Do ldap permissions update every hour

99efbc8c · Dmitriy Zaporozhets · cd786519 · 99efbc8c · 99efbc8c · 99efbc8c
Commit 99efbc8c authored Aug 09, 2013 by Dmitriy Zaporozhets
4 changed files
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,6 +4,7 @@ class ApplicationController < ActionController::Base
  before_filter :check_password_expiration
  before_filter :set_current_user_for_thread
  before_filter :add_abilities
+  before_filter :ldap_security_check
  before_filter :dev_tools if Rails.env == 'development'
  before_filter :default_headers
  before_filter :add_gon_variables
@@ -159,4 +160,13 @@ class ApplicationController < ActionController::Base
      redirect_to new_profile_password_path and return
    end
  end
+
+  def ldap_security_check
+    if current_user.ldap_user? && current_user.requires_ldap_check?
+      Gitlab::LDAP::Access.new.update_permissions(current_user)
+
+      current_user.last_credential_check_at = Time.now
+      current_user.save
+    end
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -370,4 +370,8 @@ class User < ActiveRecord::Base
      self.send("#{attr}=", Sanitize.clean(value)) if value.present?
    end
  end
+
+  def requires_ldap_check?
+    !last_credential_check_at || (last_credential_check_at + 1.hour) < Time.now
+  end
 end
--- a/db/migrate/20130809124851_add_permission_check_to_user.rb
+++ b/db/migrate/20130809124851_add_permission_check_to_user.rb
+class AddPermissionCheckToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :last_credential_check_at, :datetime
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.

-ActiveRecord::Schema.define(:version => 20130809090140) do
+ActiveRecord::Schema.define(:version => 20130809124851) do

  create_table "deploy_keys_projects", :force => true do |t|
    t.integer  "deploy_key_id", :null => false
@@ -274,12 +274,12 @@ ActiveRecord::Schema.define(:version => 20130809090140) do
  end

  create_table "users", :force => true do |t|
-    t.string   "email",                                 :default => "",    :null => false
-    t.string   "encrypted_password",     :limit => 128, :default => "",    :null => false
+    t.string   "email",                                   :default => "",    :null => false
+    t.string   "encrypted_password",       :limit => 128, :default => "",    :null => false
    t.string   "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
-    t.integer  "sign_in_count",                         :default => 0
+    t.integer  "sign_in_count",                           :default => 0
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip"
@@ -287,26 +287,27 @@ ActiveRecord::Schema.define(:version => 20130809090140) do
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "name"
-    t.boolean  "admin",                                 :default => false, :null => false
-    t.integer  "projects_limit",                        :default => 10
-    t.string   "skype",                                 :default => "",    :null => false
-    t.string   "linkedin",                              :default => "",    :null => false
-    t.string   "twitter",                               :default => "",    :null => false
+    t.boolean  "admin",                                   :default => false, :null => false
+    t.integer  "projects_limit",                          :default => 10
+    t.string   "skype",                                   :default => "",    :null => false
+    t.string   "linkedin",                                :default => "",    :null => false
+    t.string   "twitter",                                 :default => "",    :null => false
    t.string   "authentication_token"
-    t.integer  "theme_id",                              :default => 1,     :null => false
+    t.integer  "theme_id",                                :default => 1,     :null => false
    t.string   "bio"
-    t.integer  "failed_attempts",                       :default => 0
+    t.integer  "failed_attempts",                         :default => 0
    t.datetime "locked_at"
    t.string   "extern_uid"
    t.string   "provider"
    t.string   "username"
-    t.boolean  "can_create_group",                      :default => true,  :null => false
-    t.boolean  "can_create_team",                       :default => true,  :null => false
+    t.boolean  "can_create_group",                        :default => true,  :null => false
+    t.boolean  "can_create_team",                         :default => true,  :null => false
    t.string   "state"
-    t.integer  "color_scheme_id",                       :default => 1,     :null => false
-    t.integer  "notification_level",                    :default => 1,     :null => false
+    t.integer  "color_scheme_id",                         :default => 1,     :null => false
+    t.integer  "notification_level",                      :default => 1,     :null => false
    t.datetime "password_expires_at"
    t.integer  "created_by_id"
+    t.datetime "last_credential_check_at"
  end

  add_index "users", ["admin"], :name => "index_users_on_admin"