chromium/ios/chrome/browser/webui/ui_bundled/policy/policy_ui.mm

// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#import "ios/chrome/browser/webui/ui_bundled/policy/policy_ui.h"

#import <memory>
#import <string>

#import "base/json/json_string_value_serializer.h"
#import "base/json/json_writer.h"
#import "components/grit/policy_resources.h"
#import "components/grit/policy_resources_map.h"
#import "components/policy/core/browser/policy_conversions.h"
#import "components/policy/core/common/policy_loader_common.h"
#import "components/policy/core/common/policy_logger.h"
#import "components/policy/core/common/policy_utils.h"
#import "components/policy/core/common/schema.h"
#import "components/policy/policy_constants.h"
#import "components/strings/grit/components_branded_strings.h"
#import "components/strings/grit/components_strings.h"
#import "components/version_info/version_info.h"
#import "components/version_ui/version_handler_helper.h"
#import "ios/chrome/browser/policy/model/browser_state_policy_connector.h"
#import "ios/chrome/browser/shared/model/profile/profile_ios.h"
#import "ios/chrome/browser/shared/model/url/chrome_url_constants.h"
#import "ios/chrome/browser/signin/model/authentication_service.h"
#import "ios/chrome/browser/signin/model/authentication_service_factory.h"
#import "ios/chrome/browser/webui/ui_bundled/policy/policy_ui_handler.h"
#import "ios/chrome/common/channel_info.h"
#import "ios/chrome/grit/ios_branded_strings.h"
#import "ios/web/public/webui/web_ui_ios.h"
#import "ios/web/public/webui/web_ui_ios_data_source.h"
#import "ios/web/public/webui/web_ui_ios_message_handler.h"
#import "ui/base/webui/web_ui_util.h"

namespace {

base::Value::List GetChromePolicyNames(ChromeBrowserState* browser_state) {
  policy::SchemaRegistry* registry =
      browser_state->GetPolicyConnector()->GetSchemaRegistry();
  scoped_refptr<policy::SchemaMap> schema_map = registry->schema_map();

  // Add Chrome policy names.
  base::Value::List chrome_policy_names;
  policy::PolicyNamespace chrome_namespace(policy::POLICY_DOMAIN_CHROME, "");
  const policy::Schema* chrome_schema = schema_map->GetSchema(chrome_namespace);
  for (auto it = chrome_schema->GetPropertiesIterator(); !it.IsAtEnd();
       it.Advance()) {
    chrome_policy_names.Append(base::Value(it.key()));
  }

  chrome_policy_names.EraseIf([&](auto& policy) {
    return policy::IsPolicyNameSensitive(policy.GetString());
  });
  return chrome_policy_names;
}

// Returns the version information to be displayed on the chrome://policy/logs
// page.
base::Value::Dict GetVersionInfo() {
  base::Value::Dict version_info;

  version_info.Set("revision", version_info::GetLastChange());
  version_info.Set("version", version_info::GetVersionNumber());
  version_info.Set("deviceOs", "iOS");
  version_info.Set("variations", version_ui::GetVariationsList());

  return version_info;
}

web::WebUIIOSDataSource* CreatePolicyUIHtmlSource(
    ChromeBrowserState* chrome_browser_state) {
  web::WebUIIOSDataSource* source =
      web::WebUIIOSDataSource::Create(kChromeUIPolicyHost);
  PolicyUIHandler::AddCommonLocalizedStringsToSource(source);

  static constexpr webui::LocalizedString kStrings[] = {
      // Localized strings (alphabetical order).
      {"copyPoliciesJSON", IDS_COPY_POLICIES_JSON},
      {"exportPoliciesJSON", IDS_EXPORT_POLICIES_JSON},
      {"filterPlaceholder", IDS_POLICY_FILTER_PLACEHOLDER},
      {"hideExpandedStatus", IDS_POLICY_HIDE_EXPANDED_STATUS},
      {"isAffiliatedYes", IDS_POLICY_IS_AFFILIATED_YES},
      {"isAffiliatedNo", IDS_POLICY_IS_AFFILIATED_NO},
      {"labelAssetId", IDS_POLICY_LABEL_ASSET_ID},
      {"labelClientId", IDS_POLICY_LABEL_CLIENT_ID},
      {"labelDirectoryApiId", IDS_POLICY_LABEL_DIRECTORY_API_ID},
      {"labelError", IDS_POLICY_LABEL_ERROR},
      {"labelWarning", IDS_POLICY_HEADER_WARNING},
      {"labelGaiaId", IDS_POLICY_LABEL_GAIA_ID},
      {"labelIsAffiliated", IDS_POLICY_LABEL_IS_AFFILIATED},
      {"labelLastCloudReportSentTimestamp",
       IDS_POLICY_LABEL_LAST_CLOUD_REPORT_SENT_TIMESTAMP},
      {"labelLocation", IDS_POLICY_LABEL_LOCATION},
      {"labelMachineEnrollmentDomain",
       IDS_POLICY_LABEL_MACHINE_ENROLLMENT_DOMAIN},
      {"labelMachineEnrollmentMachineName",
       IDS_POLICY_LABEL_MACHINE_ENROLLMENT_MACHINE_NAME},
      {"labelMachineEnrollmentToken",
       IDS_POLICY_LABEL_MACHINE_ENROLLMENT_TOKEN},
      {"labelMachineEntrollmentDeviceId",
       IDS_POLICY_LABEL_MACHINE_ENROLLMENT_DEVICE_ID},
      {"labelIsOffHoursActive", IDS_POLICY_LABEL_IS_OFFHOURS_ACTIVE},
      {"labelPoliciesPush", IDS_POLICY_LABEL_PUSH_POLICIES},
      {"labelPrecedence", IDS_POLICY_LABEL_PRECEDENCE},
      {"labelProfileId", IDS_POLICY_LABEL_PROFILE_ID},
      {"labelRefreshInterval", IDS_POLICY_LABEL_REFRESH_INTERVAL},
      {"labelStatus", IDS_POLICY_LABEL_STATUS},
      {"labelTimeSinceLastFetchAttempt",
       IDS_POLICY_LABEL_TIME_SINCE_LAST_FETCH_ATTEMPT},
      {"labelTimeSinceLastRefresh", IDS_POLICY_LABEL_TIME_SINCE_LAST_REFRESH},
      {"labelUsername", IDS_POLICY_LABEL_USERNAME},
      {"labelManagedBy", IDS_POLICY_LABEL_MANAGED_BY},
      {"labelVersion", IDS_POLICY_LABEL_VERSION},
      {"moreActions", IDS_POLICY_MORE_ACTIONS},
      {"noPoliciesSet", IDS_POLICY_NO_POLICIES_SET},
      {"offHoursActive", IDS_POLICY_OFFHOURS_ACTIVE},
      {"offHoursNotActive", IDS_POLICY_OFFHOURS_NOT_ACTIVE},
      {"policiesPushOff", IDS_POLICY_PUSH_POLICIES_OFF},
      {"policiesPushOn", IDS_POLICY_PUSH_POLICIES_ON},
      {"policyCopyValue", IDS_POLICY_COPY_VALUE},
      {"policyLearnMore", IDS_POLICY_LEARN_MORE},
      {"reloadPolicies", IDS_POLICY_RELOAD_POLICIES},
      {"showExpandedStatus", IDS_POLICY_SHOW_EXPANDED_STATUS},
      {"showLess", IDS_POLICY_SHOW_LESS},
      {"showMore", IDS_POLICY_SHOW_MORE},
      {"showUnset", IDS_POLICY_SHOW_UNSET},
      {"signinProfile", IDS_POLICY_SIGNIN_PROFILE},
      {"status", IDS_POLICY_STATUS},
      {"statusErrorManagedNoPolicy", IDS_POLICY_STATUS_ERROR_MANAGED_NO_POLICY},
      {"statusFlexOrgNoPolicy", IDS_POLICY_STATUS_FLEX_ORG_NO_POLICY},
      {"statusDevice", IDS_POLICY_STATUS_DEVICE},
      {"statusMachine", IDS_POLICY_STATUS_MACHINE},
      {"statusUser", IDS_POLICY_STATUS_USER},
      {"uploadReport", IDS_UPLOAD_REPORT},
      {"viewLogs", IDS_VIEW_POLICY_LOGS},
  };
  source->AddLocalizedStrings(kStrings);

  const bool allow_policy_test_page =
      PolicyUI::ShouldLoadTestPage(chrome_browser_state);

  // Test page should only load if testing is enabled.
  if (allow_policy_test_page) {
    // Localized strings for chrome://policy/test.
    static constexpr webui::LocalizedString kPolicyTestStrings[] = {
        {"testTitle", IDS_POLICY_TEST_TITLE},
        {"testRestart", IDS_POLICY_TEST_RESTART_AND_APPLY},
        {"testApply", IDS_POLICY_TEST_APPLY},
        {"testImport", IDS_POLICY_TEST_IMPORT},
        {"testDesc", IDS_POLICY_TEST_DESC},
        {"testRevertAppliedPolicies", IDS_POLICY_TEST_REVERT},
        {"testClearPolicies", IDS_CLEAR},
        {"testTableName", IDS_POLICY_HEADER_NAME},
        {"testTableSource", IDS_POLICY_HEADER_SOURCE},
        {"testTableScope", IDS_POLICY_TEST_TABLE_SCOPE},
        {"testTableLevel", IDS_POLICY_HEADER_LEVEL},
        {"testTableValue", IDS_POLICY_LABEL_VALUE},
        {"testTableRemove", IDS_REMOVE},
        {"testAdd", IDS_POLICY_TEST_ADD},
        {"testNameSelect", IDS_POLICY_SELECT_NAME},
        {"testTableNamespace", IDS_POLICY_HEADER_NAMESPACE},
        {"testTablePreset", IDS_POLICY_TEST_TABLE_PRESET},
        {"testTablePresetCustom", IDS_POLICY_TEST_PRESET_CUSTOM},
        {"testTablePresetLocalMachine", IDS_POLICY_TEST_PRESET_LOCAL_MACHINE},
        {"testTablePresetCloudAccount", IDS_POLICY_TEST_PRESET_CLOUD_ACCOUNT},
        {"testUserAffiliated", IDS_POLICY_TEST_USER_AFFILIATED},
    };

    source->AddLocalizedStrings(kPolicyTestStrings);
    source->AddResourcePath("test/policy_test.js",
                            IDR_POLICY_TEST_POLICY_TEST_JS);
    source->AddResourcePath("test/", IDR_POLICY_TEST_POLICY_TEST_HTML);
    source->AddResourcePath("test", IDR_POLICY_TEST_POLICY_TEST_HTML);

    // Create a string policy_names_to_types mapping policy names to their
    // input types.
    policy::Schema chrome_schema =
        policy::Schema::Wrap(policy::GetChromeSchemaData());
    base::Value::List policy_names = GetChromePolicyNames(chrome_browser_state);

    std::string schema;
    JSONStringValueSerializer serializer(&schema);
    serializer.Serialize(PolicyUI::GetSchema(chrome_browser_state));
    source->AddString("initialSchema", schema);

    // Strings for policy levels, scopes and sources.
    static constexpr webui::LocalizedString kPolicyTestTypes[] = {
        {"scopeUser", IDS_POLICY_SCOPE_USER},
        {"scopeDevice", IDS_POLICY_SCOPE_DEVICE},
        {"levelRecommended", IDS_POLICY_LEVEL_RECOMMENDED},
        {"levelMandatory", IDS_POLICY_LEVEL_MANDATORY},
        {"sourceEnterpriseDefault", IDS_POLICY_SOURCE_ENTERPRISE_DEFAULT},
        {"sourceCommandLine", IDS_POLICY_SOURCE_COMMAND_LINE},
        {"sourceCloud", IDS_POLICY_SOURCE_CLOUD},
        {"sourceActiveDirectory", IDS_POLICY_SOURCE_ACTIVE_DIRECTORY},
        {"sourcePlatform", IDS_POLICY_SOURCE_PLATFORM},
        {"sourceMerged", IDS_POLICY_SOURCE_MERGED},
        {"sourceCloudFromAsh", IDS_POLICY_SOURCE_CLOUD_FROM_ASH},
        {"sourceRestrictedManagedGuestSessionOverride",
         IDS_POLICY_SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE},
    };

    source->AddLocalizedStrings(kPolicyTestTypes);
  }

  source->AddString("acceptedPaths",
                    allow_policy_test_page ? "/|/test|/logs" : "/|/logs");
  // Localized strings for chrome://policy/logs.
  static constexpr webui::LocalizedString kPolicyLogsStrings[] = {
      {"browserName", IDS_IOS_PRODUCT_NAME},
      {"exportLogsJSON", IDS_EXPORT_POLICY_LOGS_JSON},
      {"logsTitle", IDS_POLICY_LOGS_TITLE},
      {"os", IDS_VERSION_UI_OS},
      {"refreshLogs", IDS_REFRESH_POLICY_LOGS},
      {"revision", IDS_VERSION_UI_REVISION},
      {"versionInfoLabel", IDS_VERSION_INFO},
      {"variations", IDS_VERSION_UI_VARIATIONS},
  };
  source->AddLocalizedStrings(kPolicyLogsStrings);

  source->UseStringsJs();

  source->AddBoolean("hideExportButton", true);

  source->AddResourcePaths(
      base::make_span(kPolicyResources, kPolicyResourcesSize));

  std::string variations_json_value;
  base::JSONWriter::Write(GetVersionInfo(), &variations_json_value);
  source->AddString("versionInfo", variations_json_value);

  source->AddResourcePath("logs/policy_logs.js",
                          IDR_POLICY_LOGS_POLICY_LOGS_JS);
  source->AddResourcePath("logs/", IDR_POLICY_LOGS_POLICY_LOGS_HTML);
  source->AddResourcePath("logs", IDR_POLICY_LOGS_POLICY_LOGS_HTML);

  source->SetDefaultResource(IDR_POLICY_POLICY_HTML);
  source->EnableReplaceI18nInJS();
  return source;
}

}  // namespace

PolicyUI::PolicyUI(web::WebUIIOS* web_ui, const std::string& host)
    : web::WebUIIOSController(web_ui, host) {
  web_ui->AddMessageHandler(std::make_unique<PolicyUIHandler>());
  ChromeBrowserState* chrome_browser_state =
      ChromeBrowserState::FromWebUIIOS(web_ui);
  web::WebUIIOSDataSource::Add(chrome_browser_state,
                               CreatePolicyUIHtmlSource(chrome_browser_state));
}

// static
bool PolicyUI::ShouldLoadTestPage(ChromeBrowserState* browser_state) {
  AuthenticationService* auth_service =
      AuthenticationServiceFactory::GetForBrowserState(browser_state);
  // Test page should only load if testing is enabled and the profile is not
  // managed.
  return policy::utils::IsPolicyTestingEnabled(browser_state->GetPrefs(),
                                               GetChannel()) &&
         !auth_service->HasPrimaryIdentityManaged(
             signin::ConsentLevel::kSignin);
}

// static
base::Value PolicyUI::GetSchema(ChromeBrowserState* chrome_browser_state) {
  // Build a dictionary like this:
  // {
  //   "chrome": {
  //     "PolicyOne": "number",
  //     "PolicyTwo": "string",
  //     ...
  //   }
  // }
  // A dictionary is used to be consistent with other platforms sharing the
  // policy test page frontend implementation.
  base::Value::Dict dict;

  // Create a string policy_names_to_types mapping policy names to their
  // input types.
  policy::Schema chrome_schema =
      policy::Schema::Wrap(policy::GetChromeSchemaData());
  base::Value::List policy_names = GetChromePolicyNames(chrome_browser_state);

  // "chrome" is the only namespace on iOS.
  dict.Set("chrome", policy::utils::GetPolicyNameToTypeMapping(policy_names,
                                                               chrome_schema));

  return base::Value(std::move(dict));
}

PolicyUI::~PolicyUI() {}