Add provider context to Ldap::Access

parent 0e276f9c
# LDAP authorization model
#
# * Check if we are allowed access (not blocked)
# * Update authorizations and associations
#
module Gitlab module Gitlab
module LDAP module LDAP
class Access class Access
attr_reader :adapter attr_reader :adapter, :provider
def self.open(&block) def self.open(provider, &block)
Gitlab::LDAP::Adapter.open do |adapter| Gitlab::LDAP::Adapter.open(provider) do |adapter|
block.call(self.new(adapter)) block.call(self.new(provider, adapter))
end end
end end
def self.allowed?(user) def self.allowed?(user)
self.open do |access| self.open(user.provider) do |access|
if access.allowed?(user) if access.allowed?(user)
access.update_permissions(user) access.update_permissions(user)
access.update_email(user) access.update_email(user)
...@@ -23,7 +28,8 @@ module Gitlab ...@@ -23,7 +28,8 @@ module Gitlab
end end
end end
def initialize(adapter=nil) def initialize(provider, adapter=nil)
@provider = provider
@adapter = adapter @adapter = adapter
end end
......
...@@ -66,7 +66,7 @@ module Gitlab ...@@ -66,7 +66,7 @@ module Gitlab
def find_by_uid_and_provider def find_by_uid_and_provider
# LDAP distinguished name is case-insensitive # LDAP distinguished name is case-insensitive
model. model.
where(provider: auth_hash.provider). where(provider: [auth_hash.provider, :ldap]).
where('lower(extern_uid) = ?', auth_hash.uid.downcase).last where('lower(extern_uid) = ?', auth_hash.uid.downcase).last
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment