From a38ad0faa1a5fb9a70db2ddacf754a55604db7f2 Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Tue, 5 Mar 2024 14:50:24 -0500 Subject: [PATCH 01/11] add setting to disable user settings when user has non plain login type --- custom/conf/app.example.ini | 2 ++ modules/setting/admin.go | 41 +++++++++++++++++++++++++---- routers/api/v1/user/gpg_key.go | 4 +-- routers/api/v1/user/key.go | 4 +-- routers/web/user/setting/account.go | 4 +-- routers/web/user/setting/keys.go | 12 ++++----- 6 files changed, 50 insertions(+), 17 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 17d6cd3a35e0..d818b66d78ef 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -1485,6 +1485,8 @@ LEVEL = Info ;; - manage_ssh_keys: a user cannot configure ssh keys ;; - manage_gpg_keys: a user cannot configure gpg keys ;USER_DISABLED_FEATURES = +;; Whether to disable all user features if the user has an external login type +;;EXTERNAL_USER_DISABLE_FEATURES = false ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/modules/setting/admin.go b/modules/setting/admin.go index be214a58ce40..2b3477df5047 100644 --- a/modules/setting/admin.go +++ b/modules/setting/admin.go @@ -3,20 +3,26 @@ package setting -import "code.gitea.io/gitea/modules/container" +import ( + "code.gitea.io/gitea/models/auth" + user_model "code.gitea.io/gitea/models/user" + "code.gitea.io/gitea/modules/container" +) // Admin settings var Admin struct { - DisableRegularOrgCreation bool - DefaultEmailNotification string - UserDisabledFeatures container.Set[string] + DisableRegularOrgCreation bool + DefaultEmailNotification string + userDisabledFeatures container.Set[string] + ExternalUserDisableFeatures bool } func loadAdminFrom(rootCfg ConfigProvider) { sec := rootCfg.Section("admin") Admin.DisableRegularOrgCreation = sec.Key("DISABLE_REGULAR_ORG_CREATION").MustBool(false) Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled") - Admin.UserDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...) + Admin.userDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...) + Admin.ExternalUserDisableFeatures = sec.Key("EXTERNAL_USER_DISABLE_FEATURES").MustBool(false) } const ( @@ -24,3 +30,28 @@ const ( UserFeatureManageSSHKeys = "manage_ssh_keys" UserFeatureManageGPGKeys = "manage_gpg_keys" ) + +var defaultSet = container.SetOf( + UserFeatureDeletion, + UserFeatureManageSSHKeys, + UserFeatureManageGPGKeys) + +// UserFeatureDisabled checks if a user feature is disabled +func UserFeatureDisabled(feature string) bool { + return Admin.userDisabledFeatures.Contains(feature) +} + +// UserFeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the +// user if applicable +func UserFeatureDisabledWithLoginType(user *user_model.User, feature string) bool { + return Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain || UserFeatureDisabled(feature) +} + +// UserDisabledFeaturesWithLoginType returns the set of user features disabled, taking into account the login type +// of the user if applicable +func UserDisabledFeaturesWithLoginType(user *user_model.User) *container.Set[string] { + if Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain { + return &defaultSet + } + return &Admin.userDisabledFeatures +} diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go index dcf5da0b2e62..8fb90ad909f4 100644 --- a/routers/api/v1/user/gpg_key.go +++ b/routers/api/v1/user/gpg_key.go @@ -133,7 +133,7 @@ func GetGPGKey(ctx *context.APIContext) { // CreateUserGPGKey creates new GPG key to given user by ID. func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) { - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -274,7 +274,7 @@ func DeleteGPGKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go index bcbfd93bd3ed..cf9ba360f6c4 100644 --- a/routers/api/v1/user/key.go +++ b/routers/api/v1/user/key.go @@ -199,7 +199,7 @@ func GetPublicKey(ctx *context.APIContext) { // CreateUserPublicKey creates new public key to given user by ID. func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) { - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -269,7 +269,7 @@ func DeletePublicKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go index abb5873e98ad..a394b1cbbf2d 100644 --- a/routers/web/user/setting/account.go +++ b/routers/web/user/setting/account.go @@ -233,7 +233,7 @@ func DeleteEmail(ctx *context.Context) { // DeleteAccount render user suicide page and response for delete user himself func DeleteAccount(ctx *context.Context) { - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureDeletion) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureDeletion) { ctx.Error(http.StatusNotFound) return } @@ -304,7 +304,7 @@ func loadAccountData(ctx *context.Context) { ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference ctx.Data["ActivationsPending"] = pendingActivation ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm - ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures + ctx.Data["UserDisabledFeatures"] = setting.UserDisabledFeaturesWithLoginType(ctx.Doer) if setting.Service.UserDeleteWithCommentsMaxTime != 0 { ctx.Data["UserDeleteWithCommentsMaxTime"] = setting.Service.UserDeleteWithCommentsMaxTime.String() diff --git a/routers/web/user/setting/keys.go b/routers/web/user/setting/keys.go index 056fcc0ace2f..26156c3489a0 100644 --- a/routers/web/user/setting/keys.go +++ b/routers/web/user/setting/keys.go @@ -78,7 +78,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "gpg": - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -159,7 +159,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "ssh": - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -203,7 +203,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "verify_ssh": - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -240,7 +240,7 @@ func KeysPost(ctx *context.Context) { func DeleteKey(ctx *context.Context) { switch ctx.FormString("type") { case "gpg": - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -250,7 +250,7 @@ func DeleteKey(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success")) } case "ssh": - if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) { + if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -333,5 +333,5 @@ func loadKeysData(ctx *context.Context) { ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg") ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh") - ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures + ctx.Data["UserDisabledFeatures"] = setting.UserDisabledFeaturesWithLoginType(ctx.Doer) } From 6c69178c8131824d2bb7a8a185be16bc4711504d Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Tue, 5 Mar 2024 15:25:42 -0500 Subject: [PATCH 02/11] move functions to avoid import cycle --- models/user/user.go | 16 ++++++++++++++++ modules/setting/admin.go | 28 +++------------------------- routers/api/v1/user/gpg_key.go | 5 +++-- routers/api/v1/user/key.go | 4 ++-- routers/web/user/setting/account.go | 4 ++-- routers/web/user/setting/keys.go | 13 +++++++------ 6 files changed, 33 insertions(+), 37 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index 0bdda8655fdc..18778f0b48b4 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -1232,3 +1232,19 @@ func GetOrderByName() string { } return "name" } + +// FeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the +// user if applicable +func FeatureDisabledWithLoginType(user *User, feature string) bool { + return setting.Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain || + setting.Admin.UserDisabledFeatures.Contains(feature) +} + +// DisabledFeaturesWithLoginType returns the set of user features disabled, taking into account the login type +// of the user if applicable +func DisabledFeaturesWithLoginType(user *User) *container.Set[string] { + if setting.Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain { + return &setting.DefaultUserFeatureSet + } + return &setting.Admin.UserDisabledFeatures +} diff --git a/modules/setting/admin.go b/modules/setting/admin.go index 2b3477df5047..5530641632d0 100644 --- a/modules/setting/admin.go +++ b/modules/setting/admin.go @@ -4,8 +4,6 @@ package setting import ( - "code.gitea.io/gitea/models/auth" - user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/container" ) @@ -13,7 +11,7 @@ import ( var Admin struct { DisableRegularOrgCreation bool DefaultEmailNotification string - userDisabledFeatures container.Set[string] + UserDisabledFeatures container.Set[string] ExternalUserDisableFeatures bool } @@ -21,7 +19,7 @@ func loadAdminFrom(rootCfg ConfigProvider) { sec := rootCfg.Section("admin") Admin.DisableRegularOrgCreation = sec.Key("DISABLE_REGULAR_ORG_CREATION").MustBool(false) Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled") - Admin.userDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...) + Admin.UserDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...) Admin.ExternalUserDisableFeatures = sec.Key("EXTERNAL_USER_DISABLE_FEATURES").MustBool(false) } @@ -31,27 +29,7 @@ const ( UserFeatureManageGPGKeys = "manage_gpg_keys" ) -var defaultSet = container.SetOf( +var DefaultUserFeatureSet = container.SetOf( UserFeatureDeletion, UserFeatureManageSSHKeys, UserFeatureManageGPGKeys) - -// UserFeatureDisabled checks if a user feature is disabled -func UserFeatureDisabled(feature string) bool { - return Admin.userDisabledFeatures.Contains(feature) -} - -// UserFeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the -// user if applicable -func UserFeatureDisabledWithLoginType(user *user_model.User, feature string) bool { - return Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain || UserFeatureDisabled(feature) -} - -// UserDisabledFeaturesWithLoginType returns the set of user features disabled, taking into account the login type -// of the user if applicable -func UserDisabledFeaturesWithLoginType(user *user_model.User) *container.Set[string] { - if Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain { - return &defaultSet - } - return &Admin.userDisabledFeatures -} diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go index 8fb90ad909f4..96bdd96833b3 100644 --- a/routers/api/v1/user/gpg_key.go +++ b/routers/api/v1/user/gpg_key.go @@ -10,6 +10,7 @@ import ( asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/db" + user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/web" @@ -133,7 +134,7 @@ func GetGPGKey(ctx *context.APIContext) { // CreateUserGPGKey creates new GPG key to given user by ID. func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) { - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -274,7 +275,7 @@ func DeleteGPGKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go index cf9ba360f6c4..1f5958a09d5d 100644 --- a/routers/api/v1/user/key.go +++ b/routers/api/v1/user/key.go @@ -199,7 +199,7 @@ func GetPublicKey(ctx *context.APIContext) { // CreateUserPublicKey creates new public key to given user by ID. func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) { - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -269,7 +269,7 @@ func DeletePublicKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go index a394b1cbbf2d..203b180d3d5e 100644 --- a/routers/web/user/setting/account.go +++ b/routers/web/user/setting/account.go @@ -233,7 +233,7 @@ func DeleteEmail(ctx *context.Context) { // DeleteAccount render user suicide page and response for delete user himself func DeleteAccount(ctx *context.Context) { - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureDeletion) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureDeletion) { ctx.Error(http.StatusNotFound) return } @@ -304,7 +304,7 @@ func loadAccountData(ctx *context.Context) { ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference ctx.Data["ActivationsPending"] = pendingActivation ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm - ctx.Data["UserDisabledFeatures"] = setting.UserDisabledFeaturesWithLoginType(ctx.Doer) + ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer) if setting.Service.UserDeleteWithCommentsMaxTime != 0 { ctx.Data["UserDeleteWithCommentsMaxTime"] = setting.Service.UserDeleteWithCommentsMaxTime.String() diff --git a/routers/web/user/setting/keys.go b/routers/web/user/setting/keys.go index 26156c3489a0..da347c0dd906 100644 --- a/routers/web/user/setting/keys.go +++ b/routers/web/user/setting/keys.go @@ -10,6 +10,7 @@ import ( asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/db" + user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/web" @@ -78,7 +79,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "gpg": - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -159,7 +160,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "ssh": - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -203,7 +204,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "verify_ssh": - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -240,7 +241,7 @@ func KeysPost(ctx *context.Context) { func DeleteKey(ctx *context.Context) { switch ctx.FormString("type") { case "gpg": - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -250,7 +251,7 @@ func DeleteKey(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success")) } case "ssh": - if setting.UserFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -333,5 +334,5 @@ func loadKeysData(ctx *context.Context) { ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg") ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh") - ctx.Data["UserDisabledFeatures"] = setting.UserDisabledFeaturesWithLoginType(ctx.Doer) + ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer) } From 69080d109e77dc3d4be40b93c4aee92773bf86bf Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Tue, 5 Mar 2024 15:29:58 -0500 Subject: [PATCH 03/11] check for no user --- models/user/user.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index 18778f0b48b4..84e0afec8aa4 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -1236,14 +1236,14 @@ func GetOrderByName() string { // FeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the // user if applicable func FeatureDisabledWithLoginType(user *User, feature string) bool { - return setting.Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain || + return (setting.Admin.ExternalUserDisableFeatures && user != nil && user.LoginType > auth.Plain) || setting.Admin.UserDisabledFeatures.Contains(feature) } // DisabledFeaturesWithLoginType returns the set of user features disabled, taking into account the login type // of the user if applicable func DisabledFeaturesWithLoginType(user *User) *container.Set[string] { - if setting.Admin.ExternalUserDisableFeatures && user.LoginType > auth.Plain { + if setting.Admin.ExternalUserDisableFeatures && user != nil && user.LoginType > auth.Plain { return &setting.DefaultUserFeatureSet } return &setting.Admin.UserDisabledFeatures From 1c47e5bbd8353b8bdfaa9a5423564d327f09fa5f Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Thu, 7 Mar 2024 09:44:02 -0500 Subject: [PATCH 04/11] add clarifying comment to login type check --- models/user/user.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/models/user/user.go b/models/user/user.go index 84e0afec8aa4..b99b785dd38a 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -1236,6 +1236,7 @@ func GetOrderByName() string { // FeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the // user if applicable func FeatureDisabledWithLoginType(user *User, feature string) bool { + // NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType return (setting.Admin.ExternalUserDisableFeatures && user != nil && user.LoginType > auth.Plain) || setting.Admin.UserDisabledFeatures.Contains(feature) } @@ -1243,6 +1244,7 @@ func FeatureDisabledWithLoginType(user *User, feature string) bool { // DisabledFeaturesWithLoginType returns the set of user features disabled, taking into account the login type // of the user if applicable func DisabledFeaturesWithLoginType(user *User) *container.Set[string] { + // NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType if setting.Admin.ExternalUserDisableFeatures && user != nil && user.LoginType > auth.Plain { return &setting.DefaultUserFeatureSet } From a16699f792eb0064485a29b2de0ce8edeb781160 Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Thu, 7 Mar 2024 09:57:21 -0500 Subject: [PATCH 05/11] rename setting --- custom/conf/app.example.ini | 2 +- models/user/user.go | 4 ++-- modules/setting/admin.go | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index d818b66d78ef..493b93058191 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -1486,7 +1486,7 @@ LEVEL = Info ;; - manage_gpg_keys: a user cannot configure gpg keys ;USER_DISABLED_FEATURES = ;; Whether to disable all user features if the user has an external login type -;;EXTERNAL_USER_DISABLE_FEATURES = false +;;EXTERNAL_USER_DISABLE_ALL_FEATURES = false ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/models/user/user.go b/models/user/user.go index b99b785dd38a..93c17b0a1135 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -1237,7 +1237,7 @@ func GetOrderByName() string { // user if applicable func FeatureDisabledWithLoginType(user *User, feature string) bool { // NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType - return (setting.Admin.ExternalUserDisableFeatures && user != nil && user.LoginType > auth.Plain) || + return (setting.Admin.ExternalUserDisableAllFeatures && user != nil && user.LoginType > auth.Plain) || setting.Admin.UserDisabledFeatures.Contains(feature) } @@ -1245,7 +1245,7 @@ func FeatureDisabledWithLoginType(user *User, feature string) bool { // of the user if applicable func DisabledFeaturesWithLoginType(user *User) *container.Set[string] { // NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType - if setting.Admin.ExternalUserDisableFeatures && user != nil && user.LoginType > auth.Plain { + if setting.Admin.ExternalUserDisableAllFeatures && user != nil && user.LoginType > auth.Plain { return &setting.DefaultUserFeatureSet } return &setting.Admin.UserDisabledFeatures diff --git a/modules/setting/admin.go b/modules/setting/admin.go index 5530641632d0..f7b29ae19189 100644 --- a/modules/setting/admin.go +++ b/modules/setting/admin.go @@ -9,10 +9,10 @@ import ( // Admin settings var Admin struct { - DisableRegularOrgCreation bool - DefaultEmailNotification string - UserDisabledFeatures container.Set[string] - ExternalUserDisableFeatures bool + DisableRegularOrgCreation bool + DefaultEmailNotification string + UserDisabledFeatures container.Set[string] + ExternalUserDisableAllFeatures bool } func loadAdminFrom(rootCfg ConfigProvider) { @@ -20,7 +20,7 @@ func loadAdminFrom(rootCfg ConfigProvider) { Admin.DisableRegularOrgCreation = sec.Key("DISABLE_REGULAR_ORG_CREATION").MustBool(false) Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled") Admin.UserDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...) - Admin.ExternalUserDisableFeatures = sec.Key("EXTERNAL_USER_DISABLE_FEATURES").MustBool(false) + Admin.ExternalUserDisableAllFeatures = sec.Key("EXTERNAL_USER_DISABLE_ALL_FEATURES").MustBool(false) } const ( From 4a011c95884c86035366b9e98be89ee9602ffb8e Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Thu, 7 Mar 2024 10:55:35 -0500 Subject: [PATCH 06/11] add documentation for setting and unit test --- .../config-cheat-sheet.en-us.md | 2 ++ models/user/user_test.go | 30 +++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index 8a01711949a3..007caab98cda 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -1,3 +1,4 @@ + --- date: "2016-12-26T16:00:00+02:00" title: "Config Cheat Sheet" @@ -522,6 +523,7 @@ And the following unique queues: - `deletion`: User cannot delete their own account. - `manage_ssh_keys`: User cannot configure ssh keys. - `manage_gpg_keys`: User cannot configure gpg keys. +- `EXTERNAL_USER_DISABLE_ALL_FEATURES`: **false**: Disable all the default `USER_DISABLED_FEATURES` settings for users with external login sources (this will include future features as well). Note: does not use the value of `USER_DISABLED_FEATURES`. ## Security (`security`) diff --git a/models/user/user_test.go b/models/user/user_test.go index f4efd071eade..9d50fa160883 100644 --- a/models/user/user_test.go +++ b/models/user/user_test.go @@ -526,3 +526,33 @@ func Test_NormalizeUserFromEmail(t *testing.T) { } } } + +func TestDisabledUserFeatures(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + oldSetting := setting.Admin.ExternalUserDisableAllFeatures + defer func() { + setting.Admin.ExternalUserDisableAllFeatures = oldSetting + }() + setting.Admin.ExternalUserDisableAllFeatures = true + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + + assert.Len(t, setting.Admin.UserDisabledFeatures.Values(), 0) + + // no features should be disabled with a plain login type + assert.LessOrEqual(t, user.LoginType, auth.Plain) + assert.Len(t, user_model.DisabledFeaturesWithLoginType(user).Values(), 0) + for _, f := range setting.DefaultUserFeatureSet.Values() { + assert.False(t, user_model.FeatureDisabledWithLoginType(user, f)) + } + + // check disabled features with external login type + user.LoginType = auth.OAuth2 + + // all features should be disabled + assert.NotEmpty(t, user_model.DisabledFeaturesWithLoginType(user).Values()) + for _, f := range setting.DefaultUserFeatureSet.Values() { + assert.True(t, user_model.FeatureDisabledWithLoginType(user, f)) + } +} From 3cf80daa84ef2dde47c634ce6ddba717c6463909 Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Thu, 7 Mar 2024 11:00:12 -0500 Subject: [PATCH 07/11] revert autoformat --- docs/content/administration/config-cheat-sheet.en-us.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index 007caab98cda..140a59558e36 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -1,4 +1,3 @@ - --- date: "2016-12-26T16:00:00+02:00" title: "Config Cheat Sheet" From b3a23078a937e3f9074cc8967aacd2841afac397 Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Tue, 26 Mar 2024 09:33:50 -0400 Subject: [PATCH 08/11] update setting and usage --- custom/conf/app.example.ini | 7 +++++-- .../administration/config-cheat-sheet.en-us.md | 6 ++++-- models/user/user.go | 6 +++--- models/user/user_test.go | 15 ++++++++++----- modules/setting/admin.go | 15 +++++---------- 5 files changed, 27 insertions(+), 22 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 493b93058191..ce24d834b5dc 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -1485,8 +1485,11 @@ LEVEL = Info ;; - manage_ssh_keys: a user cannot configure ssh keys ;; - manage_gpg_keys: a user cannot configure gpg keys ;USER_DISABLED_FEATURES = -;; Whether to disable all user features if the user has an external login type -;;EXTERNAL_USER_DISABLE_ALL_FEATURES = false +;; Disabled features if the user has an external login type. Can be the same options as for USER_DISABLED_FEATURES. +;; - deletion: a user cannot delete their own account +;; - manage_ssh_keys: a user cannot configure ssh keys +;; - manage_gpg_keys: a user cannot configure gpg keys +;;EXTERNAL_USER_DISABLE_FEATURES = ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index dd538e8e0f30..abaa82a4fd0b 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -522,8 +522,10 @@ And the following unique queues: - `deletion`: User cannot delete their own account. - `manage_ssh_keys`: User cannot configure ssh keys. - `manage_gpg_keys`: User cannot configure gpg keys. -- `EXTERNAL_USER_DISABLE_ALL_FEATURES`: **false**: Disable all the default `USER_DISABLED_FEATURES` settings for users with external login sources (this will include future features as well). Note: does not use the value of `USER_DISABLED_FEATURES`. - +- `EXTERNAL_USER_DISABLE_FEATURES`: **_empty_**: Disabled features for users with auth sources other than `Plain`, could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys` and more features can be added in future. Note: this setting uses the same features as `USER_DISABLED_FEATURES`. + - `deletion`: User cannot delete their own account. + - `manage_ssh_keys`: User cannot configure ssh keys. + - `manage_gpg_keys`: User cannot configure gpg keys. ## Security (`security`) - `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible. diff --git a/models/user/user.go b/models/user/user.go index 0ec9a6f4fc7a..1810f09ead3d 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -1237,7 +1237,7 @@ func GetOrderByName() string { // user if applicable func FeatureDisabledWithLoginType(user *User, feature string) bool { // NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType - return (setting.Admin.ExternalUserDisableAllFeatures && user != nil && user.LoginType > auth.Plain) || + return (user != nil && user.LoginType > auth.Plain && setting.Admin.ExternalUserDisableFeatures.Contains(feature)) || setting.Admin.UserDisabledFeatures.Contains(feature) } @@ -1245,8 +1245,8 @@ func FeatureDisabledWithLoginType(user *User, feature string) bool { // of the user if applicable func DisabledFeaturesWithLoginType(user *User) *container.Set[string] { // NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType - if setting.Admin.ExternalUserDisableAllFeatures && user != nil && user.LoginType > auth.Plain { - return &setting.DefaultUserFeatureSet + if user != nil && user.LoginType > auth.Plain { + return &setting.Admin.ExternalUserDisableFeatures } return &setting.Admin.UserDisabledFeatures } diff --git a/models/user/user_test.go b/models/user/user_test.go index 9d50fa160883..780846a7c70a 100644 --- a/models/user/user_test.go +++ b/models/user/user_test.go @@ -16,6 +16,7 @@ import ( "code.gitea.io/gitea/models/unittest" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/auth/password/hash" + "code.gitea.io/gitea/modules/container" "code.gitea.io/gitea/modules/optional" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/structs" @@ -530,11 +531,15 @@ func Test_NormalizeUserFromEmail(t *testing.T) { func TestDisabledUserFeatures(t *testing.T) { assert.NoError(t, unittest.PrepareTestDatabase()) - oldSetting := setting.Admin.ExternalUserDisableAllFeatures + testValues := container.SetOf(setting.UserFeatureDeletion, + setting.UserFeatureManageSSHKeys, + setting.UserFeatureManageGPGKeys) + + oldSetting := setting.Admin.ExternalUserDisableFeatures defer func() { - setting.Admin.ExternalUserDisableAllFeatures = oldSetting + setting.Admin.ExternalUserDisableFeatures = oldSetting }() - setting.Admin.ExternalUserDisableAllFeatures = true + setting.Admin.ExternalUserDisableFeatures = testValues user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) @@ -543,7 +548,7 @@ func TestDisabledUserFeatures(t *testing.T) { // no features should be disabled with a plain login type assert.LessOrEqual(t, user.LoginType, auth.Plain) assert.Len(t, user_model.DisabledFeaturesWithLoginType(user).Values(), 0) - for _, f := range setting.DefaultUserFeatureSet.Values() { + for _, f := range testValues.Values() { assert.False(t, user_model.FeatureDisabledWithLoginType(user, f)) } @@ -552,7 +557,7 @@ func TestDisabledUserFeatures(t *testing.T) { // all features should be disabled assert.NotEmpty(t, user_model.DisabledFeaturesWithLoginType(user).Values()) - for _, f := range setting.DefaultUserFeatureSet.Values() { + for _, f := range testValues.Values() { assert.True(t, user_model.FeatureDisabledWithLoginType(user, f)) } } diff --git a/modules/setting/admin.go b/modules/setting/admin.go index f7b29ae19189..8aebc76154d3 100644 --- a/modules/setting/admin.go +++ b/modules/setting/admin.go @@ -9,10 +9,10 @@ import ( // Admin settings var Admin struct { - DisableRegularOrgCreation bool - DefaultEmailNotification string - UserDisabledFeatures container.Set[string] - ExternalUserDisableAllFeatures bool + DisableRegularOrgCreation bool + DefaultEmailNotification string + UserDisabledFeatures container.Set[string] + ExternalUserDisableFeatures container.Set[string] } func loadAdminFrom(rootCfg ConfigProvider) { @@ -20,7 +20,7 @@ func loadAdminFrom(rootCfg ConfigProvider) { Admin.DisableRegularOrgCreation = sec.Key("DISABLE_REGULAR_ORG_CREATION").MustBool(false) Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled") Admin.UserDisabledFeatures = container.SetOf(sec.Key("USER_DISABLED_FEATURES").Strings(",")...) - Admin.ExternalUserDisableAllFeatures = sec.Key("EXTERNAL_USER_DISABLE_ALL_FEATURES").MustBool(false) + Admin.ExternalUserDisableFeatures = container.SetOf(sec.Key("EXTERNAL_USER_DISABLE_FEATURES").Strings(",")...) } const ( @@ -28,8 +28,3 @@ const ( UserFeatureManageSSHKeys = "manage_ssh_keys" UserFeatureManageGPGKeys = "manage_gpg_keys" ) - -var DefaultUserFeatureSet = container.SetOf( - UserFeatureDeletion, - UserFeatureManageSSHKeys, - UserFeatureManageGPGKeys) From 62e48613aa569cb2c81275ff400bff0a19cc0c2f Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Tue, 26 Mar 2024 10:01:43 -0400 Subject: [PATCH 09/11] fix markdown linting --- docs/content/administration/config-cheat-sheet.en-us.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index abaa82a4fd0b..94da5a42d53e 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -526,6 +526,7 @@ And the following unique queues: - `deletion`: User cannot delete their own account. - `manage_ssh_keys`: User cannot configure ssh keys. - `manage_gpg_keys`: User cannot configure gpg keys. + ## Security (`security`) - `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible. From 4d49ef8bb5d92970dc941ddda629707683c4fae5 Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Thu, 28 Mar 2024 13:54:07 -0400 Subject: [PATCH 10/11] update description --- docs/content/administration/config-cheat-sheet.en-us.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index 94da5a42d53e..ffff44873074 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -522,7 +522,7 @@ And the following unique queues: - `deletion`: User cannot delete their own account. - `manage_ssh_keys`: User cannot configure ssh keys. - `manage_gpg_keys`: User cannot configure gpg keys. -- `EXTERNAL_USER_DISABLE_FEATURES`: **_empty_**: Disabled features for users with auth sources other than `Plain`, could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys` and more features can be added in future. Note: this setting uses the same features as `USER_DISABLED_FEATURES`. +- `EXTERNAL_USER_DISABLE_FEATURES`: **_empty_**: Disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys` and more features can be added in future. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior. - `deletion`: User cannot delete their own account. - `manage_ssh_keys`: User cannot configure ssh keys. - `manage_gpg_keys`: User cannot configure gpg keys. From 2ea089f6db26df1b5e3d7948d3918e1d629121b5 Mon Sep 17 00:00:00 2001 From: jackHay22 Date: Thu, 28 Mar 2024 14:34:28 -0400 Subject: [PATCH 11/11] apply review feedback --- custom/conf/app.example.ini | 2 +- .../content/administration/config-cheat-sheet.en-us.md | 2 +- models/user/user.go | 4 ++-- models/user/user_test.go | 4 ++-- routers/api/v1/user/gpg_key.go | 4 ++-- routers/api/v1/user/key.go | 4 ++-- routers/web/user/setting/account.go | 2 +- routers/web/user/setting/keys.go | 10 +++++----- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index ce24d834b5dc..125f90e493d7 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -1485,7 +1485,7 @@ LEVEL = Info ;; - manage_ssh_keys: a user cannot configure ssh keys ;; - manage_gpg_keys: a user cannot configure gpg keys ;USER_DISABLED_FEATURES = -;; Disabled features if the user has an external login type. Can be the same options as for USER_DISABLED_FEATURES. +;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior. ;; - deletion: a user cannot delete their own account ;; - manage_ssh_keys: a user cannot configure ssh keys ;; - manage_gpg_keys: a user cannot configure gpg keys diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md index ffff44873074..3f07c945faa1 100644 --- a/docs/content/administration/config-cheat-sheet.en-us.md +++ b/docs/content/administration/config-cheat-sheet.en-us.md @@ -522,7 +522,7 @@ And the following unique queues: - `deletion`: User cannot delete their own account. - `manage_ssh_keys`: User cannot configure ssh keys. - `manage_gpg_keys`: User cannot configure gpg keys. -- `EXTERNAL_USER_DISABLE_FEATURES`: **_empty_**: Disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys` and more features can be added in future. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior. +- `EXTERNAL_USER_DISABLE_FEATURES`: **_empty_**: Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior. - `deletion`: User cannot delete their own account. - `manage_ssh_keys`: User cannot configure ssh keys. - `manage_gpg_keys`: User cannot configure gpg keys. diff --git a/models/user/user.go b/models/user/user.go index 1810f09ead3d..d459ec239e97 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -1233,9 +1233,9 @@ func GetOrderByName() string { return "name" } -// FeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the +// IsFeatureDisabledWithLoginType checks if a user feature is disabled, taking into account the login type of the // user if applicable -func FeatureDisabledWithLoginType(user *User, feature string) bool { +func IsFeatureDisabledWithLoginType(user *User, feature string) bool { // NOTE: in the long run it may be better to check the ExternalLoginUser table rather than user.LoginType return (user != nil && user.LoginType > auth.Plain && setting.Admin.ExternalUserDisableFeatures.Contains(feature)) || setting.Admin.UserDisabledFeatures.Contains(feature) diff --git a/models/user/user_test.go b/models/user/user_test.go index 780846a7c70a..a4550fa655d4 100644 --- a/models/user/user_test.go +++ b/models/user/user_test.go @@ -549,7 +549,7 @@ func TestDisabledUserFeatures(t *testing.T) { assert.LessOrEqual(t, user.LoginType, auth.Plain) assert.Len(t, user_model.DisabledFeaturesWithLoginType(user).Values(), 0) for _, f := range testValues.Values() { - assert.False(t, user_model.FeatureDisabledWithLoginType(user, f)) + assert.False(t, user_model.IsFeatureDisabledWithLoginType(user, f)) } // check disabled features with external login type @@ -558,6 +558,6 @@ func TestDisabledUserFeatures(t *testing.T) { // all features should be disabled assert.NotEmpty(t, user_model.DisabledFeaturesWithLoginType(user).Values()) for _, f := range testValues.Values() { - assert.True(t, user_model.FeatureDisabledWithLoginType(user, f)) + assert.True(t, user_model.IsFeatureDisabledWithLoginType(user, f)) } } diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go index 96bdd96833b3..5a2f995e1b5a 100644 --- a/routers/api/v1/user/gpg_key.go +++ b/routers/api/v1/user/gpg_key.go @@ -134,7 +134,7 @@ func GetGPGKey(ctx *context.APIContext) { // CreateUserGPGKey creates new GPG key to given user by ID. func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) { - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -275,7 +275,7 @@ func DeleteGPGKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go index 1f5958a09d5d..d9456e7ec608 100644 --- a/routers/api/v1/user/key.go +++ b/routers/api/v1/user/key.go @@ -199,7 +199,7 @@ func GetPublicKey(ctx *context.APIContext) { // CreateUserPublicKey creates new public key to given user by ID. func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) { - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -269,7 +269,7 @@ func DeletePublicKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go index d07c9441f002..c93b70af76ae 100644 --- a/routers/web/user/setting/account.go +++ b/routers/web/user/setting/account.go @@ -235,7 +235,7 @@ func DeleteEmail(ctx *context.Context) { // DeleteAccount render user suicide page and response for delete user himself func DeleteAccount(ctx *context.Context) { - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureDeletion) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureDeletion) { ctx.Error(http.StatusNotFound) return } diff --git a/routers/web/user/setting/keys.go b/routers/web/user/setting/keys.go index da347c0dd906..9e969e045dd1 100644 --- a/routers/web/user/setting/keys.go +++ b/routers/web/user/setting/keys.go @@ -79,7 +79,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "gpg": - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -160,7 +160,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "ssh": - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -204,7 +204,7 @@ func KeysPost(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title)) ctx.Redirect(setting.AppSubURL + "/user/settings/keys") case "verify_ssh": - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return } @@ -241,7 +241,7 @@ func KeysPost(ctx *context.Context) { func DeleteKey(ctx *context.Context) { switch ctx.FormString("type") { case "gpg": - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageGPGKeys) { ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited")) return } @@ -251,7 +251,7 @@ func DeleteKey(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success")) } case "ssh": - if user_model.FeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { + if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageSSHKeys) { ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited")) return }