Remove traces from ldab_cn and ldap_access

Also add notes about refactoring the old single-ldap API and LdapGroupResetService
parent cadc1e6a
...@@ -58,6 +58,6 @@ class Admin::GroupsController < Admin::ApplicationController ...@@ -58,6 +58,6 @@ class Admin::GroupsController < Admin::ApplicationController
end end
def group_params def group_params
params.require(:group).permit(:name, :description, :path, :avatar, :ldap_cn, :ldap_access) params.require(:group).permit(:name, :description, :path, :avatar)
end end
end end
...@@ -163,6 +163,6 @@ class GroupsController < ApplicationController ...@@ -163,6 +163,6 @@ class GroupsController < ApplicationController
end end
def group_params def group_params
params.require(:group).permit(:name, :description, :path, :avatar, :ldap_access, :ldap_cn) params.require(:group).permit(:name, :description, :path, :avatar)
end end
end end
...@@ -23,11 +23,6 @@ class Group < Namespace ...@@ -23,11 +23,6 @@ class Group < Namespace
has_many :shared_projects, through: :project_group_links, source: :project has_many :shared_projects, through: :project_group_links, source: :project
has_many :ldap_group_links, foreign_key: 'group_id' has_many :ldap_group_links, foreign_key: 'group_id'
validates :ldap_access,
inclusion: { in: UsersGroup.group_access_roles.values },
presence: true,
if: ->(group) { group.ldap_cn.present? }
validate :avatar_type, if: ->(user) { user.avatar_changed? } validate :avatar_type, if: ->(user) { user.avatar_changed? }
validates :avatar, file_size: { maximum: 100.kilobytes.to_i } validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
......
...@@ -4,6 +4,7 @@ class LdapGroupLink < ActiveRecord::Base ...@@ -4,6 +4,7 @@ class LdapGroupLink < ActiveRecord::Base
validates :cn, :group_access, :group_id, presence: true validates :cn, :group_access, :group_id, presence: true
validates :cn, uniqueness: { scope: :group_id } validates :cn, uniqueness: { scope: :group_id }
validates :group_access, inclusion: { in: UsersGroup.group_access_roles.values }
def access_field def access_field
group_access group_access
......
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
- if current_user && current_user.can?(:manage_group, @group) - if current_user && current_user.can?(:manage_group, @group)
.pull-right .pull-right
- if ldap_enabled? && @group.ldap_cn.present? - if ldap_enabled? && @group.ldap_group_links.any?
= link_to reset_access_group_ldap_path(@group), class: 'btn btn-grouped', data: { confirm: "Reset the access level of all other LDAP group team members to '#{@group.human_ldap_access}'?" }, method: :put do = link_to reset_access_group_ldap_path(@group), class: 'btn btn-grouped', data: { confirm: "Reset the access level of all other LDAP group team members to '#{@group.human_ldap_access}'?" }, method: :put do
Reset access Reset access
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
%legend %legend
%div.form-holder %div.form-holder
.form-group.clearfix .form-group.clearfix
= f.label :ldap_cn, class: 'control-label' do = f.label :cn, class: 'control-label' do
LDAP Group cn LDAP Group cn
.col-sm-10 .col-sm-10
= f.hidden_field :cn, placeholder: "Ex. QA group", class: "xxlarge ajax-ldap-groups-select input-mn-300" = f.hidden_field :cn, placeholder: "Ex. QA group", class: "xxlarge ajax-ldap-groups-select input-mn-300"
......
...@@ -44,6 +44,7 @@ module API ...@@ -44,6 +44,7 @@ module API
authenticated_as_admin! authenticated_as_admin!
required_attributes! [:name, :path] required_attributes! [:name, :path]
# TODO: Refactor to support multi-ldap
attrs = attributes_for_keys [:name, :path, :ldap_cn, :ldap_access] attrs = attributes_for_keys [:name, :path, :ldap_cn, :ldap_access]
@group = Group.new(attrs) @group = Group.new(attrs)
@group.owner = current_user @group.owner = current_user
......
...@@ -85,14 +85,6 @@ module Gitlab ...@@ -85,14 +85,6 @@ module Gitlab
end end
end end
# Remove user from GitLab group
def remove_user_from_groups(user_id, group_cn)
groups = ::Group.where(ldap_cn: group_cn)
groups.each do |group|
group.users_groups.where(user_id: user_id).destroy_all
end
end
def update_admin_status(user) def update_admin_status(user)
admin_group = Gitlab::LDAP::Group.find_by_cn(Gitlab.config.ldap['admin_group'], adapter) admin_group = Gitlab::LDAP::Group.find_by_cn(Gitlab.config.ldap['admin_group'], adapter)
if admin_group.has_member?(Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)) if admin_group.has_member?(Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter))
......
...@@ -3,7 +3,6 @@ require 'spec_helper' ...@@ -3,7 +3,6 @@ require 'spec_helper'
describe Gitlab::LDAP::Access do describe Gitlab::LDAP::Access do
let(:access) { Gitlab::LDAP::Access.new } let(:access) { Gitlab::LDAP::Access.new }
let(:user) { create(:user) } let(:user) { create(:user) }
let!(:group) { create(:group, ldap_cn: 'oss', ldap_access: Gitlab::Access::DEVELOPER) }
describe :update_user_email do describe :update_user_email do
let(:user_ldap) { create(:user, provider: 'ldap', extern_uid: "66048")} let(:user_ldap) { create(:user, provider: 'ldap', extern_uid: "66048")}
......
require 'spec_helper' require 'spec_helper'
describe LdapGroupResetService do describe LdapGroupResetService do
# TODO: refactor to multi-ldap setup
let(:group) { create(:group, ldap_cn: 'developers', ldap_access: Gitlab::Access::DEVELOPER) } let(:group) { create(:group, ldap_cn: 'developers', ldap_access: Gitlab::Access::DEVELOPER) }
let(:user) { create(:user) } let(:user) { create(:user) }
let(:ldap_user) { create(:user, extern_uid: 'john', provider: 'ldap') } let(:ldap_user) { create(:user, extern_uid: 'john', provider: 'ldap') }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment