Refactoring IsUserAllowedInSession and GetCachedValue

chrome/browser/chromeos/login/users/multi_profile_user_controller.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h"
 
 #include "base/bind.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/prefs/pref_change_registrar.h"
 #include "base/prefs/pref_registry_simple.h"
@@ skipping 10 matching lines @@
 #include "components/user_manager/user.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 
 namespace chromeos {
 
 namespace {
 
 std::string SanitizeBehaviorValue(const std::string& value) {
   if (value == MultiProfileUserController::kBehaviorUnrestricted ||
       value == MultiProfileUserController::kBehaviorPrimaryOnly ||
-      value == MultiProfileUserController::kBehaviorNotAllowed ||
-      value == MultiProfileUserController::kBehaviorOwnerPrimaryOnly) {
+      value == MultiProfileUserController::kBehaviorNotAllowed) {
     return value;
   }
 
   return std::string(MultiProfileUserController::kBehaviorUnrestricted);
 }
 
+bool SetUserAllowedReason(
+    MultiProfileUserController::UserAllowedInSessionReason* reason,
+    MultiProfileUserController::UserAllowedInSessionReason value) {
+  if (reason)
+    *reason = value;
+  return value == MultiProfileUserController::ALLOWED;
+}
+
 }  // namespace
 
 // static
 const char MultiProfileUserController::kBehaviorUnrestricted[] = "unrestricted";
 const char MultiProfileUserController::kBehaviorPrimaryOnly[] = "primary-only";
 const char MultiProfileUserController::kBehaviorNotAllowed[] = "not-allowed";
 
 // Note: this policy value is not a real one an is only returned locally for
 // owner users instead of default one kBehaviorUnrestricted.
 const char MultiProfileUserController::kBehaviorOwnerPrimaryOnly[] =
@@ skipping 24 matching lines @@
   registry->RegisterBooleanPref(
       prefs::kMultiProfileNeverShowIntro,
       false,
       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
   registry->RegisterBooleanPref(
       prefs::kMultiProfileWarningShowDismissed,
       false,
       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
 }
 
-MultiProfileUserController::UserAllowedInSessionResult
-MultiProfileUserController::IsUserAllowedInSession(
-    const std::string& user_email) const {
+bool MultiProfileUserController::IsUserAllowedInSession(
+    const std::string& user_email,
+    MultiProfileUserController::UserAllowedInSessionReason* reason) const {
   UserManager* user_manager = UserManager::Get();
   CHECK(user_manager);
 
   const user_manager::User* primary_user = user_manager->GetPrimaryUser();
   std::string primary_user_email;
   if (primary_user)
     primary_user_email = primary_user->email();
 
   // Always allow if there is no primary user or user being checked is the
   // primary user.
   if (primary_user_email.empty() || primary_user_email == user_email)
-    return ALLOWED;
+    return SetUserAllowedReason(reason, ALLOWED);
 
   // Owner is not allowed to be secondary user.
   if (user_manager->GetOwnerEmail() == user_email)
-    return NOT_ALLOWED_OWNER_AS_SECONDARY;
+    return SetUserAllowedReason(reason, NOT_ALLOWED_OWNER_AS_SECONDARY);
 
   // Don't allow profiles potentially tainted by data fetched with policy-pushed
   // certificates to join a multiprofile session.
   if (policy::PolicyCertServiceFactory::UsedPolicyCertificates(user_email))
-    return NOT_ALLOWED_POLICY_CERT_TAINTED;
+    return SetUserAllowedReason(reason, NOT_ALLOWED_POLICY_CERT_TAINTED);
 
   // Don't allow any secondary profiles if the primary profile is tainted.
   if (policy::PolicyCertServiceFactory::UsedPolicyCertificates(
           primary_user_email)) {
     // Check directly in local_state before checking if the primary user has
     // a PolicyCertService. His profile may have been tainted previously though
     // he didn't get a PolicyCertService created for this session.
-    return NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED;
+    return SetUserAllowedReason(reason,
+                                NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED);
   }
 
   // If the primary profile already has policy certificates installed but hasn't
   // used them yet then it can become tainted at any time during this session;
   // disable secondary profiles in this case too.
   Profile* primary_user_profile =
       primary_user ? ProfileHelper::Get()->GetProfileByUser(primary_user)
                    : NULL;
   policy::PolicyCertService* service =
       primary_user_profile ? policy::PolicyCertServiceFactory::GetForProfile(
                                  primary_user_profile)
                            : NULL;
   if (service && service->has_policy_certificates())
-    return NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED;
+    return SetUserAllowedReason(reason,
+                                NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED);
 
   // No user is allowed if the primary user policy forbids it.
   const std::string primary_user_behavior =
       primary_user_profile->GetPrefs()->GetString(
           prefs::kMultiProfileUserBehavior);
   if (primary_user_behavior == kBehaviorNotAllowed)
-    return NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS;
+    return SetUserAllowedReason(reason,
+                                NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS);
 
   // The user must have 'unrestricted' policy to be a secondary user.
   const std::string behavior = GetCachedValue(user_email);
-  return behavior == kBehaviorUnrestricted ? ALLOWED :
-                                             NOT_ALLOWED_POLICY_FORBIDS;
+  return SetUserAllowedReason(
+      reason,
+      behavior == kBehaviorUnrestricted ? ALLOWED : NOT_ALLOWED_POLICY_FORBIDS);
 }
 
 void MultiProfileUserController::StartObserving(Profile* user_profile) {
   // Profile name could be empty during tests.
   if (user_profile->GetProfileName().empty())
     return;
 
   scoped_ptr<PrefChangeRegistrar> registrar(new PrefChangeRegistrar);
   registrar->Init(user_profile->GetPrefs());
   registrar->Add(
@@ skipping 15 matching lines @@
 }
 
 std::string MultiProfileUserController::GetCachedValue(
     const std::string& user_email) const {
   const base::DictionaryValue* dict =
       local_state_->GetDictionary(prefs::kCachedMultiProfileUserBehavior);
   std::string value;
   if (dict && dict->GetStringWithoutPathExpansion(user_email, &value))
     return SanitizeBehaviorValue(value);
 
-  // Owner is not allowed to be secondary user (see http://crbug.com/385034).
-  if (UserManager::Get()->GetOwnerEmail() == user_email)
-    return std::string(kBehaviorOwnerPrimaryOnly);
-
   return std::string(kBehaviorUnrestricted);
 }
 
 void MultiProfileUserController::SetCachedValue(
     const std::string& user_email,
     const std::string& behavior) {
   DictionaryPrefUpdate update(local_state_,
                               prefs::kCachedMultiProfileUserBehavior);
   update->SetStringWithoutPathExpansion(user_email,
                                         SanitizeBehaviorValue(behavior));
 }
 
 void MultiProfileUserController::CheckSessionUsers() {
   const user_manager::UserList& users = UserManager::Get()->GetLoggedInUsers();
   for (user_manager::UserList::const_iterator it = users.begin();
        it != users.end();
        ++it) {
-    if (IsUserAllowedInSession((*it)->email()) != ALLOWED) {
+    if (!IsUserAllowedInSession((*it)->email(), NULL)) {
       delegate_->OnUserNotAllowed((*it)->email());
       return;
     }
   }
 }
 
 void MultiProfileUserController::OnUserPrefChanged(
     Profile* user_profile) {
   std::string user_email = user_profile->GetProfileName();
   CHECK(!user_email.empty());
@@ skipping 10 matching lines @@
   } else {
     const std::string behavior =
         prefs->GetString(prefs::kMultiProfileUserBehavior);
     SetCachedValue(user_email, behavior);
   }
 
   CheckSessionUsers();
 }
 
 }  // namespace chromeos