Disable the Safety Check NTP promo in enterprise environments

Bug: 1015841
Change-Id: Iff38bdff3c77cc973978d6d069277677f627944d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2521610
Reviewed-by: Moe Ahmadi <mahmadi@chromium.org>
Commit-Queue: Martin Šrámek <msramek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#824518}

chrome/browser/ui/webui/new_tab_page/promo_browser_command/promo_browser_command_handler.cc

@@ -9,6 +9,7 @@
 #include "base/metrics/user_metrics.h"
 #include "chrome/browser/browser_features.h"
 #include "chrome/browser/command_updater_impl.h"
+#include "chrome/browser/enterprise/util/managed_browser_utils.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/search/promos/promo_service.h"
 #include "chrome/browser/ui/browser.h"
@@ -51,7 +52,7 @@ void PromoBrowserCommandHandler::CanShowPromoWithCommand(
       // Nothing to do.
       break;
     case Command::kOpenSafetyCheck:
-      can_show = true;
+      can_show = chrome::enterprise_util::HasBrowserPoliciesApplied(profile_);
       break;
     case Command::kOpenSafeBrowsingEnhancedProtectionSettings: {
       bool managed = safe_browsing::SafeBrowsingPolicyHandler::

chrome/browser/ui/webui/new_tab_page/promo_browser_command/promo_browser_command_handler_unittest.cc

@@ -15,6 +15,8 @@
 #include "chrome/browser/ui/webui/new_tab_page/promo_browser_command/promo_browser_command_handler.h"
 #include "chrome/common/webui_url_constants.h"
 #include "chrome/test/base/testing_profile.h"
+#include "components/content_settings/core/common/pref_names.h"
+#include "components/password_manager/core/common/password_manager_pref_names.h"
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "content/public/test/browser_task_environment.h"
@@ -201,8 +203,41 @@ TEST_F(PromoBrowserCommandHandlerTest, DisableHandlingCommands) {
       PromoBrowserCommandHandler::kPromoBrowserCommandHistogramName, 0);
 }
 
-TEST_F(PromoBrowserCommandHandlerTest, CanShowOpenSafetyCheckCommandPromo) {
-  EXPECT_TRUE(CanShowPromoWithCommand(Command::kOpenSafetyCheck));
+TEST_F(PromoBrowserCommandHandlerTest,
+       CanShowPromoWithCommand_OpenSafetyCheck) {
+  // By default, showing the Safety Check promo is allowed.
+  EXPECT_TRUE(CanShowPromoWithCommand(
+      Command::kOpenSafeBrowsingEnhancedProtectionSettings));
+
+  // In enterprise environments, i.e. if any browser policy is applied, showing
+  // the Safety Check promo is not allowed.
+  TestingProfile::Builder builder;
+  std::unique_ptr<TestingProfile> profile = builder.Build();
+  profile->GetTestingPrefService()->SetManagedPref(
+      prefs::kSafeBrowsingEnabled, std::make_unique<base::Value>(true));
+  EXPECT_FALSE(CanShowPromoWithCommand(Command::kOpenSafetyCheck));
+
+  profile->GetTestingPrefService()->RemoveManagedPref(
+      prefs::kSafeBrowsingEnabled);
+  profile->GetTestingPrefService()->SetManagedPref(
+      password_manager::prefs::kCredentialsEnableService,
+      std::make_unique<base::Value>(true));
+  EXPECT_FALSE(CanShowPromoWithCommand(Command::kOpenSafetyCheck));
+
+  // That's true even if the policy in question is not related to the entries
+  // shown in the Safety Check.
+  profile->GetTestingPrefService()->RemoveManagedPref(
+      password_manager::prefs::kCredentialsEnableService);
+  profile->GetTestingPrefService()->SetManagedPref(
+      prefs::kManagedCookiesAllowedForUrls,
+      std::make_unique<base::Value>(true));
+  EXPECT_FALSE(CanShowPromoWithCommand(Command::kOpenSafetyCheck));
+
+  // Once policies are removed, the command works again.
+  profile->GetTestingPrefService()->RemoveManagedPref(
+      prefs::kManagedCookiesAllowedForUrls);
+  EXPECT_TRUE(CanShowPromoWithCommand(
+      Command::kOpenSafeBrowsingEnhancedProtectionSettings));
 }
 
 TEST_F(PromoBrowserCommandHandlerTest, OpenSafetyCheckCommand) {