summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit/auth/LdapAuthProvider.java
diff options
context:
space:
mode:
authorJames Moger <james.moger@gitblit.com>2014-09-25 12:15:27 -0400
committerJames Moger <james.moger@gitblit.com>2014-09-26 09:11:20 -0400
commit6e3481850db665f9cafc9a554a748e3c9cbd50f5 (patch)
tree1aecf7437204b5cfd03cbfbef093e4b2442e49e5 /src/main/java/com/gitblit/auth/LdapAuthProvider.java
parentba04d6d62e443cbd23c0544094aa2e55d01b2d0f (diff)
downloadgitblit-6e3481850db665f9cafc9a554a748e3c9cbd50f5.tar.gz
gitblit-6e3481850db665f9cafc9a554a748e3c9cbd50f5.zip
Allow authentication providers to control user and team role changes
Diffstat (limited to 'src/main/java/com/gitblit/auth/LdapAuthProvider.java')
-rw-r--r--src/main/java/com/gitblit/auth/LdapAuthProvider.java28
1 files changed, 27 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 5690073a..6c97ddf9 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -30,6 +30,7 @@ import java.util.concurrent.TimeUnit;
import com.gitblit.Constants;
import com.gitblit.Constants.AccountType;
+import com.gitblit.Constants.Role;
import com.gitblit.Keys;
import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
import com.gitblit.models.TeamModel;
@@ -272,7 +273,6 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));
}
-
/**
* If the LDAP server will maintain team memberships then LdapUserService
* will not allow team membership changes. In this scenario all team
@@ -286,6 +286,32 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
}
+ @Override
+ public boolean supportsRoleChanges(UserModel user, Role role) {
+ if (Role.ADMIN == role) {
+ if (!supportsTeamMembershipChanges()) {
+ List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+ if (admins.contains(user.username)) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+
+ @Override
+ public boolean supportsRoleChanges(TeamModel team, Role role) {
+ if (Role.ADMIN == role) {
+ if (!supportsTeamMembershipChanges()) {
+ List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+ if (admins.contains("@" + team.name)) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+
@Override
public AccountType getAccountType() {
return AccountType.LDAP;