Add a SigninAllowed policy.

chrome/browser/ui/webui/options/browser_options_handler.cc

Index: chrome/browser/ui/webui/options/browser_options_handler.cc
diff --git a/chrome/browser/ui/webui/options/browser_options_handler.cc b/chrome/browser/ui/webui/options/browser_options_handler.cc
index e8baece81c8c8b512448dd04ef77ac218b78d9a9..6406b4aab850e5f410efe4b407a21f9e797bc6b7 100644
--- a/chrome/browser/ui/webui/options/browser_options_handler.cc
+++ b/chrome/browser/ui/webui/options/browser_options_handler.cc
@@ -143,6 +143,12 @@ BrowserOptionsHandler::~BrowserOptionsHandler() {
   if (sync_service)
     sync_service->RemoveObserver(this);
 
+  SigninManager* signin =
+      SigninManagerFactory::GetInstance()->GetForProfile(
+          Profile::FromWebUI(web_ui()));
+  if (signin)
+    signin->RemoveSigninPrefObserver(this);
+
   if (default_browser_worker_.get())
     default_browser_worker_->ObserverDestroyed();
   if (template_url_service_)
@@ -576,6 +582,13 @@ void BrowserOptionsHandler::OnStateChanged() {
   SendProfilesInfo();
 }
 
+void BrowserOptionsHandler::OnSigninAllowedPrefChange(bool signin_allowed) {
+  web_ui()->CallJavascriptFunction("BrowserOptions.updateSyncState",
+                                   *GetSyncStateDictionary());
+
+  SendProfilesInfo();
+}
+
 void BrowserOptionsHandler::PageLoadStarted() {
   page_initialized_ = false;
 }
@@ -589,6 +602,11 @@ void BrowserOptionsHandler::InitializeHandler() {
   if (sync_service)
     sync_service->AddObserver(this);
 
+  SigninManager* signin =
+      SigninManagerFactory::GetInstance()->GetForProfile(profile);
+  if (signin)
+    signin->AddSigninPrefObserver(this);
+
   // Create our favicon data source.
   content::URLDataSource::Add(
       profile, new FaviconSource(profile, FaviconSource::FAVICON));
@@ -1057,7 +1075,10 @@ scoped_ptr<DictionaryValue> BrowserOptionsHandler::GetSyncStateDictionary() {
   scoped_ptr<DictionaryValue> sync_status(new DictionaryValue);
   ProfileSyncService* service(ProfileSyncServiceFactory::
       GetInstance()->GetForProfile(Profile::FromWebUI(web_ui())));
-  sync_status->SetBoolean("syncSystemEnabled", !!service);
+  SigninManager* signin = SigninManagerFactory::GetForProfile(
+      Profile::FromWebUI(web_ui()));
+  sync_status->SetBoolean("syncSystemEnabled",
+                          !!service && (!signin || signin->IsSigninAllowed()));

[Andrew T Wilson (Slow), 2013/02/04 15:41:48]

I don't think that signin can be null here so no need to check for it. If you
want to add a DCHECK(signin) that's fine.

[Andrew T Wilson (Slow), 2013/02/05 08:58:53]

Also, I'm changing the JS code to not hide the signin UI when sync is disabled.
So you'll want to pass a separate signinDisabled flag to browser_options.js and
use that to hide the signin UI rather than trying to piggy-back on
syncSystemEnabled.

[Adrian Kuegel, 2013/02/05 10:55:15]

Done.

   if (!service)
     return sync_status.Pass();
 
@@ -1067,8 +1088,6 @@ scoped_ptr<DictionaryValue> BrowserOptionsHandler::GetSyncStateDictionary() {
 
   string16 status_label;
   string16 link_label;
-  SigninManager* signin = SigninManagerFactory::GetForProfile(
-      Profile::FromWebUI(web_ui()));
 
   bool status_has_error = sync_ui_util::GetStatusLabels(
       service, *signin, sync_ui_util::WITH_HTML, &status_label, &link_label) ==