1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_USERS_MULTI_PROFILE_USER_CONTROLLER_H_ 6#define CHROME_BROWSER_CHROMEOS_LOGIN_USERS_MULTI_PROFILE_USER_CONTROLLER_H_ 7 8#include <string> 9 10#include "base/basictypes.h" 11#include "base/memory/scoped_vector.h" 12 13class PrefChangeRegistrar; 14class PrefRegistrySimple; 15class PrefService; 16class Profile; 17 18namespace user_prefs { 19class PrefRegistrySyncable; 20} 21 22namespace chromeos { 23 24class MultiProfileUserControllerDelegate; 25class UserManager; 26 27// MultiProfileUserController decides whether a user is allowed to be in a 28// multi-profiles session. It caches the multi-profile user behavior pref backed 29// by user policy into local state so that the value is available before the 30// user login and checks if the meaning of the value is respected. 31class MultiProfileUserController { 32 public: 33 // Second return value of IsUserAllowedInSession(). 34 enum UserAllowedInSessionReason { 35 // User is allowed in multi-profile session. 36 ALLOWED, 37 38 // Owner of the device is not allowed to be added as a secondary user. 39 NOT_ALLOWED_OWNER_AS_SECONDARY, 40 41 // Not allowed since it is potentially "tainted" with policy-pushed 42 // certificates. 43 NOT_ALLOWED_POLICY_CERT_TAINTED, 44 45 // Not allowed since primary user is already "tainted" with policy-pushed 46 // certificates. 47 NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 48 49 // Not allowed since primary user policy forbids it to be part of 50 // multi-profiles session. 51 NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 52 53 // Not allowed since user policy forbids this user being part of 54 // multi-profiles session. Either 'primary-only' or 'not-allowed'. 55 NOT_ALLOWED_POLICY_FORBIDS 56 }; 57 58 MultiProfileUserController(MultiProfileUserControllerDelegate* delegate, 59 PrefService* local_state); 60 ~MultiProfileUserController(); 61 62 static void RegisterPrefs(PrefRegistrySimple* registry); 63 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 64 65 // Returns the cached policy value for |user_email|. 66 std::string GetCachedValue(const std::string& user_email) const; 67 68 // Returns primary user policy (only ALLOW, 69 // NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 70 // NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS) 71 static UserAllowedInSessionReason GetPrimaryUserPolicy(); 72 73 // Returns true if user allowed to be in the current session. If |reason| not 74 // null stores UserAllowedInSessionReason enum that describes actual reason. 75 bool IsUserAllowedInSession(const std::string& user_email, 76 UserAllowedInSessionReason* reason) const; 77 78 // Starts to observe the multiprofile user behavior pref of the given profile. 79 void StartObserving(Profile* user_profile); 80 81 // Removes the cached values for the given user. 82 void RemoveCachedValues(const std::string& user_email); 83 84 // Possible behavior values. 85 static const char kBehaviorUnrestricted[]; 86 static const char kBehaviorPrimaryOnly[]; 87 static const char kBehaviorNotAllowed[]; 88 static const char kBehaviorOwnerPrimaryOnly[]; 89 90 private: 91 friend class MultiProfileUserControllerTest; 92 93 // Sets the cached policy value. 94 void SetCachedValue(const std::string& user_email, 95 const std::string& behavior); 96 97 // Checks if all users are allowed in the current session. 98 void CheckSessionUsers(); 99 100 // Invoked when user behavior pref value changes. 101 void OnUserPrefChanged(Profile* profile); 102 103 MultiProfileUserControllerDelegate* delegate_; // Not owned. 104 PrefService* local_state_; // Not owned. 105 ScopedVector<PrefChangeRegistrar> pref_watchers_; 106 107 DISALLOW_COPY_AND_ASSIGN(MultiProfileUserController); 108}; 109 110} // namespace chromeos 111 112#endif // CHROME_BROWSER_CHROMEOS_LOGIN_USERS_MULTI_PROFILE_USER_CONTROLLER_H_ 113