// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MULTI_PROFILE_USER_CONTROLLER_H_
#define CHROME_BROWSER_CHROMEOS_LOGIN_MULTI_PROFILE_USER_CONTROLLER_H_
#include <string>
#include "base/basictypes.h"
#include "base/memory/scoped_vector.h"
class PrefChangeRegistrar;
class PrefRegistrySimple;
class PrefService;
class Profile;
namespace user_prefs {
class PrefRegistrySyncable;
}
namespace chromeos {
class MultiProfileUserControllerDelegate;
class UserManager;
// MultiProfileUserController decides whether a user is allowed to be in a
// multi-profiles session. It caches the multi-profile user behavior pref backed
// by user policy into local state so that the value is available before the
// user login and checks if the meaning of the value is respected.
class MultiProfileUserController {
public:
// Return value of IsUserAllowedInSession().
enum UserAllowedInSessionResult {
// User is allowed in multi-profile session.
ALLOWED,
// Owner of the device is not allowed to be added as a secondary user.
NOT_ALLOWED_OWNER_AS_SECONDARY,
// Not allowed since it is potentially "tainted" with policy-pushed
// certificates.
NOT_ALLOWED_POLICY_CERT_TAINTED,
// Not allowed since primary user is already "tainted" with policy-pushed
// certificates.
NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED,
// Not allowed since primary user policy forbids it to be part of
// multi-profiles session.
NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS,
// Not allowed since user policy forbids this user being part of
// multi-profiles session. Either 'primary-only' or 'not-allowed'.
NOT_ALLOWED_POLICY_FORBIDS
};
MultiProfileUserController(MultiProfileUserControllerDelegate* delegate,
PrefService* local_state);
~MultiProfileUserController();
static void RegisterPrefs(PrefRegistrySimple* registry);
static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
// Returns the cached policy value for |user_email|.
std::string GetCachedValue(const std::string& user_email) const;
// Returns UserAllowedInSessionResult enum that describe whether the user is
// allowed to be in the current session.
UserAllowedInSessionResult IsUserAllowedInSession(
const std::string& user_email) const;
// Starts to observe the multiprofile user behavior pref of the given profile.
void StartObserving(Profile* user_profile);
// Removes the cached values for the given user.
void RemoveCachedValues(const std::string& user_email);
// Possible behavior values.
static const char kBehaviorUnrestricted[];
static const char kBehaviorPrimaryOnly[];
static const char kBehaviorNotAllowed[];
private:
friend class MultiProfileUserControllerTest;
// Sets the cached policy value.
void SetCachedValue(const std::string& user_email,
const std::string& behavior);
// Checks if all users are allowed in the current session.
void CheckSessionUsers();
// Invoked when user behavior pref value changes.
void OnUserPrefChanged(Profile* profile);
MultiProfileUserControllerDelegate* delegate_; // Not owned.
PrefService* local_state_; // Not owned.
ScopedVector<PrefChangeRegistrar> pref_watchers_;
DISALLOW_COPY_AND_ASSIGN(MultiProfileUserController);
};
} // namespace chromeos
#endif // CHROME_BROWSER_CHROMEOS_LOGIN_MULTI_PROFILE_USER_CONTROLLER_H_