Merge branch 'feature/ldap-sync-edgecases' into 'master'

LDAP Sync blocked user edgecases Allow GitLab admins to block otherwise valid GitLab LDAP users (https://gitlab.com/gitlab-org/gitlab-ce/issues/3462) Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other. Expected behavior: - [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?` - [x] "ldap_blocked" users can't be unblocked by the Admin UI - [x] "ldap_blocked" users can't be unblocked by the API - [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked" - [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization - [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked` Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users: ![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png) There will be another MR for the EE version. See merge request !2242
author: Douwe Maan <douwe@gitlab.com> 2016-01-14 11:00:08 +0000
committer: Douwe Maan <douwe@gitlab.com> 2016-01-14 11:00:08 +0000
commit: 4d64a32c88dd5f87621d391c0f10f6acef094073 (patch)
tree: 1a6f479e09c97d2e0526da4405c98f57f9825456 /lib/api
parent: cda9635441fee1543966830a0ba1d95221b2a379 (diff)
parent: dd6fc01ff8a073880b67a323a547edeb5d63f167 (diff)
download: gitlab-ce-4d64a32c88dd5f87621d391c0f10f6acef094073.tar.gz
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 0d7813428e2..fd2128bd179 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -284,10 +284,12 @@ module API
         authenticated_as_admin!
         user = User.find_by(id: params[:id])
 
-        if user
+        if !user
+          not_found!('User')
+        elsif !user.ldap_blocked?
           user.block
         else
-          not_found!('User')
+          forbidden!('LDAP blocked users cannot be modified by the API')
         end
       end
 
@@ -299,10 +301,12 @@ module API
         authenticated_as_admin!
         user = User.find_by(id: params[:id])
 
-        if user
-          user.activate
-        else
+        if !user
           not_found!('User')
+        elsif user.ldap_blocked?
+          forbidden!('LDAP blocked users cannot be unblocked by the API')
+        else
+          user.activate
         end
       end
     end
author	Douwe Maan <douwe@gitlab.com>	2016-01-14 11:00:08 +0000
committer	Douwe Maan <douwe@gitlab.com>	2016-01-14 11:00:08 +0000
commit	4d64a32c88dd5f87621d391c0f10f6acef094073 (patch)
tree	1a6f479e09c97d2e0526da4405c98f57f9825456 /lib/api
parent	cda9635441fee1543966830a0ba1d95221b2a379 (diff)
parent	dd6fc01ff8a073880b67a323a547edeb5d63f167 (diff)
download	gitlab-ce-4d64a32c88dd5f87621d391c0f10f6acef094073.tar.gz