Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6c424a2a
Commit
6c424a2a
authored
Aug 15, 2014
by
Jan-Willem van der Meer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor LdapResetService to reflect multiple LDAP groups
parent
c982a8f0
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
22 additions
and
14 deletions
+22
-14
app/models/users_group.rb
app/models/users_group.rb
+2
-0
app/services/ldap_group_reset_service.rb
app/services/ldap_group_reset_service.rb
+9
-8
spec/services/ldap_group_reset_service_spec.rb
spec/services/ldap_group_reset_service_spec.rb
+11
-6
No files found.
app/models/users_group.rb
View file @
6c424a2a
...
@@ -27,6 +27,8 @@ class UsersGroup < ActiveRecord::Base
...
@@ -27,6 +27,8 @@ class UsersGroup < ActiveRecord::Base
scope
:developers
,
->
{
where
(
group_access:
DEVELOPER
)
}
scope
:developers
,
->
{
where
(
group_access:
DEVELOPER
)
}
scope
:masters
,
->
{
where
(
group_access:
MASTER
)
}
scope
:masters
,
->
{
where
(
group_access:
MASTER
)
}
scope
:owners
,
->
{
where
(
group_access:
OWNER
)
}
scope
:owners
,
->
{
where
(
group_access:
OWNER
)
}
scope
:with_ldap_dn
,
->
{
references
(
:user
).
includes
(
:user
).
where
(
users:
{
provider:
'ldap'
})
}
scope
:with_group
,
->
(
group
)
{
where
(
group_id:
group
.
id
)
}
scope
:with_group
,
->
(
group
)
{
where
(
group_id:
group
.
id
)
}
scope
:with_user
,
->
(
user
)
{
where
(
user_id:
user
.
id
)
}
scope
:with_user
,
->
(
user
)
{
where
(
user_id:
user
.
id
)
}
...
...
app/services/ldap_group_reset_service.rb
View file @
6c424a2a
class
LdapGroupResetService
class
LdapGroupResetService
def
execute
(
group
,
current_user
)
def
execute
(
group
,
current_user
)
# Only for ldap connected users
# Only for ldap connected users
# reset last_credential_check_at
# reset last_credential_check_at to force LDAP::Access::update_permissions
# set Gitlab::Access::Guest
# set Gitlab::Access::Guest to later on upgrade the access of a user
group
.
members
.
includes
(
:user
).
each
do
|
member
|
user
=
member
.
user
if
user
.
ldap_user?
&&
user
!=
current_user
# trigger the lowest access possible for all LDAP connected users
member
.
group_access
=
group
.
ldap_access
a
=
group
.
members
.
with_ldap_dn
.
map
do
|
member
|
member
.
save
# don't unauthorize the current user
end
next
if
current_user
==
member
.
user
member
.
update_attribute
:group_access
,
Gitlab
::
Access
::
GUEST
end
end
group
.
users
.
ldap
.
update_all
last_credential_check_at:
nil
end
end
end
end
spec/services/ldap_group_reset_service_spec.rb
View file @
6c424a2a
...
@@ -2,15 +2,16 @@ require 'spec_helper'
...
@@ -2,15 +2,16 @@ require 'spec_helper'
describe
LdapGroupResetService
do
describe
LdapGroupResetService
do
# TODO: refactor to multi-ldap setup
# TODO: refactor to multi-ldap setup
let
(
:group
)
{
create
(
:group
,
ldap_cn:
'developers'
,
ldap_access:
Gitlab
::
Access
::
DEVELOPER
)
}
let
(
:group
)
{
create
(
:group
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:ldap_user
)
{
create
(
:user
,
extern_uid:
'john'
,
provider:
'ldap'
)
}
let
(
:ldap_user
)
{
create
(
:user
,
extern_uid:
'john'
,
provider:
'ldap'
,
last_credential_check_at:
Time
.
now
)
}
let
(
:ldap_user_2
)
{
create
(
:user
,
extern_uid:
'mike'
,
provider:
'ldap'
)
}
let
(
:ldap_user_2
)
{
create
(
:user
,
extern_uid:
'mike'
,
provider:
'ldap'
,
last_credential_check_at:
Time
.
now
)
}
before
do
before
do
group
.
add_owner
(
user
)
group
.
add_owner
(
user
)
group
.
add_owner
(
ldap_user
)
group
.
add_owner
(
ldap_user
)
group
.
add_user
(
ldap_user_2
,
Gitlab
::
Access
::
REPORTER
)
group
.
add_user
(
ldap_user_2
,
Gitlab
::
Access
::
REPORTER
)
group
.
ldap_group_links
.
create
cn:
'developers'
,
group_access:
Gitlab
::
Access
::
DEVELOPER
end
end
describe
'#execute'
do
describe
'#execute'
do
...
@@ -18,16 +19,20 @@ describe LdapGroupResetService do
...
@@ -18,16 +19,20 @@ describe LdapGroupResetService do
before
{
LdapGroupResetService
.
new
.
execute
(
group
,
ldap_user
)
}
before
{
LdapGroupResetService
.
new
.
execute
(
group
,
ldap_user
)
}
it
{
member_access
(
ldap_user
).
should
==
Gitlab
::
Access
::
OWNER
}
it
{
member_access
(
ldap_user
).
should
==
Gitlab
::
Access
::
OWNER
}
it
{
member_access
(
ldap_user_2
).
should
==
Gitlab
::
Access
::
DEVELOPER
}
it
{
member_access
(
ldap_user_2
).
should
==
Gitlab
::
Access
::
GUEST
}
it
{
member_access
(
user
).
should
==
Gitlab
::
Access
::
OWNER
}
it
{
member_access
(
user
).
should
==
Gitlab
::
Access
::
OWNER
}
it
{
expect
(
ldap_user
.
reload
.
last_credential_check_at
).
to
be_nil
}
it
{
expect
(
ldap_user_2
.
reload
.
last_credential_check_at
).
to
be_nil
}
end
end
context
'initiated by regular user'
do
context
'initiated by regular user'
do
before
{
LdapGroupResetService
.
new
.
execute
(
group
,
user
)
}
before
{
LdapGroupResetService
.
new
.
execute
(
group
,
user
)
}
it
{
member_access
(
ldap_user
).
should
==
Gitlab
::
Access
::
DEVELOPER
}
it
{
member_access
(
ldap_user
).
should
==
Gitlab
::
Access
::
GUEST
}
it
{
member_access
(
ldap_user_2
).
should
==
Gitlab
::
Access
::
DEVELOPER
}
it
{
member_access
(
ldap_user_2
).
should
==
Gitlab
::
Access
::
GUEST
}
it
{
member_access
(
user
).
should
==
Gitlab
::
Access
::
OWNER
}
it
{
member_access
(
user
).
should
==
Gitlab
::
Access
::
OWNER
}
it
{
expect
(
ldap_user
.
reload
.
last_credential_check_at
).
to
be_nil
}
it
{
expect
(
ldap_user_2
.
reload
.
last_credential_check_at
).
to
be_nil
}
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment