Class: Gitlab::LDAP::Access

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/ldap/access.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user, adapter = nil) ⇒ Access

Returns a new instance of Access


28
29
30
31
32
# File 'lib/gitlab/ldap/access.rb', line 28

def initialize(user, adapter=nil)
  @adapter = adapter
  @user = user
  @provider = user.ldap_identity.provider
end

Instance Attribute Details

#providerObject (readonly)

Returns the value of attribute provider


8
9
10
# File 'lib/gitlab/ldap/access.rb', line 8

def provider
  @provider
end

#userObject (readonly)

Returns the value of attribute user


8
9
10
# File 'lib/gitlab/ldap/access.rb', line 8

def user
  @user
end

Class Method Details

.allowed?(user) ⇒ Boolean

Returns:

  • (Boolean)

16
17
18
19
20
21
22
23
24
25
26
# File 'lib/gitlab/ldap/access.rb', line 16

def self.allowed?(user)
  self.open(user) do |access|
    if access.allowed?
      user.last_credential_check_at = Time.now
      user.save
      true
    else
      false
    end
  end
end

.open(user, &block) ⇒ Object


10
11
12
13
14
# File 'lib/gitlab/ldap/access.rb', line 10

def self.open(user, &block)
  Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
    block.call(self.new(user, adapter))
  end
end

Instance Method Details

#adapterObject


58
59
60
# File 'lib/gitlab/ldap/access.rb', line 58

def adapter
  @adapter ||= Gitlab::LDAP::Adapter.new(provider)
end

#allowed?Boolean

Returns:

  • (Boolean)

34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/gitlab/ldap/access.rb', line 34

def allowed?
  if ldap_user
    unless ldap_config.active_directory
      user.activate if user.ldap_blocked?
      return true
    end

    # Block user in GitLab if he/she was blocked in AD
    if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
      user.ldap_block
      false
    else
      user.activate if user.ldap_blocked?
      true
    end
  else
    # Block the user if they no longer exist in LDAP/AD
    user.ldap_block
    false
  end
rescue
  false
end

#ldap_configObject


62
63
64
# File 'lib/gitlab/ldap/access.rb', line 62

def ldap_config
  Gitlab::LDAP::Config.new(provider)
end

#ldap_userObject


66
67
68
# File 'lib/gitlab/ldap/access.rb', line 66

def ldap_user
  @ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
end