Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_H_
      6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 namespace chromeos {
     12 class CrosSettings;
     13 }
     14 
     15 namespace policy {
     16 
     17 // This must match DeviceLocalAccountInfoProto.AccountType in
     18 // chrome_device_policy.proto.
     19 struct DeviceLocalAccount {
     20   enum Type {
     21     // A login-less, policy-configured browsing session.
     22     TYPE_PUBLIC_SESSION,
     23     // An account that serves as a container for a single full-screen app.
     24     TYPE_KIOSK_APP,
     25     // Sentinel, must be last.
     26     TYPE_COUNT
     27   };
     28 
     29   DeviceLocalAccount(Type type,
     30                      const std::string& account_id,
     31                      const std::string& kiosk_app_id);
     32   ~DeviceLocalAccount();
     33 
     34   Type type;
     35   // A device-local account has two identifiers:
     36   // * The |account_id| is chosen by the entity that defines the device-local
     37   //   account. The only constraints are that the |account_id| be unique and,
     38   //   for legacy reasons, it contain an @ symbol.
     39   // * The |user_id| is a synthesized identifier that is guaranteed to be
     40   //   unique, contain an @ symbol, not collide with the |user_id| of any other
     41   //   user on the device (such as regular users or supervised users) and be
     42   //   identifiable as belonging to a device-local account by.
     43   // The |account_id| is primarily used by policy code: If device policy defines
     44   // a device-local account with a certain |account_id|, the user policy for
     45   // that account has to be fetched by referencing the same |account_id|.
     46   // The |user_id| is passed to the chromeos::UserManager where it becomes part
     47   // of the global user list on the device. The |account_id| would not be safe
     48   // to use here as it is a free-form identifier that could conflict with
     49   // another |user_id| on the device and cannot be easily identified as
     50   // belonging to a device-local account.
     51   std::string account_id;
     52   std::string user_id;
     53   std::string kiosk_app_id;
     54 };
     55 
     56 std::string GenerateDeviceLocalAccountUserId(const std::string& account_id,
     57                                              DeviceLocalAccount::Type type);
     58 
     59 // Determines whether |user_id| belongs to a device-local account and if so,
     60 // returns the type of device-local account in |type| unless |type| is NULL.
     61 bool IsDeviceLocalAccountUser(const std::string& user_id,
     62                               DeviceLocalAccount::Type* type);
     63 
     64 // Stores a list of device-local accounts in |cros_settings|. The accounts are
     65 // stored as a list of dictionaries with each dictionary containing the
     66 // information about one |DeviceLocalAccount|.
     67 void SetDeviceLocalAccounts(
     68     chromeos::CrosSettings* cros_settings,
     69     const std::vector<DeviceLocalAccount>& accounts);
     70 
     71 // Retrieves a list of device-local accounts from |cros_settings|.
     72 std::vector<DeviceLocalAccount> GetDeviceLocalAccounts(
     73     chromeos::CrosSettings* cros_settings);
     74 
     75 }  // namespace policy
     76 
     77 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_H_
     78