diff options
author | Douwe Maan <douwe@selenight.nl> | 2017-09-27 15:59:22 +0200 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2018-09-14 17:36:35 +0200 |
commit | d745a770755b4c9cf57a21ea55c45d275f9e8614 (patch) | |
tree | e6769d5b3b920c70ec622fbac77d394d9d0261f8 | |
parent | 3fd0a46912ce8ca43e417515733a295fe9815cfd (diff) | |
download | gitlab-ce-dm-app-controller-ldap-security-check.tar.gz |
Simplify ApplicationController ldap_security_checkdm-app-controller-ldap-security-check
-rw-r--r-- | app/controllers/application_controller.rb | 12 | ||||
-rw-r--r-- | app/models/user.rb | 6 | ||||
-rw-r--r-- | lib/gitlab/user_access.rb | 8 |
3 files changed, 12 insertions, 14 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7e2b2cf3ad3..09192a72b31 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -258,14 +258,10 @@ class ApplicationController < ActionController::Base end def ldap_security_check - if current_user && current_user.requires_ldap_check? - return unless current_user.try_obtain_ldap_lease - - unless Gitlab::Auth::LDAP::Access.allowed?(current_user) - sign_out current_user - flash[:alert] = "Access denied for your LDAP account." - redirect_to new_user_session_path - end + if current_user && !Gitlab::UserAccess.new(current_user).allowed? + sign_out current_user + flash[:alert] = "Access denied for your LDAP account." + redirect_to new_user_session_path end end diff --git a/app/models/user.rb b/app/models/user.rb index d68108a8e8e..bf94dbbda0f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -942,6 +942,12 @@ class User < ActiveRecord::Base lease.try_obtain end + def ldap_access? + return true unless requires_ldap_check? && try_obtain_ldap_lease + + Gitlab::Auth::LDAP::Access.allowed?(self) + end + def solo_owned_groups @solo_owned_groups ||= owned_groups.select do |group| group.owners == [self] diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index 27560abfb96..55b78a30d06 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -28,13 +28,9 @@ module Gitlab end def allowed? - return false unless can_access_git? - - if user.requires_ldap_check? && user.try_obtain_ldap_lease - return false unless Gitlab::Auth::LDAP::Access.allowed?(user) - end + return false unless user && user.can?(:log_in) - true + user.ldap_access? end request_cache def can_create_tag?(ref) |