Creating supervised users restricted for regular users if they are supervised.

components/user_manager/user_manager_base.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/user_manager/user_manager_base.h"
 
 #include <cstddef>
 #include <set>
 
 #include "base/bind.h"
@@ skipping 39 matching lines @@
 // A dictionary that maps user IDs to the displayed (non-canonical) emails.
 const char kUserDisplayEmail[] = "UserDisplayEmail";
 
 // A dictionary that maps user IDs to OAuth token presence flag.
 const char kUserOAuthTokenStatus[] = "OAuthTokenStatus";
 
 // A dictionary that maps user IDs to a flag indicating whether online
 // authentication against GAIA should be enforced during the next sign-in.
 const char kUserForceOnlineSignin[] = "UserForceOnlineSignin";
 
+// A dictionary that maps user ID to the user type.
+const char kUserType[] = "UserType";
+
 // A string pref containing the ID of the last user who logged in if it was
 // a regular user or an empty string if it was another type of user (guest,
 // kiosk, public account, etc.).
 const char kLastLoggedInRegularUser[] = "LastLoggedInRegularUser";
 
 // A string pref containing the ID of the last active user.
 // In case of browser crash, this pref will be used to set active user after
 // session restore.
 const char kLastActiveUser[] = "LastActiveUser";
 
@@ skipping 22 matching lines @@
 
 // static
 void UserManagerBase::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterListPref(kRegularUsers);
   registry->RegisterStringPref(kLastLoggedInRegularUser, std::string());
   registry->RegisterDictionaryPref(kUserDisplayName);
   registry->RegisterDictionaryPref(kUserGivenName);
   registry->RegisterDictionaryPref(kUserDisplayEmail);
   registry->RegisterDictionaryPref(kUserOAuthTokenStatus);
   registry->RegisterDictionaryPref(kUserForceOnlineSignin);
+  registry->RegisterDictionaryPref(kUserType);
   registry->RegisterStringPref(kLastActiveUser, std::string());
 }
 
 UserManagerBase::UserManagerBase(
     scoped_refptr<base::TaskRunner> task_runner,
     scoped_refptr<base::TaskRunner> blocking_task_runner)
     : active_user_(NULL),
       primary_user_(NULL),
       user_loading_stage_(STAGE_NOT_LOADED),
       session_started_(false),
@@ skipping 353 matching lines @@
   display_email_update->SetWithoutPathExpansion(
       user_id, new base::StringValue(display_email));
 }
 
 std::string UserManagerBase::GetUserDisplayEmail(
     const std::string& user_id) const {
   const User* user = FindUser(user_id);
   return user ? user->display_email() : user_id;
 }
 
+void UserManagerBase::SaveUserType(const std::string& user_id,
+                                   const UserType& user_type) {
+  DCHECK(task_runner_->RunsTasksOnCurrentThread());
+
+  User* user = FindUserAndModify(user_id);
+  if (!user) {
+    LOG(ERROR) << "User not found: " << user_id;
+    return;  // Ignore if there is no such user.
+  }
+
+  // Do not update local state if data stored or cached outside the user's
+  // cryptohome is to be treated as ephemeral.
+  if (IsUserNonCryptohomeDataEphemeral(user_id))
+    return;
+
+  DictionaryPrefUpdate user_type_update(GetLocalState(), kUserType);
+  user_type_update->SetWithoutPathExpansion(
+      user_id, new base::FundamentalValue(static_cast<int>(user_type)));
+  GetLocalState()->CommitPendingWrite();
+}
+
 void UserManagerBase::UpdateUserAccountData(
     const std::string& user_id,
     const UserAccountData& account_data) {
   DCHECK(task_runner_->RunsTasksOnCurrentThread());
 
   SaveUserDisplayName(user_id, account_data.display_name());
 
   if (User* user = FindUserAndModify(user_id)) {
     base::string16 given_name = account_data.given_name();
     user->set_given_name(given_name);
@@ skipping 240 matching lines @@
   PrefService* local_state = GetLocalState();
   const base::ListValue* prefs_regular_users =
       local_state->GetList(kRegularUsers);
 
   const base::DictionaryValue* prefs_display_names =
       local_state->GetDictionary(kUserDisplayName);
   const base::DictionaryValue* prefs_given_names =
       local_state->GetDictionary(kUserGivenName);
   const base::DictionaryValue* prefs_display_emails =
       local_state->GetDictionary(kUserDisplayEmail);
+  const base::DictionaryValue* prefs_user_types =
+      local_state->GetDictionary(kUserType);
 
   // Load public sessions first.
   std::set<std::string> public_sessions_set;
   LoadPublicAccounts(&public_sessions_set);
 
   // Load regular users and supervised users.
   std::vector<std::string> regular_users;
   std::set<std::string> regular_users_set;
   ParseUserList(*prefs_regular_users,
                 public_sessions_set,
                 &regular_users,
                 &regular_users_set);
   for (std::vector<std::string>::const_iterator it = regular_users.begin();
        it != regular_users.end();
        ++it) {
     User* user = NULL;
     const std::string domain = gaia::ExtractDomainName(*it);
-    if (domain == chromeos::login::kSupervisedUserDomain)
+    if (domain == chromeos::login::kSupervisedUserDomain) {
       user = User::CreateSupervisedUser(*it);
-    else
+    } else {
       user = User::CreateRegularUser(*it);
+      int user_type;
+      prefs_user_types->GetIntegerWithoutPathExpansion(*it, &user_type);

[Nikita (slow), 2014/11/12 11:09:09]

nit: Drop this line.

[merkulova, 2014/11/12 13:19:51]

Done.

+      if (prefs_user_types->GetIntegerWithoutPathExpansion(*it, &user_type) &&
+          user_type == USER_TYPE_REGULAR_SUPERVISED) {
+        ChangeUserSupervisedStatus(user, true /* is supervised */);
+      }
+    }
     user->set_oauth_token_status(LoadUserOAuthStatus(*it));
     user->set_force_online_signin(LoadForceOnlineSignin(*it));
     users_.push_back(user);
 
     base::string16 display_name;
     if (prefs_display_names->GetStringWithoutPathExpansion(*it,
                                                            &display_name)) {
       user->set_display_name(display_name);
     }
 
@@ skipping 186 matching lines @@
   DCHECK(task_runner_->RunsTasksOnCurrentThread());
   FOR_EACH_OBSERVER(UserManager::UserSessionStateObserver,
                     session_state_observer_list_,
                     ActiveUserHashChanged(hash));
 }
 
 void UserManagerBase::ChangeUserSupervisedStatus(User* user,
                                                  bool is_supervised) {
   DCHECK(task_runner_->RunsTasksOnCurrentThread());
   user->SetIsSupervised(is_supervised);
+  SaveUserType(user->email(), is_supervised ?

[Nikita (slow), 2014/11/12 11:09:09]

nit: run git cl format on your patch.

+      user_manager::USER_TYPE_REGULAR_SUPERVISED :
+      user_manager::USER_TYPE_REGULAR);
   FOR_EACH_OBSERVER(UserManager::UserSessionStateObserver,
                     session_state_observer_list_,
                     UserChangedSupervisedStatus(user));
 }
 
 void UserManagerBase::UpdateLoginState() {
   if (!chromeos::LoginState::IsInitialized())
-    return;  // LoginState may not be intialized in tests.
+    return;  // LoginState may not be initialized in tests.
 
   chromeos::LoginState::LoggedInState logged_in_state;
   logged_in_state = active_user_ ? chromeos::LoginState::LOGGED_IN_ACTIVE
                                  : chromeos::LoginState::LOGGED_IN_NONE;
 
   chromeos::LoginState::LoggedInUserType login_user_type;
   if (logged_in_state == chromeos::LoginState::LOGGED_IN_NONE)
     login_user_type = chromeos::LoginState::LOGGED_IN_USER_NONE;
   else if (is_current_user_owner_)
     login_user_type = chromeos::LoginState::LOGGED_IN_USER_OWNER;
@@ skipping 80 matching lines @@
 }
 
 void UserManagerBase::DeleteUser(User* user) {
   const bool is_active_user = (user == active_user_);
   delete user;
   if (is_active_user)
     active_user_ = NULL;
 }
 
 }  // namespace user_manager