1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_USERS_MULTI_PROFILE_USER_CONTROLLER_H_ 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_USERS_MULTI_PROFILE_USER_CONTROLLER_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/memory/scoped_vector.h" 12 13 class PrefChangeRegistrar; 14 class PrefRegistrySimple; 15 class PrefService; 16 class Profile; 17 18 namespace user_prefs { 19 class PrefRegistrySyncable; 20 } 21 22 namespace chromeos { 23 24 class MultiProfileUserControllerDelegate; 25 class UserManager; 26 27 // MultiProfileUserController decides whether a user is allowed to be in a 28 // multi-profiles session. It caches the multi-profile user behavior pref backed 29 // by user policy into local state so that the value is available before the 30 // user login and checks if the meaning of the value is respected. 31 class MultiProfileUserController { 32 public: 33 // Return value of IsUserAllowedInSession(). 34 enum UserAllowedInSessionResult { 35 // User is allowed in multi-profile session. 36 ALLOWED, 37 38 // Owner of the device is not allowed to be added as a secondary user. 39 NOT_ALLOWED_OWNER_AS_SECONDARY, 40 41 // Not allowed since it is potentially "tainted" with policy-pushed 42 // certificates. 43 NOT_ALLOWED_POLICY_CERT_TAINTED, 44 45 // Not allowed since primary user is already "tainted" with policy-pushed 46 // certificates. 47 NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 48 49 // Not allowed since primary user policy forbids it to be part of 50 // multi-profiles session. 51 NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 52 53 // Not allowed since user policy forbids this user being part of 54 // multi-profiles session. Either 'primary-only' or 'not-allowed'. 55 NOT_ALLOWED_POLICY_FORBIDS 56 }; 57 58 MultiProfileUserController(MultiProfileUserControllerDelegate* delegate, 59 PrefService* local_state); 60 ~MultiProfileUserController(); 61 62 static void RegisterPrefs(PrefRegistrySimple* registry); 63 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 64 65 // Returns the cached policy value for |user_email|. 66 std::string GetCachedValue(const std::string& user_email) const; 67 68 // Returns UserAllowedInSessionResult enum that describe whether the user is 69 // allowed to be in the current session. 70 UserAllowedInSessionResult IsUserAllowedInSession( 71 const std::string& user_email) const; 72 73 // Starts to observe the multiprofile user behavior pref of the given profile. 74 void StartObserving(Profile* user_profile); 75 76 // Removes the cached values for the given user. 77 void RemoveCachedValues(const std::string& user_email); 78 79 // Possible behavior values. 80 static const char kBehaviorUnrestricted[]; 81 static const char kBehaviorPrimaryOnly[]; 82 static const char kBehaviorNotAllowed[]; 83 static const char kBehaviorOwnerPrimaryOnly[]; 84 85 private: 86 friend class MultiProfileUserControllerTest; 87 88 // Sets the cached policy value. 89 void SetCachedValue(const std::string& user_email, 90 const std::string& behavior); 91 92 // Checks if all users are allowed in the current session. 93 void CheckSessionUsers(); 94 95 // Invoked when user behavior pref value changes. 96 void OnUserPrefChanged(Profile* profile); 97 98 MultiProfileUserControllerDelegate* delegate_; // Not owned. 99 PrefService* local_state_; // Not owned. 100 ScopedVector<PrefChangeRegistrar> pref_watchers_; 101 102 DISALLOW_COPY_AND_ASSIGN(MultiProfileUserController); 103 }; 104 105 } // namespace chromeos 106 107 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_USERS_MULTI_PROFILE_USER_CONTROLLER_H_ 108