Make widget web view request system permissions for camera and microphone (PSF-1061)

[Johennes]

Type of change

• Feature
• Bugfix
• Technical
• Other :

Content

Previously the widget web view prompted to grant the widget permissions but it didn't actually request those permissions from the system. So if the web view requested, e.g. the camera permission but the app hadn't previously been granted that permission, the web view wouldn't get camera access even when the widget permission request had been confirmed.

With this change, the app will also request camera and microphone permissions from the system when needed.

Motivation and context

The concrete use case that led to this change is running Element Call in a widget web view after a fresh app install (where no system permissions have been granted before and so the widget would never actually get camera or microphone access).

Screenshots / GIFs

Before this change, only the widget permission dialog was displayed:

After this change, once the widget permission dialog is confirmed, the actual system permission dialogs appear (unless permission has already been granted before):

Tests

• Perform a clean app install or reset the app's camera & microphone permissions
• Join #ecwidgettest:matrix.org
• Tap through into Element Call in the widget web view
• Confirm the widget permission dialog
• Notice the new system permission dialogs

Tested devices

• Physical
• Emulator
• OS version(s): 12

Checklist

• Changes has been tested on an Android device or Android emulator with API 21
• UI change has been tested on both light and dark themes
• Accessibility has been taken into account. See https://github.com/vector-im/element-android/blob/develop/CONTRIBUTING.md#accessibility
• Pull request is based on the develop branch
• Pull request includes a new file under ./changelog.d. See https://github.com/vector-im/element-android/blob/develop/CONTRIBUTING.md#changelog
• Pull request includes screenshots or videos if containing UI changes
• Pull request includes a sign off
• You've made a self review of your PR
• If you have modified the screen flow, or added new screens to the application, you have updated the test UiAllScreensSanityTest.allScreensTest()

[github-actions]

Unit Test Results

146 files  +  4  146 suites  +4   2m 9s ⏱️ -21s
235 tests +  6  235 ✔️ +  6  0 💤 ±0  0 ❌ ±0 
784 runs  +24  784 ✔️ +24  0 💤 ±0  0 ❌ ±0 

Results for commit 4ebb26d. ± Comparison against base commit 483b1ab.

♻️ This comment has been updated with latest results.

[ouchadam]

I'm a little weary of including mutable static state in the object instance, would prefer for this class to become instantiable (and then injected where needed) or have the activity/fragment to hold on to the state instead

what do you think?

[Johennes]

I had also thought of this, yeah. I had previously decided against putting the state into the fragment because that way state and logic are split between the fragment and WebviewPermissionUtils which I found harder to reason about. I made the utils into a normal class now and used a private instance variable on the fragment. If this needs to be injectable, I might need some help with that. 🙈

[ouchadam]

is there a case where we would call onPermissionResult without having a valid permissionRequest available?

I would lean towards throwing instead of silently swallowing the missing promptForPermissions (if the ordering is implicitly required)

[Johennes]

No, that shouldn't happen, I believe. The order is required as you say. I've added an NPE instead of the let. Let me know if that's what you had in mind.

[ouchadam]

sounds good to me, thanks! 💯

[ouchadam]

tiny nit - semantically it could be cleaner to avoid mapping within the filter, then the filter could be replaced with an any, extensions can also be created to help avoid needing inline comments

val permissions = selectedWebPermissions
  .onlySupportedAndroidPermissions()
  .mapWithResult(result) 

when {
  permissions.any { (_, isGranted) -> isGranted } ->  {
    request.grant(permissions.map { (name, _ ) -> name }.toTypedArray())
  }
  else -> deny()
}
reset()


private fun List<String>.onlySupportedAndroidPermissions() = filter { webPermissionToAndroidPermission(it) != null }

private fun List<String>.mapWithResult(result: Map<String, Boolean>) = mapNotNull { permission ->
  result[permission]?.let{ isGranted -> permission to isGranted }
}

[Johennes]

Hm, I think in this snippet we'd put the Android permission strings into request.grant(...), right? We have to put the web permission strings into that one. That's essentially the reason why I mapped inside the filter.

[Johennes]

I agree that the filter clause isn't very easy to parse though. ☹️

[ouchadam]

ah I see! 🤦 yeah there's a few steps happening here but the scope small and it gets the job done (which is why this is an opinionated non blocking nit from me 😄 )

EDIT - updated the snippet to filter by android permissions instead of mapping to them

[Johennes]

This kept nagging me so I added a unit test for this part to be able to safely change the implementation. I found that your updated snippet still doesn't work, sadly.

First, onlySupportedAndroidPermissions is actually not needed / desired because there are web permissions such as PermissionRequest.RESOURCE_PROTECTED_MEDIA_ID for which (I think) no Android system permission exists. In those cases we still want to grant those permissions to the web view (based on the fact that the user confirmed them in the widget permission dialog) so we can't filter them out.

Secondly, the chained call of mapWithResult uses the web permission string as key in the Android permission result map which will always result in null.

I've tried to resolve this but in the end it comes down to having the current complicated filter/map logic inside mapWithResult which seemed more or less equivalent to what I have now. 😕

At least we have the tests now though so this endeavor hasn't been in vein. 😀

[ouchadam]

if we want to inject this via dagger (not really needed whilst the WebviewPermissionUtils has no dependencies of its own) we can include the instance via the injectable constructor of the fragment

WidgetFragment @Inject constructor() 

becomes...

WidgetFragment @Inject constructor(
  private val permissionUtils: WebviewPermissionUtils
) 

and the WebviewPermissionUtils itself will need to be marked as injectable

class WebviewPermissionUtils @Inject constructor()

Fragments in Element are injectable because of the fragment module

[Johennes]

Ah nice! Thanks a lot for explaining. Made the change to be a good citizen and help remember for next time. 🙂

[ouchadam]

future us will appreciate the injectable boilerplate being done 😄

[mnaturel]

I have added small comments. I need to test it.

[mnaturel]

Do we want the PSF number into the changelog entry?

[Johennes]

Happy to remove it but having it in the changelog / release notes would allow us to directly cross reference with Jira. I think it's essentially also not better or worse than including it in commits and pull requests – which we already do today.

[ganfra]

This will be visible from the release page, so would be better to have a corresponding github issue...

[Johennes]

I assumed with the filename it'll link to this PR and, therefore, had intentionally explained the issue that is fixed in detail up in the description to avoid having to create a separate issue just to close it again.

[mnaturel]

I don't know if we could use existing methods in PermissionTools file to avoid having other logic for permissions handling?

[Johennes]

The registration methods available there, sadly don't expose the map of permission results: https://github.com/vector-im/element-android/blob/4094a66f3ce65d5fa92ac31b7749c731b3f33cf5/vector/src/main/java/im/vector/app/core/utils/PermissionsTools.kt#L67

[mnaturel]

After some tests, I have a remark concerning the UX:
Even if I granted the microphone permission once, the dialog with checkboxes to request permission appears again. I am wondering if we could directly request Android permissions without the extra dialog with checkboxes? It will be less painful for users.

[ganfra]

Just small remarks otherwise LGTM

[Johennes]

After some tests, I have a remark concerning the UX: Even if I granted the microphone permission once, the dialog with checkboxes to request permission appears again. I am wondering if we could directly request Android permissions without the extra dialog with checkboxes? It will be less painful for users.

The reason the intermediate dialog is needed is that the app currently doesn't keep track of which widget runs in the web view. So if we wouldn't always show the first prompt, then the second prompt would effectively grant the permission to all widgets – which we likely don't want.

I agree that the UX isn't particularly great. This PR was only meant to fix the bug where the web view wasn't actually granted the permission though. We already have https://element-io.atlassian.net/browse/PSF-1033 (Web view permissions are not persisted - Android) to persist the permissions per widget which can serve as the basis for generally improving the flow.

[github-actions]

Matrix SDK

Integration Tests Results:

• [org.matrix.android.sdk.session]
  = passed=20 failures=0 errors=0 skipped=3
• [org.matrix.android.sdk.account]
  = passed=3 failures=0 errors=0 skipped=2
• [org.matrix.android.sdk.internal]
  = passed=27 failures=1 errors=0 skipped=1
• [org.matrix.android.sdk.ordering]
  = passed=16 failures=0 errors=0 skipped=0
• [org.matrix.android.sdk.PermalinkParserTest]
  = passed=2 failures=0 errors=0 skipped=0