Commit cca08e14 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'ldap-block-user' into 'master'

Block user if he/she was blocked in Active Directory

For gitlab/gitlab-ee#248

See merge request !1687
parents 0f144f36 e7f4f0ae
...@@ -59,6 +59,7 @@ v 7.9.0 (unreleased) ...@@ -59,6 +59,7 @@ v 7.9.0 (unreleased)
- Added blue thmeme - Added blue thmeme
- Remove annoying notice messages when create/update merge request - Remove annoying notice messages when create/update merge request
- Allow smb:// links in Markdown text. - Allow smb:// links in Markdown text.
- Block user if he/she was blocked in Active Directory
v 7.8.4 v 7.8.4
- Fix issue_tracker_id substitution in custom issue trackers - Fix issue_tracker_id substitution in custom issue trackers
......
...@@ -34,7 +34,14 @@ module Gitlab ...@@ -34,7 +34,14 @@ module Gitlab
def allowed? def allowed?
if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter) if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
return true unless ldap_config.active_directory return true unless ldap_config.active_directory
!Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
# Block user in GitLab if he/she was blocked in AD
if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
user.block unless user.blocked?
false
else
true
end
else else
false false
end end
......
...@@ -20,6 +20,11 @@ describe Gitlab::LDAP::Access do ...@@ -20,6 +20,11 @@ describe Gitlab::LDAP::Access do
before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) } before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) }
it { is_expected.to be_falsey } it { is_expected.to be_falsey }
it "should block user in GitLab" do
access.allowed?
user.should be_blocked
end
end end
context 'and has no disabled flag in active diretory' do context 'and has no disabled flag in active diretory' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment