Add a SigninAllowed policy.

chrome/browser/signin/signin_manager.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // The signin manager encapsulates some functionality tracking
 // which user is signed in. When a user is signed in, a ClientLogin
 // request is run on their behalf. Auth tokens are fetched from Google
 // and the results are stored in the TokenService.
 //
 // **NOTE** on semantics of SigninManager:
 //
 // Once a signin is successful, the username becomes "established" and will not
 // be cleared until a SignOut operation is performed (persists across
 // restarts). Until that happens, the signin manager can still be used to
 // refresh credentials, but changing the username is not permitted.
 
 #ifndef CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
 #define CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
 
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/gtest_prod_util.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
 #include "base/prefs/public/pref_change_registrar.h"
+#include "base/prefs/public/pref_member.h"
 #include "chrome/browser/profiles/profile_keyed_service.h"
 #include "chrome/browser/signin/signin_internals_util.h"
 #include "chrome/browser/signin/ubertoken_fetcher.h"
 #include "content/public/browser/notification_observer.h"
 #include "content/public/browser/notification_registrar.h"
 #include "google_apis/gaia/gaia_auth_consumer.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/cookies/canonical_cookie.h"
 
 class CookieSettings;
 class GaiaAuthFetcher;
 class Profile;
+class ProfileIOData;
 class PrefService;
 class SigninGlobalError;
 
 // Details for the Notification type GOOGLE_SIGNIN_SUCCESSFUL.
 // A listener might use this to make note of a username / password
 // pair for encryption keys.
 struct GoogleServiceSigninSuccessDetails {
   GoogleServiceSigninSuccessDetails(const std::string& in_username,
                                     const std::string& in_password)
       : username(in_username),
@@ skipping 33 matching lines @@
   virtual ~SigninManager();
 
   // If user was signed in, load tokens from DB if available.
   void Initialize(Profile* profile);
   bool IsInitialized() const;
 
   // Returns true if the passed username is allowed by policy. Virtual for
   // mocking in tests.
   virtual bool IsAllowedUsername(const std::string& username) const;
 
+  // Returns true if a signin to Chrome is allowed (by policy or pref).
+  bool IsSigninAllowed() const;
+
+  // Checks if signin is allowed for the profile that owns |io_data|. This must
+  // be invoked on the IO thread, and can be used to check if signin is enabled
+  // on that thread.
+  static bool IsSigninAllowedOnIOThread(ProfileIOData* io_data);
+
   // If a user has previously established a username and SignOut has not been
   // called, this will return the username.
   // Otherwise, it will return an empty string.
   const std::string& GetAuthenticatedUsername() const;
 
   // Sets the user name.  Note: |username| should be already authenticated as
   // this is a sticky operation (in contrast to StartSignIn).
   // TODO(tim): Remove this in favor of passing username on construction by
   // (by platform / depending on StartBehavior). Bug 88109.
   void SetAuthenticatedUsername(const std::string& username);
@@ skipping 137 matching lines @@
 
   // ClientLogin identity.
   std::string possibly_invalid_username_;
   std::string password_;  // This is kept empty whenever possible.
   bool had_two_factor_error_;
 
   void CleanupNotificationRegistration();
 
   void OnGoogleServicesUsernamePatternChanged();
 
+  void OnSigninAllowedPrefChanged();
+
   // Helper methods to notify all registered diagnostics observers with.
   void NotifyDiagnosticsObservers(
       const signin_internals_util::UntimedSigninStatusField& field,
       const std::string& value);
   void NotifyDiagnosticsObservers(
       const signin_internals_util::TimedSigninStatusField& field,
       const std::string& value);
 
   // Result of the last client login, kept pending the lookup of the
   // canonical email.
   ClientLoginResult last_result_;
 
   // Actual client login handler.
   scoped_ptr<GaiaAuthFetcher> client_login_;
 
   // Registrar for notifications from the TokenService.
   content::NotificationRegistrar registrar_;
 
   // UbertokenFetcher to login to user to the web property.
   scoped_ptr<UbertokenFetcher> ubertoken_fetcher_;
 
   // Helper object to listen for changes to signin preferences stored in non-
   // profile-specific local prefs (like kGoogleServicesUsernamePattern).
   PrefChangeRegistrar local_state_pref_registrar_;
 
+  // Helper object to listen for changes to the signin allowed preference.
+  BooleanPrefMember signin_allowed_;
+
   // Actual username after successful authentication.
   std::string authenticated_username_;
 
   // The type of sign being performed.  This value is valid only between a call
   // to one of the StartSigninXXX methods and when the sign in is either
   // successful or not.
   SigninType type_;
 
   // Temporarily saves the oauth2 refresh and access tokens when signing in
   // with credentials.  These will be passed to TokenService so that it does
   // not need to mint new ones.
   ClientOAuthResult temp_oauth_login_tokens_;
 
   // The list of SigninDiagnosticObservers.
   ObserverList<signin_internals_util::SigninDiagnosticsObserver, true>
       signin_diagnostics_observers_;
 
   base::WeakPtrFactory<SigninManager> weak_pointer_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(SigninManager);
 };
 
 #endif  // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_