diff options
Diffstat (limited to 'lib/gitlab/ldap/access.rb')
-rw-r--r-- | lib/gitlab/ldap/access.rb | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb deleted file mode 100644 index 960fb3849b4..00000000000 --- a/lib/gitlab/ldap/access.rb +++ /dev/null @@ -1,62 +0,0 @@ -# LDAP authorization model -# -# * Check if we are allowed access (not blocked) -# -module Gitlab - module LDAP - class Access - attr_reader :adapter, :provider, :user - - def self.open(user, &block) - Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter| - block.call(self.new(user, adapter)) - end - end - - def self.allowed?(user) - self.open(user) do |access| - if access.allowed? - user.last_credential_check_at = Time.now - user.save - true - else - false - end - end - end - - def initialize(user, adapter=nil) - @adapter = adapter - @user = user - @provider = user.ldap_identity.provider - end - - def allowed? - if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter) - return true unless ldap_config.active_directory - - # Block user in GitLab if he/she was blocked in AD - if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter) - user.block unless user.blocked? - false - else - user.activate if user.blocked? - true - end - else - false - end - rescue - false - end - - def adapter - @adapter ||= Gitlab::LDAP::Adapter.new(provider) - end - - def ldap_config - Gitlab::LDAP::Config.new(provider) - end - end - end -end |