Revert "Add read-only state for LDAP syncable attributes"

LDAP read-only attributes should be redone with more knowledge about customer needs

Revert "Add read-only state for LDAP syncable attributes"
LDAP read-only attributes should be redone with more knowledge about customer needs
022d4d01 · Pavel Shutsin · a47e7c0e · 022d4d01 · 022d4d01 · 022d4d01
Commit 022d4d01 authored Apr 01, 2020 by Pavel Shutsin
5 changed files
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1582,13 +1582,6 @@ class User < ApplicationRecord
  end

  def read_only_attribute?(attribute)
-    if Feature.enabled?(:ldap_readonly_attributes, default_enabled: true)
-      enabled = Gitlab::Auth::Ldap::Config.enabled?
-      read_only = attribute.to_sym.in?(UserSyncedAttributesMetadata::SYNCABLE_ATTRIBUTES)
-
-      return true if enabled && read_only
-    end
-
    user_synced_attributes_metadata&.read_only?(attribute)
  end


--- a/app/services/users/update_service.rb
+++ b/app/services/users/update_service.rb
@@ -60,11 +60,7 @@ module Users
    end

    def discard_read_only_attributes
-      if Feature.enabled?(:ldap_readonly_attributes, default_enabled: true)
-        params.reject! { |key, _| @user.read_only_attribute?(key.to_sym) }
-      else
-        discard_synced_attributes
-      end
+      discard_synced_attributes
    end

    def discard_synced_attributes

--- a/changelogs/unreleased/210492-revert-ldap-readonly-sync.yml
+++ b/changelogs/unreleased/210492-revert-ldap-readonly-sync.yml
+---
+title: Revert LDAP readonly attributes feature
+merge_request: 28541
+author:
+type: removed
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -4259,30 +4259,6 @@ describe User, :do_not_mock_admin_mode do
  end

  describe '#read_only_attribute?' do
-    context 'when LDAP server is enabled' do
-      before do
-        allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
-      end
-
-      %i[name email location].each do |attribute|
-        it "is true for #{attribute}" do
-          expect(subject.read_only_attribute?(attribute)).to be_truthy
-        end
-      end
-
-      context 'and ldap_readonly_attributes feature is disabled' do
-        before do
-          stub_feature_flags(ldap_readonly_attributes: false)
-        end
-
-        %i[name email location].each do |attribute|
-          it "is false" do
-            expect(subject.read_only_attribute?(attribute)).to be_falsey
-          end
-        end
-      end
-    end
-
    context 'when synced attributes metadata is present' do
      it 'delegates to synced_attributes_metadata' do
        subject.build_user_synced_attributes_metadata
@@ -4293,7 +4269,7 @@ describe User, :do_not_mock_admin_mode do
      end
    end

-    context 'when synced attributes metadata is present' do
+    context 'when synced attributes metadata is not present' do
      it 'is false for any attribute' do
        expect(subject.read_only_attribute?(:email)).to be_falsey
      end

--- a/spec/services/users/update_service_spec.rb
+++ b/spec/services/users/update_service_spec.rb
@@ -55,15 +55,6 @@ describe Users::UpdateService do
      expect(result[:message]).to eq("Emoji is not included in the list")
    end

-    it 'ignores read-only attributes' do
-      allow(user).to receive(:read_only_attribute?).with(:name).and_return(true)
-
-      expect do
-        update_user(user, name: 'changed' + user.name)
-        user.reload
-      end.not_to change { user.name }
-    end
-
    it 'updates user detail with provided attributes' do
      result = update_user(user, job_title: 'Backend Engineer')