Prevent ldap_blocked users from being unblocked by the Admin UI

ba9855d4 · Gabriel Mazetto · bc7ef8e5 · ba9855d4 · ba9855d4 · ba9855d4
Commit ba9855d4 authored Dec 29, 2015 by Gabriel Mazetto
4 changed files
--- a/app/assets/stylesheets/framework/buttons.scss
+++ b/app/assets/stylesheets/framework/buttons.scss
@@ -132,6 +132,9 @@
      margin-right: 0px;
    }
  }
+  &.disabled {
+    pointer-events: auto !important;
+  }
 }
 .btn-block {

--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -40,7 +40,9 @@ class Admin::UsersController < Admin::ApplicationController
  end
  def unblock
-    if user.activate
+    if user.ldap_blocked?
+      redirect_back_or_admin_user(alert: "This user cannot be unlocked manually from GitLab")
+    elsif user.activate
      redirect_back_or_admin_user(notice: "Successfully unblocked")
    else
      redirect_back_or_admin_user(alert: "Error occurred. User was not unblocked")

--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
@@ -90,7 +90,12 @@
              &nbsp;
              = link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn btn-xs"
              - unless user == current_user
-                - if user.blocked?
+                - if user.ldap_blocked?
+                  = link_to '#', title: 'Cannot unblock LDAP blocked users', data: {toggle: 'tooltip'}, class: 'btn btn-xs btn-success disabled' do
+                    %i.fa.fa-lock
+                    Unblock
+                  = ''
+                - elsif user.blocked?
                  = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success"
                - else
                  = link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning"

--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -34,17 +34,34 @@ describe Admin::UsersController do
  end
  describe 'PUT unblock/:id' do
-    let(:user) { create(:user) }
+    context 'ldap blocked users' do
+      let(:user) { create(:omniauth_user, provider: 'ldapmain') }
-    before do
-      user.block
+      before do
+        user.ldap_block
+      end
+      it 'will not unblock user' do
+        put :unblock, id: user.username
+        user.reload
+        expect(user.blocked?).to be_truthy
+        expect(flash[:alert]).to eq 'This user cannot be unlocked manually from GitLab'
+      end
    end
-    it 'unblocks user' do
+    context 'manually blocked users' do
-      put :unblock, id: user.username
+      let(:user) { create(:user) }
-      user.reload
-      expect(user.blocked?).to be_falsey
+      before do
-      expect(flash[:notice]).to eq 'Successfully unblocked'
+        user.block
+      end
+      it 'unblocks user' do
+        put :unblock, id: user.username
+        user.reload
+        expect(user.blocked?).to be_falsey
+        expect(flash[:notice]).to eq 'Successfully unblocked'
+      end
    end
  end