supervised_user_service.h revision 5f1c94371a64b3196d4be9466099bb892df9b88e 
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
6#define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
7
8#include <set>
9#include <vector>
10
11#include "base/callback.h"
12#include "base/gtest_prod_util.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/prefs/pref_change_registrar.h"
15#include "base/scoped_observer.h"
16#include "base/strings/string16.h"
17#include "chrome/browser/supervised_user/supervised_user_url_filter.h"
18#include "chrome/browser/supervised_user/supervised_users.h"
19#include "chrome/browser/sync/profile_sync_service_observer.h"
20#include "chrome/browser/ui/browser_list_observer.h"
21#include "components/keyed_service/core/keyed_service.h"
22#include "content/public/browser/web_contents.h"
23
24#if defined(ENABLE_EXTENSIONS)
25#include "extensions/browser/extension_registry_observer.h"
26#include "extensions/browser/management_policy.h"
27#endif
28
29class Browser;
30class GoogleServiceAuthError;
31class PermissionRequestCreator;
32class Profile;
33class SupervisedUserRegistrationUtility;
34class SupervisedUserSettingsService;
35class SupervisedUserSiteList;
36class SupervisedUserURLFilter;
37
38namespace extensions {
39class ExtensionRegistry;
40}
41
42namespace user_prefs {
43class PrefRegistrySyncable;
44}
45
46// This class handles all the information related to a given supervised profile
47// (e.g. the installed content packs, the default URL filtering behavior, or
48// manual whitelist/blacklist overrides).
49class SupervisedUserService : public KeyedService,
50#if defined(ENABLE_EXTENSIONS)
51                              public extensions::ManagementPolicy::Provider,
52                              public extensions::ExtensionRegistryObserver,
53#endif
54                              public ProfileSyncServiceObserver,
55                              public chrome::BrowserListObserver {
56 public:
57  typedef std::vector<base::string16> CategoryList;
58  typedef base::Callback<void(content::WebContents*)> NavigationBlockedCallback;
59  typedef base::Callback<void(const GoogleServiceAuthError&)> AuthErrorCallback;
60
61  enum ManualBehavior {
62    MANUAL_NONE = 0,
63    MANUAL_ALLOW,
64    MANUAL_BLOCK
65  };
66
67  class Delegate {
68   public:
69    virtual ~Delegate() {}
70    // Returns true to indicate that the delegate handled the (de)activation, or
71    // false to indicate that the SupervisedUserService itself should handle it.
72    virtual bool SetActive(bool active) = 0;
73  };
74
75  virtual ~SupervisedUserService();
76
77  // ProfileKeyedService override:
78  virtual void Shutdown() OVERRIDE;
79
80  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
81
82  void SetDelegate(Delegate* delegate);
83
84  // Returns the URL filter for the IO thread, for filtering network requests
85  // (in SupervisedUserResourceThrottle).
86  scoped_refptr<const SupervisedUserURLFilter> GetURLFilterForIOThread();
87
88  // Returns the URL filter for the UI thread, for filtering navigations and
89  // classifying sites in the history view.
90  SupervisedUserURLFilter* GetURLFilterForUIThread();
91
92  // Returns the URL's category, obtained from the installed content packs.
93  int GetCategory(const GURL& url);
94
95  // Returns the list of all known human-readable category names, sorted by ID
96  // number. Called in the critical path of drawing the history UI, so needs to
97  // be fast.
98  void GetCategoryNames(CategoryList* list);
99
100  // Whether the user can request access to blocked URLs.
101  bool AccessRequestsEnabled();
102
103  void OnPermissionRequestIssued();
104
105  // Adds an access request for the given URL. The requests are stored using
106  // a prefix followed by a URIEncoded version of the URL. Each entry contains
107  // a dictionary which currently has the timestamp of the request in it.
108  void AddAccessRequest(const GURL& url);
109
110  // Returns the email address of the custodian.
111  std::string GetCustodianEmailAddress() const;
112
113  // Returns the name of the custodian, or the email address if the name is
114  // empty.
115  std::string GetCustodianName() const;
116
117  // These methods allow querying and modifying the manual filtering behavior.
118  // The manual behavior is set by the user and overrides all other settings
119  // (whitelists or the default behavior).
120
121  // Returns the manual behavior for the given host.
122  ManualBehavior GetManualBehaviorForHost(const std::string& hostname);
123
124  // Returns the manual behavior for the given URL.
125  ManualBehavior GetManualBehaviorForURL(const GURL& url);
126
127  // Returns all URLS on the given host that have exceptions.
128  void GetManualExceptionsForHost(const std::string& host,
129                                  std::vector<GURL>* urls);
130
131  // Initializes this object. This method does nothing if the profile is not
132  // supervised.
133  void Init();
134
135  // Initializes this profile for syncing, using the provided |refresh_token| to
136  // mint access tokens for Sync.
137  void InitSync(const std::string& refresh_token);
138
139  // Convenience method that registers this supervised user using
140  // |registration_utility| and initializes sync with the returned token.
141  // The |callback| will be called when registration is complete,
142  // whether it suceeded or not -- unless registration was cancelled manually,
143  // in which case the callback will be ignored.
144  void RegisterAndInitSync(
145      SupervisedUserRegistrationUtility* registration_utility,
146      Profile* custodian_profile,
147      const std::string& supervised_user_id,
148      const AuthErrorCallback& callback);
149
150  void set_elevated_for_testing(bool skip) {
151    elevated_for_testing_ = skip;
152  }
153
154  void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback);
155  void DidBlockNavigation(content::WebContents* web_contents);
156
157#if defined(ENABLE_EXTENSIONS)
158  // extensions::ManagementPolicy::Provider implementation:
159  virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
160  virtual bool UserMayLoad(const extensions::Extension* extension,
161                           base::string16* error) const OVERRIDE;
162  virtual bool UserMayModifySettings(const extensions::Extension* extension,
163                                     base::string16* error) const OVERRIDE;
164
165  // extensions::ExtensionRegistryObserver implementation.
166  virtual void OnExtensionLoaded(
167      content::BrowserContext* browser_context,
168      const extensions::Extension* extension) OVERRIDE;
169  virtual void OnExtensionUnloaded(
170      content::BrowserContext* browser_context,
171      const extensions::Extension* extension,
172      extensions::UnloadedExtensionInfo::Reason reason) OVERRIDE;
173#endif
174
175  // ProfileSyncServiceObserver implementation:
176  virtual void OnStateChanged() OVERRIDE;
177
178  // chrome::BrowserListObserver implementation:
179  virtual void OnBrowserSetLastActive(Browser* browser) OVERRIDE;
180
181 private:
182  friend class SupervisedUserServiceExtensionTestBase;
183  friend class SupervisedUserServiceFactory;
184  FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest, ClearOmitOnRegistration);
185
186  // A bridge from the UI thread to the SupervisedUserURLFilters, one of which
187  // lives on the IO thread. This class mediates access to them and makes sure
188  // they are kept in sync.
189  class URLFilterContext {
190   public:
191    URLFilterContext();
192    ~URLFilterContext();
193
194    SupervisedUserURLFilter* ui_url_filter() const;
195    SupervisedUserURLFilter* io_url_filter() const;
196
197    void SetDefaultFilteringBehavior(
198        SupervisedUserURLFilter::FilteringBehavior behavior);
199    void LoadWhitelists(ScopedVector<SupervisedUserSiteList> site_lists);
200    void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map);
201    void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map);
202
203   private:
204    // SupervisedUserURLFilter is refcounted because the IO thread filter is
205    // used both by ProfileImplIOData and OffTheRecordProfileIOData (to filter
206    // network requests), so they both keep a reference to it.
207    // Clients should not keep references to the UI thread filter, however
208    // (the filter will live as long as the profile lives, and afterwards it
209    // should not be used anymore either).
210    scoped_refptr<SupervisedUserURLFilter> ui_url_filter_;
211    scoped_refptr<SupervisedUserURLFilter> io_url_filter_;
212
213    DISALLOW_COPY_AND_ASSIGN(URLFilterContext);
214  };
215
216  // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get
217  // an instance of this service.
218  explicit SupervisedUserService(Profile* profile);
219
220  void SetActive(bool active);
221
222  void OnCustodianProfileDownloaded(const base::string16& full_name);
223
224  void OnSupervisedUserRegistered(const AuthErrorCallback& callback,
225                                  Profile* custodian_profile,
226                                  const GoogleServiceAuthError& auth_error,
227                                  const std::string& token);
228
229  void SetupSync();
230  void StartSetupSync();
231  void FinishSetupSyncWhenReady();
232  void FinishSetupSync();
233
234  bool ProfileIsSupervised() const;
235
236#if defined(ENABLE_EXTENSIONS)
237  // Internal implementation for ExtensionManagementPolicy::Delegate methods.
238  // If |error| is not NULL, it will be filled with an error message if the
239  // requested extension action (install, modify status, etc.) is not permitted.
240  bool ExtensionManagementPolicyImpl(const extensions::Extension* extension,
241                                     base::string16* error) const;
242
243  // Returns a list of all installed and enabled site lists in the current
244  // supervised profile.
245  ScopedVector<SupervisedUserSiteList> GetActiveSiteLists();
246
247  // Extensions helper to SetActive().
248  void SetExtensionsActive();
249#endif
250
251  SupervisedUserSettingsService* GetSettingsService();
252
253  void OnSupervisedUserIdChanged();
254
255  void OnDefaultFilteringBehaviorChanged();
256
257  void UpdateSiteLists();
258
259  // Updates the manual overrides for hosts in the URL filters when the
260  // corresponding preference is changed.
261  void UpdateManualHosts();
262
263  // Updates the manual overrides for URLs in the URL filters when the
264  // corresponding preference is changed.
265  void UpdateManualURLs();
266
267  // Returns the human readable name of the supervised user.
268  std::string GetSupervisedUserName() const;
269
270  // Owns us via the KeyedService mechanism.
271  Profile* profile_;
272
273  bool active_;
274
275  Delegate* delegate_;
276
277#if defined(ENABLE_EXTENSIONS)
278  ScopedObserver<extensions::ExtensionRegistry,
279                 extensions::ExtensionRegistryObserver>
280      extension_registry_observer_;
281#endif
282
283  PrefChangeRegistrar pref_change_registrar_;
284
285  // True iff we're waiting for the Sync service to be initialized.
286  bool waiting_for_sync_initialization_;
287  bool is_profile_active_;
288
289  std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_;
290
291  // Sets a profile in elevated state for testing if set to true.
292  bool elevated_for_testing_;
293
294  // True only when |Shutdown()| method has been called.
295  bool did_shutdown_;
296
297  URLFilterContext url_filter_context_;
298
299  // Used to create permission requests.
300  scoped_ptr<PermissionRequestCreator> permissions_creator_;
301
302  // True iff we are waiting for a permission request to be issued.
303  bool waiting_for_permissions_;
304
305  base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_;
306};
307
308#endif  // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
309