Translate device-local account IDs to user IDs

chrome/browser/chromeos/policy/device_local_account_policy_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
 
+#include <vector>
+
+#include "base/bind.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
+#include "chrome/browser/chromeos/policy/device_local_account.h"
 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h"
+#include "chrome/browser/chromeos/settings/cros_settings.h"
+#include "chrome/browser/chromeos/settings/cros_settings_names.h"
+#include "chrome/browser/chromeos/settings/cros_settings_provider.h"
+#include "chrome/browser/chromeos/settings/device_settings_service.h"
 #include "chrome/browser/policy/cloud/cloud_policy_client.h"
 #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
 #include "chrome/browser/policy/cloud/cloud_policy_refresh_scheduler.h"
 #include "chrome/browser/policy/cloud/device_management_service.h"
-#include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h"
 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h"
+#include "chrome/common/chrome_notification_types.h"
 #include "chromeos/dbus/session_manager_client.h"
+#include "content/public/browser/notification_details.h"
 #include "policy/policy_constants.h"
 
 namespace em = enterprise_management;
 
 namespace policy {
 
 DeviceLocalAccountPolicyBroker::DeviceLocalAccountPolicyBroker(
+    const std::string& user_id,
     scoped_ptr<DeviceLocalAccountPolicyStore> store)
-    : store_(store.Pass()),
+    : user_id_(user_id),
+      store_(store.Pass()),
       core_(PolicyNamespaceKey(dm_protocol::kChromePublicAccountPolicyType,
                                store_->account_id()),
             store_.get()) {}
 
 DeviceLocalAccountPolicyBroker::~DeviceLocalAccountPolicyBroker() {}
 
-const std::string& DeviceLocalAccountPolicyBroker::account_id() const {
-  return store_->account_id();
-}
-
 void DeviceLocalAccountPolicyBroker::Connect(
     scoped_ptr<CloudPolicyClient> client) {
   core_.Connect(client.Pass());
   core_.StartRefreshScheduler();
   UpdateRefreshDelay();
 }
 
 void DeviceLocalAccountPolicyBroker::Disconnect() {
   core_.Disconnect();
 }
@@ skipping 10 matching lines @@
 
 std::string DeviceLocalAccountPolicyBroker::GetDisplayName() const {
   std::string display_name;
   const base::Value* display_name_value =
       store_->policy_map().GetValue(policy::key::kUserDisplayName);
   if (display_name_value)
     display_name_value->GetAsString(&display_name);
   return display_name;
 }
 
+DeviceLocalAccountPolicyService::PolicyBrokerWrapper::PolicyBrokerWrapper()
+    : broker(NULL) {
+}
+
 DeviceLocalAccountPolicyService::DeviceLocalAccountPolicyService(
     chromeos::SessionManagerClient* session_manager_client,
-    chromeos::DeviceSettingsService* device_settings_service)
+    chromeos::DeviceSettingsService* device_settings_service,
+    chromeos::CrosSettings* cros_settings)
     : session_manager_client_(session_manager_client),
       device_settings_service_(device_settings_service),
-      device_management_service_(NULL) {
-  device_settings_service_->AddObserver(this);
-  DeviceSettingsUpdated();
+      cros_settings_(cros_settings),
+      device_management_service_(NULL),
+      cros_settings_callback_factory_(this) {
+  cros_settings_->AddSettingsObserver(
+      chromeos::kAccountsPrefDeviceLocalAccounts, this);
+  UpdateAccountList();
 }
 
 DeviceLocalAccountPolicyService::~DeviceLocalAccountPolicyService() {
-  device_settings_service_->RemoveObserver(this);
+  cros_settings_->RemoveSettingsObserver(
+      chromeos::kAccountsPrefDeviceLocalAccounts, this);
   DeleteBrokers(&policy_brokers_);
 }
 
 void DeviceLocalAccountPolicyService::Connect(
     DeviceManagementService* device_management_service) {
   DCHECK(!device_management_service_);
   device_management_service_ = device_management_service;
 
   // Connect the brokers.
-  for (PolicyBrokerMap::iterator broker(policy_brokers_.begin());
-       broker != policy_brokers_.end(); ++broker) {
-    DCHECK(!broker->second->core()->client());
-    broker->second->Connect(
-        CreateClientForAccount(broker->second->account_id()).Pass());
+  for (PolicyBrokerMap::iterator it(policy_brokers_.begin());
+       it != policy_brokers_.end(); ++it) {
+    if (!it->second.broker)

[Mattias Nissler (ping if slow), 2013/05/15 09:38:47]

I think this is inconsistent with UpdateAccountList now, which does create the
broker if the device_management_service_ is available. The latter may have
become just available, so we should probably re-check whether we want to create
the broker here.

Now that you have the additional wrapper layer, you might want to make a
ConnectIfApplicable() call on the wrapper?

[bartfab (slow), 2013/05/17 11:14:28]

Done, although I am not sure adding the helper methods makes things better as we
have to pass a lot of state around now.

+      continue;
+    DCHECK(!it->second.broker->core()->client());
+    it->second.broker->Connect(CreateClient().Pass());
   }
 }
 
 void DeviceLocalAccountPolicyService::Disconnect() {
   DCHECK(device_management_service_);
   device_management_service_ = NULL;
 
   // Disconnect the brokers.
-  for (PolicyBrokerMap::iterator broker(policy_brokers_.begin());
-       broker != policy_brokers_.end(); ++broker) {
-    broker->second->Disconnect();
+  for (PolicyBrokerMap::iterator it(policy_brokers_.begin());
+       it != policy_brokers_.end(); ++it) {
+    if (!it->second.broker)
+      continue;
+    it->second.broker->Disconnect();

[Mattias Nissler (ping if slow), 2013/05/15 09:38:47]

Maybe just make BrokerWrapper::Disconnect() function?

[bartfab (slow), 2013/05/17 11:14:28]

Done.

   }
 }
 
 DeviceLocalAccountPolicyBroker*
-    DeviceLocalAccountPolicyService::GetBrokerForAccount(
-        const std::string& account_id) {
-  PolicyBrokerMap::iterator entry = policy_brokers_.find(account_id);
+    DeviceLocalAccountPolicyService::GetBrokerForUser(
+        const std::string& user_id) {
+  PolicyBrokerMap::iterator entry = policy_brokers_.find(user_id);
   if (entry == policy_brokers_.end())
     return NULL;
 
-  if (!entry->second)
-    entry->second = CreateBroker(account_id).release();
+  if (!entry->second.broker) {

[Mattias Nissler (ping if slow), 2013/05/15 09:38:47]

Could just move this to a BrokerWrapper::GetBroker() function, which you can
also use elsewhere.

[bartfab (slow), 2013/05/17 11:14:28]

Done.

+    entry->second.broker =
+        CreateBroker(user_id, entry->second.account_id).release();
+  }
 
-  return entry->second;
+  return entry->second.broker;
 }
 
-bool DeviceLocalAccountPolicyService::IsPolicyAvailableForAccount(
-    const std::string& account_id) {
-  DeviceLocalAccountPolicyBroker* broker = GetBrokerForAccount(account_id);
+bool DeviceLocalAccountPolicyService::IsPolicyAvailableForUser(
+    const std::string& user_id) {
+  DeviceLocalAccountPolicyBroker* broker = GetBrokerForUser(user_id);
   return broker && broker->core()->store()->is_managed();
 }
 
 void DeviceLocalAccountPolicyService::AddObserver(Observer* observer) {
   observers_.AddObserver(observer);
 }
 
 void DeviceLocalAccountPolicyService::RemoveObserver(Observer* observer) {
   observers_.RemoveObserver(observer);
 }
 
-void DeviceLocalAccountPolicyService::OwnershipStatusChanged() {
-  // TODO(mnissler): The policy key has changed, re-fetch policy. For
-  // consumer devices, re-sign the current settings and send updates to
-  // session_manager.
-}
+void DeviceLocalAccountPolicyService::Observe(
+    int type,
+    const content::NotificationSource& source,
+    const content::NotificationDetails& details) {
+  if (type != chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED ||
+      *content::Details<const std::string>(details).ptr() !=
+          chromeos::kAccountsPrefDeviceLocalAccounts) {
+    NOTREACHED();
+    return;
+  }
 
-void DeviceLocalAccountPolicyService::DeviceSettingsUpdated() {
-  const em::ChromeDeviceSettingsProto* device_settings =
-      device_settings_service_->device_settings();
-  if (device_settings)
-    UpdateAccountList(*device_settings);
+  // Avoid unnecessary calls to UpdateAccountList(): If an earlier call is still
+  // pending (because the |cros_settings_| are not trusted yet), the updated
+  // account list will be processed by that call when it eventually runs.
+  if (!cros_settings_callback_factory_.HasWeakPtrs())
+    UpdateAccountList();
 }
 
 void DeviceLocalAccountPolicyService::OnStoreLoaded(CloudPolicyStore* store) {
   DeviceLocalAccountPolicyBroker* broker = GetBrokerForStore(store);
+  DCHECK(broker);
+  if (!broker)
+    return;
   broker->UpdateRefreshDelay();
-  FOR_EACH_OBSERVER(Observer, observers_,
-                    OnPolicyUpdated(broker->account_id()));
+  FOR_EACH_OBSERVER(Observer, observers_, OnPolicyUpdated(broker->user_id()));
 }
 
 void DeviceLocalAccountPolicyService::OnStoreError(CloudPolicyStore* store) {
   DeviceLocalAccountPolicyBroker* broker = GetBrokerForStore(store);
-  FOR_EACH_OBSERVER(Observer, observers_,
-                    OnPolicyUpdated(broker->account_id()));
+  DCHECK(broker);
+  if (!broker)
+    return;
+  FOR_EACH_OBSERVER(Observer, observers_, OnPolicyUpdated(broker->user_id()));
 }
 
-void DeviceLocalAccountPolicyService::UpdateAccountList(
-    const em::ChromeDeviceSettingsProto& device_settings) {
-  using google::protobuf::RepeatedPtrField;
+void DeviceLocalAccountPolicyService::UpdateAccountList() {
+  if (chromeos::CrosSettingsProvider::TRUSTED !=
+          cros_settings_->PrepareTrustedValues(
+              base::Bind(&DeviceLocalAccountPolicyService::UpdateAccountList,
+                         cros_settings_callback_factory_.GetWeakPtr()))) {
+    return;
+  }
 
   // Update |policy_brokers_|, keeping existing entries.
   PolicyBrokerMap new_policy_brokers;
-  const RepeatedPtrField<em::DeviceLocalAccountInfoProto>& accounts =
-      device_settings.device_local_accounts().account();
-  RepeatedPtrField<em::DeviceLocalAccountInfoProto>::const_iterator entry;
-  for (entry = accounts.begin(); entry != accounts.end(); ++entry) {
-    std::string account_id;
-    if (entry->has_type() &&
-        entry->type() ==
-            em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION) {
-      account_id = entry->account_id();
-    } else if (entry->has_deprecated_public_session_id()) {
-      account_id = entry->deprecated_public_session_id();
-    }
-
-    if (account_id.empty())
-      continue;
-
-    // Sanity check for whether this account ID has already been processed.
-    DeviceLocalAccountPolicyBroker*& new_broker =
-        new_policy_brokers[account_id];
-    if (new_broker) {
-      LOG(WARNING) << "Duplicate public account " << account_id;
-      continue;
-    }
+  const base::ListValue* device_local_account_list;
+  cros_settings_->GetList(chromeos::kAccountsPrefDeviceLocalAccounts,
+                          &device_local_account_list);
+  const std::vector<DeviceLocalAccount> device_local_accounts =
+      DecodeDeviceLocalAccountsList(device_local_account_list);
+  for (std::vector<DeviceLocalAccount>::const_iterator it =
+           device_local_accounts.begin();
+       it != device_local_accounts.end(); ++it) {
+    PolicyBrokerWrapper& wrapper = new_policy_brokers[it->user_id];
+    wrapper.account_id = it->account_id;
 
     // Reuse the existing broker if present.
-    DeviceLocalAccountPolicyBroker*& existing_broker =
-        policy_brokers_[account_id];
-    new_broker = existing_broker;
-    existing_broker = NULL;
+    PolicyBrokerWrapper& existing_wrapper = policy_brokers_[it->user_id];
+    wrapper.broker = existing_wrapper.broker;
+    existing_wrapper.broker = NULL;
 
     // Fire up the cloud connection for fetching policy for the account from
     // the cloud if this is an enterprise-managed device.
-    if (!new_broker || !new_broker->core()->client()) {
-      scoped_ptr<CloudPolicyClient> client(
-          CreateClientForAccount(account_id));
-      if (client.get()) {
-        if (!new_broker)
-          new_broker = CreateBroker(account_id).release();
-        new_broker->Connect(client.Pass());
+    if (!wrapper.broker || !wrapper.broker->core()->client()) {
+      scoped_ptr<CloudPolicyClient> client(CreateClient());
+      if (client) {
+        if (!wrapper.broker)
+          wrapper.broker = CreateBroker(it->user_id, it->account_id).release();
+        wrapper.broker->Connect(client.Pass());
       }
     }
   }
   policy_brokers_.swap(new_policy_brokers);
   DeleteBrokers(&new_policy_brokers);
 
   FOR_EACH_OBSERVER(Observer, observers_, OnDeviceLocalAccountsChanged());
 }
 
 scoped_ptr<DeviceLocalAccountPolicyBroker>
     DeviceLocalAccountPolicyService::CreateBroker(
+        const std::string& user_id,
         const std::string& account_id) {
   scoped_ptr<DeviceLocalAccountPolicyStore> store(
       new DeviceLocalAccountPolicyStore(account_id, session_manager_client_,
                                         device_settings_service_));
   scoped_ptr<DeviceLocalAccountPolicyBroker> broker(
-      new DeviceLocalAccountPolicyBroker(store.Pass()));
+      new DeviceLocalAccountPolicyBroker(user_id, store.Pass()));
   broker->core()->store()->AddObserver(this);
   broker->core()->store()->Load();
   return broker.Pass();
 }
 
 void DeviceLocalAccountPolicyService::DeleteBrokers(PolicyBrokerMap* map) {
-  for (PolicyBrokerMap::iterator broker = map->begin(); broker != map->end();
-       ++broker) {
-    if (broker->second) {
-      broker->second->core()->store()->RemoveObserver(this);
-      delete broker->second;
+  for (PolicyBrokerMap::iterator it = map->begin(); it != map->end(); ++it) {
+    if (it->second.broker) {
+      it->second.broker->core()->store()->RemoveObserver(this);
+      delete it->second.broker;
     }
   }
   map->clear();
 }
 
 DeviceLocalAccountPolicyBroker*
     DeviceLocalAccountPolicyService::GetBrokerForStore(
         CloudPolicyStore* store) {
-  for (PolicyBrokerMap::iterator broker(policy_brokers_.begin());
-       broker != policy_brokers_.end(); ++broker) {
-    if (broker->second->core()->store() == store)
-      return broker->second;
+  for (PolicyBrokerMap::iterator it(policy_brokers_.begin());
+       it != policy_brokers_.end(); ++it) {
+    if (it->second.broker && it->second.broker->core()->store() == store)
+      return it->second.broker;
   }
   return NULL;
 }
 
-scoped_ptr<CloudPolicyClient>
-    DeviceLocalAccountPolicyService::CreateClientForAccount(
-        const std::string& account_id) {
+scoped_ptr<CloudPolicyClient> DeviceLocalAccountPolicyService::CreateClient() {
   const em::PolicyData* policy_data = device_settings_service_->policy_data();
   if (!policy_data ||
       !policy_data->has_request_token() ||
       !policy_data->has_device_id() ||
       !device_management_service_) {
     return scoped_ptr<CloudPolicyClient>();
   }
 
   scoped_ptr<CloudPolicyClient> client(
       new CloudPolicyClient(std::string(), std::string(),
                             USER_AFFILIATION_MANAGED,
                             NULL, device_management_service_));
   client->SetupRegistration(policy_data->request_token(),
                             policy_data->device_id());
   return client.Pass();
 }
 
 }  // namespace policy