diff options
author | Marius Mathiesen <marius@gitorious.org> | 2012-07-06 12:39:23 (GMT) |
---|---|---|
committer | Marius Mathiesen <marius@gitorious.org> | 2012-10-08 07:41:31 (GMT) |
commit | d290cf481cfba3c14299e322837ca8292168118c (patch) | |
tree | c8e19935eaeceeb0fd644b66344404909591b58a /lib | |
parent | c6cd78c777bb4a3429a40bcef38fce31b8fc0255 (diff) |
Support authorization for push with LDAP backend
When Gitorious is configured to use LDAP for authorization,
authorization for push needs to be done differently from
otherwise.
Rather than collecting all users who have push access and seeing if a
given user is included, we start off with the groups a user is member
of (from LDAP) and see if any of these have push access to the
repository. This is (mainly) because the list of users who are member
of a group lives in LDAP, not our database.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitorious/authorization/database_authorization.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/gitorious/authorization/database_authorization.rb b/lib/gitorious/authorization/database_authorization.rb index 878cd2b..d565830 100644 --- a/lib/gitorious/authorization/database_authorization.rb +++ b/lib/gitorious/authorization/database_authorization.rb @@ -92,6 +92,17 @@ module Gitorious if repository.wiki? can_write_to_wiki?(user, repository) else + push_granted?(repository, user) + end + end + + def push_granted?(repository, user) + if Team.group_implementation == LdapGroup + return true if committers(repository).include?(user) + groups = Team.for_user(user) + groups_with_access = ldap_groups_with_commit_access(repository) + return groups_with_access.any?{|group| groups.include?(group) } + else committers(repository).include?(user) end end @@ -170,6 +181,10 @@ module Gitorious repository.committerships.committers.map{|c| c.members }.flatten.compact.uniq end + def ldap_groups_with_commit_access(repository) + repository.committerships.committers.select{|c|c.committer_type == "LdapGroup"}.map(&:committer) + end + # Returns a list of Users who can review things (as per their Committership) def reviewers(repository) repository.committerships.reviewers.map{|c| c.members }.flatten.compact.uniq |