Commit 022d4d01 authored by Pavel Shutsin's avatar Pavel Shutsin

Revert "Add read-only state for LDAP syncable attributes"

LDAP read-only attributes should be redone with more
knowledge about customer needs
parent a47e7c0e
...@@ -1582,13 +1582,6 @@ class User < ApplicationRecord ...@@ -1582,13 +1582,6 @@ class User < ApplicationRecord
end end
def read_only_attribute?(attribute) def read_only_attribute?(attribute)
if Feature.enabled?(:ldap_readonly_attributes, default_enabled: true)
enabled = Gitlab::Auth::Ldap::Config.enabled?
read_only = attribute.to_sym.in?(UserSyncedAttributesMetadata::SYNCABLE_ATTRIBUTES)
return true if enabled && read_only
end
user_synced_attributes_metadata&.read_only?(attribute) user_synced_attributes_metadata&.read_only?(attribute)
end end
......
...@@ -60,12 +60,8 @@ module Users ...@@ -60,12 +60,8 @@ module Users
end end
def discard_read_only_attributes def discard_read_only_attributes
if Feature.enabled?(:ldap_readonly_attributes, default_enabled: true)
params.reject! { |key, _| @user.read_only_attribute?(key.to_sym) }
else
discard_synced_attributes discard_synced_attributes
end end
end
def discard_synced_attributes def discard_synced_attributes
if (metadata = @user.user_synced_attributes_metadata) if (metadata = @user.user_synced_attributes_metadata)
......
---
title: Revert LDAP readonly attributes feature
merge_request: 28541
author:
type: removed
...@@ -4259,30 +4259,6 @@ describe User, :do_not_mock_admin_mode do ...@@ -4259,30 +4259,6 @@ describe User, :do_not_mock_admin_mode do
end end
describe '#read_only_attribute?' do describe '#read_only_attribute?' do
context 'when LDAP server is enabled' do
before do
allow(Gitlab::Auth::Ldap::Config).to receive(:enabled?).and_return(true)
end
%i[name email location].each do |attribute|
it "is true for #{attribute}" do
expect(subject.read_only_attribute?(attribute)).to be_truthy
end
end
context 'and ldap_readonly_attributes feature is disabled' do
before do
stub_feature_flags(ldap_readonly_attributes: false)
end
%i[name email location].each do |attribute|
it "is false" do
expect(subject.read_only_attribute?(attribute)).to be_falsey
end
end
end
end
context 'when synced attributes metadata is present' do context 'when synced attributes metadata is present' do
it 'delegates to synced_attributes_metadata' do it 'delegates to synced_attributes_metadata' do
subject.build_user_synced_attributes_metadata subject.build_user_synced_attributes_metadata
...@@ -4293,7 +4269,7 @@ describe User, :do_not_mock_admin_mode do ...@@ -4293,7 +4269,7 @@ describe User, :do_not_mock_admin_mode do
end end
end end
context 'when synced attributes metadata is present' do context 'when synced attributes metadata is not present' do
it 'is false for any attribute' do it 'is false for any attribute' do
expect(subject.read_only_attribute?(:email)).to be_falsey expect(subject.read_only_attribute?(:email)).to be_falsey
end end
......
...@@ -55,15 +55,6 @@ describe Users::UpdateService do ...@@ -55,15 +55,6 @@ describe Users::UpdateService do
expect(result[:message]).to eq("Emoji is not included in the list") expect(result[:message]).to eq("Emoji is not included in the list")
end end
it 'ignores read-only attributes' do
allow(user).to receive(:read_only_attribute?).with(:name).and_return(true)
expect do
update_user(user, name: 'changed' + user.name)
user.reload
end.not_to change { user.name }
end
it 'updates user detail with provided attributes' do it 'updates user detail with provided attributes' do
result = update_user(user, job_title: 'Backend Engineer') result = update_user(user, job_title: 'Backend Engineer')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment