Merge branch 'ce-jej/group-saml-sso-enforcement' into 'master'

CE changes for SSO web enforcement See merge request gitlab-org/gitlab-ce!28141

Merge branch 'ce-jej/group-saml-sso-enforcement' into 'master'
CE changes for SSO web enforcement See merge request gitlab-org/gitlab-ce!28141
f2dbf1ca · Robert Speicher · 0658ebf7 · 651cfd08 · f2dbf1ca · f2dbf1ca
Commit f2dbf1ca authored May 07, 2019 by Robert Speicher
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 2 deletions

app/controllers/omniauth_callbacks_controller.rb app/controllers/omniauth_callbacks_controller.rb +6 -1

app/policies/group_policy.rb app/policies/group_policy.rb +5 -1

No files found.
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -86,7 +86,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
      log_audit_event(current_user, with: oauth['provider'])

      identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth)
-      identity_linker.link
+
+      link_identity(identity_linker)

      if identity_linker.changed?
        redirect_identity_linked
@@ -100,6 +101,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    end
  end

+  def link_identity(identity_linker)
+    identity_linker.link
+  end
+
  def redirect_identity_exists
    redirect_to after_sign_in_path_for(current_user)
  end

--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -129,6 +129,10 @@ class GroupPolicy < BasePolicy
  def access_level
    return GroupMember::NO_ACCESS if @user.nil?

-    @access_level ||= @subject.max_member_access_for_user(@user)
+    @access_level ||= lookup_access_level!
+  end
+
+  def lookup_access_level!
+    @subject.max_member_access_for_user(@user)
  end
 end