Rename method based on cr comment

1ffd2cb0 · Małgorzata Ksionek · 064095cf · 1ffd2cb0 · 1ffd2cb0 · 1ffd2cb0
Commit 1ffd2cb0 authored May 03, 2021 by Małgorzata Ksionek
4 changed files
--- a/ee/app/controllers/concerns/ee/membership_actions.rb
+++ b/ee/app/controllers/concerns/ee/membership_actions.rb
@@ -8,7 +8,7 @@ module EE
    def leave
      super
-      if current_user.authorized_by_provisioning_group? && membershipable == current_user.provisioned_by_group
+      if current_user.authorized_by_provisioning_group?(membershipable)
        sign_out current_user
      end
    end

--- a/ee/app/controllers/groups/sso_controller.rb
+++ b/ee/app/controllers/groups/sso_controller.rb
@@ -33,7 +33,7 @@ class Groups::SsoController < Groups::ApplicationController
    GroupSaml::Identity::DestroyService.new(linked_identity).execute
-    if current_user.authorized_by_provisioning_group? && unauthenticated_group == current_user.provisioned_by_group
+    if current_user.authorized_by_provisioning_group?(unauthenticated_group)
      sign_out current_user
    else
      redirect_to profile_account_path

--- a/ee/app/models/ee/user.rb
+++ b/ee/app/models/ee/user.rb
@@ -298,10 +298,6 @@ module EE
      managing_group.present?
    end
-    def authorized_by_provisioning_group?
-      ::Feature.enabled?(:block_password_auth_for_saml_users, type: :ops) && user_detail.provisioned_by_group?
-    end
    def managed_by?(user)
      self.group_managed_account? && self.managing_group.owned_by?(user)
    end
@@ -318,7 +314,7 @@ module EE
    override :allow_password_authentication_for_web?
    def allow_password_authentication_for_web?(*)
      return false if group_managed_account?
-      return false if authorized_by_provisioning_group?
+      return false if user_authorized_by_provisioning_group?
      super
    end
@@ -326,11 +322,19 @@ module EE
    override :allow_password_authentication_for_git?
    def allow_password_authentication_for_git?(*)
      return false if group_managed_account?
-      return false if authorized_by_provisioning_group?
+      return false if user_authorized_by_provisioning_group?
      super
    end
+    def user_authorized_by_provisioning_group?
+      ::Feature.enabled?(:block_password_auth_for_saml_users, type: :ops) && user_detail.provisioned_by_group?
+    end
+    def authorized_by_provisioning_group?(group)
+      ::Feature.enabled?(:block_password_auth_for_saml_users, type: :ops) && provisioned_by_group == group
+    end
    def gitlab_employee?
      strong_memoize(:gitlab_employee) do
        ::Gitlab.com? && ::Feature.enabled?(:gitlab_employee_badge) && gitlab_team_member?

--- a/ee/lib/gitlab/auth/group_saml/user.rb
+++ b/ee/lib/gitlab/auth/group_saml/user.rb
@@ -52,9 +52,9 @@ module Gitlab
        def find_by_email
          user = super
-          return user if user&.authorized_by_provisioning_group? && user&.provisioned_by_group_id == saml_provider.group_id
+          return user if user&.authorized_by_provisioning_group?(saml_provider.group)
-          false
+          nil
        end
        override :build_new_user