Commit 5c651fbf authored by Rémy Coutable's avatar Rémy Coutable

Merge branch '34648-restrict-forking-outside-of-gma' into 'master'

Add prohibited outer forks flag for SAML provider

See merge request gitlab-org/gitlab!22002
parents 5b459de0 ea75b0cf
# frozen_string_literal: true
class AddSamlProviderProhibitedOuterForks < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_column_with_default :saml_providers, :prohibited_outer_forks, :boolean, default: false, allow_null: true
end
def down
remove_column :saml_providers, :prohibited_outer_forks
end
end
...@@ -3744,6 +3744,7 @@ ActiveRecord::Schema.define(version: 2020_02_04_131054) do ...@@ -3744,6 +3744,7 @@ ActiveRecord::Schema.define(version: 2020_02_04_131054) do
t.string "sso_url", null: false t.string "sso_url", null: false
t.boolean "enforced_sso", default: false, null: false t.boolean "enforced_sso", default: false, null: false
t.boolean "enforced_group_managed_accounts", default: false, null: false t.boolean "enforced_group_managed_accounts", default: false, null: false
t.boolean "prohibited_outer_forks", default: false, null: false
t.index ["group_id"], name: "index_saml_providers_on_group_id" t.index ["group_id"], name: "index_saml_providers_on_group_id"
end end
......
...@@ -48,7 +48,9 @@ class Groups::SamlProvidersController < Groups::ApplicationController ...@@ -48,7 +48,9 @@ class Groups::SamlProvidersController < Groups::ApplicationController
allowed_params = %i[sso_url certificate_fingerprint enabled] allowed_params = %i[sso_url certificate_fingerprint enabled]
allowed_params += [:enforced_sso] if Feature.enabled?(:enforced_sso, group) allowed_params += [:enforced_sso] if Feature.enabled?(:enforced_sso, group)
allowed_params += [:enforced_group_managed_accounts] if Feature.enabled?(:group_managed_accounts, group) if Feature.enabled?(:group_managed_accounts, group)
allowed_params += [:enforced_group_managed_accounts, :prohibited_outer_forks]
end
params.require(:saml_provider).permit(allowed_params) params.require(:saml_provider).permit(allowed_params)
end end
......
...@@ -37,6 +37,10 @@ class SamlProvider < ApplicationRecord ...@@ -37,6 +37,10 @@ class SamlProvider < ApplicationRecord
super && enforced_sso? && Feature.enabled?(:group_managed_accounts, group) super && enforced_sso? && Feature.enabled?(:group_managed_accounts, group)
end end
def prohibited_outer_forks?
enforced_group_managed_accounts? && super
end
class DefaultOptions class DefaultOptions
include Gitlab::Routing include Gitlab::Routing
......
---
title: Prepare DB structure for GMA forking changes
merge_request: 22002
author:
type: other
...@@ -178,4 +178,40 @@ describe SamlProvider do ...@@ -178,4 +178,40 @@ describe SamlProvider do
end end
end end
end end
describe '#prohibited_outer_forks?' do
context 'without enforced GMA' do
it 'is false when prohibited_outer_forks flag value is true' do
subject.prohibited_outer_forks = true
expect(subject.prohibited_outer_forks?).to be_falsey
end
it 'is false when prohibited_outer_forks flag value is false' do
subject.prohibited_outer_forks = false
expect(subject.prohibited_outer_forks?).to be_falsey
end
end
context 'when enforced GMA is enabled' do
before do
subject.enabled = true
subject.enforced_sso = true
subject.enforced_group_managed_accounts = true
end
it 'is true when prohibited_outer_forks flag value is true' do
subject.prohibited_outer_forks = true
expect(subject.prohibited_outer_forks?).to be_truthy
end
it 'is false when prohibited_outer_forks flag value is false' do
subject.prohibited_outer_forks = false
expect(subject.prohibited_outer_forks?).to be_falsey
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment