diff options
author | Shinya Maeda <shinya@gitlab.com> | 2018-04-25 17:13:25 +0900 |
---|---|---|
committer | Shinya Maeda <shinya@gitlab.com> | 2018-04-25 17:13:25 +0900 |
commit | abde73c0492510a7c6f3d3d412e0971a9df8968d (patch) | |
tree | 3693fb0c974769b61c23b5245ea7da0e695bf364 /lib/gitlab | |
parent | 12711de2564e1aecbd68f926e28d0d3e2241da41 (diff) | |
parent | ab7b01aa30a20de547a133931318964dcd032f6b (diff) | |
download | gitlab-ce-abde73c0492510a7c6f3d3d412e0971a9df8968d.tar.gz |
Merge branch 'master' into live-trace-v2-efficient-destroy-all
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/auth/ldap/user.rb | 9 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/identity_linker.rb | 8 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/user.rb | 14 | ||||
-rw-r--r-- | lib/gitlab/auth/omniauth_identity_linker_base.rb | 47 | ||||
-rw-r--r-- | lib/gitlab/auth/saml/identity_linker.rb | 8 | ||||
-rw-r--r-- | lib/gitlab/auth/saml/user.rb | 13 | ||||
-rw-r--r-- | lib/gitlab/import_export/import_export.yml | 3 | ||||
-rw-r--r-- | lib/gitlab/import_export/relation_factory.rb | 3 | ||||
-rw-r--r-- | lib/gitlab/user_access.rb | 8 |
9 files changed, 106 insertions, 7 deletions
diff --git a/lib/gitlab/auth/ldap/user.rb b/lib/gitlab/auth/ldap/user.rb index 068212d9a21..922d0567d99 100644 --- a/lib/gitlab/auth/ldap/user.rb +++ b/lib/gitlab/auth/ldap/user.rb @@ -8,6 +8,8 @@ module Gitlab module Auth module LDAP class User < Gitlab::Auth::OAuth::User + extend ::Gitlab::Utils::Override + class << self def find_by_uid_and_provider(uid, provider) identity = ::Identity.with_extern_uid(provider, uid).take @@ -29,7 +31,8 @@ module Gitlab self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider) end - def changed? + override :should_save? + def should_save? gl_user.changed? || gl_user.identities.any?(&:changed?) end @@ -41,6 +44,10 @@ module Gitlab Gitlab::Auth::LDAP::Access.allowed?(gl_user) end + def valid_sign_in? + allowed? && super + end + def ldap_config Gitlab::Auth::LDAP::Config.new(auth_hash.provider) end diff --git a/lib/gitlab/auth/o_auth/identity_linker.rb b/lib/gitlab/auth/o_auth/identity_linker.rb new file mode 100644 index 00000000000..de92d7a214d --- /dev/null +++ b/lib/gitlab/auth/o_auth/identity_linker.rb @@ -0,0 +1,8 @@ +module Gitlab + module Auth + module OAuth + class IdentityLinker < OmniauthIdentityLinkerBase + end + end + end +end diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index d0c6b0386ba..6c5d0788a0a 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -30,6 +30,10 @@ module Gitlab gl_user.try(:valid?) end + def valid_sign_in? + valid? && persisted? + end + def save(provider = 'OAuth') raise SigninDisabledForProviderError if oauth_provider_disabled? raise SignupDisabledError unless gl_user @@ -64,8 +68,18 @@ module Gitlab user end + def find_and_update! + save if should_save? + + gl_user + end + protected + def should_save? + true + end + def add_or_update_user_identities return unless gl_user diff --git a/lib/gitlab/auth/omniauth_identity_linker_base.rb b/lib/gitlab/auth/omniauth_identity_linker_base.rb new file mode 100644 index 00000000000..ae365fcdfaa --- /dev/null +++ b/lib/gitlab/auth/omniauth_identity_linker_base.rb @@ -0,0 +1,47 @@ +module Gitlab + module Auth + class OmniauthIdentityLinkerBase + attr_reader :current_user, :oauth + + def initialize(current_user, oauth) + @current_user = current_user + @oauth = oauth + @changed = false + end + + def link + save if identity.new_record? + end + + def changed? + @changed + end + + def error_message + identity.validate + + identity.errors.full_messages.join(', ') + end + + private + + def save + @changed = identity.save + end + + def identity + @identity ||= current_user.identities + .with_extern_uid(provider, uid) + .first_or_initialize(extern_uid: uid) + end + + def provider + oauth['provider'] + end + + def uid + oauth['uid'] + end + end + end +end diff --git a/lib/gitlab/auth/saml/identity_linker.rb b/lib/gitlab/auth/saml/identity_linker.rb new file mode 100644 index 00000000000..7e4b191d512 --- /dev/null +++ b/lib/gitlab/auth/saml/identity_linker.rb @@ -0,0 +1,8 @@ +module Gitlab + module Auth + module Saml + class IdentityLinker < OmniauthIdentityLinkerBase + end + end + end +end diff --git a/lib/gitlab/auth/saml/user.rb b/lib/gitlab/auth/saml/user.rb index d4024e9ec39..cb01cd8004c 100644 --- a/lib/gitlab/auth/saml/user.rb +++ b/lib/gitlab/auth/saml/user.rb @@ -7,6 +7,8 @@ module Gitlab module Auth module Saml class User < Gitlab::Auth::OAuth::User + extend ::Gitlab::Utils::Override + def save super('SAML') end @@ -21,13 +23,14 @@ module Gitlab if external_users_enabled? && user # Check if there is overlap between the user's groups and the external groups # setting then set user as external or internal. - user.external = !(auth_hash.groups & Gitlab::Auth::Saml::Config.external_groups).empty? + user.external = !(auth_hash.groups & saml_config.external_groups).empty? end user end - def changed? + override :should_save? + def should_save? return true unless gl_user gl_user.changed? || gl_user.identities.any?(&:changed?) @@ -35,12 +38,16 @@ module Gitlab protected + def saml_config + Gitlab::Auth::Saml::Config + end + def auto_link_saml_user? Gitlab.config.omniauth.auto_link_saml_user end def external_users_enabled? - !Gitlab::Auth::Saml::Config.external_groups.nil? + !saml_config.external_groups.nil? end def auth_hash=(auth_hash) diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml index ec91c02dbe7..0d1c4f73c6e 100644 --- a/lib/gitlab/import_export/import_export.yml +++ b/lib/gitlab/import_export/import_export.yml @@ -64,6 +64,7 @@ project_tree: - :project_feature - :custom_attributes - :project_badges + - :ci_cd_settings # Only include the following attributes for the models specified. included_attributes: @@ -73,6 +74,8 @@ included_attributes: - :username author: - :name + ci_cd_settings: + - :group_runners_enabled # Do not include the following attributes for the models specified. excluded_attributes: diff --git a/lib/gitlab/import_export/relation_factory.rb b/lib/gitlab/import_export/relation_factory.rb index 598832fb2df..e3e9f156fb4 100644 --- a/lib/gitlab/import_export/relation_factory.rb +++ b/lib/gitlab/import_export/relation_factory.rb @@ -17,7 +17,8 @@ module Gitlab auto_devops: :project_auto_devops, label: :project_label, custom_attributes: 'ProjectCustomAttribute', - project_badges: 'Badge' }.freeze + project_badges: 'Badge', + ci_cd_settings: 'ProjectCiCdSetting' }.freeze USER_REFERENCES = %w[author_id assignee_id updated_by_id user_id created_by_id last_edited_by_id merge_user_id resolved_by_id closed_by_id].freeze diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index 69952cbb47c..8cf5d636743 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -63,10 +63,12 @@ module Gitlab request_cache def can_push_to_branch?(ref) return false unless can_access_git? - return false unless user.can?(:push_code, project) || project.branch_allows_maintainer_push?(user, ref) + return false unless project + + return false if !user.can?(:push_code, project) && !project.branch_allows_maintainer_push?(user, ref) if protected?(ProtectedBranch, project, ref) - project.user_can_push_to_empty_repo?(user) || protected_branch_accessible_to?(ref, action: :push) + protected_branch_accessible_to?(ref, action: :push) else true end @@ -101,6 +103,7 @@ module Gitlab def protected_branch_accessible_to?(ref, action:) ProtectedBranch.protected_ref_accessible_to?( ref, user, + project: project, action: action, protected_refs: project.protected_branches) end @@ -108,6 +111,7 @@ module Gitlab def protected_tag_accessible_to?(ref, action:) ProtectedTag.protected_ref_accessible_to?( ref, user, + project: project, action: action, protected_refs: project.protected_tags) end |