gitlab-org--gitlab-foss/lib/gitlab/ldap/access.rb

55 lines
1.2 KiB
Ruby
Raw Normal View History

# LDAP authorization model
#
# * Check if we are allowed access (not blocked)
#
module Gitlab
module LDAP
class Access
attr_reader :adapter, :provider, :user
def self.open(user, &block)
Gitlab::LDAP::Adapter.open(user.provider) do |adapter|
block.call(self.new(user, adapter))
end
end
def self.allowed?(user)
self.open(user) do |access|
if access.allowed?
user.last_credential_check_at = Time.now
user.save
true
else
false
end
end
end
def initialize(user, adapter=nil)
@adapter = adapter
@user = user
@provider = user.provider
end
def allowed?
if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
return true unless ldap_config.active_directory
!Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
else
false
end
rescue
false
end
def adapter
@adapter ||= Gitlab::LDAP::Adapter.new(provider)
end
2014-10-14 03:40:35 -04:00
def ldap_config
Gitlab::LDAP::Config.new(provider)
end
end
end
end