From 665ce1dcb36727f46a7261366528fbe68733b6f0 Mon Sep 17 00:00:00 2001 From: 6543 <24977596+6543@users.noreply.github.com> Date: Thu, 14 Nov 2019 20:10:23 +0100 Subject: [PATCH] Drop Admin attribute based on LDAP when login (continue #1743) (#8849) * Update User information in Gitea based on LDAP when login * Update Admin Flag only if exist in settings * Fix affectation * Update models/login_source.go Co-Authored-By: JustKiddingCode * Better ident * Apply suggestions from code review Update user information Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com> * Make fmt * add err handling * if user exist but login is Prohibit return return nil, and Prohibit err * keep login speed * User sync is implemented at #1478 - so only make sure that admin acces is drpoed if changed * handle error and still use async task * no async * only update admin if Sync is enabled * update two comments * add lafriks suggestions Co-Authored-By: Lauris BH * if adminFilter is set - use it Co-Authored-By: Lauris BH * Update models/login_source.go well - I should look more detaild at suggestions :D Co-Authored-By: Lauris BH * make it work again * set is_admin value to user * look nicer --- models/login_source.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/models/login_source.go b/models/login_source.go index ce03c4154f6d..b8441adcc4c7 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -403,6 +404,19 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0 + // Update User admin flag if exist + if isExist, err := IsUserExist(0, sr.Username); err != nil { + return nil, err + } else if isExist && + !user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin { + // Change existing admin flag only if AdminFilter option is set + user.IsAdmin = sr.IsAdmin + err = UpdateUserCols(user, "is_admin") + if err != nil { + return nil, err + } + } + if !autoRegister { if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { return user, RewriteAllPublicKeys()