liquid_feedback_frontend
changeset 1642:45287f1037fb
Support precondtions if LDAP accounts may login
author | bsw |
---|---|
date | Tue Feb 09 21:07:16 2021 +0100 (2021-02-09) |
parents | 15bde6a79d41 |
children | d0a85bdf78ae |
files | env/ldap/update_all_members.lua env/ldap/update_member_allowed.lua model/member.lua |
line diff
1.1 --- a/env/ldap/update_all_members.lua Tue Feb 09 17:40:50 2021 +0100 1.2 +++ b/env/ldap/update_all_members.lua Tue Feb 09 21:07:16 2021 +0100 1.3 @@ -35,6 +35,8 @@ 1.4 return 1.5 end 1.6 1.7 + ldap.update_member_allowed(member, ldap_entry) 1.8 + 1.9 local err = member:try_save() 1.10 if err then 1.11 failure("member_try_save", err)
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/env/ldap/update_member_allowed.lua Tue Feb 09 21:07:16 2021 +0100 2.3 @@ -0,0 +1,10 @@ 2.4 +function ldap.update_member_allowed(member, ldap_entry) 2.5 + local allowed = config.ldap.member.allowed_map(ldap_entry) 2.6 + if allowed then 2.7 + member.locked = false 2.8 + else 2.9 + member.locked = true 2.10 + member.active = false 2.11 + end 2.12 +end 2.13 +
3.1 --- a/model/member.lua Tue Feb 09 17:40:50 2021 +0100 3.2 +++ b/model/member.lua Tue Feb 09 21:07:16 2021 +0100 3.3 @@ -413,7 +413,6 @@ 3.4 local function prepare_login_selector() 3.5 local selector = self:new_selector() 3.6 selector:add_field({ "now() > COALESCE(last_delegation_check, activated) + ?::interval", config.check_delegations_interval_hard }, "needs_delegation_check_hard") 3.7 - selector:add_where('NOT "locked"') 3.8 selector:optional_object_mode() 3.9 return selector 3.10 end 3.11 @@ -476,12 +475,16 @@ 3.12 end 3.13 3.14 -- update the member attributes and privileges from LDAP 3.15 - local ldap_conn, ldap_err, err, err2 = ldap.update_member_attr(member, nil, uid) 3.16 + local ldap_conn, ldap_entry, err, err2 = ldap.update_member_attr(member, nil, uid) 3.17 if not err then 3.18 + ldap.update_member_allowed(member, ldap_entry) 3.19 local err = member:try_save() 3.20 if err then 3.21 return nil, "member_save_error", err 3.22 end 3.23 + if member.locked then 3.24 + return nil, "member_locked" 3.25 + end 3.26 local succes, err, err2 = ldap.update_member_privileges(member, ldap_entry) 3.27 if err then 3.28 return nil, "update_member_privileges_error", err, err2 3.29 @@ -522,8 +525,12 @@ 3.30 if config.ldap.member.cache_passwords then 3.31 member:set_password(password) 3.32 end 3.33 - local ldap_conn, ldap_err, err, err2 = ldap.update_member_attr(member, nil, uid) 3.34 + local ldap_conn, ldap_entry, err, err2 = ldap.update_member_attr(member, nil, uid) 3.35 if not err then 3.36 + ldap.update_member_allowed(member, ldap_entry) 3.37 + if member.locked then 3.38 + return nil, "member_not_allowed" 3.39 + end 3.40 local err = member:try_save() 3.41 if err then 3.42 return nil, "member_save_error", err