Revert "Have AccessService also take into consideration the ProductService and adopt it in ManageTrustedExtensionsForAccountActionImpl" (microsoft#252139)

Revert "Have AccessService also take into consideration the ProductService an…"

This reverts commit e760e15.

Author: joaomoreno

src/vs/workbench/contrib/authentication/browser/actions/manageTrustedExtensionsForAccountAction.ts

@@ -12,9 +12,11 @@ import { Action2 } from '../../../../../platform/actions/common/actions.js';
 import { ICommandService } from '../../../../../platform/commands/common/commands.js';
 import { IDialogService } from '../../../../../platform/dialogs/common/dialogs.js';
 import { IInstantiationService, ServicesAccessor } from '../../../../../platform/instantiation/common/instantiation.js';
+import { IProductService } from '../../../../../platform/product/common/productService.js';
 import { IQuickInputService, IQuickPickItem, IQuickPickSeparator } from '../../../../../platform/quickinput/common/quickInput.js';
+import { IAuthenticationAccessService } from '../../../../services/authentication/browser/authenticationAccessService.js';
+import { IAuthenticationUsageService } from '../../../../services/authentication/browser/authenticationUsageService.js';
 import { AllowedExtension, IAuthenticationService } from '../../../../services/authentication/common/authentication.js';
-import { IAuthenticationQueryService, IAccountQuery } from '../../../../services/authentication/common/authenticationQuery.js';
 import { IExtensionService } from '../../../../services/extensions/common/extensions.js';
 
 export class ManageTrustedExtensionsForAccountAction extends Action2 {
@@ -40,110 +42,133 @@ interface TrustedExtensionsQuickPickItem extends IQuickPickItem {
 
 class ManageTrustedExtensionsForAccountActionImpl {
 	constructor(
+		@IProductService private readonly _productService: IProductService,
 		@IExtensionService private readonly _extensionService: IExtensionService,
 		@IDialogService private readonly _dialogService: IDialogService,
 		@IQuickInputService private readonly _quickInputService: IQuickInputService,
 		@IAuthenticationService private readonly _authenticationService: IAuthenticationService,
-		@IAuthenticationQueryService private readonly _authenticationQueryService: IAuthenticationQueryService,
+		@IAuthenticationUsageService private readonly _authenticationUsageService: IAuthenticationUsageService,
+		@IAuthenticationAccessService private readonly _authenticationAccessService: IAuthenticationAccessService,
 		@ICommandService private readonly _commandService: ICommandService
 	) { }
 
 	async run(options?: { providerId: string; accountLabel: string }) {
-		const accountQuery = await this._resolveAccountQuery(options?.providerId, options?.accountLabel);
-		if (!accountQuery) {
+		const { providerId, accountLabel } = await this._resolveProviderAndAccountLabel(options?.providerId, options?.accountLabel);
+		if (!providerId || !accountLabel) {
 			return;
 		}
 
-		const items = await this._getItems(accountQuery);
+		const items = await this._getItems(providerId, accountLabel);
 		if (!items.length) {
 			return;
 		}
-		const picker = this._createQuickPick(accountQuery);
+		const disposables = new DisposableStore();
+		const picker = this._createQuickPick(disposables, providerId, accountLabel);
 		picker.items = items;
 		picker.selectedItems = items.filter((i): i is TrustedExtensionsQuickPickItem => i.type !== 'separator' && !!i.picked);
 		picker.show();
 	}
 
-	//#region Account Query Resolution
-
-	private async _resolveAccountQuery(providerId: string | undefined, accountLabel: string | undefined): Promise<IAccountQuery | undefined> {
-		if (providerId && accountLabel) {
-			return this._authenticationQueryService.provider(providerId).account(accountLabel);
-		}
-
-		const accounts = await this._getAllAvailableAccounts();
-		const pick = await this._quickInputService.pick(accounts, {
-			placeHolder: localize('pickAccount', "Pick an account to manage trusted extensions for"),
-			matchOnDescription: true,
-		});
-
-		return pick ? this._authenticationQueryService.provider(pick.providerId).account(pick.label) : undefined;
-	}
+	private async _resolveProviderAndAccountLabel(providerId: string | undefined, accountLabel: string | undefined) {
+		if (!providerId || !accountLabel) {
+			const accounts = new Array<{ providerId: string; providerLabel: string; accountLabel: string }>();
+			for (const id of this._authenticationService.getProviderIds()) {
+				const providerLabel = this._authenticationService.getProvider(id).label;
+				const sessions = await this._authenticationService.getSessions(id);
+				const uniqueAccountLabels = new Set<string>();
+				for (const session of sessions) {
+					if (!uniqueAccountLabels.has(session.account.label)) {
+						uniqueAccountLabels.add(session.account.label);
+						accounts.push({ providerId: id, providerLabel, accountLabel: session.account.label });
+					}
+				}
+			}
 
-	private async _getAllAvailableAccounts() {
-		const accounts = [];
-		for (const providerId of this._authenticationService.getProviderIds()) {
-			const provider = this._authenticationService.getProvider(providerId);
-			const sessions = await this._authenticationService.getSessions(providerId);
-			const uniqueLabels = new Set<string>();
-
-			for (const session of sessions) {
-				if (!uniqueLabels.has(session.account.label)) {
-					uniqueLabels.add(session.account.label);
-					accounts.push({
-						providerId,
-						label: session.account.label,
-						description: provider.label
-					});
+			const pick = await this._quickInputService.pick(
+				accounts.map(account => ({
+					providerId: account.providerId,
+					label: account.accountLabel,
+					description: account.providerLabel
+				})),
+				{
+					placeHolder: localize('pickAccount', "Pick an account to manage trusted extensions for"),
+					matchOnDescription: true,
 				}
+			);
+
+			if (pick) {
+				providerId = pick.providerId;
+				accountLabel = pick.label;
+			} else {
+				return { providerId: undefined, accountLabel: undefined };
 			}
 		}
-		return accounts;
+		return { providerId, accountLabel };
 	}
 
-	//#endregion
-
-	//#region Item Retrieval and Quick Pick Creation
-
-	private async _getItems(accountQuery: IAccountQuery) {
-		const allowedExtensions = accountQuery.extensions().getAllowedExtensions();
-		const extensionIdToDisplayName = new Map<string, string>();
-
-		// Get display names for all allowed extensions
+	private async _getItems(providerId: string, accountLabel: string) {
+		let allowedExtensions = this._authenticationAccessService.readAllowedExtensions(providerId, accountLabel);
+		// only include extensions that are installed
 		const resolvedExtensions = await Promise.all(allowedExtensions.map(ext => this._extensionService.getExtension(ext.id)));
-		resolvedExtensions.forEach((resolved, i) => {
-			if (resolved) {
-				extensionIdToDisplayName.set(allowedExtensions[i].id, resolved.displayName || resolved.name);
+		allowedExtensions = resolvedExtensions
+			.map((ext, i) => ext ? allowedExtensions[i] : undefined)
+			.filter(ext => !!ext);
+		const trustedExtensionAuthAccess = this._productService.trustedExtensionAuthAccess;
+		const trustedExtensionIds =
+			// Case 1: trustedExtensionAuthAccess is an array
+			Array.isArray(trustedExtensionAuthAccess)
+				? trustedExtensionAuthAccess
+				// Case 2: trustedExtensionAuthAccess is an object
+				: typeof trustedExtensionAuthAccess === 'object'
+					? trustedExtensionAuthAccess[providerId] ?? []
+					: [];
+		for (const extensionId of trustedExtensionIds) {
+			const allowedExtension = allowedExtensions.find(ext => ext.id === extensionId);
+			if (!allowedExtension) {
+				// Add the extension to the allowedExtensions list
+				const extension = await this._extensionService.getExtension(extensionId);
+				if (extension) {
+					allowedExtensions.push({
+						id: extensionId,
+						name: extension.displayName || extension.name,
+						allowed: true,
+						trusted: true
+					});
+				}
+			} else {
+				// Update the extension to be allowed
+				allowedExtension.allowed = true;
+				allowedExtension.trusted = true;
 			}
-		});
-
-		// Filter out extensions that are not currently installed and enrich with display names
-		const filteredExtensions = allowedExtensions
-			.filter(ext => extensionIdToDisplayName.has(ext.id))
-			.map(ext => {
-				const usage = accountQuery.extension(ext.id).getUsage();
-				return {
-					...ext,
-					// Use the extension display name from the extension service
-					name: extensionIdToDisplayName.get(ext.id)!,
-					lastUsed: usage.length > 0 ? Math.max(...usage.map(u => u.lastUsed)) : ext.lastUsed
-				};
-			});
+		}
 
-		if (!filteredExtensions.length) {
+		if (!allowedExtensions.length) {
 			this._dialogService.info(localize('noTrustedExtensions', "This account has not been used by any extensions."));
 			return [];
 		}
 
-		const trustedExtensions = filteredExtensions.filter(e => e.trusted);
-		const otherExtensions = filteredExtensions.filter(e => !e.trusted);
+		const usages = this._authenticationUsageService.readAccountUsages(providerId, accountLabel);
+		const trustedExtensions = [];
+		const otherExtensions = [];
+		for (const extension of allowedExtensions) {
+			const usage = usages.find(usage => extension.id === usage.extensionId);
+			extension.lastUsed = usage?.lastUsed;
+			if (extension.trusted) {
+				trustedExtensions.push(extension);
+			} else {
+				otherExtensions.push(extension);
+			}
+		}
+
 		const sortByLastUsed = (a: AllowedExtension, b: AllowedExtension) => (b.lastUsed || 0) - (a.lastUsed || 0);
 
-		return [
+		const items = [
 			...otherExtensions.sort(sortByLastUsed).map(this._toQuickPickItem),
 			{ type: 'separator', label: localize('trustedExtensions', "Trusted by Microsoft") } satisfies IQuickPickSeparator,
 			...trustedExtensions.sort(sortByLastUsed).map(this._toQuickPickItem)
 		];
+
+		return items;
 	}
 
 	private _toQuickPickItem(extension: AllowedExtension): TrustedExtensionsQuickPickItem {
@@ -171,39 +196,38 @@ class ManageTrustedExtensionsForAccountActionImpl {
 		};
 	}
 
-	private _createQuickPick(accountQuery: IAccountQuery) {
-		const disposableStore = new DisposableStore();
+	private _createQuickPick(disposableStore: DisposableStore, providerId: string, accountLabel: string) {
 		const quickPick = disposableStore.add(this._quickInputService.createQuickPick<TrustedExtensionsQuickPickItem>({ useSeparators: true }));
-
-		// Configure quick pick
 		quickPick.canSelectMany = true;
 		quickPick.customButton = true;
 		quickPick.customLabel = localize('manageTrustedExtensions.cancel', 'Cancel');
+
 		quickPick.title = localize('manageTrustedExtensions', "Manage Trusted Extensions");
 		quickPick.placeholder = localize('manageExtensions', "Choose which extensions can access this account");
 
-		// Set up event handlers
 		disposableStore.add(quickPick.onDidAccept(() => {
 			const updatedAllowedList = quickPick.items
 				.filter((item): item is TrustedExtensionsQuickPickItem => item.type !== 'separator')
 				.map(i => i.extension);
 
 			const allowedExtensionsSet = new Set(quickPick.selectedItems.map(i => i.extension));
-			for (const extension of updatedAllowedList) {
-				const allowed = allowedExtensionsSet.has(extension);
-				accountQuery.extension(extension.id).setAccessAllowed(allowed, extension.name);
-			}
+			updatedAllowedList.forEach(extension => {
+				extension.allowed = allowedExtensionsSet.has(extension);
+			});
+			this._authenticationAccessService.updateAllowedExtensions(providerId, accountLabel, updatedAllowedList);
 			quickPick.hide();
 		}));
 
-		disposableStore.add(quickPick.onDidHide(() => disposableStore.dispose()));
-		disposableStore.add(quickPick.onDidCustom(() => quickPick.hide()));
+		disposableStore.add(quickPick.onDidHide(() => {
+			disposableStore.dispose();
+		}));
+
+		disposableStore.add(quickPick.onDidCustom(() => {
+			quickPick.hide();
+		}));
 		disposableStore.add(quickPick.onDidTriggerItemButton(e =>
-			this._commandService.executeCommand('_manageAccountPreferencesForExtension', e.item.extension.id, accountQuery.providerId)
+			this._commandService.executeCommand('_manageAccountPreferencesForExtension', e.item.extension.id, providerId)
 		));
-
 		return quickPick;
 	}
-
-	//#endregion
 }

src/vs/workbench/services/authentication/browser/authenticationAccessService.ts

@@ -75,34 +75,6 @@ export class AuthenticationAccessService extends Disposable implements IAuthenti
 			}
 		} catch (err) { }
 
-		// Add trusted extensions from product.json if they're not already in the list
-		const trustedExtensionAuthAccess = this._productService.trustedExtensionAuthAccess;
-		const trustedExtensionIds =
-			// Case 1: trustedExtensionAuthAccess is an array
-			Array.isArray(trustedExtensionAuthAccess)
-				? trustedExtensionAuthAccess
-				// Case 2: trustedExtensionAuthAccess is an object
-				: typeof trustedExtensionAuthAccess === 'object'
-					? trustedExtensionAuthAccess[providerId] ?? []
-					: [];
-
-		for (const extensionId of trustedExtensionIds) {
-			const existingExtension = trustedExtensions.find(extension => extension.id === extensionId);
-			if (!existingExtension) {
-				// Add new trusted extension (name will be set by caller if they have extension info)
-				trustedExtensions.push({
-					id: extensionId,
-					name: extensionId, // Default to ID, caller can update with proper name
-					allowed: true,
-					trusted: true
-				});
-			} else {
-				// Update existing extension to be trusted
-				existingExtension.allowed = true;
-				existingExtension.trusted = true;
-			}
-		}
-
 		return trustedExtensions;
 	}
 
@@ -114,16 +86,9 @@ export class AuthenticationAccessService extends Disposable implements IAuthenti
 				allowList.push(extension);
 			} else {
 				allowList[index].allowed = extension.allowed;
-				// Update name if provided and not already set to a proper name
-				if (extension.name && extension.name !== extension.id && allowList[index].name !== extension.name) {
-					allowList[index].name = extension.name;
-				}
 			}
 		}
-
-		// Filter out trusted extensions before storing - they should only come from product.json, not user storage
-		const userManagedExtensions = allowList.filter(extension => !extension.trusted);
-		this._storageService.store(`${providerId}-${accountName}`, JSON.stringify(userManagedExtensions), StorageScope.APPLICATION, StorageTarget.USER);
+		this._storageService.store(`${providerId}-${accountName}`, JSON.stringify(allowList), StorageScope.APPLICATION, StorageTarget.USER);
 		this._onDidChangeExtensionSessionAccess.fire({ providerId, accountName });
 	}
 

src/vs/workbench/services/authentication/browser/authenticationQueryService.ts

@@ -122,12 +122,6 @@ class AccountExtensionQuery extends BaseQuery implements IAccountExtensionQuery
 		const preferredAccount = this.queryService.authenticationExtensionsService.getAccountPreference(this.extensionId, this.providerId);
 		return preferredAccount === this.accountName;
 	}
-
-	isTrusted(): boolean {
-		const allowedExtensions = this.queryService.authenticationAccessService.readAllowedExtensions(this.providerId, this.accountName);
-		const extension = allowedExtensions.find(ext => ext.id === this.extensionId);
-		return extension?.trusted === true;
-	}
 }
 
 /**
@@ -232,29 +226,9 @@ class AccountExtensionsQuery extends BaseQuery implements IAccountExtensionsQuer
 		super(providerId, queryService);
 	}
 
-	getAllowedExtensions(): { id: string; name: string; allowed?: boolean; lastUsed?: number; trusted?: boolean }[] {
+	getAllowedExtensionIds(): string[] {
 		const allowedExtensions = this.queryService.authenticationAccessService.readAllowedExtensions(this.providerId, this.accountName);
-		const usages = this.queryService.authenticationUsageService.readAccountUsages(this.providerId, this.accountName);
-
-		return allowedExtensions
-			.filter(ext => ext.allowed !== false)
-			.map(ext => {
-				// Find the most recent usage for this extension
-				const extensionUsages = usages.filter(usage => usage.extensionId === ext.id);
-				const lastUsed = extensionUsages.length > 0 ? Math.max(...extensionUsages.map(u => u.lastUsed)) : undefined;
-
-				// Check if trusted through the extension query
-				const extensionQuery = new AccountExtensionQuery(this.providerId, this.accountName, ext.id, this.queryService);
-				const trusted = extensionQuery.isTrusted();
-
-				return {
-					id: ext.id,
-					name: ext.name,
-					allowed: ext.allowed,
-					lastUsed,
-					trusted
-				};
-			});
+		return allowedExtensions.filter(ext => ext.allowed !== false).map(ext => ext.id);
 	}
 
 	allowAccess(extensionIds: string[]): void {

src/vs/workbench/services/authentication/common/authenticationQuery.ts

@@ -125,12 +125,6 @@ export interface IAccountExtensionQuery extends IBaseQuery {
 	 * Check if this account is the preferred account for this extension
 	 */
 	isPreferred(): boolean;
-
-	/**
-	 * Check if this extension is trusted (defined in product.json)
-	 * @returns True if the extension is trusted, false otherwise
-	 */
-	isTrusted(): boolean;
 }
 
 /**
@@ -200,10 +194,10 @@ export interface IAccountExtensionsQuery extends IBaseQuery {
 	readonly accountName: string;
 
 	/**
-	 * Get all extensions that have access to this account with their trusted state
-	 * @returns Array of objects containing extension data including trusted state
+	 * Get all extension IDs that have access to this account
+	 * @returns Array of extension IDs
 	 */
-	getAllowedExtensions(): { id: string; name: string; allowed?: boolean; lastUsed?: number; trusted?: boolean }[];
+	getAllowedExtensionIds(): string[];
 
 	/**
 	 * Grant access to this account for all specified extensions