1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_SET_H_
6#define EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_SET_H_
7
8#include <stddef.h>
9
10#include <set>
11#include <string>
12#include <vector>
13
14#include "base/strings/string16.h"
15#include "extensions/common/permissions/api_permission.h"
16#include "extensions/common/permissions/base_set_operators.h"
17
18namespace base {
19class Value;
20} // namespace base
21
22namespace extensions {
23
24class APIPermissionSet;
25
26template<>
27struct BaseSetOperatorsTraits<APIPermissionSet> {
28 typedef APIPermission ElementType;
29 typedef APIPermission::ID ElementIDType;
30};
31
32class APIPermissionSet : public BaseSetOperators<APIPermissionSet> {
33 public:
34 enum ParseSource {
35 // Don't allow internal permissions to be parsed (e.g. entries in the
36 // "permissions" list in a manifest).
37 kDisallowInternalPermissions,
38
39 // Allow internal permissions to be parsed (e.g. from the "api" field of a
40 // permissions list in the prefs).
41 kAllowInternalPermissions,
42 };
43
44 void insert(APIPermission::ID id);
45
46 // Inserts |permission| into the APIPermissionSet.
47 void insert(std::unique_ptr<APIPermission> permission);
48
49 // Parses permissions from |permissions| and adds the parsed permissions to
50 // |api_permissions|. If |source| is kDisallowInternalPermissions, treat
51 // permissions with kFlagInternal as errors. If |unhandled_permissions| is
52 // not NULL, the names of all permissions that couldn't be parsed will be
53 // added to this vector. If |error| is NULL, parsing will continue with the
54 // next permission if invalid data is detected. If |error| is not NULL, it
55 // will be set to an error message and false is returned when an invalid
56 // permission is found.
57 static bool ParseFromJSON(const base::Value* permissions,
58 ParseSource source,
59 APIPermissionSet* api_permissions,
60 base::string16* error,
61 std::vector<std::string>* unhandled_permissions);
62};
63
64// An ID representing a single permission that belongs to an app or extension.
65//
66// Each PermissionID has a required ID to identify the permission. For most
67// permissions, this is all they have.
68//
69// Some more complex permissions have a parameter, which acts like an argument
70// for the permission. For example, host permissions might have the ID
71// kReadOnlyHost and the argument 'www.google.com' (the host which is
72// read-only). Parameters are passed to the permission message rules for this
73// permission, so they can affect the displayed message.
74//
75// Note: Inheriting from std::pair automatically gives us an operator<
76// (required for putting these into an std::set).
77//
78// TODO(sashab): Move this to the same file as PermissionIDSet once that moves
79// to its own file.
80class PermissionID : public std::pair<APIPermission::ID, base::string16> {
81 public:
82 explicit PermissionID(APIPermission::ID id);
83 PermissionID(APIPermission::ID id, const base::string16& parameter);
84 virtual ~PermissionID();
85
86 const APIPermission::ID& id() const { return this->first; }
87 const base::string16& parameter() const { return this->second; }
88};
89
90// A set of permissions for an app or extension. Used for passing around groups
91// of permissions, such as required or optional permissions.
92//
93// Each permission can also store a string, such as a hostname or device number,
94// as a parameter that helps identify the permission. This parameter can then
95// be used when the permission message is generated. For example, the permission
96// kHostReadOnly might have the parameter "google.com", which means that the app
97// or extension has the permission to read the host google.com. This parameter
98// may then be included in the permission message when it is generated later.
99//
100// Example:
101// // Create an empty PermissionIDSet.
102// PermissionIDSet p;
103// // Add a permission to the set.
104// p.insert(APIPermission::kNetworkState);
105// // Add a permission with a parameter to the set.
106// p.insert(APIPermission::kHostReadOnly,
107// base::ASCIIToUTF16("http://www.google.com"));
108//
109// TODO(sashab): Move this to its own file and rename it to PermissionSet after
110// APIPermission is removed, the current PermissionSet is no longer used, and
111// APIPermission::ID is the only type of Permission ID.
112class PermissionIDSet {
113 public:
114 using const_iterator = std::set<PermissionID>::const_iterator;
115
116 PermissionIDSet();
117 PermissionIDSet(std::initializer_list<APIPermission::ID> permissions);
118 PermissionIDSet(const PermissionIDSet& other);
119 virtual ~PermissionIDSet();
120
121 // Adds the given permission, and an optional parameter, to the set.
122 void insert(APIPermission::ID permission_id);
123 void insert(APIPermission::ID permission_id,
124 const base::string16& permission_parameter);
125 void InsertAll(const PermissionIDSet& permission_set);
126
127 // Erases all permissions with the given id.
128 void erase(APIPermission::ID permission_id);
129
130 // Returns the parameters for all PermissionIDs in this set.
131 std::vector<base::string16> GetAllPermissionParameters() const;
132
133 // Check if the set contains a permission with the given ID.
134 bool ContainsID(PermissionID permission_id) const;
135 bool ContainsID(APIPermission::ID permission_id) const;
136
137 // Check if the set contains permissions with all the given IDs.
138 bool ContainsAllIDs(const std::set<APIPermission::ID>& permission_ids) const;
139
140 // Check if the set contains any permission with one of the given IDs.
141 bool ContainsAnyID(const std::set<APIPermission::ID>& permission_ids) const;
142 bool ContainsAnyID(const PermissionIDSet& other) const;
143
144 // Returns all the permissions in this set with the given ID.
145 PermissionIDSet GetAllPermissionsWithID(
146 APIPermission::ID permission_id) const;
147
148 // Returns all the permissions in this set with one of the given IDs.
149 PermissionIDSet GetAllPermissionsWithIDs(
150 const std::set<APIPermission::ID>& permission_ids) const;
151
152 // Convenience functions for common set operations.
153 bool Includes(const PermissionIDSet& subset) const;
154 bool Equals(const PermissionIDSet& set) const;
155 static PermissionIDSet Difference(const PermissionIDSet& set_1,
156 const PermissionIDSet& set_2);
157
158 size_t size() const;
159 bool empty() const;
160
161 const_iterator begin() const { return permissions_.begin(); }
162 const_iterator end() const { return permissions_.end(); }
163
164 private:
165 explicit PermissionIDSet(const std::set<PermissionID>& permissions);
166
167 std::set<PermissionID> permissions_;
168};
169
170} // namespace extensions
171
172#endif // EXTENSIONS_COMMON_PERMISSIONS_API_PERMISSION_SET_H_
173