1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/user_manager/multi_user/multi_user_sign_in_policy_controller.h"
#include <utility>
#include "base/check_deref.h"
#include "base/functional/bind.h"
#include "components/prefs/pref_change_registrar.h"
#include "components/prefs/pref_registry_simple.h"
#include "components/prefs/pref_service.h"
#include "components/prefs/scoped_user_pref_update.h"
#include "components/user_manager/user.h"
#include "components/user_manager/user_manager.h"
#include "components/user_manager/user_manager_pref_names.h"
namespace user_manager {
MultiUserSignInPolicyController::MultiUserSignInPolicyController(
PrefService* local_state,
UserManager* user_manager)
: local_state_(local_state), user_manager_(user_manager) {
observation_.Observe(user_manager);
}
MultiUserSignInPolicyController::~MultiUserSignInPolicyController() = default;
// static
void MultiUserSignInPolicyController::RegisterPrefs(
PrefRegistrySimple* registry) {
registry->RegisterDictionaryPref(prefs::kCachedMultiProfileUserBehavior);
}
bool MultiUserSignInPolicyController::IsUserAllowedInSession(
const std::string& user_email) const {
const User* primary_user = user_manager_->GetPrimaryUser();
std::string primary_user_email;
if (primary_user) {
primary_user_email = primary_user->GetAccountId().GetUserEmail();
}
// Always allow if there is no primary user or user being checked is the
// primary user.
if (primary_user_email.empty() || primary_user_email == user_email) {
return true;
}
auto primary_user_policy = GetMultiUserSignInPolicy(primary_user);
if (primary_user_policy == MultiUserSignInPolicy::kNotAllowed) {
return false;
}
// The user must have 'unrestricted' policy to be a secondary user.
const auto policy = GetCachedValue(user_email);
return policy == MultiUserSignInPolicy::kUnrestricted;
}
void MultiUserSignInPolicyController::StartObserving(User& user) {
// Profile name could be empty during tests.
if (user.GetAccountId().GetUserEmail().empty() || !user.GetProfilePrefs()) {
return;
}
auto registrar = std::make_unique<PrefChangeRegistrar>();
registrar->Init(user.GetProfilePrefs());
registrar->Add(
prefs::kMultiProfileUserBehaviorPref,
base::BindRepeating(&MultiUserSignInPolicyController::OnUserPrefChanged,
base::Unretained(this), &user));
pref_watchers_.push_back(std::move(registrar));
OnUserPrefChanged(&user);
}
void MultiUserSignInPolicyController::StopObserving(const User& user) {
const auto* prefs = user.GetProfilePrefs();
std::erase_if(pref_watchers_, [prefs](auto& registrar) {
return registrar->prefs() == prefs;
});
}
void MultiUserSignInPolicyController::RemoveCachedValues(
std::string_view user_email) {
ScopedDictPrefUpdate update(local_state_,
prefs::kCachedMultiProfileUserBehavior);
update->Remove(user_email);
}
void MultiUserSignInPolicyController::OnUserProfileCreated(const User& user) {
if (user_manager_->IsUserLoggedIn() && !user_manager_->IsLoggedInAsGuest() &&
!user_manager_->IsLoggedInAsAnyKioskApp()) {
StartObserving(
CHECK_DEREF(user_manager_->FindUserAndModify(user.GetAccountId())));
}
}
void MultiUserSignInPolicyController::OnUserProfileWillBeDestroyed(
const User& user) {
StopObserving(user);
}
void MultiUserSignInPolicyController::OnUserToBeRemoved(
const AccountId& account_id) {
RemoveCachedValues(account_id.GetUserEmail());
}
MultiUserSignInPolicy MultiUserSignInPolicyController::GetCachedValue(
std::string_view user_email) const {
const base::Value::Dict& dict =
local_state_->GetDict(prefs::kCachedMultiProfileUserBehavior);
const std::string* value = dict.FindString(user_email);
if (!value) {
return MultiUserSignInPolicy::kUnrestricted;
}
return ParseMultiUserSignInPolicyPref(*value).value_or(
MultiUserSignInPolicy::kUnrestricted);
}
void MultiUserSignInPolicyController::SetCachedValue(
std::string_view user_email,
MultiUserSignInPolicy policy) {
ScopedDictPrefUpdate update(local_state_,
prefs::kCachedMultiProfileUserBehavior);
update->Set(user_email, MultiUserSignInPolicyToPrefValue(policy));
}
void MultiUserSignInPolicyController::CheckSessionUsers() {
for (const User* user : user_manager_->GetLoggedInUsers()) {
const std::string& user_email = user->GetAccountId().GetUserEmail();
if (!IsUserAllowedInSession(user_email)) {
user_manager_->NotifyUserNotAllowed(user_email);
return;
}
}
}
void MultiUserSignInPolicyController::OnUserPrefChanged(User* user) {
std::string user_email = user->GetAccountId().GetUserEmail();
CHECK(!user_email.empty());
PrefService* prefs = user->GetProfilePrefs();
if (prefs->FindPreference(prefs::kMultiProfileUserBehaviorPref)
->IsDefaultValue()) {
// Migration code to clear cached default behavior.
// TODO(xiyuan): Remove this after M35.
ScopedDictPrefUpdate update(local_state_,
prefs::kCachedMultiProfileUserBehavior);
update->Remove(user_email);
} else {
auto policy = ParseMultiUserSignInPolicyPref(
prefs->GetString(prefs::kMultiProfileUserBehaviorPref));
SetCachedValue(user_email,
policy.value_or(MultiUserSignInPolicy::kUnrestricted));
}
CheckSessionUsers();
}
} // namespace user_manager
|
