Simplify ApplicationController ldap_security_checkdm-app-controller-ldap-security-check

author: Douwe Maan <douwe@selenight.nl> 2017-09-27 15:59:22 +0200
committer: Douwe Maan <douwe@selenight.nl> 2018-09-14 17:36:35 +0200
commit: d745a770755b4c9cf57a21ea55c45d275f9e8614 (patch)
tree: e6769d5b3b920c70ec622fbac77d394d9d0261f8
parent: 3fd0a46912ce8ca43e417515733a295fe9815cfd (diff)
download: gitlab-ce-dm-app-controller-ldap-security-check.tar.gz
3 files changed, 12 insertions, 14 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7e2b2cf3ad3..09192a72b31 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -258,14 +258,10 @@ class ApplicationController < ActionController::Base
   end
 
   def ldap_security_check
-    if current_user && current_user.requires_ldap_check?
-      return unless current_user.try_obtain_ldap_lease
-
-      unless Gitlab::Auth::LDAP::Access.allowed?(current_user)
-        sign_out current_user
-        flash[:alert] = "Access denied for your LDAP account."
-        redirect_to new_user_session_path
-      end
+    if current_user && !Gitlab::UserAccess.new(current_user).allowed?
+      sign_out current_user
+      flash[:alert] = "Access denied for your LDAP account."
+      redirect_to new_user_session_path
     end
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index d68108a8e8e..bf94dbbda0f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -942,6 +942,12 @@ class User < ActiveRecord::Base
     lease.try_obtain
   end
 
+  def ldap_access?
+    return true unless requires_ldap_check? && try_obtain_ldap_lease
+
+    Gitlab::Auth::LDAP::Access.allowed?(self)
+  end
+
   def solo_owned_groups
     @solo_owned_groups ||= owned_groups.select do |group|
       group.owners == [self]
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index 27560abfb96..55b78a30d06 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -28,13 +28,9 @@ module Gitlab
     end
 
     def allowed?
-      return false unless can_access_git?
-
-      if user.requires_ldap_check? && user.try_obtain_ldap_lease
-        return false unless Gitlab::Auth::LDAP::Access.allowed?(user)
-      end
+      return false unless user && user.can?(:log_in)
 
-      true
+      user.ldap_access?
     end
 
     request_cache def can_create_tag?(ref)
author	Douwe Maan <douwe@selenight.nl>	2017-09-27 15:59:22 +0200
committer	Douwe Maan <douwe@selenight.nl>	2018-09-14 17:36:35 +0200
commit	d745a770755b4c9cf57a21ea55c45d275f9e8614 (patch)
tree	e6769d5b3b920c70ec622fbac77d394d9d0261f8
parent	3fd0a46912ce8ca43e417515733a295fe9815cfd (diff)
download	gitlab-ce-dm-app-controller-ldap-security-check.tar.gz