diff options
author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2019-05-06 23:18:03 +0700 |
---|---|---|
committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2019-05-06 23:28:27 +0700 |
commit | 651cfd08abe10a4bf33962a8e820aa4ed404fb46 (patch) | |
tree | 83af222ac2b682fe0653eadb87eec7561bfcc9fc | |
parent | 8b55b794cb48c726cde7cf0ad24180d8e6bb975f (diff) | |
download | gitlab-ce-ce-jej/group-saml-sso-enforcement.tar.gz |
CE changes for SSO web enforcementce-jej/group-saml-sso-enforcement
Adds two methods for us to extend in EE:
- OmniauthCallbacksController#link_identity
- GroupPolicy#lookup_access_level!
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 7 | ||||
-rw-r--r-- | app/policies/group_policy.rb | 6 |
2 files changed, 11 insertions, 2 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index d9b3b4bbbd9..2a8dd997d04 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -86,7 +86,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController log_audit_event(current_user, with: oauth['provider']) identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth) - identity_linker.link + + link_identity(identity_linker) if identity_linker.changed? redirect_identity_linked @@ -100,6 +101,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end end + def link_identity(identity_linker) + identity_linker.link + end + def redirect_identity_exists redirect_to after_sign_in_path_for(current_user) end diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index eb2e536e8e9..ea86858181d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -129,6 +129,10 @@ class GroupPolicy < BasePolicy def access_level return GroupMember::NO_ACCESS if @user.nil? - @access_level ||= @subject.max_member_access_for_user(@user) + @access_level ||= lookup_access_level! + end + + def lookup_access_level! + @subject.max_member_access_for_user(@user) end end |