summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2019-05-07 21:03:39 +0000
committerRobert Speicher <rspeicher@gmail.com>2019-05-07 21:03:39 +0000
commitf2dbf1cace426f9fd9aed01a4a65eb369b2bc5e6 (patch)
tree24843825b52072013746295d5519d5340b714366
parent0658ebf7261da95b2e3a48364e34869af7e02e04 (diff)
parent651cfd08abe10a4bf33962a8e820aa4ed404fb46 (diff)
downloadgitlab-ce-f2dbf1cace426f9fd9aed01a4a65eb369b2bc5e6.tar.gz
Merge branch 'ce-jej/group-saml-sso-enforcement' into 'master'
CE changes for SSO web enforcement See merge request gitlab-org/gitlab-ce!28141
-rw-r--r--app/controllers/omniauth_callbacks_controller.rb7
-rw-r--r--app/policies/group_policy.rb6
2 files changed, 11 insertions, 2 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index d9b3b4bbbd9..2a8dd997d04 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -86,7 +86,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
log_audit_event(current_user, with: oauth['provider'])
identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth)
- identity_linker.link
+
+ link_identity(identity_linker)
if identity_linker.changed?
redirect_identity_linked
@@ -100,6 +101,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
end
end
+ def link_identity(identity_linker)
+ identity_linker.link
+ end
+
def redirect_identity_exists
redirect_to after_sign_in_path_for(current_user)
end
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index eb2e536e8e9..ea86858181d 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -129,6 +129,10 @@ class GroupPolicy < BasePolicy
def access_level
return GroupMember::NO_ACCESS if @user.nil?
- @access_level ||= @subject.max_member_access_for_user(@user)
+ @access_level ||= lookup_access_level!
+ end
+
+ def lookup_access_level!
+ @subject.max_member_access_for_user(@user)
end
end