Implement ephemeral users

chrome/browser/chromeos/login/user_manager.h

Index: chrome/browser/chromeos/login/user_manager.h
diff --git a/chrome/browser/chromeos/login/user_manager.h b/chrome/browser/chromeos/login/user_manager.h
index 6e70d7cccc4a2a00169a9fe6400573e316668955..38b959d58e95a6ba6b86f0369701dc2c2ea19056 100644
--- a/chrome/browser/chromeos/login/user_manager.h
+++ b/chrome/browser/chromeos/login/user_manager.h
@@ -48,12 +48,12 @@ class UserManager : public ProfileDownloaderDelegate,
   // Registers user manager preferences.
   static void RegisterPrefs(PrefService* local_state);
 
-  // Returns a list of the users who have logged into this device previously.
-  // It is sorted in order of recency, with most recent at the beginning.
+  // Returns a list of users who have logged into this device previously. This
+  // is sorted by last login date with the most recent user at the beginning.
   const UserList& GetUsers() const;
 
-  // Indicates that a user with the given email has just logged in.
-  // The persistent list will be updated accordingly.
+  // Indicates that a user with the given email has just logged in. The
+  // persistent list is updated accordingly if the user is not ephemeral.
   void UserLoggedIn(const std::string& email);
 
   // Indicates that user just logged on as the demo user.
@@ -72,10 +72,12 @@ class UserManager : public ProfileDownloaderDelegate,
   // picture.
   void RemoveUserFromList(const std::string& email);
 
-  // Returns true if given user has logged into the device before.
+  // Returns true if a user with the given email address is found in the
+  // persistent list or currently logged in as ephemeral.
   virtual bool IsKnownUser(const std::string& email) const;
 
-  // Returns a user with given email or |NULL| if no such user exists.
+  // Returns the user with the given email address if found in the persistent
+  // list or currently logged in as ephemeral. Returns |NULL| otherwise.
   const User* FindUser(const std::string& email) const;
 
   // Returns the logged-in user.
@@ -142,6 +144,11 @@ class UserManager : public ProfileDownloaderDelegate,
     return current_user_is_new_;
   }
 
+  // Accessor for current_user_is_ephemeral_.
+  bool current_user_is_ephemeral() const {
+    return current_user_is_ephemeral_;
+  }
+
   bool user_is_logged_in() const { return user_is_logged_in_; }
 
   // Returns true if we're logged in as a demo user.
@@ -180,10 +187,29 @@ class UserManager : public ProfileDownloaderDelegate,
   FilePath GetImagePathForUser(const std::string& username);
 
  private:
+  friend class UserManagerTest;
+
   // Loads |users_| from Local State if the list has not been loaded yet.
   // Subsequent calls have no effect. Must be called on the UI thread.
   void EnsureUsersLoaded();
 
+  // Retrieves trusted device policies and removes users from the persistent
+  // list if ephemeral users are enabled. Schedules a callback to itself if
+  // trusted device policies are not yet available.
+  void RetrieveTrustedDevicePolicies();
+
+  // Returns true if trusted device policies have successfully been retrieved
+  // and ephemeral users are enabled.
+  bool AreEphemeralUsersEnabled() const;
+
+  // Returns true if the user with the given email address is to be treated as
+  // ephemeral.
+  bool IsEphemeralUser(const std::string& email) const;
+
+  // Returns the user with the given email address if found in the persistent
+  // list. Returns |NULL| otherwise.
+  const User* FindUserInList(const std::string& email) const;
+
   // Makes stub user the current logged-in user (for test paths).
   void StubUserLoggedIn();
 
@@ -250,11 +276,15 @@ class UserManager : public ProfileDownloaderDelegate,
   // Creates a new User instance.
   User* CreateUser(const std::string& email) const;
 
+  // Removes all users except the owner from the device and sends
+  // NOTIFICATION_SYSTEM_SETTING_CHANGED.
+  void RemoveAllExceptOwnerFromList();
+
   // Loads user image from its file.
   scoped_refptr<UserImageLoader> image_loader_;
 
   // List of all known users. User instances are owned by |this| and deleted
-  // when a user is removed with |RemoveUser|.
+  // when users are removed with |RemoveUser| or |RemoveAllExceptOwnerFromList|.
   mutable UserList users_;
 
   // Map of users' display names used to determine which users have unique
@@ -271,8 +301,9 @@ class UserManager : public ProfileDownloaderDelegate,
   User stub_user_;
 
   // The logged-in user. NULL until a user has logged in, then points to one
-  // of the User instances in |users_| or to the |guest_user_| instance.
-  // In test paths without login points to the |stub_user_| instance.
+  // of the User instances in |users_|, the |guest_user_| instance or an
+  // ephemeral user instance. In test paths without login points to the
+  // |stub_user_| instance.
   User* logged_in_user_;
 
   // Cached flag of whether currently logged-in user is owner or not.
@@ -284,9 +315,20 @@ class UserManager : public ProfileDownloaderDelegate,
   // login.
   bool current_user_is_new_;
 
+  // Cached flag of whether the currently logged-in user is ephemeral.

[Nikita (slow), 2012/03/02 12:51:42]

Please expand this comment on what "currently logged-in user is ephemeral"
actually means. Otherwise this knowledge is not concentrated in one place.

[use bartfab instead, 2012/03/05 18:07:32]

Done.

+  bool current_user_is_ephemeral_;
+
   // Cached flag of whether any user is logged in at the moment.
   bool user_is_logged_in_;
 
+  // Pointer to cached flag indicating whether ephemeral users are enabled.
+  // |NULL| if the value has not been read from trusted device policy yet.
+  scoped_ptr<bool> ephemeral_users_enabled_;

[Ivan Korotkov, 2012/03/01 20:16:30]

I'm not sure if you really need the exact value from the policy. Why not just a
simple bool ephemeral_user_enabled_ = false and in RetrieveDevicePolicy() set it
to GetString(kAccountsPrefEphemeralUsersEnabled) && owner ? 

[use bartfab instead, 2012/03/05 18:07:32]

I changed it so that ephemeral_users_enabled_ is a plain bool defaulting to
false and owner_email_ is a plain std::string defaulting to "". With this
change, it is impossible to tell whether the ephemeral users setting is
explicitly set to false or has not been retrieved yet. Similarly, it is
impossible to tell whether the owner is "" (device enterprise owned) or has not
been retrieved yet. This is OK for the specific case of ephemeral users. The
previous code was more general and would have worked for other settings where
this distinction actually matters.

+
+  // Pointer to cached name of device owner. |NULL| if the value has not been
+  // read from trusted device policy.
+  scoped_ptr<std::string> owner_;

[Ivan Korotkov, 2012/03/01 20:16:30]

Please, rename this to owner_email_ as owner_ suggests that it is a User
instance.

[use bartfab instead, 2012/03/05 18:07:32]

Done.

+
   content::NotificationRegistrar registrar_;
 
   // Profile sync service which is observed to take actions after sync