Setting Admin attribute is now consistent with LDAP team config

diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd
index a0324a68ec14218d690a6483c9970d873b5a1eb9..155fc3bd73f157eb4302f7fd57e9ae3ea676ad3b 100644 (file)
--- a/docs/04_releases.mkd
+++ b/docs/04_releases.mkd
@@ -9,6 +9,17 @@ If you are updating from an earlier release AND you have indexed branches with t
 \r
 **%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%) | [war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) | [express](http://code.google.com/p/gitblit/downloads/detail?name=%EXPRESS%) | [fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%) | [manager](http://code.google.com/p/gitblit/downloads/detail?name=%MANAGER%) | [api](http://code.google.com/p/gitblit/downloads/detail?name=%API%)) based on [%JGIT%][jgit]   *released %BUILDDATE%*\r
 \r
+#### changes\r
+\r
+- LDAP admin attribute setting is now consistent with LDAP teams setting and admin teams list.  \r
+If *realm.ldap.maintainTeams==true* **AND** *realm.ldap.admins* is not empty, then User.canAdmin() is controlled by LDAP administrative team membership.  Otherwise, User.canAdmin() is controlled by Gitblit.\r
+\r
+<hr/>\r
+\r
+### Older Releases\r
+\r
+**1.1.0** *released 2012-08-25*\r
+\r
 #### fixes\r
 \r
 - Bypass Wicket's inability to handle direct url addressing of a view-restricted, grouped repository for new, unauthenticated sessions (e.g. click link from email or rss feed without having an active Wicket session)\r
@@ -65,8 +76,6 @@ AUTHENTICATED allows restricted access for any authenticated user.  This is a lo
 \r
 <hr/>\r
 \r
-### Older Releases\r
-\r
 **1.0.0** *released 2012-07-14*\r
 \r
 #### fixes\r

diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index 38376b81b60cab306467e7b3907baff351872173..54a55752834be84683915c601ea09526340ccba6 100644 (file)
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -205,17 +205,30 @@ public class LdapUserService extends GitblitUserService {
                return null;            \r
        }\r
 \r
+       /**\r
+        * Set the admin attribute from team memberships retrieved from LDAP.\r
+        * If we are not storing teams in LDAP and/or we have not defined any\r
+        * administrator teams, then do not change the admin flag.\r
+        * \r
+        * @param user\r
+        */\r
        private void setAdminAttribute(UserModel user) {\r
-           user.canAdmin = false;\r
-           List<String>  admins = settings.getStrings(Keys.realm.ldap.admins);\r
-           for (String admin : admins) {\r
-               if (admin.startsWith("@")) { // Team\r
-                   if (user.getTeam(admin.substring(1)) != null)\r
-                       user.canAdmin = true;\r
-               } else\r
-                   if (user.getName().equalsIgnoreCase(admin))\r
-                       user.canAdmin = true;\r
-           }\r
+               if (!supportsTeamMembershipChanges()) {\r
+                       List<String> admins = settings.getStrings(Keys.realm.ldap.admins);\r
+                       // if we have defined administrative teams, then set admin flag\r
+                       // otherwise leave admin flag unchanged\r
+                       if (!ArrayUtils.isEmpty(admins)) {\r
+                               user.canAdmin = false;\r
+                               for (String admin : admins) {\r
+                                       if (admin.startsWith("@")) { // Team\r
+                                               if (user.getTeam(admin.substring(1)) != null)\r
+                                                       user.canAdmin = true;\r
+                                       } else\r
+                                               if (user.getName().equalsIgnoreCase(admin))\r
+                                                       user.canAdmin = true;\r
+                               }\r
+                       }\r
+               }\r
        }\r
        \r
        private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {\r