From a413ed7c41880cec3c224501dd2ed874fdbeef17 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 22 Nov 2015 14:53:36 -0500
Subject: [PATCH] Reset build identifiers for next point release cycle

---
 src/main/java/com/gitblit/auth/LdapAuthProvider.java |   35 +++++++++++++++++++++++++++++++++--
 1 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index a4d7bb0..cc772e7 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -30,6 +30,7 @@
 
 import com.gitblit.Constants;
 import com.gitblit.Constants.AccountType;
+import com.gitblit.Constants.Role;
 import com.gitblit.Keys;
 import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
 import com.gitblit.models.TeamModel;
@@ -272,7 +273,6 @@
 		return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));
 	}
 
-
 	/**
 	 * If the LDAP server will maintain team memberships then LdapUserService
 	 * will not allow team membership changes.  In this scenario all team
@@ -284,6 +284,32 @@
 	@Override
 	public boolean supportsTeamMembershipChanges() {
 		return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
+	}
+
+    @Override
+    public boolean supportsRoleChanges(UserModel user, Role role) {
+    	if (Role.ADMIN == role) {
+    		if (!supportsTeamMembershipChanges()) {
+    			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+    			if (admins.contains(user.username)) {
+    				return false;
+    			}
+    		}
+    	}
+        return true;
+    }
+
+	@Override
+	public boolean supportsRoleChanges(TeamModel team, Role role) {
+		if (Role.ADMIN == role) {
+    		if (!supportsTeamMembershipChanges()) {
+    			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+    			if (admins.contains("@" + team.name)) {
+    				return false;
+    			}
+    		}
+    	}
+		return true;
 	}
 
 	@Override
@@ -427,6 +453,10 @@
 				Attribute attribute = userEntry.getAttribute(email);
 				if (attribute != null && attribute.hasValue()) {
 					user.emailAddress = attribute.getValue();
+				} else {
+					// issue-456/ticket-134
+					// allow LDAP to delete an email address
+					user.emailAddress = null;
 				}
 			}
 		}
@@ -587,7 +617,8 @@
 		if (ldapSyncService.isReady()) {
 			long ldapSyncPeriod = getSynchronizationPeriodInMilliseconds();
 			int delay = 1;
-			logger.info("Ldap sync service will update users and groups every {} minutes.", ldapSyncPeriod);
+			logger.info("Ldap sync service will update users and groups every {} minutes.",
+					TimeUnit.MILLISECONDS.toMinutes(ldapSyncPeriod));
 			scheduledExecutorService.scheduleAtFixedRate(ldapSyncService, delay, ldapSyncPeriod,  TimeUnit.MILLISECONDS);
 		} else {
 			logger.info("Ldap sync service is disabled.");

--
Gitblit v1.9.1