Skip to content

Commit

Permalink
Add check to not change admin flag if no LDAP admin filter is set
Browse files Browse the repository at this point in the history
  • Loading branch information
lafriks committed May 5, 2017
1 parent dc137fb commit d496de1
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions models/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -1402,7 +1402,7 @@ func SyncExternalUsers() {
} else if updateExisting {
existingUsers = append(existingUsers, usr.ID)
// Check if user data has changed
if usr.IsAdmin != su.IsAdmin ||
if (len(s.LDAP().AdminFilter) > 0 && usr.IsAdmin != su.IsAdmin) ||
strings.ToLower(usr.Email) != strings.ToLower(su.Mail) ||
usr.FullName != fullName ||
!usr.IsActive {
Expand All @@ -1411,7 +1411,10 @@ func SyncExternalUsers() {

usr.FullName = fullName
usr.Email = su.Mail
usr.IsAdmin = su.IsAdmin
// Change existing admin flag only if AdminFilter option is set
if len(s.LDAP().AdminFilter) > 0 {
usr.IsAdmin = su.IsAdmin
}
usr.IsActive = true

err = UpdateUser(usr)
Expand Down

0 comments on commit d496de1

Please sign in to comment.