diff options
Diffstat (limited to 'models/login_source.go')
| -rw-r--r-- | models/login_source.go | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/models/login_source.go b/models/login_source.go index 2774d6f80d..88028283e8 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -475,13 +475,23 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*Use return nil, err } } - if user != nil && - !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { - // Change existing admin flag only if AdminFilter option is set - user.IsAdmin = sr.IsAdmin - err = UpdateUserCols(user, "is_admin") - if err != nil { - return nil, err + if user != nil && !user.ProhibitLogin { + cols := make([]string, 0) + if len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { + // Change existing admin flag only if AdminFilter option is set + user.IsAdmin = sr.IsAdmin + cols = append(cols, "is_admin") + } + if !user.IsAdmin && len(source.LDAP().RestrictedFilter) > 0 && user.IsRestricted != sr.IsRestricted { + // Change existing restricted flag only if RestrictedFilter option is set + user.IsRestricted = sr.IsRestricted + cols = append(cols, "is_restricted") + } + if len(cols) > 0 { + err = UpdateUserCols(user, cols...) + if err != nil { + return nil, err + } } } } @@ -504,15 +514,16 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*Use } user = &User{ - LowerName: strings.ToLower(sr.Username), - Name: sr.Username, - FullName: composeFullName(sr.Name, sr.Surname, sr.Username), - Email: sr.Mail, - LoginType: source.Type, - LoginSource: source.ID, - LoginName: login, - IsActive: true, - IsAdmin: sr.IsAdmin, + LowerName: strings.ToLower(sr.Username), + Name: sr.Username, + FullName: composeFullName(sr.Name, sr.Surname, sr.Username), + Email: sr.Mail, + LoginType: source.Type, + LoginSource: source.ID, + LoginName: login, + IsActive: true, + IsAdmin: sr.IsAdmin, + IsRestricted: sr.IsRestricted, } err := CreateUser(user) |