Disable "Restrict sign in.." for child accounts.

Bug: 945082, 945934 Change-Id: Ic11d227ba8de9929b6ff4803ad582346a132dd74 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1560466 Commit-Queue: Yilkal Abe <yilkal@chromium.org> Reviewed-by: Marc Treib <treib@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Reviewed-by: Michael Giuffrida <michaelpg@chromium.org> Cr-Commit-Position: refs/heads/master@{#680562}

Disable "Restrict sign in.." for child accounts.
Bug: 945082, 945934 Change-Id: Ic11d227ba8de9929b6ff4803ad582346a132dd74 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1560466 Commit-Queue: Yilkal Abe <yilkal@chromium.org> Reviewed-by: Marc Treib <treib@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Reviewed-by: Michael Giuffrida <michaelpg@chromium.org> Cr-Commit-Position: refs/heads/master@{#680562}
8d2e8733 · yilkal · Commit Bot · 20a56d8f · 8d2e8733 · 8d2e8733
Commit 8d2e8733 authored Jul 24, 2019 by yilkal Committed by Commit Bot Jul 24, 2019
12 changed files
--- a/chrome/app/chromeos_strings.grdp
+++ b/chrome/app/chromeos_strings.grdp
@@ -1745,6 +1745,9 @@
  <message name="IDS_CONTROLLED_SETTING_PARENT" desc="Text displayed in the controlled settings bubble when a setting's value is controlled by user's parent.">
    This setting is managed by a parent.
  </message>
+  <message name="IDS_CONTROLLED_SETTING_CHILD_RESTRICTION" desc="Text displayed in the controlled settings bubble when a setting's value is pre-set because the user is a child.">
+    This setting can't be changed by a child user.
+  </message>
  <message name="IDS_STATUSBAR_DISABLE_SPOKEN_FEEDBACK" desc="The menu option to disable spoken feedback accessibility feature.">
    Disable ChromeVox (spoken feedback)
  </message>

--- a/chrome/browser/extensions/api/settings_private/prefs_util.cc
+++ b/chrome/browser/extensions/api/settings_private/prefs_util.cc
@@ -53,6 +53,8 @@
 #include "chrome/browser/chromeos/system/timezone_util.h"
 #include "chrome/browser/extensions/api/settings_private/chromeos_resolve_time_zone_by_geolocation_method_short.h"
 #include "chrome/browser/extensions/api/settings_private/chromeos_resolve_time_zone_by_geolocation_on_off.h"
+#include "chrome/browser/supervised_user/supervised_user_service.h"
+#include "chrome/browser/supervised_user/supervised_user_service_factory.h"
 #include "chromeos/constants/chromeos_features.h"
 #include "chromeos/services/assistant/public/cpp/assistant_prefs.h"
 #include "chromeos/settings/cros_settings_names.h"
@@ -75,6 +77,27 @@ bool IsPrivilegedCrosSetting(const std::string& pref_name) {
  // controlled or owner controlled.
  return true;
 }
+
+bool IsRestrictedCrosSettingForChildUser(Profile* profile,
+                                         const std::string& pref_name) {
+  if (!profile->IsChild())
+    return false;
+
+  return SupervisedUserServiceFactory::GetForProfile(profile)
+      ->IsRestrictedCrosSettingForChildUser(pref_name);
+}
+
+const base::Value* GetRestrictedCrosSettingValueForChildUser(
+    Profile* profile,
+    const std::string& pref_name) {
+  // Make sure that profile belongs to a child and the preference is
+  // pre-set.
+  DCHECK(IsRestrictedCrosSettingForChildUser(profile, pref_name));
+
+  return SupervisedUserServiceFactory::GetForProfile(profile)
+      ->GetRestrictedCrosSettingValueForChildUser(pref_name);
+}
+
 #endif

 bool IsSettingReadOnly(const std::string& pref_name) {
@@ -747,6 +770,15 @@ std::unique_ptr<settings_api::PrefObject> PrefsUtil::GetPref(
        user_manager::UserManager::Get()->GetOwnerAccountId().GetUserEmail()));
    return pref_object;
  }
+
+  if (IsRestrictedCrosSettingForChildUser(profile_, name)) {
+    pref_object->controlled_by =
+        settings_api::ControlledBy::CONTROLLED_BY_CHILD_RESTRICTIONS;
+    pref_object->enforcement = settings_api::Enforcement::ENFORCEMENT_ENFORCED;
+    pref_object->value = std::make_unique<base::Value>(
+        GetRestrictedCrosSettingValueForChildUser(profile_, name)->Clone());
+    return pref_object;
+  }
 #endif

  const Extension* extension = GetExtensionControllingPref(*pref_object);

--- a/chrome/browser/resources/settings/chromeos/os_settings_ui/os_settings_ui.js
+++ b/chrome/browser/resources/settings/chromeos/os_settings_ui/os_settings_ui.js
@@ -133,6 +133,8 @@ Polymer({
          loadTimeData.getString('controlledSettingNoOwner'),
      controlledSettingParent:
          loadTimeData.getString('controlledSettingParent'),
+      controlledSettingChildRestriction:
+          loadTimeData.getString('controlledSettingChildRestriction'),
    };

    CrOncStrings = {

--- a/chrome/browser/resources/settings/settings_ui/settings_ui.js
+++ b/chrome/browser/resources/settings/settings_ui/settings_ui.js
@@ -134,6 +134,8 @@ Polymer({
          loadTimeData.getString('controlledSettingNoOwner'),
      controlledSettingParent:
          loadTimeData.getString('controlledSettingParent'),
+      controlledSettingChildRestriction:
+          loadTimeData.getString('controlledSettingChildRestriction'),
      // </if>
    };


--- a/chrome/browser/supervised_user/supervised_user_service.cc
+++ b/chrome/browser/supervised_user/supervised_user_service.cc
@@ -14,6 +14,7 @@
 #include "base/memory/scoped_refptr.h"
 #include "base/metrics/user_metrics.h"
 #include "base/path_service.h"
+#include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/task/post_task.h"
@@ -58,6 +59,7 @@
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
+#include "chromeos/settings/cros_settings_names.h"
 #include "components/user_manager/user_manager.h"
 #endif

@@ -99,6 +101,18 @@ const char* const kCustodianInfoPrefs[] = {
    prefs::kSupervisedUserSecondCustodianProfileURL,
 };

+void SetupRestrictedCrosSettingForChildUser(
+    std::map<std::string, base::Value>* restricted_prefs) {
+#if defined(OS_CHROMEOS)
+  (*restricted_prefs)[std::string(chromeos::kAccountsPrefAllowGuest)] =
+      base::Value(false);
+  (*restricted_prefs)[std::string(
+      chromeos::kAccountsPrefShowUserNamesOnSignIn)] = base::Value(false);
+  (*restricted_prefs)[std::string(chromeos::kAccountsPrefAllowNewUser)] =
+      base::Value(false);
+#endif  // OS_CHROMEOS
+}
+
 void CreateURLAccessRequest(const GURL& url,
                            PermissionRequestCreator* creator,
                            SupervisedUserService::SuccessCallback callback) {
@@ -172,6 +186,25 @@ void SupervisedUserService::Init() {
                 weak_ptr_factory_.GetWeakPtr()));

  SetActive(ProfileIsSupervised());
+  SetupRestrictedCrosSettingForChildUser(&child_user_restricted_cros_settings_);
+}
+
+// TODO(crbug/945934) Move the following 2 methods to
+// SupervisedUserCrosSettingProvider.
+bool SupervisedUserService::IsRestrictedCrosSettingForChildUser(
+    const std::string& pref_name) const {
+  if (!profile_->IsChild())
+    return false;
+  return base::Contains(child_user_restricted_cros_settings_, pref_name);
+}
+
+const base::Value*
+SupervisedUserService::GetRestrictedCrosSettingValueForChildUser(
+    const std::string& pref_name) const {
+  auto value = child_user_restricted_cros_settings_.find(pref_name);
+  if (value == child_user_restricted_cros_settings_.end())
+    return nullptr;
+  return &(value->second);
 }

 void SupervisedUserService::SetDelegate(Delegate* delegate) {

--- a/chrome/browser/supervised_user/supervised_user_service.h
+++ b/chrome/browser/supervised_user/supervised_user_service.h
@@ -101,6 +101,14 @@ class SupervisedUserService : public KeyedService,
    return whitelists_;
  }

+  // Returns true if the preference value is pre-defined and is controlled by
+  // neither the supervised user nor the supervised user's custodians.
+  bool IsRestrictedCrosSettingForChildUser(const std::string& name) const;
+
+  // Returns the value of the restricted preference.
+  const base::Value* GetRestrictedCrosSettingValueForChildUser(
+      const std::string& name) const;
+
  // Whether the user can request to get access to blocked URLs or to new
  // extensions.
  bool AccessRequestsEnabled();
@@ -336,6 +344,9 @@ class SupervisedUserService : public KeyedService,
  // It is only relevant for SU-initiated installs.
  std::map<std::string, base::Version> approved_extensions_map_;

+  // Stores the restricted preference values for child users.
+  std::map<std::string, base::Value> child_user_restricted_cros_settings_;
+
  enum class BlacklistLoadState {
    NOT_LOADED,
    LOAD_STARTED,

--- a/chrome/browser/ui/webui/policy_indicator_localized_strings_provider.cc
+++ b/chrome/browser/ui/webui/policy_indicator_localized_strings_provider.cc
@@ -35,6 +35,8 @@ void AddLocalizedStrings(content::WebUIDataSource* html_source) {
    {"controlledSettingWithOwner", IDS_CONTROLLED_SETTING_WITH_OWNER},
    {"controlledSettingNoOwner", IDS_CONTROLLED_SETTING_NO_OWNER},
    {"controlledSettingParent", IDS_CONTROLLED_SETTING_PARENT},
+    {"controlledSettingChildRestriction",
+     IDS_CONTROLLED_SETTING_CHILD_RESTRICTION},
 #endif
  };
  AddLocalizedStringsBulk(html_source, localized_strings,

--- a/chrome/common/extensions/api/settings_private.idl
+++ b/chrome/common/extensions/api/settings_private.idl
@@ -14,7 +14,13 @@ namespace settingsPrivate {
    OWNER,
    PRIMARY_USER,
    EXTENSION,
-    PARENT
+
+    // Preferences are controlled by the parent of the child user.
+    PARENT,
+
+    // Preferences are controlled neither by parent nor the child user.
+    // Preference values are hard-coded values and can not be changed.
+    CHILD_RESTRICTIONS
  };

  enum Enforcement { ENFORCED, RECOMMENDED };

--- a/chrome/test/data/webui/cr_elements/cr_policy_strings.js
+++ b/chrome/test/data/webui/cr_elements/cr_policy_strings.js
@@ -14,4 +14,5 @@ var CrPolicyStrings = CrPolicyStrings || {
  controlledSettingExtension: 'extension: $1',
  controlledSettingExtensionWithoutName: 'extension',
  controlledSettingParent: 'parent',
+  controlledSettingChildRestriction: 'Restricted for child',
 };
--- a/third_party/closure_compiler/externs/settings_private.js
+++ b/third_party/closure_compiler/externs/settings_private.js
@@ -38,6 +38,7 @@ chrome.settingsPrivate.ControlledBy = {
  PRIMARY_USER: 'PRIMARY_USER',
  EXTENSION: 'EXTENSION',
  PARENT: 'PARENT',
+  CHILD_RESTRICTION: 'CHILD_RESTRICTION',
 };

 /**

--- a/ui/webui/resources/cr_elements/policy/cr_policy_indicator_behavior.js
+++ b/ui/webui/resources/cr_elements/policy/cr_policy_indicator_behavior.js
@@ -21,6 +21,7 @@
 *   controlledSettingWithOwner: string,
 *   controlledSettingNoOwner: string,
 *   controlledSettingParent: string,
+ *   controlledSettingChildRestriction: string,
 * }}
 */
 // eslint-disable-next-line no-var
@@ -36,6 +37,7 @@ const CrPolicyIndicatorType = {
  RECOMMENDED: 'recommended',
  USER_POLICY: 'userPolicy',
  PARENT: 'parent',
+  CHILD_RESTRICTION: 'childRestriction',
 };

 /** @polymerBehavior */
@@ -103,6 +105,7 @@ const CrPolicyIndicatorBehavior = {
      case CrPolicyIndicatorType.RECOMMENDED:
        return 'cr20:domain';
      case CrPolicyIndicatorType.PARENT:
+      case CrPolicyIndicatorType.CHILD_RESTRICTION:
        return 'cr20:kite';
      default:
        assertNotReached();
@@ -141,6 +144,8 @@ const CrPolicyIndicatorBehavior = {
            CrPolicyStrings.controlledSettingRecommendedDiffers;
      case CrPolicyIndicatorType.PARENT:
        return CrPolicyStrings.controlledSettingParent;
+      case CrPolicyIndicatorType.CHILD_RESTRICTION:
+        return CrPolicyStrings.controlledSettingChildRestriction;
    }
    return '';
  },

--- a/ui/webui/resources/cr_elements/policy/cr_policy_pref_indicator.js
+++ b/ui/webui/resources/cr_elements/policy/cr_policy_pref_indicator.js
@@ -63,6 +63,8 @@ Polymer({
          return CrPolicyIndicatorType.DEVICE_POLICY;
        case chrome.settingsPrivate.ControlledBy.PARENT:
          return CrPolicyIndicatorType.PARENT;
+        case chrome.settingsPrivate.ControlledBy.CHILD_RESTRICTION:
+          return CrPolicyIndicatorType.CHILD_RESTRICTION;
      }
    }
    return CrPolicyIndicatorType.NONE;