From 27c74e401365f9858f46241ff7f52ca1d8a60832 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 27 Aug 2012 16:21:49 -0400
Subject: [PATCH] Setting Admin attribute is now consistent with LDAP team config

---
 src/com/gitblit/LdapUserService.java |   33 +++++++++++++++++++++++----------
 1 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index 38376b8..54a5575 100644
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -205,17 +205,30 @@
 		return null;		
 	}
 
+	/**
+	 * Set the admin attribute from team memberships retrieved from LDAP.
+	 * If we are not storing teams in LDAP and/or we have not defined any
+	 * administrator teams, then do not change the admin flag.
+	 * 
+	 * @param user
+	 */
 	private void setAdminAttribute(UserModel user) {
-	    user.canAdmin = false;
-	    List<String>  admins = settings.getStrings(Keys.realm.ldap.admins);
-	    for (String admin : admins) {
-	        if (admin.startsWith("@")) { // Team
-	            if (user.getTeam(admin.substring(1)) != null)
-	                user.canAdmin = true;
-	        } else
-	            if (user.getName().equalsIgnoreCase(admin))
-	                user.canAdmin = true;
-	    }
+		if (!supportsTeamMembershipChanges()) {
+			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+			// if we have defined administrative teams, then set admin flag
+			// otherwise leave admin flag unchanged
+			if (!ArrayUtils.isEmpty(admins)) {
+				user.canAdmin = false;
+				for (String admin : admins) {
+					if (admin.startsWith("@")) { // Team
+						if (user.getTeam(admin.substring(1)) != null)
+							user.canAdmin = true;
+					} else
+						if (user.getName().equalsIgnoreCase(admin))
+							user.canAdmin = true;
+				}
+			}
+		}
 	}
 	
 	private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {

--
Gitblit v1.9.1