Class: Gitlab::Auth::Ldap::Access
- Inherits:
-
Object
- Object
- Gitlab::Auth::Ldap::Access
- Defined in:
- lib/gitlab/auth/ldap/access.rb
Instance Attribute Summary collapse
-
#ldap_identity ⇒ Object
readonly
Returns the value of attribute ldap_identity.
-
#provider ⇒ Object
readonly
Returns the value of attribute provider.
-
#user ⇒ Object
readonly
Returns the value of attribute user.
Class Method Summary collapse
Instance Method Summary collapse
- #allowed? ⇒ Boolean
-
#initialize(user, adapter = nil) ⇒ Access
constructor
A new instance of Access.
- #update_user ⇒ Object
Constructor Details
#initialize(user, adapter = nil) ⇒ Access
Returns a new instance of Access.
36 37 38 39 40 41 |
# File 'lib/gitlab/auth/ldap/access.rb', line 36 def initialize(user, adapter = nil) @adapter = adapter @user = user @ldap_identity = user.ldap_identity @provider = adapter&.provider || ldap_identity&.provider end |
Instance Attribute Details
#ldap_identity ⇒ Object (readonly)
Returns the value of attribute ldap_identity.
11 12 13 |
# File 'lib/gitlab/auth/ldap/access.rb', line 11 def ldap_identity @ldap_identity end |
#provider ⇒ Object (readonly)
Returns the value of attribute provider.
11 12 13 |
# File 'lib/gitlab/auth/ldap/access.rb', line 11 def provider @provider end |
#user ⇒ Object (readonly)
Returns the value of attribute user.
11 12 13 |
# File 'lib/gitlab/auth/ldap/access.rb', line 11 def user @user end |
Class Method Details
.allowed?(user, options = {}) ⇒ Boolean
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/gitlab/auth/ldap/access.rb', line 19 def self.allowed?(user, = {}) self.open(user) do |access| # Whether user is allowed, or not, we should update # permissions to keep things clean if access.allowed? unless Gitlab::Database.read_only? access.update_user Users::UpdateService.new(user, user: user, last_credential_check_at: Time.now).execute end true else false end end end |
Instance Method Details
#allowed? ⇒ Boolean
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/gitlab/auth/ldap/access.rb', line 43 def allowed? if ldap_user unless ldap_config.active_directory unblock_user(user, 'is available again') if user.ldap_blocked? return true end # Block user in GitLab if they were blocked in AD if Gitlab::Auth::Ldap::Person.disabled_via_active_directory?(ldap_identity.extern_uid, adapter) block_user(user, 'is disabled in Active Directory') false else unblock_user(user, 'is not disabled anymore') if user.ldap_blocked? true end else # Block the user if they no longer exist in LDAP/AD block_user(user, 'does not exist anymore') false end rescue LdapConnectionError false end |
#update_user ⇒ Object
67 68 69 |
# File 'lib/gitlab/auth/ldap/access.rb', line 67 def update_user # no-op in CE end |