liquid_feedback_frontend

changeset 1642:45287f1037fb

find changesets by author, revision, files, or words in the commit message
Support precondtions if LDAP accounts may login
author bsw
date Tue Feb 09 21:07:16 2021 +0100 (2021-02-09)
parents 15bde6a79d41
children d0a85bdf78ae
files env/ldap/update_all_members.lua env/ldap/update_member_allowed.lua model/member.lua
line diff
     1.1 --- a/env/ldap/update_all_members.lua	Tue Feb 09 17:40:50 2021 +0100
     1.2 +++ b/env/ldap/update_all_members.lua	Tue Feb 09 21:07:16 2021 +0100
     1.3 @@ -35,6 +35,8 @@
     1.4        return
     1.5      end
     1.6  
     1.7 +    ldap.update_member_allowed(member, ldap_entry)
     1.8 +
     1.9      local err = member:try_save()
    1.10      if err then
    1.11        failure("member_try_save", err)

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/env/ldap/update_member_allowed.lua	Tue Feb 09 21:07:16 2021 +0100
     2.3 @@ -0,0 +1,10 @@
     2.4 +function ldap.update_member_allowed(member, ldap_entry)
     2.5 +  local allowed = config.ldap.member.allowed_map(ldap_entry)
     2.6 +  if allowed then
     2.7 +    member.locked = false
     2.8 +  else
     2.9 +    member.locked = true
    2.10 +    member.active = false
    2.11 +  end
    2.12 +end
    2.13 +

     3.1 --- a/model/member.lua	Tue Feb 09 17:40:50 2021 +0100
     3.2 +++ b/model/member.lua	Tue Feb 09 21:07:16 2021 +0100
     3.3 @@ -413,7 +413,6 @@
     3.4    local function prepare_login_selector()
     3.5      local selector = self:new_selector()
     3.6      selector:add_field({ "now() > COALESCE(last_delegation_check, activated) + ?::interval", config.check_delegations_interval_hard }, "needs_delegation_check_hard")
     3.7 -    selector:add_where('NOT "locked"')
     3.8      selector:optional_object_mode()
     3.9      return selector
    3.10    end
    3.11 @@ -476,12 +475,16 @@
    3.12          end
    3.13  
    3.14          -- update the member attributes and privileges from LDAP
    3.15 -        local ldap_conn, ldap_err, err, err2 = ldap.update_member_attr(member, nil, uid)
    3.16 +        local ldap_conn, ldap_entry, err, err2 = ldap.update_member_attr(member, nil, uid)
    3.17          if not err then
    3.18 +          ldap.update_member_allowed(member, ldap_entry)
    3.19            local err = member:try_save()
    3.20            if err then
    3.21              return nil, "member_save_error", err
    3.22            end
    3.23 +          if member.locked then
    3.24 +            return nil, "member_locked"
    3.25 +          end
    3.26            local succes, err, err2 = ldap.update_member_privileges(member, ldap_entry)
    3.27            if err then
    3.28              return nil, "update_member_privileges_error", err, err2
    3.29 @@ -522,8 +525,12 @@
    3.30          if config.ldap.member.cache_passwords then
    3.31            member:set_password(password)
    3.32          end
    3.33 -        local ldap_conn, ldap_err, err, err2 = ldap.update_member_attr(member, nil, uid)
    3.34 +        local ldap_conn, ldap_entry, err, err2 = ldap.update_member_attr(member, nil, uid)
    3.35          if not err then
    3.36 +          ldap.update_member_allowed(member, ldap_entry)
    3.37 +          if member.locked then
    3.38 +            return nil, "member_not_allowed"
    3.39 +          end
    3.40            local err = member:try_save()
    3.41            if err then
    3.42              return nil, "member_save_error", err

Impressum / About Us