Block user if he/she was blocked in Active Directory

2015-03-12 11:53:21 -07:00 · 2015-03-12 11:53:21 -07:00 · e7f4f0ae1d
commit e7f4f0ae1d
parent 0f144f36bc
3 changed files with 15 additions and 2 deletions
--- a/1
+++ b/1
@ -59,6 +59,7 @@ v 7.9.0 (unreleased)
  - Added blue thmeme
  - Remove annoying notice messages when create/update merge request
  - Allow smb:// links in Markdown text.
+  - Block user if he/she was blocked in Active Directory

 v 7.8.4
  - Fix issue_tracker_id substitution in custom issue trackers
--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
@ -34,7 +34,14 @@ module Gitlab
      def allowed?
        if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
          return true unless ldap_config.active_directory
-          !Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
+
+          # Block user in GitLab if he/she was blocked in AD
+          if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter)
+            user.block unless user.blocked?
+            false
+          else
+            true
+          end
        else
          false
        end
--- a/spec/lib/gitlab/ldap/access_spec.rb
+++ b/spec/lib/gitlab/ldap/access_spec.rb
@ -20,6 +20,11 @@ describe Gitlab::LDAP::Access do
        before { Gitlab::LDAP::Person.stub(disabled_via_active_directory?: true) }

        it { is_expected.to be_falsey }
+
+        it "should block user in GitLab" do
+          access.allowed?
+          user.should be_blocked
+        end
      end

      context 'and has no disabled flag in active diretory' do
@ -38,4 +43,4 @@ describe Gitlab::LDAP::Access do
      end
    end
  end
-end
+end