diff options
author | James Moger <james.moger@gitblit.com> | 2014-09-25 12:15:27 -0400 |
---|---|---|
committer | James Moger <james.moger@gitblit.com> | 2014-09-26 09:11:20 -0400 |
commit | 6e3481850db665f9cafc9a554a748e3c9cbd50f5 (patch) | |
tree | 1aecf7437204b5cfd03cbfbef093e4b2442e49e5 /src/main/java/com/gitblit/auth/LdapAuthProvider.java | |
parent | ba04d6d62e443cbd23c0544094aa2e55d01b2d0f (diff) | |
download | gitblit-6e3481850db665f9cafc9a554a748e3c9cbd50f5.tar.gz gitblit-6e3481850db665f9cafc9a554a748e3c9cbd50f5.zip |
Allow authentication providers to control user and team role changes
Diffstat (limited to 'src/main/java/com/gitblit/auth/LdapAuthProvider.java')
-rw-r--r-- | src/main/java/com/gitblit/auth/LdapAuthProvider.java | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index 5690073a..6c97ddf9 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -30,6 +30,7 @@ import java.util.concurrent.TimeUnit; import com.gitblit.Constants; import com.gitblit.Constants.AccountType; +import com.gitblit.Constants.Role; import com.gitblit.Keys; import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; import com.gitblit.models.TeamModel; @@ -272,7 +273,6 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, "")); } - /** * If the LDAP server will maintain team memberships then LdapUserService * will not allow team membership changes. In this scenario all team @@ -286,6 +286,32 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false); } + @Override + public boolean supportsRoleChanges(UserModel user, Role role) { + if (Role.ADMIN == role) { + if (!supportsTeamMembershipChanges()) { + List<String> admins = settings.getStrings(Keys.realm.ldap.admins); + if (admins.contains(user.username)) { + return false; + } + } + } + return true; + } + + @Override + public boolean supportsRoleChanges(TeamModel team, Role role) { + if (Role.ADMIN == role) { + if (!supportsTeamMembershipChanges()) { + List<String> admins = settings.getStrings(Keys.realm.ldap.admins); + if (admins.contains("@" + team.name)) { + return false; + } + } + } + return true; + } + @Override public AccountType getAccountType() { return AccountType.LDAP; |