access.rb 1.25 KB
Newer Older
1 2 3 4
# LDAP authorization model
#
# * Check if we are allowed access (not blocked)
#
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
5 6 7
module Gitlab
  module LDAP
    class Access
8
      attr_reader :adapter, :provider, :user
9

10
      def self.open(user, &block)
11
        Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
12
          block.call(self.new(user, adapter))
13 14 15
        end
      end

16
      def self.allowed?(user)
17 18
        self.open(user) do |access|
          if access.allowed?
19 20 21 22 23 24 25 26 27
            user.last_credential_check_at = Time.now
            user.save
            true
          else
            false
          end
        end
      end

28
      def initialize(user, adapter=nil)
29
        @adapter = adapter
30
        @user = user
31
        @provider = user.ldap_identity.provider
32 33
      end

34
      def allowed?
35
        if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
36
          return true unless ldap_config.active_directory
37
          !Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
38 39 40
        else
          false
        end
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
41 42 43
      rescue
        false
      end
44 45 46 47

      def adapter
        @adapter ||= Gitlab::LDAP::Adapter.new(provider)
      end
48 49 50 51

      def ldap_config
        Gitlab::LDAP::Config.new(provider)
      end
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
52 53 54
    end
  end
end