Drop Admin attribute based on LDAP when login (continue #1743) (#8849)

6543 · zeripath · commit 665ce1dcb367 · 2019-11-14T19:10:23.000Z
* Update User information in Gitea based on LDAP when login * Update Admin Flag only if exist in settings * Fix affectation * Update models/login_source.go Co-Authored-By: JustKiddingCode <JustKiddingCode@users.noreply.github.com> * Better ident * Apply suggestions from code review Update user information Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com> * Make fmt * add err handling * if user exist but login is Prohibit return return nil, and Prohibit err * keep login speed * User sync is implemented at #1478 - so only make sure that admin acces is drpoed if changed * handle error and still use async task * no async * only update admin if Sync is enabled * update two comments * add lafriks suggestions Co-Authored-By: Lauris BH <lauris@nix.lv> * if adminFilter is set - use it Co-Authored-By: Lauris BH <lauris@nix.lv> * Update models/login_source.go well - I should look more detaild at suggestions :D Co-Authored-By: Lauris BH <lauris@nix.lv> * make it work again * set is_admin value to user * look nicer
diff --git a/models/login_source.go b/models/login_source.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -403,6 +404,19 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR
 
 	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(source.LDAP().AttributeSSHPublicKey)) > 0
 
+	// Update User admin flag if exist
+	if isExist, err := IsUserExist(0, sr.Username); err != nil {
+		return nil, err
+	} else if isExist &&
+		!user.ProhibitLogin && len(source.LDAP().AdminFilter) > 0 && user.IsAdmin != sr.IsAdmin {
+		// Change existing admin flag only if AdminFilter option is set
+		user.IsAdmin = sr.IsAdmin
+		err = UpdateUserCols(user, "is_admin")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	if !autoRegister {
 		if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
 			return user, RewriteAllPublicKeys()
