Dont allow LDAP users to change password inside GitLab

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-05-24 18:12:27 +0400
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-05-24 18:12:27 +0400
commit: 7cb86eb33550b9e765bea0bfb52705e2b5584802 (patch)
tree: 06d4955e360dbcadc04bb5c97111911f797c4c81 /app/controllers/profiles_controller.rb
parent: bd6dfe7d443efc51c3b8502b632ce2e2816424d8 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index f0d69f11184..686edd8af80 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -2,6 +2,9 @@ class ProfilesController < ApplicationController
   include ActionView::Helpers::SanitizeHelper
 
   before_filter :user
+  before_filter :authorize_change_password!, only: :update_password
+  before_filter :authorize_change_username!, only: :update_username
+
   layout 'profile'
 
   def show
@@ -53,9 +56,7 @@ class ProfilesController < ApplicationController
   end
 
   def update_username
-    if @user.can_change_username?
-      @user.update_attributes(username: params[:user][:username])
-    end
+    @user.update_attributes(username: params[:user][:username])
 
     respond_to do |format|
       format.js
@@ -80,4 +81,12 @@ class ProfilesController < ApplicationController
 
     user_attributes
   end
+
+  def authorize_change_password!
+    return render_404 if @user.ldap_user?
+  end
+
+  def authorize_change_username!
+    return render_404 unless @user.can_change_username?
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-05-24 18:12:27 +0400
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-05-24 18:12:27 +0400
commit	7cb86eb33550b9e765bea0bfb52705e2b5584802 (patch)
tree	06d4955e360dbcadc04bb5c97111911f797c4c81 /app/controllers/profiles_controller.rb
parent	bd6dfe7d443efc51c3b8502b632ce2e2816424d8 (diff)