Refactor and fix declarative webRequest API permissions

chrome/browser/extensions/api/declarative_webrequest/webrequest_action.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/declarative_webrequest/webrequest_action.h"
 
 #include <limits>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/stringprintf.h"
 #include "base/string_util.h"
 #include "base/utf_string_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/extensions/api/declarative_webrequest/request_stages.h"
 #include "chrome/browser/extensions/api/declarative_webrequest/webrequest_constants.h"
 #include "chrome/browser/extensions/api/web_request/web_request_api_helpers.h"
+#include "chrome/browser/extensions/api/web_request/web_request_permissions.h"
 #include "chrome/browser/extensions/extension_info_map.h"
 #include "chrome/common/extensions/extension.h"
 #include "net/url_request/url_request.h"
 
 namespace extensions {
 
 namespace helpers = extension_web_request_api_helpers;
 namespace keys = declarative_webrequest_constants;
 
 namespace {
@@ skipping 163 matching lines @@
 //
 
 WebRequestAction::WebRequestAction() {}
 
 WebRequestAction::~WebRequestAction() {}
 
 int WebRequestAction::GetMinimumPriority() const {
   return std::numeric_limits<int>::min();
 }
 
-bool WebRequestAction::HasPermission(const extensions::Extension* extension,
-                                     const net::URLRequest* request) const {
-  // TODO(battre): Consider the permission to access requests from the incognito
-  // profile.
-  // TODO(battre): There should be a single place to check permissions for both
-  // the WebRequest API and the Declarative WebRequest API.
-  if (helpers::HideRequest(request))
+bool WebRequestAction::HasPermission(const ExtensionInfoMap* extension_info_map,
+                                     const std::string& extension_id,
+                                     const net::URLRequest* request,
+                                     bool crosses_incognito) const {
+  if (WebRequestPermissions::HideRequest(request))
     return false;
-  if (extension && !helpers::CanExtensionAccessURL(extension, request->url()))
-    return false;
-  // System requests are passed to extensions without host permissions.
-  // This is the same behavior as found in
-  // ExtensionWebRequestEventRouter::GetMatchingListenersImpl.
+
+  // In unit tests we don't have an extension_info_map object here and skip host
+  // permission checks.
+  if (!extension_info_map)
+    return true;
+
+  return WebRequestPermissions::CanExtensionAccessURL(
+      extension_info_map, extension_id, request->url(), crosses_incognito,
+      ShouldEnforceHostPermissions());
+}
+
+bool WebRequestAction::ShouldEnforceHostPermissions() const {
   return true;
 }
 
 // static
 scoped_ptr<WebRequestAction> WebRequestAction::Create(
     const base::Value& json_action,
     std::string* error,
     bool* bad_message) {
   *error = "";
   *bad_message = false;
@@ skipping 41 matching lines @@
         WebRequestAction::Create((*i)->value(), error, bad_message);
     if (!error->empty() || *bad_message)
       return scoped_ptr<WebRequestActionSet>(NULL);
     result.push_back(make_linked_ptr(action.release()));
   }
 
   return scoped_ptr<WebRequestActionSet>(new WebRequestActionSet(result));
 }
 
 std::list<LinkedPtrEventResponseDelta> WebRequestActionSet::CreateDeltas(
-    const extensions::Extension* extension,
+    const ExtensionInfoMap* extension_info_map,
+    const std::string& extension_id,
     net::URLRequest* request,
+    bool crosses_incognito,
     RequestStages request_stage,
     const WebRequestRule::OptionalRequestData& optional_request_data,
-    const std::string& extension_id,
     const base::Time& extension_install_time) const {
   std::list<LinkedPtrEventResponseDelta> result;
   for (Actions::const_iterator i = actions_.begin(); i != actions_.end(); ++i) {
-    if (!(*i)->HasPermission(extension, request))
+    if (!(*i)->HasPermission(extension_info_map, extension_id, request,
+                             crosses_incognito))
       continue;
     if ((*i)->GetStages() & request_stage) {
       LinkedPtrEventResponseDelta delta = (*i)->CreateDelta(request,
           request_stage, optional_request_data, extension_id,
           extension_install_time);
       if (delta.get())
         result.push_back(delta);
     }
   }
   return result;
@@ skipping 81 matching lines @@
 
 int WebRequestRedirectToTransparentImageAction::GetStages() const {
   return ON_BEFORE_REQUEST;
 }
 
 WebRequestAction::Type
 WebRequestRedirectToTransparentImageAction::GetType() const {
   return WebRequestAction::ACTION_REDIRECT_TO_TRANSPARENT_IMAGE;
 }
 
-bool WebRequestRedirectToTransparentImageAction::HasPermission(
-    const extensions::Extension* extension,
-    const net::URLRequest* request) const {
-  // TODO(battre): Consider the permission to access requests from the incognito
-  // profile.
-  return true;
+bool WebRequestRedirectToTransparentImageAction::ShouldEnforceHostPermissions()
+    const {
+  return false;
 }
 
 LinkedPtrEventResponseDelta
 WebRequestRedirectToTransparentImageAction::CreateDelta(
     net::URLRequest* request,
     RequestStages request_stage,
     const WebRequestRule::OptionalRequestData& optional_request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_stage & GetStages());
@@ skipping 15 matching lines @@
 
 int WebRequestRedirectToEmptyDocumentAction::GetStages() const {
   return ON_BEFORE_REQUEST;
 }
 
 WebRequestAction::Type
 WebRequestRedirectToEmptyDocumentAction::GetType() const {
   return WebRequestAction::ACTION_REDIRECT_TO_EMPTY_DOCUMENT;
 }
 
-bool WebRequestRedirectToEmptyDocumentAction::HasPermission(
-    const extensions::Extension* extension,
-    const net::URLRequest* request) const {
-  return true;
+bool
+WebRequestRedirectToEmptyDocumentAction::ShouldEnforceHostPermissions() const {
+  return false;
 }
 
 LinkedPtrEventResponseDelta
 WebRequestRedirectToEmptyDocumentAction::CreateDelta(
     net::URLRequest* request,
     RequestStages request_stage,
     const WebRequestRule::OptionalRequestData& optional_request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_stage & GetStages());
@@ skipping 297 matching lines @@
 }
 
 WebRequestAction::Type WebRequestIgnoreRulesAction::GetType() const {
   return WebRequestAction::ACTION_IGNORE_RULES;
 }
 
 int WebRequestIgnoreRulesAction::GetMinimumPriority() const {
   return minimum_priority_;
 }
 
-bool WebRequestIgnoreRulesAction::HasPermission(
-    const extensions::Extension* extension,
-    const net::URLRequest* request) const {
-  return true;
+bool WebRequestIgnoreRulesAction::ShouldEnforceHostPermissions() const {
+  return false;
 }
 
 LinkedPtrEventResponseDelta WebRequestIgnoreRulesAction::CreateDelta(
     net::URLRequest* request,
     RequestStages request_stage,
     const WebRequestRule::OptionalRequestData& optional_request_data,
     const std::string& extension_id,
     const base::Time& extension_install_time) const {
   CHECK(request_stage & GetStages());
   return LinkedPtrEventResponseDelta(NULL);
 }
 
 }  // namespace extensions