chromium/ios/chrome/browser/policy/model/restrict_accounts_policy_handler.cc

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#import "ios/chrome/browser/policy/model/restrict_accounts_policy_handler.h"

#include <memory>

#include "base/values.h"
#include "components/policy/core/browser/policy_error_map.h"
#include "components/policy/core/common/policy_logger.h"
#include "components/policy/core/common/policy_map.h"
#include "components/policy/policy_constants.h"
#include "components/prefs/pref_service.h"
#include "components/prefs/pref_value_map.h"
#include "components/signin/public/base/signin_pref_names.h"
#include "components/strings/grit/components_strings.h"
#import "ios/chrome/browser/signin/model/pattern_account_restriction.h"

namespace policy {

RestrictAccountsPolicyHandler::RestrictAccountsPolicyHandler(
    Schema chrome_schema)
    : SchemaValidatingPolicyHandler(
          key::kRestrictAccountsToPatterns,
          chrome_schema.GetKnownProperty(key::kRestrictAccountsToPatterns),
          SCHEMA_ALLOW_UNKNOWN_AND_INVALID_LIST_ENTRY) {}

RestrictAccountsPolicyHandler::~RestrictAccountsPolicyHandler() {}

bool RestrictAccountsPolicyHandler::CheckPolicySettings(
    const policy::PolicyMap& policies,
    policy::PolicyErrorMap* errors) {
  // `GetValueUnsafe` is used to differentiate between the policy value being
  // unset vs being set with an incorrect type.
  const base::Value* value = policies.GetValueUnsafe(policy_name());
  if (!value)
    return true;
  if (!ArePatternsValid(value)) {
    errors->AddError(policy_name(),
                     IDS_POLICY_INVALID_ACCOUNT_PATTERN_FORMAT_ERROR);
  }
  if (!value->is_list()) {
    LOG_POLICY(ERROR, POLICY_PROCESSING)
        << "RestrictAccountsToPatterns Policy Error: value must be a list";
    return false;
  }
  // Even if the pattern is not valid, the policy should be applied.
  return true;
}

void RestrictAccountsPolicyHandler::ApplyPolicySettings(
    const PolicyMap& policies,
    PrefValueMap* prefs) {
  const base::Value* value =
      policies.GetValue(policy_name(), base::Value::Type::LIST);
  if (value)
    prefs->SetValue(prefs::kRestrictAccountsToPatterns, value->Clone());
}

}  // namespace policy