Drop Admin attribute based on LDAP when login (continue #1743) (#8849)

* Update User information in Gitea based on LDAP when login

* Update Admin Flag only if exist in settings

* Fix affectation

* Update models/login_source.go

Co-Authored-By: JustKiddingCode <JustKiddingCode@users.noreply.github.com>

* Better ident

* Apply suggestions from code review

Update user information

Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com>

* Make fmt

* add err handling

* if user exist but login is Prohibit return return nil, and Prohibit err

* keep login speed

* User sync is implemented at #1478 - so only make sure that admin acces is drpoed if changed

* handle error and still use async task

* no async

* only update admin if Sync is enabled

* update two comments

* add lafriks suggestions

Co-Authored-By: Lauris BH <lauris@nix.lv>

* if adminFilter is set - use it

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Update models/login_source.go

well - I should look more detaild at suggestions :D

Co-Authored-By: Lauris BH <lauris@nix.lv>

* make it work again

* set is_admin value to user

* look nicer
This commit is contained in:
6543 2019-11-14 20:10:23 +01:00 committed by zeripath
parent 9bd879bef8
commit 665ce1dcb3

View file

@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@ -403,6 +404,19 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR
var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0
// Update User admin flag if exist
if isExist, err := IsUserExist(0, sr.Username); err != nil {
return nil, err
} else if isExist &&
!user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
// Change existing admin flag only if AdminFilter option is set
user.IsAdmin = sr.IsAdmin
err = UpdateUserCols(user, "is_admin")
if err != nil {
return nil, err
}
}
if !autoRegister {
if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
return user, RewriteAllPublicKeys()