Add restricted user filter to LDAP authentication (#10600)

* Add restricted user filter to LDAP authentification * Fix unit test cases
author: Lauris BH <lauris@nix.lv> 2020-03-05 08:30:33 +0200
committer: GitHub <noreply@github.com> 2020-03-05 08:30:33 +0200
commit: 37c3db7be6dd6fc5ee085979cc5f5dda09d978c3 (patch)
tree: f77e1d61daaee11f6aab8e491120620e597c2782 /models/user.go
parent: be544e8e6a78360d87315ada9695cc6d70c3617c (diff)
download: gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.tar.gz
gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.zip
1 files changed, 16 insertions, 10 deletions
diff --git a/models/user.go b/models/user.go
index f91ffa7169..06f11c968c 100644
--- a/models/user.go
+++ b/models/user.go
@@ -1875,15 +1875,16 @@ func SyncExternalUsers(ctx context.Context) {
 					log.Trace("SyncExternalUsers[%s]: Creating user %s", s.Name, su.Username)
 
 					usr = &User{
-						LowerName:   strings.ToLower(su.Username),
-						Name:        su.Username,
-						FullName:    fullName,
-						LoginType:   s.Type,
-						LoginSource: s.ID,
-						LoginName:   su.Username,
-						Email:       su.Mail,
-						IsAdmin:     su.IsAdmin,
-						IsActive:    true,
+						LowerName:    strings.ToLower(su.Username),
+						Name:         su.Username,
+						FullName:     fullName,
+						LoginType:    s.Type,
+						LoginSource:  s.ID,
+						LoginName:    su.Username,
+						Email:        su.Mail,
+						IsAdmin:      su.IsAdmin,
+						IsRestricted: su.IsRestricted,
+						IsActive:     true,
 					}
 
 					err = CreateUser(usr)
@@ -1906,6 +1907,7 @@ func SyncExternalUsers(ctx context.Context) {
 
 					// Check if user data has changed
 					if (len(s.LDAP().AdminFilter) > 0 && usr.IsAdmin != su.IsAdmin) ||
+						(len(s.LDAP().RestrictedFilter) > 0 && usr.IsRestricted != su.IsRestricted) ||
 						!strings.EqualFold(usr.Email, su.Mail) ||
 						usr.FullName != fullName ||
 						!usr.IsActive {
@@ -1918,9 +1920,13 @@ func SyncExternalUsers(ctx context.Context) {
 						if len(s.LDAP().AdminFilter) > 0 {
 							usr.IsAdmin = su.IsAdmin
 						}
+						// Change existing restricted flag only if RestrictedFilter option is set
+						if !usr.IsAdmin && len(s.LDAP().RestrictedFilter) > 0 {
+							usr.IsRestricted = su.IsRestricted
+						}
 						usr.IsActive = true
 
-						err = UpdateUserCols(usr, "full_name", "email", "is_admin", "is_active")
+						err = UpdateUserCols(usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
 						if err != nil {
 							log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", s.Name, usr.Name, err)
 						}
author	Lauris BH <lauris@nix.lv>	2020-03-05 08:30:33 +0200
committer	GitHub <noreply@github.com>	2020-03-05 08:30:33 +0200
commit	37c3db7be6dd6fc5ee085979cc5f5dda09d978c3 (patch)
tree	f77e1d61daaee11f6aab8e491120620e597c2782 /models/user.go
parent	be544e8e6a78360d87315ada9695cc6d70c3617c (diff)
download	gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.tar.gz gitea-37c3db7be6dd6fc5ee085979cc5f5dda09d978c3.zip