chrome/browser/chromeos/login/screens/user_selection_screen.cc - Issue 2879393003: cros: No migration banner if user not allowed for ARC

Side by Side Diff: chrome/browser/chromeos/login/screens/user_selection_screen.cc

Issue 2879393003: cros: No migration banner if user not allowed for ARC (Closed)

Patch Set: Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/login/screens/user_selection_screen.h"	5 #include "chrome/browser/chromeos/login/screens/user_selection_screen.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <utility>	9 #include <utility>

10	10

(...skipping 131 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
142 return quick_unlock_storage->IsFingerprintAuthenticationAvailable();	142 return quick_unlock_storage->IsFingerprintAuthenticationAvailable();

143 }	143 }

144	144

145 // Returns true if dircrypto migration check should be performed.	145 // Returns true if dircrypto migration check should be performed.

146 bool ShouldCheckNeedDircryptoMigration() {	146 bool ShouldCheckNeedDircryptoMigration() {

147 return !base::CommandLine::ForCurrentProcess()->HasSwitch(	147 return !base::CommandLine::ForCurrentProcess()->HasSwitch(

148 switches::kDisableEncryptionMigration) &&	148 switches::kDisableEncryptionMigration) &&

149 arc::IsArcAvailable();	149 arc::IsArcAvailable();

150 }	150 }

151	151

	152 // Returns true if the user can run ARC based on the user type.

	153 bool IsUserAllowedForARC(const AccountId& account_id) {

	154 if (!user_manager::UserManager::IsInitialized())

	155 return false;

	156

	157 const user_manager::User* user =

	158 user_manager::UserManager::Get()->FindUser(account_id);

	159 if (!user)

	160 return false;

	161

	162 return user->HasGaiaAccount() \|\| (user->IsActiveDirectoryUser() &&
	kinaba 2017/05/16 05:12:39 Can this check filter out the profile->IsLegacySup Can this check filter out the profile->IsLegacySupervised() case in IsArcAllowedInAppListForProfile? (I believe it can because supervised users don't seem to have Gaia account), but just to confirm. xiyuan 2017/05/16 06:21:58 Yes, legacy supervised user is managed locally (i. Show quoted text On 2017/05/16 05:12:39, kinaba wrote: > Can this check filter out the > profile->IsLegacySupervised() > case in IsArcAllowedInAppListForProfile? (I believe it can because supervised > users don't seem to have Gaia account), but just to confirm. Yes, legacy supervised user is managed locally (i.e. they do not have Gaia accounts). So should be filtered out. I think it is the same as profile->IsLegacySupervised(). hidehiko 2017/05/16 06:31:54 What about Ephemeral case? Also, can the logic ac Show quoted text On 2017/05/16 06:21:58, xiyuan wrote: > On 2017/05/16 05:12:39, kinaba wrote: > > Can this check filter out the > > profile->IsLegacySupervised() > > case in IsArcAllowedInAppListForProfile? (I believe it can because supervised > > users don't seem to have Gaia account), but just to confirm. > > Yes, legacy supervised user is managed locally (i.e. they do not have Gaia > accounts). So should be filtered out. I think it is the same as > profile->IsLegacySupervised(). What about Ephemeral case? Also, can the logic across dirs be unified in some place (like components/arc/arc_util, etc.?) in later CL (not necessary to be done in this CL, but I think it is better for maintenance for consistency of the conditions)? kinaba 2017/05/16 07:20:11 I believe ephemeral users don't have homedir to mi Show quoted text On 2017/05/16 06:31:54, hidehiko wrote: > On 2017/05/16 06:21:58, xiyuan wrote: > > On 2017/05/16 05:12:39, kinaba wrote: > > > Can this check filter out the > > > profile->IsLegacySupervised() > > > case in IsArcAllowedInAppListForProfile? (I believe it can because > supervised > > > users don't seem to have Gaia account), but just to confirm. > > > > Yes, legacy supervised user is managed locally (i.e. they do not have Gaia > > accounts). So should be filtered out. I think it is the same as > > profile->IsLegacySupervised(). > > What about Ephemeral case? > > Also, can the logic across dirs be unified in some place (like > components/arc/arc_util, etc.?) in later CL (not necessary to be done in this > CL, but I think it is better for maintenance for consistency of the conditions)? I believe ephemeral users don't have homedir to migrate so it should be ok to ignore for this current purpose. (if there's no existing ecryptfs homedir the banner won't be shown.) That said I agree we want to have a unified source of this kind of check. Filing a crbug and landing this CL is fine for me though. xiyuan 2017/05/16 16:02:55 Correct. Ephemeral users would not have their cryp Show quoted text On 2017/05/16 07:20:11, kinaba wrote: > On 2017/05/16 06:31:54, hidehiko wrote: > > On 2017/05/16 06:21:58, xiyuan wrote: > > > On 2017/05/16 05:12:39, kinaba wrote: > > > > Can this check filter out the > > > > profile->IsLegacySupervised() > > > > case in IsArcAllowedInAppListForProfile? (I believe it can because > > supervised > > > > users don't seem to have Gaia account), but just to confirm. > > > > > > Yes, legacy supervised user is managed locally (i.e. they do not have Gaia > > > accounts). So should be filtered out. I think it is the same as > > > profile->IsLegacySupervised(). > > > > What about Ephemeral case? > > > > Also, can the logic across dirs be unified in some place (like > > components/arc/arc_util, etc.?) in later CL (not necessary to be done in this > > CL, but I think it is better for maintenance for consistency of the > conditions)? > > I believe ephemeral users don't have homedir to migrate so > it should be ok to ignore for this current purpose. > (if there's no existing ecryptfs homedir the banner won't be shown.) > > > That said I agree we want to have a unified source of this kind of check. > Filing a crbug and landing this CL is fine for me though. Correct. Ephemeral users would not have their cryptohome persisted and would not even have user pods on the login screen. The banner check logic would not run for them. Filed http://crbug.com/722876 for the follow up work.
	163 arc::IsArcAllowedForActiveDirectoryUsers());

	164 }

	165

152 } // namespace	166 } // namespace

153	167

154 // Helper class to call cryptohome to check whether a user needs dircrypto	168 // Helper class to call cryptohome to check whether a user needs dircrypto

155 // migration. The check results are cached to limit calls to cryptohome.	169 // migration. The check results are cached to limit calls to cryptohome.

156 class UserSelectionScreen::DircryptoMigrationChecker {	170 class UserSelectionScreen::DircryptoMigrationChecker {

157 public:	171 public:

158 explicit DircryptoMigrationChecker(UserSelectionScreen* owner)	172 explicit DircryptoMigrationChecker(UserSelectionScreen* owner)

159 : owner_(owner), weak_ptr_factory_(this) {}	173 : owner_(owner), weak_ptr_factory_(this) {}

160 ~DircryptoMigrationChecker() = default;	174 ~DircryptoMigrationChecker() = default;

161	175

162 // Start to check whether the given user needs dircrypto migration.	176 // Start to check whether the given user needs dircrypto migration.

163 void Check(const AccountId& account_id) {	177 void Check(const AccountId& account_id) {

164 focused_user_ = account_id;	178 focused_user_ = account_id;

165	179

166 auto it = needs_dircrypto_migration_cache_.find(account_id);	180 auto it = needs_dircrypto_migration_cache_.find(account_id);

167 if (it != needs_dircrypto_migration_cache_.end()) {	181 if (it != needs_dircrypto_migration_cache_.end()) {

168 UpdateUI(account_id, it->second);	182 UpdateUI(account_id, it->second);

169 return;	183 return;

170 }	184 }

171	185

	186 // No banner if the user is not allowed for ARC.

	187 if (!IsUserAllowedForARC(account_id)) {

	188 UpdateUI(account_id, false);

	189 return;

	190 }

	191

172 DBusThreadManager::Get()	192 DBusThreadManager::Get()

173 ->GetCryptohomeClient()	193 ->GetCryptohomeClient()

174 ->WaitForServiceToBeAvailable(	194 ->WaitForServiceToBeAvailable(

175 base::Bind(&DircryptoMigrationChecker::RunCryptohomeCheck,	195 base::Bind(&DircryptoMigrationChecker::RunCryptohomeCheck,

176 weak_ptr_factory_.GetWeakPtr(), account_id));	196 weak_ptr_factory_.GetWeakPtr(), account_id));

177 }	197 }

178	198

179 private:	199 private:

180 // WaitForServiceToBeAvailable callback to invoke NeedsDircryptoMigration when	200 // WaitForServiceToBeAvailable callback to invoke NeedsDircryptoMigration when

181 // cryptohome service is available.	201 // cryptohome service is available.

(...skipping 511 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
693 // The user profile should exist if and only if this is the lock screen.	713 // The user profile should exist if and only if this is the lock screen.

694 DCHECK_EQ(!!profile, GetScreenType() == LOCK_SCREEN);	714 DCHECK_EQ(!!profile, GetScreenType() == LOCK_SCREEN);

695	715

696 if (!profile)	716 if (!profile)

697 profile = profile_helper->GetSigninProfile();	717 profile = profile_helper->GetSigninProfile();

698	718

699 return EasyUnlockService::Get(profile);	719 return EasyUnlockService::Get(profile);

700 }	720 }

701	721

702 } // namespace chromeos	722 } // namespace chromeos

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »