Skip to content
Snippets Groups Projects
Normal view Permalink
access.rb 1.12 KiB
Newer Older
  • Learn to ignore specific revisions
    • Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    1 2 3 4 
    # LDAP authorization model
#
# * Check if we are allowed access (not blocked)
#
    Dmitriy Zaporozhets's avatar
    Port LDAP code from EE
    Dmitriy Zaporozhets committed
    5 6 7 
    module Gitlab
  module LDAP
    class Access
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    8 
          attr_reader :adapter, :provider, :user
    Jacob Vosmaer's avatar
    Add Gitlab::LDAP::Access.open  
    Jacob Vosmaer committed
    9
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    10 11 12 
          def self.open(user, &block)
        Gitlab::LDAP::Adapter.open(user.provider) do |adapter|
          block.call(self.new(user, adapter))
    Jacob Vosmaer's avatar
    Add Gitlab::LDAP::Access.open  
    Jacob Vosmaer committed
    13 14 15 
            end
      end
    Jacob Vosmaer's avatar
    Move LDAP timeout code to Gitlab::LDAP::Access  
    Jacob Vosmaer committed
    16 
          def self.allowed?(user)
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    17 18 
            self.open(user) do |access|
          if access.allowed?
    Jacob Vosmaer's avatar
    Move LDAP timeout code to Gitlab::LDAP::Access  
    Jacob Vosmaer committed
    19 20 21 22 23 24 25 26 27 
                user.last_credential_check_at = Time.now
            user.save
            true
          else
            false
          end
        end
      end
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    28 
          def initialize(user, adapter=nil)
    Jacob Vosmaer's avatar
    Add Gitlab::LDAP::Access.open  
    Jacob Vosmaer committed
    29 
            @adapter = adapter
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    30 31 
            @user = user
        @provider = user.provider
    Jacob Vosmaer's avatar
    Add Gitlab::LDAP::Access.open  
    Jacob Vosmaer committed
    32 33 
          end
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    34 
          def allowed?
    Jacob Vosmaer's avatar
    Check for the AD disabled flag in Access#allowed?  
    Jacob Vosmaer committed
    35 
            if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    36 37 
              return true unless ldap_config.active_directory
          !Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
    Jacob Vosmaer's avatar
    Check for the AD disabled flag in Access#allowed?  
    Jacob Vosmaer committed
    38 39 40 
            else
          false
        end
    Dmitriy Zaporozhets's avatar
    Port LDAP code from EE
    Dmitriy Zaporozhets committed
    41 42 43 
          rescue
        false
      end
    Jan-Willem van der Meer's avatar
    Refactor lib files for multiple LDAP groups  
    Jan-Willem van der Meer committed
    44 45 46 47 
    
      def adapter
        @adapter ||= Gitlab::LDAP::Adapter.new(provider)
      end
    Dmitriy Zaporozhets's avatar
    Port LDAP code from EE
    Dmitriy Zaporozhets committed
    48 49 50 
        end
  end
end