From de6f6625cb96775b640240ed2e57499743670fe2 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gmail.com>
Date: Sat, 03 Jan 2015 09:34:45 -0500
Subject: [PATCH] Merge pull request #240 from steveno/develop

---
 src/main/java/com/gitblit/auth/WindowsAuthProvider.java |   29 +++++++++++++++++++++--------
 1 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
index d455d58..aee5100 100644
--- a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
@@ -26,10 +26,11 @@
 
 import com.gitblit.Constants;
 import com.gitblit.Constants.AccountType;
+import com.gitblit.Constants.Role;
 import com.gitblit.Keys;
 import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
+import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
-import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.StringUtils;
 import com.sun.jna.platform.win32.Win32Exception;
 
@@ -91,6 +92,16 @@
         return true;
     }
 
+    @Override
+    public boolean supportsRoleChanges(UserModel user, Role role) {
+        return true;
+    }
+
+	@Override
+	public boolean supportsRoleChanges(TeamModel team, Role role) {
+		return true;
+	}
+
 	 @Override
 	public AccountType getAccountType() {
 		return AccountType.WINDOWS;
@@ -136,13 +147,13 @@
 		}
 
         UserModel user = userManager.getUserModel(username);
-        if (user == null)	// create user object for new authenticated user
+        if (user == null) {
+        	// create user object for new authenticated user
         	user = new UserModel(username.toLowerCase());
+        }
 
         // create a user cookie
-        if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
-        	user.cookie = StringUtils.getSHA1(user.username + new String(password));
-        }
+        setCookie(user, password);
 
         // update user attributes from Windows identity
         user.accountType = getAccountType();
@@ -159,9 +170,11 @@
        		groupNames.add(group.getFqn());
         }
 
-        if (groupNames.contains("BUILTIN\\Administrators")) {
-        	// local administrator
-        	user.canAdmin = true;
+       	if (settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true)) {
+       		if (groupNames.contains("BUILTIN\\Administrators")) {
+       			// local administrator
+       			user.canAdmin = true;
+       		}
         }
 
         // TODO consider mapping Windows groups to teams

--
Gitblit v1.9.1