Gitblit devel
parent: e4e59625 | patch | commit | ignore whitespace
James Moger
2012-08-27 27c74e401365f9858f46241ff7f52ca1d8a60832 
Setting Admin attribute is now consistent with LDAP team config
2 files modified
46 ■■■■ changed files
docs/04_releases.mkd 13 ●●●● patch | view | raw | blame | history
src/com/gitblit/LdapUserService.java 33 ●●●●● patch | view | raw | blame | history 
 docs/04_releases.mkd


@@ -9,6 +9,17 @@






**%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%) | [war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) | [express](http://code.google.com/p/gitblit/downloads/detail?name=%EXPRESS%) | [fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%) | [manager](http://code.google.com/p/gitblit/downloads/detail?name=%MANAGER%) | [api](http://code.google.com/p/gitblit/downloads/detail?name=%API%)) based on [%JGIT%][jgit]   *released %BUILDDATE%*







#### changes







- LDAP admin attribute setting is now consistent with LDAP teams setting and admin teams list.  


If *realm.ldap.maintainTeams==true* **AND** *realm.ldap.admins* is not empty, then User.canAdmin() is controlled by LDAP administrative team membership.  Otherwise, User.canAdmin() is controlled by Gitblit.







<hr/>







### Older Releases







**1.1.0** *released 2012-08-25*







#### fixes







- Bypass Wicket's inability to handle direct url addressing of a view-restricted, grouped repository for new, unauthenticated sessions (e.g. click link from email or rss feed without having an active Wicket session)



@@ -64,8 +75,6 @@


- Updated Spanish translation







<hr/>







### Older Releases







**1.0.0** *released 2012-07-14*









 src/com/gitblit/LdapUserService.java


@@ -205,17 +205,30 @@


        return null;        



    }







    /**



     * Set the admin attribute from team memberships retrieved from LDAP.



     * If we are not storing teams in LDAP and/or we have not defined any



     * administrator teams, then do not change the admin flag.



     * 


     * @param user



     */



    private void setAdminAttribute(UserModel user) {



        user.canAdmin = false;



        List<String>  admins = settings.getStrings(Keys.realm.ldap.admins);



        for (String admin : admins) {



            if (admin.startsWith("@")) { // Team



                if (user.getTeam(admin.substring(1)) != null)



                    user.canAdmin = true;



            } else



                if (user.getName().equalsIgnoreCase(admin))



                    user.canAdmin = true;



        }



        if (!supportsTeamMembershipChanges()) {



            List<String> admins = settings.getStrings(Keys.realm.ldap.admins);



            // if we have defined administrative teams, then set admin flag



            // otherwise leave admin flag unchanged



            if (!ArrayUtils.isEmpty(admins)) {



                user.canAdmin = false;



                for (String admin : admins) {



                    if (admin.startsWith("@")) { // Team



                        if (user.getTeam(admin.substring(1)) != null)



                            user.canAdmin = true;



                    } else



                        if (user.getName().equalsIgnoreCase(admin))



                            user.canAdmin = true;



                }



            }



        }



    }



    



    private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {