Merge branch 'ldap-block-user' into 'master'

Block user if he/she was blocked in Active Directory For gitlab/gitlab-ee#248 See merge request !1687

Merge branch 'ldap-block-user' into 'master'
Block user if he/she was blocked in Active Directory For gitlab/gitlab-ee#248 See merge request !1687
cca08e14 · Dmitriy Zaporozhets · 0f144f36 · e7f4f0ae · cca08e14 · cca08e14
Commit cca08e14 authored Mar 12, 2015 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 2 deletions

CHANGELOG CHANGELOG +1 -0

lib/gitlab/ldap/access.rb lib/gitlab/ldap/access.rb +8 -1

spec/lib/gitlab/ldap/access_spec.rb spec/lib/gitlab/ldap/access_spec.rb +6 -1

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -59,6 +59,7 @@ v 7.9.0 (unreleased)
  - Added blue thmeme
  - Remove annoying notice messages when create/update merge request
  - Allow smb:// links in Markdown text.
+  - Block user if he/she was blocked in Active Directory

 v 7.8.4
  - Fix issue_tracker_id substitution in custom issue trackers

--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
@@ -34,7 +34,14 @@ module Gitlab
      def allowed?
        if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
          return true unless ldap_config.active_directory
-          !Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
+
+          # Block user in GitLab if he/she was blocked in AD
+          if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
+            user.block unless user.blocked?
+            false
+          else
+            true
+          end
        else
          false
        end

--- a/spec/lib/gitlab/ldap/access_spec.rb
+++ b/spec/lib/gitlab/ldap/access_spec.rb
@@ -20,6 +20,11 @@ describe Gitlab::LDAP::Access do
        before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) }

        it { is_expected.to be_falsey }
+
+        it "should block user in GitLab" do
+          access.allowed?
+          user.should be_blocked
+        end
      end

      context 'and has no disabled flag in active diretory' do
@@ -38,4 +43,4 @@ describe Gitlab::LDAP::Access do
      end
    end
  end
-end
\ No newline at end of file
+end