Bug 1708289 - Implement AllowFileSelectionDialogs policy r=fluent-reviewers,mkaply,emilio,Gijs,bolsson,win-reviewers,rkraesig

Differential Revision: https://phabricator.services.mozilla.com/D199328

Author: gregorypappas

browser/base/content/browser.js

@@ -2009,6 +2009,34 @@ var gBrowserInit = {
           .getElementById("toolbar-menubar")
           .removeAttribute("toolbarname");
       }
+      if (!Services.policies.isAllowed("filepickers")) {
+        let savePageCommand = document.getElementById("Browser:SavePage");
+        let openFileCommand = document.getElementById("Browser:OpenFile");
+
+        savePageCommand.setAttribute("disabled", "true");
+        openFileCommand.setAttribute("disabled", "true");
+
+        document.addEventListener("FilePickerBlocked", function (event) {
+          let browser = event.target;
+
+          let notificationBox = browser
+            .getTabBrowser()
+            ?.getNotificationBox(browser);
+
+          // Prevent duplicate notifications
+          if (
+            notificationBox &&
+            !notificationBox.getNotificationWithValue("filepicker-blocked")
+          ) {
+            notificationBox.appendNotification("filepicker-blocked", {
+              label: {
+                "l10n-id": "filepicker-blocked-infobar",
+              },
+              priority: notificationBox.PRIORITY_INFO_LOW,
+            });
+          }
+        });
+      }
       let policies = Services.policies.getActivePolicies();
       if ("ManagedBookmarks" in policies) {
         let managedBookmarks = policies.ManagedBookmarks;

browser/base/content/nsContextMenu.js

@@ -615,6 +615,25 @@ class nsContextMenu {
       "disabled",
       !this.mediaURL || mediaIsBlob
     );
+
+    if (
+      Services.policies.status === Services.policies.ACTIVE &&
+      !Services.policies.isAllowed("filepickers")
+    ) {
+      // When file pickers are disallowed by enterprise policy,
+      // these items silently fail. So to avoid confusion, we
+      // disable them.
+      for (let item of [
+        "context-savepage",
+        "context-savelink",
+        "context-savevideo",
+        "context-saveaudio",
+        "context-video-saveimage",
+        "context-saveaudio",
+      ]) {
+        this.setItemAttr(item, "disabled", true);
+      }
+    }
   }
 
   initImageItems() {
@@ -651,6 +670,17 @@ class nsContextMenu {
       (this.onLoadedImage || this.onCanvas) && !this.inPDFEditor
     );
 
+    if (Services.policies.status === Services.policies.ACTIVE) {
+      // When file pickers are disallowed by enterprise policy,
+      // this item silently fails. So to avoid confusion, we
+      // disable it.
+      this.setItemAttr(
+        "context-saveimage",
+        "disabled",
+        !Services.policies.isAllowed("filepickers")
+      );
+    }
+
     // Copy image contents depends on whether we're on an image.
     // Note: the element doesn't exist on all platforms, but showItem() takes
     // care of that by itself.

browser/components/customizableui/CustomizableWidgets.sys.mjs

@@ -223,9 +223,8 @@ export const CustomizableWidgets = [
     id: "save-page-button",
     l10nId: "toolbar-button-save-page",
     shortcutId: "key_savePage",
-    onCommand(aEvent) {
-      let win = aEvent.target.ownerGlobal;
-      win.saveBrowser(win.gBrowser.selectedBrowser);
+    onCreated(aNode) {
+      aNode.setAttribute("command", "Browser:SavePage");
     },
   },
   {
@@ -252,9 +251,8 @@ export const CustomizableWidgets = [
     id: "open-file-button",
     l10nId: "toolbar-button-open-file",
     shortcutId: "openFileKb",
-    onCommand(aEvent) {
-      let win = aEvent.target.ownerGlobal;
-      win.BrowserOpenFileWindow();
+    onCreated(aNode) {
+      aNode.setAttribute("command", "Browser:OpenFile");
     },
   },
   {

browser/components/enterprisepolicies/Policies.sys.mjs

@@ -121,6 +121,16 @@ export var Policies = {
     },
   },
 
+  AllowFileSelectionDialogs: {
+    onBeforeUIStartup(manager, param) {
+      if (!param) {
+        setAndLockPref("widget.disable_file_pickers", true);
+        setAndLockPref("browser.download.useDownloadDir", true);
+        manager.disallowFeature("filepickers");
+      }
+    },
+  },
+
   AppAutoUpdate: {
     onBeforeUIStartup(manager, param) {
       // Logic feels a bit reversed here, but it's correct. If AppAutoUpdate is

browser/components/enterprisepolicies/schemas/policies-schema.json

@@ -20,6 +20,10 @@
       "type": "string"
     },
 
+    "AllowFileSelectionDialogs": {
+      "type": "boolean"
+    },
+
     "AppAutoUpdate": {
       "type": "boolean"
     },

browser/components/enterprisepolicies/tests/browser/browser.toml

@@ -23,6 +23,8 @@ skip-if = ["os != 'mac'"]
 
 ["browser_policies_setAndLockPref_API.js"]
 
+["browser_policy_allowfileselectiondialogs.js"]
+
 ["browser_policy_app_auto_update.js"]
 skip-if = ["os == 'win' && msix"] # Updater is disabled in MSIX builds
 

browser/components/enterprisepolicies/tests/browser/browser_policy_allowfileselectiondialogs.js

@@ -0,0 +1,166 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+add_setup(async function setup() {
+  await setupPolicyEngineWithJson({
+    policies: {
+      AllowFileSelectionDialogs: false,
+    },
+  });
+});
+
+add_task(async function test_file_commands_disabled() {
+  // Since testing will apply the policy after the browser has already started,
+  // we will need to open a new window to actually see changes from the policy
+  let newWin = await BrowserTestUtils.openNewBrowserWindow();
+
+  let savePageCommand = newWin.document.getElementById("Browser:SavePage");
+  let openFileCommand = newWin.document.getElementById("Browser:OpenFile");
+
+  Assert.equal(
+    savePageCommand.getAttribute("disabled"),
+    "true",
+    "Browser:SavePage command is disabled"
+  );
+  Assert.equal(
+    openFileCommand.getAttribute("disabled"),
+    "true",
+    "Browser:OpenFile command is disabled"
+  );
+  await BrowserTestUtils.closeWindow(newWin);
+});
+
+add_task(async function test_file_buttons_disabled() {
+  // Since testing will apply the policy after the browser has already started,
+  // we will need to open a new window to actually see changes from the policy
+  let newWin = await BrowserTestUtils.openNewBrowserWindow();
+
+  newWin.CustomizableUI.addWidgetToArea("save-page-button", "nav-bar");
+  newWin.CustomizableUI.addWidgetToArea("open-file-button", "nav-bar");
+
+  let savePageButton = newWin.document.getElementById("save-page-button");
+  let openFileButton = newWin.document.getElementById("open-file-button");
+
+  Assert.equal(
+    savePageButton.getAttribute("disabled"),
+    "true",
+    "save-page-button is disabled"
+  );
+  Assert.equal(
+    openFileButton.getAttribute("disabled"),
+    "true",
+    "open-file-button is disabled"
+  );
+
+  newWin.CustomizableUI.reset();
+  await BrowserTestUtils.closeWindow(newWin);
+});
+
+add_task(async function test_context_menu_items_disabled() {
+  await BrowserTestUtils.withNewTab("https://example.org/", async browser => {
+    let contextMenu = document.getElementById("contentAreaContextMenu");
+    let promiseContextMenuOpen = BrowserTestUtils.waitForEvent(
+      contextMenu,
+      "popupshown"
+    );
+
+    await BrowserTestUtils.synthesizeMouse(
+      "a",
+      0,
+      0,
+      {
+        type: "contextmenu",
+        button: 2,
+        centered: true,
+      },
+      browser
+    );
+
+    await promiseContextMenuOpen;
+
+    for (let item of [
+      "context-saveimage",
+      "context-savepage",
+      "context-savelink",
+      "context-savevideo",
+      "context-saveaudio",
+      "context-video-saveimage",
+      "context-saveaudio",
+    ]) {
+      Assert.equal(
+        document.getElementById(item).disabled,
+        true,
+        `${item} item is disabled`
+      );
+    }
+
+    contextMenu.hidePopup();
+  });
+});
+
+add_task(async function test_notification() {
+  // Since testing will apply the policy after the browser has already started,
+  // we will need to open a new window to actually see changes from the policy
+  let newWin = await BrowserTestUtils.openNewBrowserWindow();
+
+  await BrowserTestUtils.withNewTab(
+    { gBrowser: newWin.gBrowser, url: "https://example.org/" },
+    async browser => {
+      await SpecialPowers.spawn(browser, [], async function () {
+        let elem = content.document.createElement("input");
+        elem.setAttribute("type", "file");
+
+        content.document.notifyUserGestureActivation();
+        elem.showPicker();
+      });
+
+      let notificationBox = browser.getTabBrowser().getNotificationBox(browser);
+
+      let notification = await TestUtils.waitForCondition(() =>
+        notificationBox.getNotificationWithValue("filepicker-blocked")
+      );
+
+      Assert.ok(
+        notification,
+        "filepicker-blocked notification appears when showPicker is called"
+      );
+    }
+  );
+  await BrowserTestUtils.closeWindow(newWin);
+});
+
+add_task(async function test_cancel_event() {
+  await BrowserTestUtils.withNewTab("https://example.org/", async browser => {
+    let eventType = await SpecialPowers.spawn(browser, [], async function () {
+      let elem = content.document.createElement("input");
+      elem.setAttribute("type", "file");
+      let cancelPromise = new Promise(resolve =>
+        elem.addEventListener("cancel", resolve, { once: true })
+      );
+      content.document.notifyUserGestureActivation();
+      elem.showPicker();
+      let event = await cancelPromise;
+      return event.type;
+    });
+
+    Assert.equal(
+      eventType,
+      "cancel",
+      "cancel event should be dispatched when showPicker is called"
+    );
+  });
+});
+
+add_task(async function test_nsIFilePicker_open() {
+  let picker = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
+
+  picker.init(window, "", Ci.nsIFilePicker.modeSave);
+
+  let result = await new Promise(resolve => picker.open(res => resolve(res)));
+
+  Assert.equal(
+    result,
+    Ci.nsIFilePicker.returnCancel,
+    "nsIFilePicker.open callback should immediately answer returnCancel"
+  );
+});

browser/locales/en-US/browser/browser.ftl

@@ -956,6 +956,10 @@ tabs-toolbar-list-all-tabs =
 restore-session-startup-suggestion-message = <strong>Open previous tabs?</strong> You can restore your previous session from the { -brand-short-name } application menu <img data-l10n-name="icon"/>, under History.
 restore-session-startup-suggestion-button = Show me how
 
+## Infobar shown when the user tries to open a file picker and file pickers are blocked by enterprise policy
+
+filepicker-blocked-infobar = Your organization has blocked access to local files on this computer
+
 ## Mozilla data reporting notification (Telemetry, Firefox Health Report, etc)
 
 data-reporting-notification-message = { -brand-short-name } automatically sends some data to { -vendor-short-name } so that we can improve your experience.

browser/locales/en-US/browser/policies/policies-descriptions.ftl

@@ -13,6 +13,8 @@ policy-3rdparty = Set policies that WebExtensions can access via chrome.storage.
 
 policy-AllowedDomainsForApps = Define domains allowed to access Google Workspace.
 
+policy-AllowFileSelectionDialogs = Allow file selection dialogs.
+
 policy-AppAutoUpdate = Enable or disable automatic application update.
 
 policy-AppUpdatePin = Prevent { -brand-short-name } from being updated beyond the specified version.

modules/libpref/init/StaticPrefList.yaml

@@ -15483,6 +15483,11 @@
   value: false
   mirror: always
 
+- name: widget.disable_file_pickers
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
 - name: widget.window-transforms.disabled
   type: RelaxedAtomicBool
   value: false