diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-03-12 11:53:21 -0700 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-03-12 11:53:21 -0700 |
commit | e7f4f0ae1db4b0d940d0c4f1e4b32bebf9e6c299 (patch) | |
tree | 23cfe892a2f711823b1989459b551a1d76472aff | |
parent | 0f144f36bc5703ba745a8a6d1cde14fb694c4e34 (diff) | |
download | gitlab-ce-e7f4f0ae1db4b0d940d0c4f1e4b32bebf9e6c299.tar.gz |
Block user if he/she was blocked in Active Directory
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | lib/gitlab/ldap/access.rb | 9 | ||||
-rw-r--r-- | spec/lib/gitlab/ldap/access_spec.rb | 7 |
3 files changed, 15 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index b0adaeb101b..3e0bf6e700a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -59,6 +59,7 @@ v 7.9.0 (unreleased) - Added blue thmeme - Remove annoying notice messages when create/update merge request - Allow smb:// links in Markdown text. + - Block user if he/she was blocked in Active Directory v 7.8.4 - Fix issue_tracker_id substitution in custom issue trackers diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index 0c85acf7e69..6e30724e1f7 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -34,7 +34,14 @@ module Gitlab def allowed? if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter) return true unless ldap_config.active_directory - !Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter) + + # Block user in GitLab if he/she was blocked in AD + if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter) + user.block unless user.blocked? + false + else + true + end else false end diff --git a/spec/lib/gitlab/ldap/access_spec.rb b/spec/lib/gitlab/ldap/access_spec.rb index a2b05249147..39d46efcbc3 100644 --- a/spec/lib/gitlab/ldap/access_spec.rb +++ b/spec/lib/gitlab/ldap/access_spec.rb @@ -20,6 +20,11 @@ describe Gitlab::LDAP::Access do before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) } it { is_expected.to be_falsey } + + it "should block user in GitLab" do + access.allowed? + user.should be_blocked + end end context 'and has no disabled flag in active diretory' do @@ -38,4 +43,4 @@ describe Gitlab::LDAP::Access do end end end -end
\ No newline at end of file +end |