From 27c74e401365f9858f46241ff7f52ca1d8a60832 Mon Sep 17 00:00:00 2001 From: James Moger Date: Mon, 27 Aug 2012 16:21:49 -0400 Subject: [PATCH] Setting Admin attribute is now consistent with LDAP team config --- docs/04_releases.mkd | 13 +++++++++-- src/com/gitblit/LdapUserService.java | 33 +++++++++++++++++++--------- 2 files changed, 34 insertions(+), 12 deletions(-) diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd index a0324a68..155fc3bd 100644 --- a/docs/04_releases.mkd +++ b/docs/04_releases.mkd @@ -9,6 +9,17 @@ If you are updating from an earlier release AND you have indexed branches with t **%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%) | [war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) | [express](http://code.google.com/p/gitblit/downloads/detail?name=%EXPRESS%) | [fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%) | [manager](http://code.google.com/p/gitblit/downloads/detail?name=%MANAGER%) | [api](http://code.google.com/p/gitblit/downloads/detail?name=%API%)) based on [%JGIT%][jgit]   *released %BUILDDATE%* +#### changes + +- LDAP admin attribute setting is now consistent with LDAP teams setting and admin teams list. +If *realm.ldap.maintainTeams==true* **AND** *realm.ldap.admins* is not empty, then User.canAdmin() is controlled by LDAP administrative team membership. Otherwise, User.canAdmin() is controlled by Gitblit. + +
+ +### Older Releases + +**1.1.0** *released 2012-08-25* + #### fixes - Bypass Wicket's inability to handle direct url addressing of a view-restricted, grouped repository for new, unauthenticated sessions (e.g. click link from email or rss feed without having an active Wicket session) @@ -65,8 +76,6 @@ AUTHENTICATED allows restricted access for any authenticated user. This is a lo
-### Older Releases - **1.0.0** *released 2012-07-14* #### fixes diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java index 38376b81..54a55752 100644 --- a/src/com/gitblit/LdapUserService.java +++ b/src/com/gitblit/LdapUserService.java @@ -205,17 +205,30 @@ public class LdapUserService extends GitblitUserService { return null; } + /** + * Set the admin attribute from team memberships retrieved from LDAP. + * If we are not storing teams in LDAP and/or we have not defined any + * administrator teams, then do not change the admin flag. + * + * @param user + */ private void setAdminAttribute(UserModel user) { - user.canAdmin = false; - List admins = settings.getStrings(Keys.realm.ldap.admins); - for (String admin : admins) { - if (admin.startsWith("@")) { // Team - if (user.getTeam(admin.substring(1)) != null) - user.canAdmin = true; - } else - if (user.getName().equalsIgnoreCase(admin)) - user.canAdmin = true; - } + if (!supportsTeamMembershipChanges()) { + List admins = settings.getStrings(Keys.realm.ldap.admins); + // if we have defined administrative teams, then set admin flag + // otherwise leave admin flag unchanged + if (!ArrayUtils.isEmpty(admins)) { + user.canAdmin = false; + for (String admin : admins) { + if (admin.startsWith("@")) { // Team + if (user.getTeam(admin.substring(1)) != null) + user.canAdmin = true; + } else + if (user.getName().equalsIgnoreCase(admin)) + user.canAdmin = true; + } + } + } } private void setUserAttributes(UserModel user, SearchResultEntry userEntry) { -- 2.39.5