Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
198b6700
Commit
198b6700
authored
Oct 06, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Document the hack in EE::Gitlab::LDAP::Sync::Group
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
7aa87eb8
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
19 additions
and
14 deletions
+19
-14
lib/ee/gitlab/ldap/sync/group.rb
lib/ee/gitlab/ldap/sync/group.rb
+14
-4
spec/lib/ee/gitlab/ldap/sync/group_spec.rb
spec/lib/ee/gitlab/ldap/sync/group_spec.rb
+5
-10
No files found.
lib/ee/gitlab/ldap/sync/group.rb
View file @
198b6700
...
@@ -99,7 +99,12 @@ module EE
...
@@ -99,7 +99,12 @@ module EE
def
update_existing_group_membership
(
group
,
access_levels
)
def
update_existing_group_membership
(
group
,
access_levels
)
logger
.
debug
{
"Updating existing membership for '
#{
group
.
name
}
' group"
}
logger
.
debug
{
"Updating existing membership for '
#{
group
.
name
}
' group"
}
first_group_owner
=
group
.
members
.
owners
.
first
.
try
(
:user
)
# Access requesters must be approved by a group owner so we take the
# first group owner and pass it as `current_user` to `#add_or_update_user_membership`.
# For users that are not access requesters, it doesn't matter if
#`current_user` is `nil` because the permissions to update users are
# not enforced in `Member.add_user`!
added_by
=
group
.
members
.
owners
.
first
.
try
(
:user
)
select_and_preload_group_members
(
group
).
each
do
|
member
|
select_and_preload_group_members
(
group
).
each
do
|
member
|
user
=
member
.
user
user
=
member
.
user
...
@@ -143,7 +148,7 @@ module EE
...
@@ -143,7 +148,7 @@ module EE
user
,
user
,
group
,
group
,
desired_access
,
desired_access
,
current_user:
first_group_owner
current_user:
added_by
)
)
elsif
group
.
last_owner?
(
user
)
elsif
group
.
last_owner?
(
user
)
warn_cannot_remove_last_owner
(
user
,
group
)
warn_cannot_remove_last_owner
(
user
,
group
)
...
@@ -156,7 +161,12 @@ module EE
...
@@ -156,7 +161,12 @@ module EE
def
add_new_members
(
group
,
access_levels
)
def
add_new_members
(
group
,
access_levels
)
logger
.
debug
{
"Adding new members to '
#{
group
.
name
}
' group"
}
logger
.
debug
{
"Adding new members to '
#{
group
.
name
}
' group"
}
first_group_owner
=
group
.
members
.
owners
.
first
.
try
(
:user
)
# Access requesters must be approved by a group owner so we take the
# first group owner and pass it as `current_user` to `#add_or_update_user_membership`.
# For users that are not access requesters, it doesn't matter if
#`current_user` is `nil` because the permissions to update users are
# not enforced in `Member.add_user`!
added_by
=
group
.
members
.
owners
.
first
.
try
(
:user
)
access_levels
.
each
do
|
member_dn
,
access_level
|
access_levels
.
each
do
|
member_dn
,
access_level
|
user
=
::
Gitlab
::
LDAP
::
User
.
find_by_uid_and_provider
(
member_dn
,
provider
)
user
=
::
Gitlab
::
LDAP
::
User
.
find_by_uid_and_provider
(
member_dn
,
provider
)
...
@@ -166,7 +176,7 @@ module EE
...
@@ -166,7 +176,7 @@ module EE
user
,
user
,
group
,
group
,
access_level
,
access_level
,
current_user:
first_group_owner
current_user:
added_by
)
)
else
else
logger
.
debug
do
logger
.
debug
do
...
...
spec/lib/ee/gitlab/ldap/sync/group_spec.rb
View file @
198b6700
...
@@ -161,8 +161,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
...
@@ -161,8 +161,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
it
'downgrades existing member access'
do
it
'downgrades existing member access'
do
# Create user with higher access
# Create user with higher access
group
.
add_users
([
user
],
group
.
add_user
(
user
,
Gitlab
::
Access
::
MASTER
)
::
Gitlab
::
Access
::
MASTER
)
sync_group
.
update_permissions
sync_group
.
update_permissions
...
@@ -172,8 +171,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
...
@@ -172,8 +171,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
it
'upgrades existing member access'
do
it
'upgrades existing member access'
do
# Create user with lower access
# Create user with lower access
group
.
add_users
([
user
],
group
.
add_user
(
user
,
Gitlab
::
Access
::
GUEST
)
::
Gitlab
::
Access
::
GUEST
)
sync_group
.
update_permissions
sync_group
.
update_permissions
...
@@ -213,8 +211,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
...
@@ -213,8 +211,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
end
end
it
'removes the user from the group'
do
it
'removes the user from the group'
do
group
.
add_users
([
user
],
group
.
add_user
(
user
,
Gitlab
::
Access
::
MASTER
)
Gitlab
::
Access
::
MASTER
)
sync_group
.
update_permissions
sync_group
.
update_permissions
...
@@ -222,8 +219,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
...
@@ -222,8 +219,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
end
end
it
'refuses to delete the last owner'
do
it
'refuses to delete the last owner'
do
group
.
add_users
([
user
],
group
.
add_user
(
user
,
Gitlab
::
Access
::
OWNER
)
Gitlab
::
Access
::
OWNER
)
sync_group
.
update_permissions
sync_group
.
update_permissions
...
@@ -242,8 +238,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
...
@@ -242,8 +238,7 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
it
'downgrades one user but not the other'
do
it
'downgrades one user but not the other'
do
create
(
:identity
,
user:
user1
,
extern_uid:
user_dn
(
user1
.
username
))
create
(
:identity
,
user:
user1
,
extern_uid:
user_dn
(
user1
.
username
))
create
(
:identity
,
user:
user2
,
extern_uid:
user_dn
(
user2
.
username
))
create
(
:identity
,
user:
user2
,
extern_uid:
user_dn
(
user2
.
username
))
group
.
add_users
([
user1
,
user2
],
group
.
add_users
([
user1
,
user2
],
Gitlab
::
Access
::
OWNER
)
Gitlab
::
Access
::
OWNER
)
sync_group
.
update_permissions
sync_group
.
update_permissions
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment