Commit ba9855d4 authored by Gabriel Mazetto's avatar Gabriel Mazetto

Prevent ldap_blocked users from being unblocked by the Admin UI

parent bc7ef8e5
...@@ -132,6 +132,9 @@ ...@@ -132,6 +132,9 @@
margin-right: 0px; margin-right: 0px;
} }
} }
&.disabled {
pointer-events: auto !important;
}
} }
.btn-block { .btn-block {
......
...@@ -40,7 +40,9 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -40,7 +40,9 @@ class Admin::UsersController < Admin::ApplicationController
end end
def unblock def unblock
if user.activate if user.ldap_blocked?
redirect_back_or_admin_user(alert: "This user cannot be unlocked manually from GitLab")
elsif user.activate
redirect_back_or_admin_user(notice: "Successfully unblocked") redirect_back_or_admin_user(notice: "Successfully unblocked")
else else
redirect_back_or_admin_user(alert: "Error occurred. User was not unblocked") redirect_back_or_admin_user(alert: "Error occurred. User was not unblocked")
......
...@@ -90,7 +90,12 @@ ...@@ -90,7 +90,12 @@
&nbsp; &nbsp;
= link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn btn-xs" = link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn btn-xs"
- unless user == current_user - unless user == current_user
- if user.blocked? - if user.ldap_blocked?
= link_to '#', title: 'Cannot unblock LDAP blocked users', data: {toggle: 'tooltip'}, class: 'btn btn-xs btn-success disabled' do
%i.fa.fa-lock
Unblock
= ''
- elsif user.blocked?
= link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success" = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success"
- else - else
= link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning" = link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning"
......
...@@ -34,6 +34,22 @@ describe Admin::UsersController do ...@@ -34,6 +34,22 @@ describe Admin::UsersController do
end end
describe 'PUT unblock/:id' do describe 'PUT unblock/:id' do
context 'ldap blocked users' do
let(:user) { create(:omniauth_user, provider: 'ldapmain') }
before do
user.ldap_block
end
it 'will not unblock user' do
put :unblock, id: user.username
user.reload
expect(user.blocked?).to be_truthy
expect(flash[:alert]).to eq 'This user cannot be unlocked manually from GitLab'
end
end
context 'manually blocked users' do
let(:user) { create(:user) } let(:user) { create(:user) }
before do before do
...@@ -47,6 +63,7 @@ describe Admin::UsersController do ...@@ -47,6 +63,7 @@ describe Admin::UsersController do
expect(flash[:notice]).to eq 'Successfully unblocked' expect(flash[:notice]).to eq 'Successfully unblocked'
end end
end end
end
describe 'PUT unlock/:id' do describe 'PUT unlock/:id' do
let(:user) { create(:user) } let(:user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment