From 6e3481850db665f9cafc9a554a748e3c9cbd50f5 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 26 Sep 2014 09:11:20 -0400
Subject: [PATCH] Allow authentication providers to control user and team role changes
---
src/main/java/com/gitblit/auth/LdapAuthProvider.java | 28 +++++++++++++++++++++++++++-
1 files changed, 27 insertions(+), 1 deletions(-)
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 5690073..6c97ddf 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -30,6 +30,7 @@
import com.gitblit.Constants;
import com.gitblit.Constants.AccountType;
+import com.gitblit.Constants.Role;
import com.gitblit.Keys;
import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
import com.gitblit.models.TeamModel;
@@ -272,7 +273,6 @@
return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));
}
-
/**
* If the LDAP server will maintain team memberships then LdapUserService
* will not allow team membership changes. In this scenario all team
@@ -286,6 +286,32 @@
return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
}
+ @Override
+ public boolean supportsRoleChanges(UserModel user, Role role) {
+ if (Role.ADMIN == role) {
+ if (!supportsTeamMembershipChanges()) {
+ List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+ if (admins.contains(user.username)) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+
+ @Override
+ public boolean supportsRoleChanges(TeamModel team, Role role) {
+ if (Role.ADMIN == role) {
+ if (!supportsTeamMembershipChanges()) {
+ List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+ if (admins.contains("@" + team.name)) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+
@Override
public AccountType getAccountType() {
return AccountType.LDAP;
--
Gitblit v1.9.1