Commit 67522fc6 authored by Phil Hughes's avatar Phil Hughes

Override LDAP members permissions

Closes #343
parent 9e32bd5d
...@@ -8,6 +8,12 @@ ...@@ -8,6 +8,12 @@
} }
addListeners() { addListeners() {
const ldapPermissionsChangeBtns = document.querySelectorAll('.js-ldap-permissions');
ldapPermissionsChangeBtns.forEach((btn) => {
btn.addEventListener('click', this.showLDAPPermissionsWarning.bind(this));
});
$('.project_member, .group_member').off('ajax:success').on('ajax:success', this.removeRow); $('.project_member, .group_member').off('ajax:success').on('ajax:success', this.removeRow);
$('.js-member-update-control').off('change').on('change', this.formSubmit); $('.js-member-update-control').off('change').on('change', this.formSubmit);
$('.js-edit-member-form').off('ajax:success').on('ajax:success', this.formSuccess); $('.js-edit-member-form').off('ajax:success').on('ajax:success', this.formSuccess);
...@@ -32,6 +38,21 @@ ...@@ -32,6 +38,21 @@
formSuccess() { formSuccess() {
$(this).find('.js-member-update-control').enable(); $(this).find('.js-member-update-control').enable();
} }
showLDAPPermissionsWarning (e) {
const btn = e.currentTarget,
ldapPermissionsElement = this.getLDAPPermissionsElement(btn);
if (ldapPermissionsElement.style.display === 'none') {
ldapPermissionsElement.style.display = 'block';
} else {
ldapPermissionsElement.style.display = 'none';
}
}
getLDAPPermissionsElement (btn) {
return document.getElementById(btn.dataset.id).nextElementSibling;
}
} }
gl.Members = Members; gl.Members = Members;
......
...@@ -96,3 +96,24 @@ ...@@ -96,3 +96,24 @@
border: 0; border: 0;
outline: 0; outline: 0;
} }
.members-ldap {
-webkit-align-self: center;
align-self: center;
height: 100%;
margin-right: 10px;
margin-left: -49px;
}
.alert-member-ldap {
background-color: #fff1e0;
> p {
float: left;
color: $orange-normal;
@media (min-width: $screen-sm-min) {
padding-left: 55px;
}
}
}
...@@ -15,5 +15,7 @@ class GroupMemberPolicy < BasePolicy ...@@ -15,5 +15,7 @@ class GroupMemberPolicy < BasePolicy
elsif @user == target_user elsif @user == target_user
can! :destroy_group_member can! :destroy_group_member
end end
cannot! :update_group_member if @subject.ldap
end end
end end
...@@ -35,7 +35,7 @@ class GroupPolicy < BasePolicy ...@@ -35,7 +35,7 @@ class GroupPolicy < BasePolicy
end end
# EE-only # EE-only
cannot! :admin_group_member if @subject.ldap_synced? # cannot! :admin_group_member if @subject.ldap_synced?
end end
def can_read_group? def can_read_group?
......
...@@ -45,6 +45,9 @@ ...@@ -45,6 +45,9 @@
= time_ago_with_tooltip(member.created_at) = time_ago_with_tooltip(member.created_at)
- if show_roles - if show_roles
.controls.member-controls .controls.member-controls
- if member.ldap
%span.label.label-info.members-ldap
LDAP
- if show_controls && (member.respond_to?(:group) && @group) || (member.respond_to?(:project) && @project) - if show_controls && (member.respond_to?(:group) && @group) || (member.respond_to?(:project) && @project)
- if user != current_user - if user != current_user
= form_for member, remote: true, html: { class: 'form-horizontal js-edit-member-form' } do |f| = form_for member, remote: true, html: { class: 'form-horizontal js-edit-member-form' } do |f|
...@@ -66,7 +69,7 @@ ...@@ -66,7 +69,7 @@
class: 'btn btn-success prepend-left-10', class: 'btn btn-success prepend-left-10',
title: 'Grant access' title: 'Grant access'
- if can?(current_user, action_member_permission(:destroy, member), member) - if can?(current_user, action_member_permission(:destroy, member), member) && !member.ldap
- if current_user == user - if current_user == user
= link_to icon('sign-out', text: 'Leave'), polymorphic_path([:leave, member.source, :members]), = link_to icon('sign-out', text: 'Leave'), polymorphic_path([:leave, member.source, :members]),
method: :delete, method: :delete,
...@@ -82,5 +85,23 @@ ...@@ -82,5 +85,23 @@
%span.visible-xs-block %span.visible-xs-block
Delete Delete
= icon('trash', class: 'hidden-xs') = icon('trash', class: 'hidden-xs')
- elsif member.ldap
%button.btn.btn-default.prepend-left-10.js-ldap-permissions{ type: "button",
"aria-label" => "Override LDAP settings",
data: { name: user.name, id: dom_id(member) } }
= icon("pencil")
- else - else
%span.member-access-text= member.human_access %span.member-access-text= member.human_access
- if member.ldap
%li.alert.alert-member-ldap{ style: "display: none;" }
%p
= user.name
is currently an LDAP user. Editing their permissions will override the settings from the LDAP group sync.
.controls
%button.btn.btn-warning{ type: "button",
"aria-label" => "Change LDAP member permissions" }
Change permissions
%button.btn.btn-default.js-ldap-permissions{ type: "button",
"aria-label" => "Close permissions override",
data: { id: dom_id(member) } }
= icon("times")
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment