // a dictionary which currently has the timestamp of the request in it.
91 void AddAccessRequest(const GURL& url);
92
[email protected]a9c2d642013-05-31 14:37:1493 // Returns the email address of the custodian.
94 std::string GetCustodianEmailAddress() const;
95
[email protected]fae057a2013-06-21 22:46:0896 // Returns the name of the custodian, or the email address if the name is
97 // empty.
98 std::string GetCustodianName() const;
99
[email protected]5e022292013-02-06 16:42:17100 // These methods allow querying and modifying the manual filtering behavior.
101 // The manual behavior is set by the user and overrides all other settings
102 // (whitelists or the default behavior).
[email protected]0850e842013-01-19 03:44:31103
[email protected]5e022292013-02-06 16:42:17104 // Returns the manual behavior for the given host.
105 ManualBehavior GetManualBehaviorForHost(const std::string& hostname);
[email protected]0850e842013-01-19 03:44:31106
[email protected]5e022292013-02-06 16:42:17107 // Returns the manual behavior for the given URL.
108 ManualBehavior GetManualBehaviorForURL(const GURL& url);
[email protected]0850e842013-01-19 03:44:31109
[email protected]43257902013-03-26 20:59:37110 // Returns all URLS on the given host that have exceptions.
111 void GetManualExceptionsForHost(const std::string& host,
112 std::vector<GURL>* urls);
113
[email protected]0850e842013-01-19 03:44:31114 // Initializes this object. This method does nothing if the profile is not
[email protected]ce019142013-02-12 18:08:10115 // managed.
[email protected]0850e842013-01-19 03:44:31116 void Init();
117
[email protected]a581ea22013-05-06 12:34:19118 // Marks the profile as managed and initializes it.
119 void InitForTesting();
120
[email protected]a243d644c2013-06-20 18:37:55121 // Initializes this profile for syncing, using the provided |refresh_token| to
122 // mint access tokens for Sync.
123 void InitSync(const std::string& refresh_token);
[email protected]acfcfbb2013-05-13 18:01:27124
125 // Convenience method that registers this managed user with
126 // |registration_service| and initializes sync with the returned token.
127 // Note that |registration_service| should belong to the custodian's profile,
[email protected]54d016d22013-06-10 08:40:23128 // not this one. The |callback| will be called when registration is complete,
129 // whether it suceeded or not -- unless registration was cancelled in the
130 // ManagedUserRegistrationService manually, in which case the callback will
131 // be ignored.
[email protected]f252df2e2013-06-06 23:47:19132 void RegisterAndInitSync(Profile* custodian_profile,
133 const ProfileManager::CreateCallback& callback);
[email protected]acfcfbb2013-05-13 18:01:27134
[email protected]a19df3e2013-05-21 00:03:03135 // Returns a pseudo-email address for systems that expect well-formed email
136 // addresses (like Sync), even though we're not signed in.
137 static const char* GetManagedUserPseudoEmail();
138
[email protected]4f02aac12013-05-20 05:19:06139 void set_elevated_for_testing(bool skip) {
140 elevated_for_testing_ = skip;
[email protected]849749d2013-05-06 17:30:45141 }
142
[email protected]ce019142013-02-12 18:08:10143 // extensions::ManagementPolicy::Provider implementation:
[email protected]0850e842013-01-19 03:44:31144 virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
145 virtual bool UserMayLoad(const extensions::Extension* extension,
146 string16* error) const OVERRIDE;
147 virtual bool UserMayModifySettings(const extensions::Extension* extension,
148 string16* error) const OVERRIDE;
149
[email protected]a243d644c2013-06-20 18:37:55150 // ProfileSyncServiceObserver implementation:
151 virtual void OnStateChanged() OVERRIDE;
152
[email protected]0850e842013-01-19 03:44:31153 // content::NotificationObserver implementation:
154 virtual void Observe(int type,
155 const content::NotificationSource& source,
156 const content::NotificationDetails& details) OVERRIDE;
157
158 private:
159 friend class ManagedUserServiceExtensionTest;
160
161 // A bridge from ManagedMode (which lives on the UI thread) to the
162 // ManagedModeURLFilters, one of which lives on the IO thread. This class
163 // mediates access to them and makes sure they are kept in sync.
164 class URLFilterContext {
165 public:
166 URLFilterContext();
167 ~URLFilterContext();
168
169 ManagedModeURLFilter* ui_url_filter() const;
170 ManagedModeURLFilter* io_url_filter() const;
171
172 void SetDefaultFilteringBehavior(
173 ManagedModeURLFilter::FilteringBehavior behavior);
174 void LoadWhitelists(ScopedVector<ManagedModeSiteList> site_lists);
[email protected]5e022292013-02-06 16:42:17175 void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map);
176 void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map);
[email protected]0850e842013-01-19 03:44:31177
178 private:
179 // ManagedModeURLFilter is refcounted because the IO thread filter is used
180 // both by ProfileImplIOData and OffTheRecordProfileIOData (to filter
181 // network requests), so they both keep a reference to it.
182 // Clients should not keep references to the UI thread filter, however
183 // (the filter will live as long as the profile lives, and afterwards it
184 // should not be used anymore either).
185 scoped_refptr<ManagedModeURLFilter> ui_url_filter_;
186 scoped_refptr<ManagedModeURLFilter> io_url_filter_;
187
188 DISALLOW_COPY_AND_ASSIGN(URLFilterContext);
189 };
190
[email protected]200729f82013-06-22 07:05:55191 void OnCustodianProfileDownloaded(const string16& full_name);
192
[email protected]4e2b6f32013-06-04 16:38:34193 void OnManagedUserRegistered(const ProfileManager::CreateCallback& callback,
[email protected]f252df2e2013-06-06 23:47:19194 Profile* custodian_profile,
[email protected]4e2b6f32013-06-04 16:38:34195 const GoogleServiceAuthError& auth_error,
[email protected]acfcfbb2013-05-13 18:01:27196 const std::string& token);
197
[email protected]a243d644c2013-06-20 18:37:55198 void SetupSync();
199
[email protected]0850e842013-01-19 03:44:31200 // Internal implementation for ExtensionManagementPolicy::Delegate methods.
201 // If |error| is not NULL, it will be filled with an error message if the
202 // requested extension action (install, modify status, etc.) is not permitted.
[email protected]0d9a1da82013-03-14 21:52:07203 bool ExtensionManagementPolicyImpl(const std::string& extension_id,
204 string16* error) const;
[email protected]0850e842013-01-19 03:44:31205
206 // Returns a list of all installed and enabled site lists in the current
207 // managed profile.
208 ScopedVector<ManagedModeSiteList> GetActiveSiteLists();
209
[email protected]e861bba2013-06-17 15:20:54210 policy::ManagedModePolicyProvider* GetPolicyProvider();
211
[email protected]0850e842013-01-19 03:44:31212 void OnDefaultFilteringBehaviorChanged();
213
214 void UpdateSiteLists();
215
[email protected]5e022292013-02-06 16:42:17216 // Updates the manual overrides for hosts in the URL filters when the
217 // corresponding preference is changed.
218 void UpdateManualHosts();
[email protected]0850e842013-01-19 03:44:31219
[email protected]5e022292013-02-06 16:42:17220 // Updates the manual overrides for URLs in the URL filters when the
221 // corresponding preference is changed.
222 void UpdateManualURLs();
[email protected]0850e842013-01-19 03:44:31223
[email protected]acfcfbb2013-05-13 18:01:27224 base::WeakPtrFactory<ManagedUserService> weak_ptr_factory_;
225
[email protected]f1484c52013-05-22 23:25:44226 // Owns us via the BrowserContextKeyedService mechanism.
[email protected]0850e842013-01-19 03:44:31227 Profile* profile_;
228
[email protected]0850e842013-01-19 03:44:31229 content::NotificationRegistrar registrar_;
230 PrefChangeRegistrar pref_change_registrar_;
231
[email protected]a243d644c2013-06-20 18:37:55232 // True iff we're waiting for the Sync service to be initialized.
233 bool waiting_for_sync_initialization_;
234
[email protected]4f02aac12013-05-20 05:19:06235 // Sets a profile in elevated state for testing if set to true.
236 bool elevated_for_testing_;
[email protected]849749d2013-05-06 17:30:45237
[email protected]0850e842013-01-19 03:44:31238 URLFilterContext url_filter_context_;
239};
240
241#endif // CHROME_BROWSER_MANAGED_MODE_MANAGED_USER_SERVICE_H_