Drop Admin attribute based on LDAP when login (continue #1743) (#8849)

* Update User information in Gitea based on LDAP when login

* Update Admin Flag only if exist in settings

* Fix affectation

* Update models/login_source.go

Co-Authored-By: JustKiddingCode <JustKiddingCode@users.noreply.github.com>
* Better ident

* Apply suggestions from code review

Update user information

Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com>
* Make fmt

* add err handling

* if user exist but login is Prohibit return return nil, and Prohibit err

* keep login speed

* User sync is implemented at #1478 - so only make sure that admin acces is drpoed if changed

* handle error and still use async task

* no async

* only update admin if Sync is enabled

* update two comments

* add lafriks suggestions

Co-Authored-By: Lauris BH <lauris@nix.lv>
* if adminFilter is set - use it

Co-Authored-By: Lauris BH <lauris@nix.lv>
* Update models/login_source.go

well - I should look more detaild at suggestions :D

Co-Authored-By: Lauris BH <lauris@nix.lv>
* make it work again

* set is_admin value to user

* look nicer

diff --git a/models/login_source.go b/models/login_source.go
index ce03c4154f6d40c2368eeff2a0175ab7ef70e367..b8441adcc4c7141f41409e77b04bb7ffb4222650 100644 (file)
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -403,6 +404,19 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR
 
        var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0
 
+       // Update User admin flag if exist
+       if isExist, err := IsUserExist(0, sr.Username); err != nil {
+               return nil, err
+       } else if isExist &&
+               !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
+               // Change existing admin flag only if AdminFilter option is set
+               user.IsAdmin = sr.IsAdmin
+               err = UpdateUserCols(user, "is_admin")
+               if err != nil {
+                       return nil, err
+               }
+       }
+
        if !autoRegister {
                if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
                        return user, RewriteAllPublicKeys()