Add restricted user filter to LDAP authentication (#10600)

* Add restricted user filter to LDAP authentification * Fix unit test cases
author: Lauris BH <lauris@nix.lv> 2020-03-05 08:30:33 +0200
committer: GitHub <noreply@github.com> 2020-03-05 08:30:33 +0200
commit: 37c3db7be6dd6fc5ee085979cc5f5dda09d978c3 (patch)
tree: f77e1d61daaee11f6aab8e491120620e597c2782 /models/login_source.go
parent: be544e8e6a78360d87315ada9695cc6d70c3617c (diff)
download: gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.tar.gz
gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.zip
1 files changed, 27 insertions, 16 deletions
diff --git a/models/login_source.go b/models/login_source.go
index 2774d6f80d..88028283e8 100644
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -475,13 +475,23 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*Use
 				return nil, err
 			}
 		}
-		if user != nil &&
-			!user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
-			// Change existing admin flag only if AdminFilter option is set
-			user.IsAdmin = sr.IsAdmin
-			err = UpdateUserCols(user, "is_admin")
-			if err != nil {
-				return nil, err
+		if user != nil && !user.ProhibitLogin {
+			cols := make([]string, 0)
+			if len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
+				// Change existing admin flag only if AdminFilter option is set
+				user.IsAdmin = sr.IsAdmin
+				cols = append(cols, "is_admin")
+			}
+			if !user.IsAdmin && len(source.LDAP().RestrictedFilter) > 0 && user.IsRestricted != sr.IsRestricted {
+				// Change existing restricted flag only if RestrictedFilter option is set
+				user.IsRestricted = sr.IsRestricted
+				cols = append(cols, "is_restricted")
+			}
+			if len(cols) > 0 {
+				err = UpdateUserCols(user, cols...)
+				if err != nil {
+					return nil, err
+				}
 			}
 		}
 	}
@@ -504,15 +514,16 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*Use
 	}
 
 	user = &User{
-		LowerName:   strings.ToLower(sr.Username),
-		Name:        sr.Username,
-		FullName:    composeFullName(sr.Name, sr.Surname, sr.Username),
-		Email:       sr.Mail,
-		LoginType:   source.Type,
-		LoginSource: source.ID,
-		LoginName:   login,
-		IsActive:    true,
-		IsAdmin:     sr.IsAdmin,
+		LowerName:    strings.ToLower(sr.Username),
+		Name:         sr.Username,
+		FullName:     composeFullName(sr.Name, sr.Surname, sr.Username),
+		Email:        sr.Mail,
+		LoginType:    source.Type,
+		LoginSource:  source.ID,
+		LoginName:    login,
+		IsActive:     true,
+		IsAdmin:      sr.IsAdmin,
+		IsRestricted: sr.IsRestricted,
 	}
 
 	err := CreateUser(user)
author	Lauris BH <lauris@nix.lv>	2020-03-05 08:30:33 +0200
committer	GitHub <noreply@github.com>	2020-03-05 08:30:33 +0200
commit	37c3db7be6dd6fc5ee085979cc5f5dda09d978c3 (patch)
tree	f77e1d61daaee11f6aab8e491120620e597c2782 /models/login_source.go
parent	be544e8e6a78360d87315ada9695cc6d70c3617c (diff)
download	gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.tar.gz gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.zip