Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/resources/options/managed_user_settings.js

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 if (loadTimeData.getBoolean('managedUsersEnabled')) {
 
 cr.define('options', function() {
   /** @const */ var OptionsPage = options.OptionsPage;
   /** @const */ var SettingsDialog = options.SettingsDialog;
 
@@ skipping 10 matching lines @@
         this,
         'manageduser',
         loadTimeData.getString('managedUserSettingsPageTabTitle'),
         'managed-user-settings-page',
         $('managed-user-settings-confirm'),
         $('managed-user-settings-cancel'));
   }
 
   cr.addSingletonGetter(ManagedUserSettings);
 
+  var Authentication = {

[Bernhard Bauer, 2013/02/20 13:06:20]

I think we should prefix this with ManagedUser?

[Adrian Kuegel, 2013/02/20 13:28:26]

Done.

+    // The manager of the managed account is not authenticated.
+    UNAUTHENTICATED: 'unauthenticated',
+
+    // The authentication is currently being checked.
+    CHECKING: 'checking',
+
+    // The manager of the managed account is authenticated.
+    AUTHENTICATED: 'authenticated'
+  };
+
   ManagedUserSettings.prototype = {
     // Inherit from SettingsDialog.
     __proto__: SettingsDialog.prototype,
 
+    // The current authentication state of the manager of the managed account.
+    authenticationState: Authentication.UNAUTHENTICATED,
+
+    // Stores if the local passphrase of the manager of the managed account is
+    // set. If it is not set, no authentication is required.
+    isPassphraseSet: false,
+
     /**
      * Initialize the page.
      * @override
      */
     initializePage: function() {
       // Call base class implementation to start preference initialization.
       SettingsDialog.prototype.initializePage.call(this);
+      var self = this;
 
       $('get-content-packs-button').onclick = function(event) {
         window.open(loadTimeData.getString('getContentPacksURL'));
       };
 
       $('set-passphrase').onclick = function() {
         OptionsPage.navigateToPage('setPassphrase');
       };
 
+      $('use-passphrase-checkbox').onclick = function() {
+        $('set-passphrase').disabled = !$('use-passphrase-checkbox').checked;
+      };
+
+      $('unlock-settings').onclick = function() {
+        if (self.authenticationState == Authentication.CHECKING)
+          return;
+        chrome.send('displayPassphraseDialog',
+                    ['options.ManagedUserSettings.isAuthenticated']);
+        self.authenticationState = Authentication.CHECKING;
+      };
     },
     /** @override */
     handleConfirm: function() {
+      if ($('use-passphrase-checkbox').checked && !this.isPassphraseSet) {
+        OptionsPage.navigateToPage('setPassphrase');
+        return;
+      }
+      if (!$('use-passphrase-checkbox').checked)
+        chrome.send('resetPassphrase');
       chrome.send('confirmManagedUserSettings');
       SettingsDialog.prototype.handleConfirm.call(this);
     },
+    enableControls: function(enable) {
+      $('set-passphrase').disabled = !enable;
+      $('get-content-packs-button').disabled = !enable;
+      $('contentpacks-allow').setDisabled('notManagedUserModifiable', !enable);
+      $('contentpacks-warn').setDisabled('notManagedUserModifiable', !enable);
+      $('contentpacks-block').setDisabled('notManagedUserModifiable', !enable);
+      $('safe-search-checkbox').setDisabled(
+          'notManagedUserModifiable', !enable);
+      // TODO(akuegel): Add disable-signin-checkbox and
+      // disable-history-deletion-checkbox once these features are implemented
+      $('use-passphrase-checkbox').disabled = !enable;
+      $('unlock-settings').disabled = enable;
+    },
+    isAuthenticated_: function(success) {
+      if (success) {
+        this.authenticationState = Authentication.AUTHENTICATED;
+        this.enableControls(true);
+      } else {
+        this.authenticationState = Authentication.UNAUTHENTICATED;
+      }
+    },
+    didClosePage: function() {
+      // Reset the authentication of the custodian.
+      this.authenticationState = Authentication.UNAUTHENTICATED;
+      chrome.send('endAuthentication');
+    },
+  };
+
+  ManagedUserSettings.initializeSetPassphraseButton = function(hasPassphrase) {
+    $('set-passphrase').disabled = !hasPassphrase;
+    $('use-passphrase-checkbox').checked = hasPassphrase;
+    var instance = ManagedUserSettings.getInstance();
+    instance.isPassphraseSet = hasPassphrase;
+    if (hasPassphrase) {
+      instance.authenticationState = Authentication.UNAUTHENTICATED;
+      instance.enableControls(false);
+    } else {
+      instance.authenticationState = Authentication.AUTHENTICATED;
+      $('unlock-settings').disabled = true;
+    }
+  };
+
+  ManagedUserSettings.isAuthenticated = function(success) {
+    ManagedUserSettings.getInstance().isAuthenticated_(success);
+  };
+
+  ManagedUserSettings.passphraseChanged = function(isPassphraseSet) {
+    ManagedUserSettings.getInstance().isPassphraseSet = isPassphraseSet;
   };
 
   var ManagedUserSettingsForTesting = {
     getSetPassphraseButton: function() {
       return $('set-passphrase');
+    },
+    getUnlockButton: function() {
+      return $('unlock-settings');
     }
   };
 
-   // Export
+  // Export
   return {
     ManagedUserSettings: ManagedUserSettings,
-    ManagedUserSettingsForTesting: ManagedUserSettingsForTesting
+    ManagedUserSettingsForTesting: ManagedUserSettingsForTesting,
+    Authentication: Authentication
   };
 });
 
 }