Adding read, read-write and create file access permission to fileBrowserHandler manifest.

added file_access property to file_browser_handlers

the property is list of enum {"read", "read-write", "create"} values.

The property is optional and it's default value is read-write

"create" value must be alone in the list.

If "create" is specified, file_filters property is ignored.

design doc (part 1 only): https://docs.google.com/a/google.com/document/d/10ZWbisYfxz4jSvvN534p7fPyFFRrmwDtA1RaJN7VDl4/edit
(part 2 needs some more work, it's targeted for R20)

BUG=chromium-os:26106
TEST=unit/browser : *FileBrowser*

Review URL: https://chromiumcodereview.appspot.com/9741002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129112 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 169 insertions, 30 deletions

diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index 7f78f81..4ef186a 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -2317,38 +2317,65 @@ FileBrowserHandler* Extension::LoadFileBrowserHandler(
   }
   result->set_title(title);
 
-  // Initialize file filters (mandatory).
-  ListValue* list_value = NULL;
-  if (!file_browser_handler->HasKey(keys::kFileFilters) ||
-      !file_browser_handler->GetList(keys::kFileFilters, &list_value) ||
-      list_value->empty()) {
-    *error = ASCIIToUTF16(errors::kInvalidFileFiltersList);
-    return NULL;
-  }
-  for (size_t i = 0; i < list_value->GetSize(); ++i) {
-    std::string filter;
-    if (!list_value->GetString(i, &filter)) {
-      *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
-          errors::kInvalidFileFilterValue, base::IntToString(i));
+  // Initialize access permissions (optional).
+  ListValue* access_list_value = NULL;
+  if (file_browser_handler->HasKey(keys::kFileAccessList)) {
+    if (!file_browser_handler->GetList(keys::kFileAccessList,
+                                       &access_list_value) ||
+        access_list_value->empty()) {
+      *error = ASCIIToUTF16(errors::kInvalidFileAccessList);
       return NULL;
     }
-    StringToLowerASCII(&filter);
-    URLPattern pattern(URLPattern::SCHEME_FILESYSTEM);
-    if (pattern.Parse(filter) != URLPattern::PARSE_SUCCESS) {
-      *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
-          errors::kInvalidURLPatternError, filter);
-      return NULL;
+    for (size_t i = 0; i < access_list_value->GetSize(); ++i) {
+      std::string access;
+      if (!access_list_value->GetString(i, &access) ||
+          result->AddFileAccessPermission(access)) {
+        *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
+            errors::kInvalidFileAccessValue, base::IntToString(i));
+        return NULL;
+      }
     }
-    std::string path = pattern.path();
-    bool allowed = path == "*" || path == "*.*" ||
-        (path.compare(0, 2, "*.") == 0 &&
-         path.find_first_of('*', 2) == std::string::npos);
-    if (!allowed) {
-      *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
-          errors::kInvalidURLPatternError, filter);
+  }
+  if (!result->ValidateFileAccessPermissions()) {
+    *error = ASCIIToUTF16(errors::kInvalidFileAccessList);
+    return NULL;
+  }
+
+  // Initialize file filters (mandatory, unless "create" access is specified,
+  // in which case is ignored).
+  if (!result->HasCreateAccessPermission()) {
+    ListValue* list_value = NULL;
+    if (!file_browser_handler->HasKey(keys::kFileFilters) ||
+        !file_browser_handler->GetList(keys::kFileFilters, &list_value) ||
+        list_value->empty()) {
+      *error = ASCIIToUTF16(errors::kInvalidFileFiltersList);
       return NULL;
     }
-    result->AddPattern(pattern);
+    for (size_t i = 0; i < list_value->GetSize(); ++i) {
+      std::string filter;
+      if (!list_value->GetString(i, &filter)) {
+        *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
+            errors::kInvalidFileFilterValue, base::IntToString(i));
+        return NULL;
+      }
+      StringToLowerASCII(&filter);
+      URLPattern pattern(URLPattern::SCHEME_FILESYSTEM);
+      if (pattern.Parse(filter) != URLPattern::PARSE_SUCCESS) {
+        *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
+            errors::kInvalidURLPatternError, filter);
+        return NULL;
+      }
+      std::string path = pattern.path();
+      bool allowed = path == "*" || path == "*.*" ||
+          (path.compare(0, 2, "*.") == 0 &&
+           path.find_first_of('*', 2) == std::string::npos);
+      if (!allowed) {
+        *error = ExtensionErrorUtils::FormatErrorMessageUTF16(
+            errors::kInvalidURLPatternError, filter);
+        return NULL;
+      }
+      result->AddPattern(pattern);
+    }
   }
 
   std::string default_icon;
diff --git a/chrome/common/extensions/extension_manifest_constants.cc b/chrome/common/extensions/extension_manifest_constants.cc
index 67bef53..2494719 100644
--- a/chrome/common/extensions/extension_manifest_constants.cc
+++ b/chrome/common/extensions/extension_manifest_constants.cc
@@ -30,6 +30,7 @@ const char kDevToolsPage[] = "devtools_page";
 const char kEventName[] = "event_name";
 const char kExcludeGlobs[] = "exclude_globs";
 const char kExcludeMatches[] = "exclude_matches";
+const char kFileAccessList[] = "file_access";
 const char kFileFilters[] = "file_filters";
 const char kFileBrowserHandlers[] = "file_browser_handlers";
 const char kHomepageURL[] = "homepage_url";
@@ -224,6 +225,10 @@ const char kInvalidExcludeMatch[] =
     "Invalid value for 'content_scripts[*].exclude_matches[*]': *";
 const char kInvalidExcludeMatches[] =
     "Invalid value for 'content_scripts[*].exclude_matches'.";
+const char kInvalidFileAccessList[] =
+    "Invalid value for 'file_access'.";
+const char kInvalidFileAccessValue[] =
+    "Invalid value for 'file_access[*]'.";
 const char kInvalidFileBrowserHandler[] =
     "Invalid value for 'file_browser_handers'.";
 const char kInvalidFileFiltersList[] =
diff --git a/chrome/common/extensions/extension_manifest_constants.h b/chrome/common/extensions/extension_manifest_constants.h
index 764f901..17f1aaf 100644
--- a/chrome/common/extensions/extension_manifest_constants.h
+++ b/chrome/common/extensions/extension_manifest_constants.h
@@ -38,6 +38,7 @@ namespace extension_manifest_keys {
   extern const char kEventName[];
   extern const char kExcludeGlobs[];
   extern const char kExcludeMatches[];
+  extern const char kFileAccessList[];
   extern const char kFileFilters[];
   extern const char kFileBrowserHandlers[];
   extern const char kHomepageURL[];
@@ -190,6 +191,8 @@ namespace extension_manifest_errors {
   extern const char kInvalidDevToolsPage[];
   extern const char kInvalidExcludeMatch[];
   extern const char kInvalidExcludeMatches[];
+  extern const char kInvalidFileAccessList[];
+  extern const char kInvalidFileAccessValue[];
   extern const char kInvalidFileBrowserHandler[];
   extern const char kInvalidFileFiltersList[];
   extern const char kInvalidFileFilterValue[];
diff --git a/chrome/common/extensions/extension_manifests_unittest.cc b/chrome/common/extensions/extension_manifests_unittest.cc
index 94fd1cd..9548c67 100644
--- a/chrome/common/extensions/extension_manifests_unittest.cc
+++ b/chrome/common/extensions/extension_manifests_unittest.cc
@@ -983,6 +983,13 @@ TEST_F(ExtensionManifestTest, IsolatedApps) {
 
 
 TEST_F(ExtensionManifestTest, FileBrowserHandlers) {
+  LoadAndExpectError("filebrowser_invalid_access_permission.json",
+      ExtensionErrorUtils::FormatErrorMessage(
+          errors::kInvalidFileAccessValue, base::IntToString(1)));
+  LoadAndExpectError("filebrowser_invalid_access_permission_list.json",
+      errors::kInvalidFileAccessList);
+  LoadAndExpectError("filebrowser_invalid_empty_access_permission_list.json",
+      errors::kInvalidFileAccessList);
   LoadAndExpectError("filebrowser_invalid_actions_1.json",
       errors::kInvalidFileBrowserHandler);
   LoadAndExpectError("filebrowser_invalid_actions_2.json",
@@ -1014,6 +1021,23 @@ TEST_F(ExtensionManifestTest, FileBrowserHandlers) {
   ASSERT_EQ(patterns.patterns().size(), 1U);
   ASSERT_TRUE(action->MatchesURL(
       GURL("filesystem:chrome-extension://foo/local/test.txt")));
+  ASSERT_FALSE(action->HasCreateAccessPermission());
+  ASSERT_TRUE(action->CanRead());
+  ASSERT_TRUE(action->CanWrite());
+
+  scoped_refptr<Extension> create_extension(
+      LoadAndExpectSuccess("filebrowser_valid_with_create.json"));
+  ASSERT_TRUE(create_extension->file_browser_handlers() != NULL);
+  ASSERT_EQ(create_extension->file_browser_handlers()->size(), 1U);
+  const FileBrowserHandler* create_action =
+      create_extension->file_browser_handlers()->at(0).get();
+  EXPECT_EQ(create_action->title(), "Default title");
+  EXPECT_EQ(create_action->icon_path(), "icon.png");
+  const URLPatternSet& create_patterns = create_action->file_url_patterns();
+  ASSERT_EQ(create_patterns.patterns().size(), 0U);
+  ASSERT_TRUE(create_action->HasCreateAccessPermission());
+  ASSERT_FALSE(create_action->CanRead());
+  ASSERT_FALSE(create_action->CanWrite());
 }
 
 TEST_F(ExtensionManifestTest, FileManagerURLOverride) {
diff --git a/chrome/common/extensions/file_browser_handler.cc b/chrome/common/extensions/file_browser_handler.cc
index 784c990..58dea7c 100644
--- a/chrome/common/extensions/file_browser_handler.cc
+++ b/chrome/common/extensions/file_browser_handler.cc
@@ -1,13 +1,40 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/extensions/file_browser_handler.h"
 
+#include "base/logging.h"
 #include "chrome/common/extensions/url_pattern.h"
 #include "googleurl/src/gurl.h"
 
-FileBrowserHandler::FileBrowserHandler() {
+namespace {
+
+const char kReadAccessString[] = "read";
+const char kReadWriteAccessString[] = "read-write";
+const char kCreateAccessString[] = "create";
+
+unsigned int kPermissionsNotDefined = 0;
+unsigned int kReadPermission = 1;
+unsigned int kWritePermission = 1 << 1;
+unsigned int kCreatePermission = 1 << 2;
+unsigned int kInvalidPermission = 1 << 3;
+
+unsigned int GetAccessPermissionFlagFromString(const std::string& access_str) {
+  if (access_str == kReadAccessString)
+    return kReadPermission;
+  if (access_str == kReadWriteAccessString)
+    return kReadPermission | kWritePermission;
+  if (access_str == kCreateAccessString)
+    return kCreatePermission;
+  return kInvalidPermission;
+}
+
+}
+
+
+FileBrowserHandler::FileBrowserHandler()
+    : file_access_permission_flags_(kPermissionsNotDefined) {
 }
 
 FileBrowserHandler::~FileBrowserHandler() {
@@ -24,3 +51,39 @@ void FileBrowserHandler::ClearPatterns() {
 bool FileBrowserHandler::MatchesURL(const GURL& url) const {
   return url_set_.MatchesURL(url);
 }
+
+bool FileBrowserHandler::AddFileAccessPermission(
+    const std::string& access) {
+  file_access_permission_flags_ |= GetAccessPermissionFlagFromString(access);
+  return (file_access_permission_flags_ & kInvalidPermission) != 0U;
+}
+
+bool FileBrowserHandler::ValidateFileAccessPermissions() {
+  bool is_invalid = (file_access_permission_flags_ & kInvalidPermission) != 0U;
+  bool can_create = (file_access_permission_flags_ & kCreatePermission) != 0U;
+  bool can_read_or_write = (file_access_permission_flags_ &
+      (kReadPermission | kWritePermission)) != 0U;
+  if (is_invalid || (can_create && can_read_or_write)) {
+    file_access_permission_flags_ = kInvalidPermission;
+    return false;
+  }
+
+  if (file_access_permission_flags_ == kPermissionsNotDefined)
+    file_access_permission_flags_ = kReadPermission | kWritePermission;
+  return true;
+}
+
+bool FileBrowserHandler::CanRead() const {
+  DCHECK(!(file_access_permission_flags_ & kInvalidPermission));
+  return (file_access_permission_flags_ & kReadPermission) != 0;
+}
+
+bool FileBrowserHandler::CanWrite() const {
+  DCHECK(!(file_access_permission_flags_ & kInvalidPermission));
+  return (file_access_permission_flags_ & kWritePermission) != 0;
+}
+
+bool FileBrowserHandler::HasCreateAccessPermission() const {
+  DCHECK(!(file_access_permission_flags_ & kInvalidPermission));
+  return (file_access_permission_flags_ & kCreatePermission) != 0;
+}
diff --git a/chrome/common/extensions/file_browser_handler.h b/chrome/common/extensions/file_browser_handler.h
index d407bf89..30720f6 100644
--- a/chrome/common/extensions/file_browser_handler.h
+++ b/chrome/common/extensions/file_browser_handler.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -50,6 +50,21 @@ class FileBrowserHandler {
     default_icon_path_ = path;
   }
 
+  // File access permissions.
+  // Adjusts file_access_permission_flags_ to allow specified permission.
+  bool AddFileAccessPermission(const std::string& permission_str);
+  // Checks that specified file access permissions are valid (all set
+  // permissions are valid and there is no other permission specified with
+  // "create")
+  // If no access permissions were set, initialize them to default value.
+  bool ValidateFileAccessPermissions();
+  // Checks if handler has read access.
+  bool CanRead() const;
+  // Checks if handler has write access.
+  bool CanWrite() const;
+  // Checks if handler has "create" access specified.
+  bool HasCreateAccessPermission() const;
+
  private:
   // The id for the extension this action belongs to (as defined in the
   // extension manifest).
@@ -58,6 +73,8 @@ class FileBrowserHandler {
   std::string default_icon_path_;
   // The id for the FileBrowserHandler, for example: "PdfFileAction".
   std::string id_;
+  unsigned int file_access_permission_flags_;
+
   // A list of file filters.
   URLPatternSet url_set_;
 };