Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
49f0dddd
Commit
49f0dddd
authored
Sep 26, 2017
by
James Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
refactor group base checks
parent
434dcc55
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
33 additions
and
15 deletions
+33
-15
ee/lib/ee/gitlab/ldap/sync/group.rb
ee/lib/ee/gitlab/ldap/sync/group.rb
+17
-6
ee/lib/ee/gitlab/ldap/sync/groups.rb
ee/lib/ee/gitlab/ldap/sync/groups.rb
+0
-5
spec/ee/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
spec/ee/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
+16
-0
spec/ee/spec/lib/ee/gitlab/ldap/sync/groups_spec.rb
spec/ee/spec/lib/ee/gitlab/ldap/sync/groups_spec.rb
+0
-4
No files found.
ee/lib/ee/gitlab/ldap/sync/group.rb
View file @
49f0dddd
...
@@ -74,12 +74,7 @@ module EE
...
@@ -74,12 +74,7 @@ module EE
access_levels
=
AccessLevels
.
new
access_levels
=
AccessLevels
.
new
# Only iterate over group links for the current provider
# Only iterate over group links for the current provider
group
.
ldap_group_links
.
with_provider
(
provider
).
each
do
|
group_link
|
group
.
ldap_group_links
.
with_provider
(
provider
).
each
do
|
group_link
|
if
member_dns
=
get_member_dns
(
group_link
)
update_access_levels
(
access_levels
,
group_link
)
access_levels
.
set
(
member_dns
,
to:
group_link
.
group_access
)
logger
.
debug
do
"Resolved '
#{
group
.
name
}
' group member access:
#{
access_levels
.
to_hash
}
"
end
end
end
end
update_existing_group_membership
(
group
,
access_levels
)
update_existing_group_membership
(
group
,
access_levels
)
...
@@ -88,6 +83,18 @@ module EE
...
@@ -88,6 +83,18 @@ module EE
private
private
def
update_access_levels
(
access_levels
,
group_link
)
if
config
.
group_base
.
blank?
&&
group_link
.
cn
logger
.
debug
{
"No `group_base` configured for '
#{
provider
}
' provider and group link CN
#{
group_link
.
cn
}
. Skipping"
}
elsif
member_dns
=
get_member_dns
(
group_link
)
access_levels
.
set
(
member_dns
,
to:
group_link
.
group_access
)
logger
.
debug
do
"Resolved '
#{
group
.
name
}
' group member access:
#{
access_levels
.
to_hash
}
"
end
end
end
def
get_member_dns
(
group_link
)
def
get_member_dns
(
group_link
)
group_link
.
cn
?
dns_for_group_cn
(
group_link
.
cn
)
:
UserFilter
.
filter
(
@proxy
,
group_link
.
filter
)
group_link
.
cn
?
dns_for_group_cn
(
group_link
.
cn
)
:
UserFilter
.
filter
(
@proxy
,
group_link
.
filter
)
end
end
...
@@ -213,6 +220,10 @@ module EE
...
@@ -213,6 +220,10 @@ module EE
def
logger
def
logger
Rails
.
logger
Rails
.
logger
end
end
def
config
@proxy
.
adapter
.
config
end
end
end
end
end
end
end
...
...
ee/lib/ee/gitlab/ldap/sync/groups.rb
View file @
49f0dddd
...
@@ -26,11 +26,6 @@ module EE
...
@@ -26,11 +26,6 @@ module EE
end
end
def
update_permissions
def
update_permissions
unless
config
.
group_base
.
present?
logger
.
debug
{
"No `group_base` configured for '
#{
provider
}
' provider. Skipping"
}
return
nil
end
logger
.
debug
{
"Performing LDAP group sync for '
#{
provider
}
' provider"
}
logger
.
debug
{
"Performing LDAP group sync for '
#{
provider
}
' provider"
}
sync_groups
sync_groups
logger
.
debug
{
"Finished LDAP group sync for '
#{
provider
}
' provider"
}
logger
.
debug
{
"Finished LDAP group sync for '
#{
provider
}
' provider"
}
...
...
spec/ee/spec/lib/ee/gitlab/ldap/sync/group_spec.rb
View file @
49f0dddd
...
@@ -299,6 +299,14 @@ describe EE::Gitlab::LDAP::Sync::Group do
...
@@ -299,6 +299,14 @@ describe EE::Gitlab::LDAP::Sync::Group do
expect
(
group
.
members
.
pluck
(
:access_level
))
expect
(
group
.
members
.
pluck
(
:access_level
))
.
to
match_array
([
::
Gitlab
::
Access
::
MASTER
,
::
Gitlab
::
Access
::
OWNER
])
.
to
match_array
([
::
Gitlab
::
Access
::
MASTER
,
::
Gitlab
::
Access
::
OWNER
])
end
end
it
'does not update permissions when group base is missing'
do
stub_ldap_config
(
group_base:
nil
)
sync_group
.
update_permissions
expect
(
group
.
members
.
pluck
(
:user_id
)).
not_to
include
(
user
.
id
)
end
end
end
end
end
...
@@ -414,6 +422,14 @@ describe EE::Gitlab::LDAP::Sync::Group do
...
@@ -414,6 +422,14 @@ describe EE::Gitlab::LDAP::Sync::Group do
expect
(
group
.
members
.
pluck
(
:user_id
)).
to
include
(
user
.
id
)
expect
(
group
.
members
.
pluck
(
:user_id
)).
to
include
(
user
.
id
)
expect
(
group
.
members
.
find_by
(
user_id:
user
.
id
).
ldap?
).
to
be_truthy
expect
(
group
.
members
.
find_by
(
user_id:
user
.
id
).
ldap?
).
to
be_truthy
end
end
it
'updates permissions when group base is missing'
do
stub_ldap_config
(
group_base:
nil
)
sync_group
.
update_permissions
expect
(
group
.
members
.
pluck
(
:user_id
)).
to
include
(
user
.
id
)
end
end
end
end
end
end
end
...
...
spec/ee/spec/lib/ee/gitlab/ldap/sync/groups_spec.rb
View file @
49f0dddd
...
@@ -24,10 +24,6 @@ describe EE::Gitlab::LDAP::Sync::Groups do
...
@@ -24,10 +24,6 @@ describe EE::Gitlab::LDAP::Sync::Groups do
stub_ldap_config
(
group_base:
nil
)
stub_ldap_config
(
group_base:
nil
)
end
end
it
'does not call EE::Gitlab::LDAP::Sync::Group#execute'
do
expect
(
EE
::
Gitlab
::
LDAP
::
Sync
::
Group
).
not_to
receive
(
:execute
)
end
it
'does not call EE::Gitlab::LDAP::Sync::AdminUsers#execute'
do
it
'does not call EE::Gitlab::LDAP::Sync::AdminUsers#execute'
do
expect
(
EE
::
Gitlab
::
LDAP
::
Sync
::
AdminUsers
).
not_to
receive
(
:execute
)
expect
(
EE
::
Gitlab
::
LDAP
::
Sync
::
AdminUsers
).
not_to
receive
(
:execute
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment