From 9e45a971eab2b91f1d3c0dcb9a22ad3e9a5aad30 Mon Sep 17 00:00:00 2001 From: Drew Blessing Date: Wed, 6 Jul 2016 13:14:23 -0500 Subject: [PATCH] Prevent stale data in LDAP group sync last owner check --- CHANGELOG-EE | 3 +++ lib/gitlab/ldap/group_sync.rb | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG-EE b/CHANGELOG-EE index d5fabbb0cb9877..645119369c89fe 100644 --- a/CHANGELOG-EE +++ b/CHANGELOG-EE @@ -3,6 +3,9 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.10.0 (unreleased) - Rename Git Hooks to Push Rules +v 8.9.5 + - Prevent stale data in LDAP group sync last owner check. + v 8.9.4 - Improve how File Lock feature works with nested items. !497 diff --git a/lib/gitlab/ldap/group_sync.rb b/lib/gitlab/ldap/group_sync.rb index 88886759755d53..86a445f5ebedc7 100644 --- a/lib/gitlab/ldap/group_sync.rb +++ b/lib/gitlab/ldap/group_sync.rb @@ -304,6 +304,11 @@ def update_existing_group_membership(group, access_levels) next end + # Since we're removing users in this loop, `group.reload` + # before checking `last_owner?` to prevent stale owner information. + # Without a reload, this check would return a false negative. + group.reload + # Check and update the access level. If `desired_access` is `nil` # we need to delete the user from the group. if desired_access.present? -- GitLab