Skip to content

G
gitlab-ce
Commit 8245c667 authored by Drew Blessing's avatar Drew Blessing
Browse files
Options

Add Sync now to group members page

parent 88e44726
Hide whitespace changes
Inline Side-by-side
Showing with 104 additions and 28 deletions
CHANGELOG-EE
View file @ 8245c667
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 8.12.0 (Unreleased) v 8.12.0 (Unreleased)
- Add 'Sync now' to group members page !704
v 8.11.5 v 8.11.5
- API: Restore backward-compatibility for POST /projects/:id/members when membership is locked - API: Restore backward-compatibility for POST /projects/:id/members when membership is locked
......
app/controllers/groups/ldaps_controller.rb
View file @ 8245c667
...@@ -2,9 +2,10 @@ class Groups::LdapsController < Groups::ApplicationController ...@@ -2,9 +2,10 @@ class Groups::LdapsController < Groups::ApplicationController
before_action :group before_action :group
before_action :authorize_admin_group! before_action :authorize_admin_group!
def reset_access def sync
LdapGroupResetService.new.execute(group, current_user) @group.pending_ldap_sync
LdapGroupSyncWorker.perform_async(@group.id)
redirect_to group_group_members_path(@group), notice: 'Access reset complete' redirect_to group_group_members_path(@group), notice: 'The group sync has been scheduled'
end end
end end
app/models/ee/group.rb
View file @ 8245c667
...@@ -10,10 +10,15 @@ module EE ...@@ -10,10 +10,15 @@ module EE
state_machine :ldap_sync_status, namespace: :ldap_sync, initial: :ready do state_machine :ldap_sync_status, namespace: :ldap_sync, initial: :ready do
state :ready state :ready
state :started state :started
state :pending
state :failed state :failed
event :pending do
transition [:ready, :failed] => :pending
end
event :start do event :start do
transition [:ready, :failed] => :started transition [:ready, :pending, :failed] => :started
end end
event :finish do event :finish do
......
app/views/groups/group_members/_ldap_sync.html.haml 0 → 100644
View file @ 8245c667
- if current_user && @group.ldap_synced?
.bs-callout.bs-callout-info
The members of this group are managed using LDAP and cannot be added, changed or removed here.
Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
%ul
- @group.ldap_group_links.each do |ldap_group_link|
%li
People in cn
%code= ldap_group_link.cn
are given
%code= ldap_group_link.human_access
access.
- if can?(current_user, :admin_group, @group)
= render 'sync_button'
app/views/groups/group_members/_sync_button.html.haml 0 → 100644
View file @ 8245c667
- if @group.ldap_sync_started?
%span.btn.disabled
= icon("refresh spin")
Syncing&hellip;
- elsif @group.ldap_sync_pending?
%span.btn.disabled
= icon("refresh spin")
Pending sync&hellip;
- else
= link_to sync_group_ldap_path(@group), method: :put, class: 'btn' do
= icon("refresh")
Sync now
- if @group.ldap_sync_ready? && @group.ldap_sync_last_successful_update_at
%p.inline.prepend-left-10
Successfully synced #{time_ago_with_tooltip(@group.ldap_sync_last_successful_update_at)}.
app/views/groups/group_members/index.html.haml
View file @ 8245c667
...@@ -13,23 +13,7 @@ ...@@ -13,23 +13,7 @@
= render 'shared/members/requests', membership_source: @group, requesters: @requesters = render 'shared/members/requests', membership_source: @group, requesters: @requesters
- if current_user && @group.ldap_synced? = render 'ldap_sync'
.bs-callout.bs-callout-info
The members of this group are managed using LDAP and cannot be added, changed or removed here.
Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
%ul
- @group.ldap_group_links.each do |ldap_group_link|
%li
People in cn
%code= ldap_group_link.cn
are given
%code= ldap_group_link.human_access
access.
- if can?(current_user, :admin_group_member, @group)
= form_tag(reset_access_group_ldap_path(@group), method: :put, class: 'inline') do
= button_to 'Clear LDAP permission cache', '#', class: "btn btn-remove js-confirm-danger",
data: { "confirm-danger-message" => clear_ldap_permission_cache_message,
'warning-message' => 'If you made manual permission tweaks for some group members they will be lost.' }
.panel.panel-default .panel.panel-default
.panel-heading .panel-heading
...@@ -51,5 +35,3 @@ ...@@ -51,5 +35,3 @@
event.preventDefault(); event.preventDefault();
Turbolinks.visit(this.action + '?' + $(this).serialize()); Turbolinks.visit(this.action + '?' + $(this).serialize());
}); });
= render 'shared/confirm_modal', phrase: 'reset'
app/workers/ldap_group_sync_worker.rb
View file @ 8245c667
...@@ -3,9 +3,21 @@ class LdapGroupSyncWorker ...@@ -3,9 +3,21 @@ class LdapGroupSyncWorker
sidekiq_options retry: false sidekiq_options retry: false
def perform def perform(group_id = nil)
logger.info 'Started LDAP group sync' if group_id
EE::Gitlab::LDAP::Sync::Groups.execute group = Group.find_by(id: group_id)
logger.info 'Finished LDAP group sync' unless group
logger.warn "Could not find group #{group_id} for LDAP group sync"
return
end
logger.info "Started LDAP group sync for group #{group.name} (#{group.id})"
EE::Gitlab::LDAP::Sync::Group.execute_all_providers(group)
logger.info "Finished LDAP group sync for group #{group.name} (#{group.id})"
else
logger.info 'Started LDAP group sync'
EE::Gitlab::LDAP::Sync::Groups.execute
logger.info 'Finished LDAP group sync'
end
end end
end end
config/routes.rb
View file @ 8245c667
...@@ -463,7 +463,7 @@ Rails.application.routes.draw do ...@@ -463,7 +463,7 @@ Rails.application.routes.draw do
resource :analytics, only: [:show] resource :analytics, only: [:show]
resource :ldap, only: [] do resource :ldap, only: [] do
member do member do
put :reset_access put :sync
end end
end end
......
spec/lib/ee/gitlab/ldap/sync/group_spec.rb
View file @ 8245c667
...@@ -92,6 +92,24 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do ...@@ -92,6 +92,24 @@ describe EE::Gitlab::LDAP::Sync::Group, lib: true do
include_examples :group_state_machine include_examples :group_state_machine
end end
describe '.ldap_sync_ready?' do
let(:ldap_group1) { nil }
it 'returns false when ldap sync started' do
group = create(:group)
group.start_ldap_sync
expect(described_class.ldap_sync_ready?(group)).to be_falsey
end
it 'returns true when ldap sync pending' do
group = create(:group)
group.pending_ldap_sync
expect(described_class.ldap_sync_ready?(group)).to be_truthy
end
end
describe '#update_permissions' do describe '#update_permissions' do
before { group.start_ldap_sync } before { group.start_ldap_sync }
after { group.finish_ldap_sync } after { group.finish_ldap_sync }
......
spec/workers/ldap_group_sync_worker_spec.rb 0 → 100644
View file @ 8245c667
require 'spec_helper'
describe LdapGroupSyncWorker do
describe '#perform' do
it 'syncs all groups when group_id is nil' do
expect(EE::Gitlab::LDAP::Sync::Groups).to receive(:execute)
described_class.new.perform
end
it 'syncs a single group when group_id is present' do
group = create(:group)
expect(EE::Gitlab::LDAP::Sync::Group)
.to receive(:execute_all_providers).with(group)
described_class.new.perform(group.id)
end
it 'logs an error when group cannot be found' do
expect(EE::Gitlab::LDAP::Sync::Group).not_to receive(:execute_all_providers)
expect(Sidekiq.logger)
.to receive(:warn).with('Could not find group 9999 for LDAP group sync')
described_class.new.perform(9999)
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7