From b1ff8e31b1717c1abbaa3db88da77aef48b51c4e Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 10 Mar 2014 17:10:23 +0200
Subject: Add ldap check in application_controller and internal api

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 lib/api/internal.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index ebc9fef07b4..69aad3748b3 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -35,8 +35,14 @@ module API
           user = key.user
 
           return false if user.blocked?
+
           if Gitlab.config.ldap.enabled
-            return false if user.ldap_user? && Gitlab::LDAP::User.blocked?(user.extern_uid)
+            if user.ldap_user?
+              # Check if LDAP user exists and match LDAP user_filter
+              unless Gitlab::LDAP::Access.new.allowed?(user)
+                return false
+              end
+            end
           end
 
           action = case git_cmd
-- 
cgit v1.2.1